Currently overlooking something with Authentication

[bryan gerrells]

Hi, I'm working through the samples given with the document AN0945
MIFARE DESFire EV1 - Features and Hints

I'm currently working through the AES Authentication
Step 7 is setting up Standard Enciphered (RndA+RndB´)
Step 8 is PCD’s response and it’s own challenge
Step 9 PICC’s response 00FFC212245F03DB0EA0645A495190952A
Step 10 RndA´ (Ek(RndA´) isdeciphered) 47C1557F80707ABDFF86BF9D965CA723
Step 11 PCD prepares RndA
Step 12 PCD compares sent and received RndA
Step 13 Generate session key

My question is, after I send an authentication request, I do get the PICCS response in Step 9.
What do I send back to the Picc? My software is performing Step 10, Step 11, Step 12, and Step 13.
I think I'm missing something as of now the last thing I receive or give back to the PICC is Step 9.

I assume I need to send the Session Key back to the PICC from Step 13, but It's not clear in the documentation. Can someone explain the process? I'm using VBCode and PCSC.

---

+ 0  |  - 0

[TapLinx Support]

Hi Bryan,

Keys are NEVER, NEVER, NEVER exposed and/or sent!

As last step you must confirm to the PICC that you know the key. So, you encrypt RndA and send it back. The session key is generated at the end if all steps succeeds.

The TapLinx team

---

+ 0  |  - 0

[bryan gerrells]

Thank you

Just to be clear on my end.

Step 9 is the PICC's Response.
Step 11 (2347C1557F80707ABDFF86BF9D965CA7) is the RandA I send back to the PICC? Is there any prefix command or just send the string?

Bryan

---

+ 0  |  - 0

[TapLinx Support]

Hi Bryan,

Yes, step 9 is the response. As last step you must verify if the encrypted RndA is the same you sent in step 8. If so, the authentication succeeds also from your side. The authentication succeeds from PICC’s side, otherwise you would get an error.

Please go not into the details in this public forum. If you have further questions write to me at: taplinx@nxp.com.

The TapLinx team

---

+ 0  |  - 0

[Author]

Posts