Secure Com SCP02 Session : What is the role of "Key Diversification data" returned in response of Initialized Update command

About

Asked 24/2, 2014 at 8:33 Answered 28/4, 2014 at 15:40

Solved smartcard javacard globalplatform

In response field of Initialized Update command, Key Diversification data (which contains manufacture ID and last two bytes of security domain AID) is returned to Off Card entity.

I would like to know for what purpose this data is used ?

I read somewhere that, this key diversification data is used in derivation of base keys at Off Card end's. I don't know this is right or wrong.

If it is right then how can the base keys are derived at off card's end using this diversification data ??

Please provide your suggestion!!

Younger answered 24/2, 2014 at 8:33 Comment(2)

You may have read things somewhere, but have you read the freely available Global Platform specifications? – Stockpile 4/3, 2014 at 21:58

Yes,i read and I am working on global platform specifications. Basically its a question of scp02 and I do not find its answer in that GP22 specification. – Younger 6/3, 2014 at 14:27

Key Diversification Data is used to obtain keys for that card applying an algorithm to those bytes (which should be unique to the card) using a Master Key.

There are two widely used key derivation algorithms:

Visa2
EMV-CPS

They are very similar: they get a few of the 10-bytes of the Key Diversification Data from the response to INITIALIZE UPDATE, append a few fixed bytes and then encrypt them applying 3DES using the Master Key as encryption key.

The "fixed bytes" are different, so we get the three SCP02 keys we need:

'F001' gives us the ENC key
'F002' the MAC key
'F003' the DEK key

Hope this helps! It is not described in the GlobalPlatform spec, so I takes a while to learn it.

Lucilius answered 28/4, 2014 at 15:40 Comment(4)

Thank you for your answer dear mictter. Where does these derivation algorithms (EMV-CPS and Visa2) defined in details? What happens in a card that doesn't use any derivation algorithm? – Backboard 12/3, 2016 at 11:24

Hi Abraham, you can download the EMV-CPS specification from emvco.com/specifications.aspx?id=20 (it is section 4.1 in the long PDF). Both EMV-CPS and Visa2 are implemented in the open source Global Platform library, so you can check the implementation sourceforge.net/projects/globalplatform/files/… – Lucilius 21/3, 2016 at 16:5

Dear Mictter, the keys that you mentioned in your answer, are the session keys? or they are the static ENC, MAC and DEK keys that Secure Channel Session Keys are created from? – Backboard 18/6, 2016 at 14:44

Hi Abraham, They are the static ENC, MAC and DEK keys , session keys are further created from them. – Reaves 17/11, 2017 at 5:11

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags