Smart card secure data transmission combined mode process

The combined mode process represents a higher level of security. The data portion of the APDU is no longer transmitted as a plaintext, but is replaced by an encrypted form, the process of which is an extension of the authentication mode process.

In the combined mode process, as in the authentication mode process, the data object protected with the cryptographic checksum is first padded into an integral multiple of 8 bytes and encrypted with the CBC mode DES algorithm, as shown in Figure 1. In this process, the header is omitted for compatibility with the T=0 protocol. If the header is also encrypted, the command sent to the card cannot be recognized, and the ENVELOPE command with T=0 must be used. Using a bit in the class byte indicates that secure communication is used and the data is already encrypted when transmitted over the interface. Since the recipient knows the secret key used for encryption, it can decrypt the APDU, and the receiver can verify the correctness of the decryption by recalculating the additional level of cryptographic checksum at the same level of the transport layer. Readers in reading Figure 1 should pay attention to the changes in CLA, h and LDATA (with or without ''').

When this process is employed, an attacker who eavesdrops on the I/O line cannot discover which data is exchanged between the card and the terminal's commands and responses. Since the DES using the CBC mode causes these blocks to be linked together, it is also impossible to replace an encrypted block in the APDU, and any substitution will immediately attract the attention of the receiver.

With regard to encryption algorithms, those explanations for the authentication mode process also apply here. In principle, any block encryption algorithm can be used. The key should be dynamic, as in the authentication mode process, using the derived key for each session.

Considering the advantages of security, it is generally recommended to use the combined mode process for all APDUs. However, the increase in security is accompanied by a significant reduction in data transmission rates.

Smart card secure data transmission combined mode process

Figure 1 uses the combined mode procedure to create a command APDU. The case 3 command (such as UPDATE BINARY) is used for this. The header is included in the cryptographic checksum (ccs). The reply APDU can be established in a similar way ('PB' is used as a padding). Byte indication)

A good approximation of the difference in transmission rate between the unprotected APDU and the APDU protected by the combined mode process is factor 4. The speed difference between the discriminating mode process and the combined mode process is factor 2. So, in each case, carefully check to make sure that the data is transmitted in that safe but time-consuming form.

Basic Info

Model NO.: Diameter 30mm
Name: Hand Cream Packaging Tubes
Title: Silk Screen Cosmetic Packaging Tube for Hand Cream
Secification: ISO 9001
Surface Handling: Offset, Hot Stamping, Silk Screen, Labeling
Tube Color: White, Black Transparent, Colored
Coating: Glossy, Matte
Capacity: 3-500ml
Cap: Flip Top Cap, Screw Cap
Shape: Round
Transport Package: as Your Request
Specification: 10ml
Origin: Jiangsu, China
HS Code: 39173100

Hand Cream Packaging Tubes

Hand Cream Packaging Tubes,Plastic Tube,Plastic Tube For Hand Cream Packaging,Plastic Hand Cream Packaging Tube

Yangzhou Guanyu Plastic Tube Co., Ltd. ,

Posted on