Documente Academic
Documente Profesional
Documente Cultură
Contents 1 SCOPE ..................................................................................................................... 6 1.1 DEFINITIONS / DOCUMENT CONVENTIONS ............................................................ 6 2 KEY DATA ELEMENTS AND CONCEPTS ...................................................... 7 2.1 STATIC CARD INFORMATION ................................................................................. 7 2.1.1 2.1.2 2.2.1 2.2.2 2.2.3 3 4 Card ID (CdID) ........................................................................................... 7 Application Version ..................................................................................... 8 Challenge ..................................................................................................... 9 Response .................................................................................................... 10 Verification ................................................................................................ 10
CARD READING PROCESS.............................................................................. 11 APDU/RPDU SPECIFICATIONS ...................................................................... 12 4.1 ERROR HANDLING .............................................................................................. 12 4.2 SELECT EVAPP COMMAND/RESPONSE .............................................................. 12 4.2.1 4.2.2 4.3.1 4.3.2 4.4.1 4.4.2 APDU ........................................................................................................ 12 RPDU ........................................................................................................ 12 APDU ........................................................................................................ 13 RPDU ........................................................................................................ 14 APDU ........................................................................................................ 14 RPDU ........................................................................................................ 15
Scope
This document standardizes a contactless smartcard EV application (EVAPP) to ensure that an EV charging card can be read and verified. The document introduces key concepts and then specifies the actual messages between the smart card and the CS.
Verification EVAPP
APDU
RPDU
Display Format Field Country Separator Operator . Decimal Number Separator Serial Number . Decimal Number
Format/Value String Example Transport Format Field Format Padding ASCII 00 IL.1.14534
Operator Decimal number left padded with zero to fill 3 characters ASCII string
Serial Number Decimal number left padded with zero to fill 9 characters ASCII string
Example
00IL001000014534
http://www.iso.org/iso/english_country_names_and_code_elements
Application Version CdVer and CdEnc are 4 bytes unsigned integers written to the card at issuing or pre-personalization and should not be writable from the outside afterwards. CdVer and CdEnc are sent by the card with each use and relayed to the card acquirer. Their use is determined by the card issued and acquirer and is opaque to CS and CS operator. These fields enable flexibility in issuing cards which enable updates while keeping compatibility with older cards. Two use cases already identified are: o Changing a master key: a different CdVer value could be used to indicated a different master key in case of a compromise or key distribution. o Changing encryption algorithms: if the card is capable of more advanced algorithms, or if a flaw is found in the response generation function, CdEnc can indicate a different encryption suite.
Challenge/Response Verification
Card verification is performed between the CS, card and the card issuer using a challenge/response mechanism and the following flow. Note that the actual implementation of the response generation is internal to the card and issuer system and not part of this standard.
Challenge The following fields should be sent by the CS to the card as a challenge: TransTime Unsigned Integer 8 bytes Current time in Unix time format 3. RdRand CsIDHash Unsigned Integer Unsigned Integer 4 bytes 4 bytes See section 0 for more information
3
A random number
CSID. Response The following fields should be sent by the card to the CS as a response: Cryptogram Unsigned Integer 24 bytes The card response to the challenge. CdCount Unsigned Integer 2 bytes The card may keep a 16 bit internal card register that is incremented each time the card provided a challenge response to a reader. The counter enables a verification server to ensure that a response is not recorded and retransmitted intentionally. Note that while the card has this feature the verification server does not have to use and can rely on the alternate time based method
Verification As noted the details of the verification process are internal to the card issuer implementation. However, the system allows for the following mechanisms to ensure that information cannot be copied of replayed: The card ID may be signed by the card. The transaction time may be signed by the card. CdCount may be implemented and signed by the card to ensure it is an ever increasing number. The device ID of the charge spot is signed by the card. The issuer may alternate means of validating the ID, such as ensuring the charge requests for a device are received only from the partner to which this device belongs.
ISO/IEC 14443 Polling ISO/IEC 14443 Anti-Collision ISO/IEC 14443 Activation Select EVAPP by AID Read Static Record Perform Security Operation EVAPP FCI Card Static information Cryptogram See 0 See 0 According to the ISO/IEC 14443 principles.
6 7
APDU/RPDU specifications
Error Handling
Any other coding of the any of the APDU below will be answered by the card using an ISO/IEC 7816-4 SW1SW2 that define a relevant error code. A multi-application reader might send to the card other commands during the application selection phase not listed below, the card will response to any other commands not listed below using an ISO/IEC 7816-4 SW1SW2 error code.
Issue: Value Issue: Issue: Issue: Issue: Issue: Issue: Issue: 0x00 0xA4 0x04 0x00 0x07 EVAPP 0x00
CLA
INS P1 P2 Lc Data Le
Issue: Issue:
8 8
Issue: Issue:
Issue: Issue:
Issue: Value Issue: Issue: Issue: Issue: 0x00 0xB2 0x01 0x0C
CLA
INS P1 P2
Issue:
Lc
Issue:
0x00
03 00 B2 01 0C
The above Select application APDU will be responded by the card with the following RPDU: Issue: Length Issue: Issue: 2 13 Issue: Template Issue: Issue: 0x70 Issue: Tag Issue: Issue: 0xDF 0x81 0x12
INS P1
Issue: Issue: Issue: Issue: Issue: Issue: Issue: Packet Example: 0000 0008 0010 0018 0020 RPDU
1 1 7
P2 Lc Data
Issue: Issue: Issue: Issue: Issue: Issue: 0xF0 0xDF 0x81 0x13 0xDF 0x81 0x14 0xDF 0x81 0x15
Issue:
Le
Issue:
02 80 2A 82 80 1E F0 1C DF 81 13 08 XX XX XX XX XX XX XX XX DF 81 14 04 YY YY YY YY DF 81 15 04 TT TT TT TT 00
The above security operation APDU will be responded by the card with the following RPDU: Issue: Length Issue: Issue: Issue: 2 6 28 Issue: Template Issue: Issue: Issue: 0x77 Issue: Tag Issue: Issue: 0xDF 0x81 0x17 Issue: 0xDF 0x81 0x16
YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY YY
Verification Request
Based on information the charge spot gathers during card read, it creates a verification block. The verification block is the data unit sent across the network from the charge spot to the card issuer and used to verify the authenticity of the card. The structure of the verification block is: Field Format Length CdVer Unsigned integer 4 bytes CdEnc CdID Unsigned integer Fixed length string 4 bytes 16 bytes 24 bytes Description Application version used by the card as sent by the card. Encryption algorithm used by the card as sent by the card. The Card ID in transport format (see 0). The response provided by the card for the challenge as sent by the card. The card use counter as received in the response. Challenge time in Unix time 4 format Challenge random number The charging device ID from which the CDevHash was derived.