gemalto mpcos version 0.1
DESCRIPTION
MPCOS is a famous Java card applet which developed by Gemalto company to provide a variety of administrative and payment commands; it is also compatible with EMV. In this presentation I've tried to explain all file and data structure details.TRANSCRIPT
MULTI-APPLICATION PAYMENT CHIP
OPERATING SYSTEM (MPCOS) By Ata Ebrahimi, 2010
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
ABSTRACT
Understanding How the MPCOS Applets works
Developing Terminal Applications for MPCOS cards
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
FEATURES
Multi-Purpose and Payment Applications
JAVA Open Platform Card
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
FILE AND DATA STRUCTURE
Global Level
Local Level
GLOBAL LEVEL
Master Files (MF)
Elementary Files (EFs)
LOCAL LEVEL
Dedicated Files (DFs)
Elementary Files (EFs)
HIERARCHY OF MPCOS FILES
MASTER FILE
Root of the MPCOS File Structure = Root Directory in MS DOS
Only One Per Card
Storing Up to 63 Dedicated Files and Elementary Files
Unique Identifier = 3F00 h
DEDICATED FILES
Directory in MS DOS
Storing Up to 63 Elementary Files
Nested DFs Are Not Supported
13-byte File Descriptor and A File Body
File Descriptor = Information Needed by MPCOS to Manage the File
File Body = DF’s Name
STRUCTURE OF DEDICATED FILE DESCRIPTOR
IDENTIFIER (FID)
Length = 2 Bytes
Allocated When the File Is Created
Short File Identifier (SFI) = 5 Least Significant Bits of FID
Designating a File From Within a File Operation Command
FILE DESCRIPTOR BYTE (FDB)
Length = 1 Byte
38 h
FILE OPTION BYTE (OPT)
Length = 1 Byte
Bit Value Option
1 Reserved for Future (RFU)
2 1 Cancel Debit Command Disabled
0 Cancel Debit Command Enabled
3 1 Current Balance Can Be Used To Compute Sign Certificates
0 Current Balance Can Never Be Used To Compute Sign Certificates
4-7 Reserved for Future (RFU)
8 1 Select Purse & Key and Select File Key Commands Require External Authentication
0 Select Purse & Key and Select File Key commands Do Not Need An External Authentication
BODY SIZE
Length = 2 Bytes
Specifies the Size of the File Body
Usually Contains the DF Name, Up to 16 Bytes
ACCESS CONDITION GROUP 1, 2
Length = 2 Bytes
Define the Access Conditions Assigned to the DF
CHECKSUM
Length = 1 Byte
Computed by the OS When the File Is Created
To Control the Integrity of the Descriptor In Case of Memory Failure
FILE BODY
Stores An Optional Name in DFs
Name Length = Up to 16 Bytes
Can Be Used By Select File Command to Select a DF
DF Do Not Have A Structure
SELECTION BY PARTIAL NAME
MPCOS Allows DF To Be Selected By Partial Name
Example_EP = Example
The DF That Was Created First Will Be Selected
ELEMENTARY FILE
Main Component of the MPCOS File Structure
Contain System and Application Data
13-byte File Descriptor and A File Body
File Descriptor = Information Needed by MPCOS to Manage the File
File Body = Data
STRUCTURE OF ELEMENTARY FILE DESCRIPTOR
IDENTIFIER (FID)
Length = 2 Bytes
Allocated When the File Is Created
Short File Identifier (SFI) = 5 Least Significant Bits of FID
Designating a File From Within a File Operation Command
FILE DESCRIPTOR BYTE (FDB)
Length = 1 Byte
Information About The EF Type and Structure
FILE DESCRIPTOR BYTE (FDB)
FILE DESCRIPTOR BYTE (FDB)
When Creating An EF, The OS Does Not Check The Contents Of The FDB, So More Than One of Each Type of File Can Be Created
If More Than One of Unique EFs Like Secret Code and IADF IS Created, Only The First One Is Recognized
RECLGT
Length = 1 Byte
Contains The Record Length For Linear Fixed and Cyclic Files With A Fixed Record Length
No Value For Other File Types
BODY SIZE
Length = 2 Bytes
Specifies the Size of the File Body
EF File Body Contains The Data
ACCESS CONDITION GROUP 1, 2, 3
Length = 2 Bytes
Define the Access Conditions Assigned to the EF
CHECKSUM
Length = 1 Byte
Computed by the OS When the File Is Created
To Control the Integrity of the Descriptor In Case of Memory Failure
FILE BODY
Stores Data
Six Types Of EFs
TYPE OF EFS
Purse Files
Enhanced Purse Files
Key Files
Transaction Manager Files
Secret Code Files
Internal Application Data Files (IADF)
PURSE FILES
FDB: 0001 1001 b or 19 h
Contain One Purse Only
Each DF Can Hold Up To 32 Purse Files
Must Be Among The First 32 Files Created In A Dedicated File
PURSE STRUCTURE
MAXIMUM BALANCE
Length = 3 Bytes
Maximum Balance That The Purse Can Hold
CREDIT KEY FILE
Length = 5 Bytes
Specifies The Short File Identifier Of The File Holding The Purse Credit Key
MAXIMUM FREE DEBIT
Length = 3 Bytes
The Maximum Value That Can Be Debited From The Purse When The Debit Access Condition Has Not Been Fulfilled
If This Value Is Set To 0 h, The Debit Access Condition Must Be Fulfilled For All Debits
DBT
Length = 1 Nibble
Access Condition For Debit
0000 Not Protected By Secret Code
0xxx Protection By Secret Code xxx
1xxx Debiting Not Allowed
RDB
Length = 1 Nibble
Access Condition To Read The Purse Balance
