Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
Card life cycle
Typically, the life cycle of a card (Card Production Life Cycle, or CPLC for short) is divided into five main phases:- 1) the production phase of the microcircuit;
- 2) the phase of pre-personalization of the card;
- 3) the phase of card personalization;
- 4) the phase of using the card;
- 5) phase of card blocking.
At various stages of the card's life cycle, the chip manufacturer, the card supplier, the card issuer and, finally, the card holder work with it. At the same time, the set of actions performed with the card at different stages of its life cycle depends on the applications supported by the card and how they are loaded onto the card, as well as on whether the card is static or uses an open operating system, for example Java Card, whether executable modules are loaded applications / applets in ROM or EEPROM cards, etc.
At each phase of the life cycle, a certain, characteristic only for this phase, functionality of the operating system of the card is used. For example, the application selection function is not possible during the chip production or card lockout phases. The division into phases allows you to control the security of the card at different stages of its existence and ensures the distribution of responsibility among all participants in the production, personalization and use of the card.
During the production phase, the chip manufacturer places (burns) into the ROM the operating system of the card (hard-coding) and, possibly, executable modules or applets (in the case of Java cards) of some of its applications, loads the Manufacturing Key on the card used for access control to the card during the card pre-personalization phase. The Manufacturing Key is unique to each card and is derived from the card supplier's key, securely transferred to the chip manufacturer. The Chip Serial Number is used as a diversification mode for withdrawing the card key. The key is stored in an elementary file, usually created by the operating system of the card during the first power supply to the card (this file is created before initializing the file structure of the card, in particular, before the MF root directory appears).
During the pre-personalization phase, the microcircuit is at the disposal of the card supplier, who glues the microcircuit into the plastic case of the card and performs the initial initialization of the file structure of the card in the EEPROM memory. In particular, the root file of the MF system is created, elementary files for storing personalization keys used to control access to the card, as well as to ensure the integrity and confidentiality of data loaded onto the card during the card personalization phase.
During the pre-personalization phase, directories and elementary files are possibly created for storing application data loaded during the production stage of the microcircuit, as well as loading the executable modules of some applications stored in the EEPROM memory and related data.
To gain access to the card, its supplier authenticates with the card - signs a random number received from the card using the secret Manufacturing Key. This ensures the control of the card's security, including at the stage of transporting the microcircuit from its manufacturer to the card supplier.
To increase security, as a rule, in the pre-personalization phase of the card, commands for accessing the physical memory of the card are deactivated. From this moment on, work with the memory is possible only with the help of logical addressing under the control of the program for monitoring the reading / writing of the card memory.
The card supplier writes their part of the CPLC-related information in the EEPROM. This information may include the ID of the card supplier, the date the card was created, the date of its pre-personalization, the brand of the equipment used to create the card, etc.
After the completion of the pre-personalization phase, the card is in the personalization phase under the control of the card issuer. During the personalization phase, the contents of the files and application data are entered on the card, including the cardholder's identification data, his PIN, etc. The personalization phase is activated only after the card is authenticated by his issuer. To ensure the integrity and confidentiality of the data loaded on the card, the corresponding card keys stored on it during the pre-personalization phase are used.
The card issuer writes in the EEPROM memory the part of the CPLC information related to it: the issuer identifier, the personalization date, the type of equipment used for personalization. After that, the card goes into the use phase. While in this phase, it is transferred to its holder and is used by the latter to perform card transactions until the card expires or is blocked by the issuer.
According to the VIS 1.4.x specifications, the CPLC data object (Tag '9F7F') is mandatory and has a data field length of 42 bytes. The terminal can receive the CPLC object using the GET DATA command.
The concept of life cycle acquires special meaning for cards supporting the GlobalPlatform operating platform. Here, the possible set of actions on the card and its data is determined not only by the status of the card, but also by the status of the application. This is described in sufficient detail in Section 2.7.
For cards supporting the GlobalPlatform platform, application applets can be loaded into EEPROM while the card is being used. For this, the card must be in the SECURED state of its life cycle (the most "popular" state of the GlobalPlatform card). In this state, the card has the necessary set of keys (see section 5.2), with which the Issuer Security Domain or Application Provider Security Domain card application establishes a secure connection with a program external to the card. This set of keys, as well as the key used by the issuer to sign the applet, are loaded onto the card during the creation and personalization of card security domains.
In the SECURED phase, personalization of the card applications also takes place. First, mutual authentication of the card and the external program is performed, and then a secure connection is established for transfer from the external program to the personalization data card.
