Forum › MIFARE SmartCard IC`s › MIFARE DESFire › I have problem in AUTHENTICATION › Re: I have problem in AUTHENTICATION
Hi,
to authenticate to a smart card means in general to solve the follow problem: “I am the right user, I know the embedded secret key, I prove it to the card operation system without to send the key directly”. How would you solve it to prove you know something but not say it what you know?
This problem is solved under the name “Mutual Three Pass Authentication”. You will find in the net a lot of material about this. The DESFire EV1 supports three different encryption standards:
- 56 bit DES (single DES)
- 168 bit DES (TrippleDES)
- AES
The Mutual Three Pass Authentication uses the follow sequence:
1. The reader (PCD) device is always the entity which starts an authentication procedure. This is done by sending the command “Authenticate”. As parameter the key number is passed to the card (PICC) in order to select a certain key.
2. After the specific key is selected, the PICC generates a random number RndB. The size of the random number depends on the selected cipher standard (DES, AES, etc.). The random number is encrypted with the selected key and transmit to the PCD.
3. The PCD decrypt the received encrypted random number. The PCD generate a random number RndA and concatenate both numbers (RndA + RndB) and encrypt it with the selected key and pass it to the PICC.
4. The PICC decrypt the token RndA + RndB and verify RndB its random number send previously. The PICC encrypt the random number RndA and pass it back to the PCD.
5. The PCD decrypt the token to RndA and verify the random number send previously. Now the PCD is authenticated by the PICC.
The details of the authentication varies depending of the selected cipher standard.
Here an example for DES mode:
1. The PCD send: 0x0A,0xkn (where 0xkn is the key number)
2. The PICC send an error code or 0xAF[8 bytes RndB]
3. The PCD send 0xAF[16 bytes RndA+RndB]
4. The PICC send an error code or 0x00[8byte RndA]
I hope the procedure of authentication is a little bit clearer than before.
Best regards,
The MIFARE Team
to authenticate to a smart card means in general to solve the follow problem: “I am the right user, I know the embedded secret key, I prove it to the card operation system without to send the key directly”. How would you solve it to prove you know something but not say it what you know?
This problem is solved under the name “Mutual Three Pass Authentication”. You will find in the net a lot of material about this. The DESFire EV1 supports three different encryption standards:
- 56 bit DES (single DES)
- 168 bit DES (TrippleDES)
- AES
The Mutual Three Pass Authentication uses the follow sequence:
1. The reader (PCD) device is always the entity which starts an authentication procedure. This is done by sending the command “Authenticate”. As parameter the key number is passed to the card (PICC) in order to select a certain key.
2. After the specific key is selected, the PICC generates a random number RndB. The size of the random number depends on the selected cipher standard (DES, AES, etc.). The random number is encrypted with the selected key and transmit to the PCD.
3. The PCD decrypt the received encrypted random number. The PCD generate a random number RndA and concatenate both numbers (RndA + RndB) and encrypt it with the selected key and pass it to the PICC.
4. The PICC decrypt the token RndA + RndB and verify RndB its random number send previously. The PICC encrypt the random number RndA and pass it back to the PCD.
5. The PCD decrypt the token to RndA and verify the random number send previously. Now the PCD is authenticated by the PICC.
The details of the authentication varies depending of the selected cipher standard.
Here an example for DES mode:
1. The PCD send: 0x0A,0xkn (where 0xkn is the key number)
2. The PICC send an error code or 0xAF[8 bytes RndB]
3. The PCD send 0xAF[16 bytes RndA+RndB]
4. The PICC send an error code or 0x00[8byte RndA]
I hope the procedure of authentication is a little bit clearer than before.
Best regards,
The MIFARE Team
+ 0
|
- 0