0000 Not Protected By Secret Code
0xxx Protection By Secret Code xxx
1xxx Debiting Not Allowed
CURRENT BALANCE
Length = 3 Bytes
The Current Balance Value Of The Purse
BACKUP BALANCE
Length = 3 Bytes
The Previous Balance Value Of The Purse
Before The Last Transaction Was Carried Out
MPCOS Can Use This Value To Restore The Purse Balance After Any Incorrect Purse Updates
TERMINAL TRANSACTION COUNTER (TTC)
Length = 2 Bytes
Contains The TTC’s Two Most Significant Bytes While The Debit Operation Is Being Processed
Used To Identify Which Terminal Performed The Last Debit Operation
Checked By MPCOS Before Any Cancel Debit Command Operation
ENHANCED PURSE FILES
FDB: 0001 1001 b or 19 h
Enhanced Purses Include An Extra Word At The Offset 5 Position
Extra Word Can Be Used To Protect The Credit Operation With a Secret Code
Specify The Hierarchical Level Of The Access Conditions For The Read Balance, Debit and Credit
EXTRA WORLD FORMAT IN ENHANCED PURSE
The First Three Bytes Are Reserved For The Future
L
Length = 1 Bit
Defines The Hierarchical Level Of The EF Secret Code Files For The Read Balance, Debit and Credit Access Condition
0 Global, The Secret Codes Are Contained In The EF Secret Code Of The Master File
1 Local, The Secret Codes Are Contained In The EF Secret Code Of The Currently Selected Dedicate
File
CREDIT ACCESS CONDITION
0000 b No Secret Code Protection For Credit Operations
0xxx b Credit Operations Are Protected By Secret Code Number xxx
1xxx b This Purse Cannot Be Credited
KEY FILES
FDB: 0010 1001 b or 29 h
Consists Of 12 Bytes
Header = First Four Bytes
The Next Eight Bytes Contain Its Confidential Value
KEY STRUCTURE
SYSTEM
Length = 1 Byte
Used To Indicate The Key Type
KEY VERSION (KV)
Length = 1 Byte
The Key Version May Be Used To Memorize A Key Version Number After A Key Is Updated
CHECKSUM
Length = 1 Byte
The Checksum Is An Integrity Control Of Data
K8 TO K1
Length = 1 Byte
Each Secret Key = Over 8 Bytes
A Key File Contains Up to 8 Keys
KEY FILES
Storing The Cryptographic Keys Used In All MPCOS Cryptographic Functions
The Master File An Each Dedicated File Can Store One Or More Key Files
Each Key File Can Store Up To Four 3DES_16 Keys
COMMANDS THAT REQUIRE CRYPTOGRAPHIC KEYS
KEY TYPES
Keys
Administration Keys Used For The Computation of Temporary Administration Keys And Secure Messaging
Payment Keys Used For The Payment Commands Such As Transaction Certificate Generation And
The Computation Of Temporary Certification Keys
Log Keys
(Multi-purpose Keys)
Used For Initiate A Payment Session But Not An Administration Session
Signature Keys Dedicated To The Computation Of Signatures
Authentication Keys Used For Authentication Commands
COMMANDS THAT REQUIRE CRYPTOGRAPHIC KEYS
TRANSACTION MANAGER FILES
FDB: 0001 0001 b or 11 h
Each Dedicated File Holding Purse Files Must Also Hold A Transaction Manager File In Order To Recognize Payment Commands
A Transparent EF And Eight Bytes In Length
MF And Each DF Can Hold Only One Transaction Manager File
The Access Condition For Updating And Writing To Transaction Manager Files Must Be Locked
DATA STRUCTURE OF A TRANSACTION MANAGER FILE
CURRENT CARD TRANSACTION COUNTER (CURRENT CTC)
A Three Byte Counter That Is Incremented Every Time A Payment Transaction Session Is Established
Used As A Variable Element For Payment-Oriented Cryptographic Processing
BACKUP CARD TRANSACTION COUNTER (BACKUP CTC)
Stores The Value Of The Card Transaction Counter That Was Current Before The Last Transaction Was Executed
CKS AND CKS’
Invert(Exclusive-OR(First Three Bytes Of Each Word))
SECRET CODE FILES
FDB: 0010 0001 b or 21 h
Transparent EF
MF And Each DF Can Sore Up To One EF Secret Code
Only The First Secret Code File Created In The DF or MF Can Be Interpreted
Each Secret Code File Can Store Up To Eight Secret Codes
Secret Codes Are Stored On 8 Bytes
STRUCTURE OF SECRET CODE
SYST
Length = 4 Bits
The System Nibble Defines How The Secret Code Is To Be Entered
MAXIMUM PRESENTATION NUMBER (MPN)
Length = 3 Bits
Defines The Maximum Presentation Number On Nibble
Specifies The Number Of Times That The Secret Code Can Be Incorrectly Entered Consecutively Before MPCOS Locks It
From 2 to 8
RATIFICATION SECRET CODE (RSC)
Length = 8 Bits
Must Be Initialized With The Value FF h When Creating The Secret Code
The Counter Record The Number Of Consecutive Times That The Secret Code Has Been Presented Incorrectly And Decrements The Counter By One
Counter Value = MPN Value Card Locks The Secret Code
Secret Code Is Correctly Entered The Card Sets This Value To FF h
UNBLOCKING CODE REFERENCE (UCR)
Length = 4 Bits
Used For Unblocking The Secret Code On Three Least Significant Bits
UNBLOCKING CODE REFERENCE (UCR)
L = Define The Hierarchical Level Of The Secret Code EF Containing The UCR, 0: MF Level, 1: Local Level
Secret Code Number (SCN) = Defines The Secret Code Sequential Number In The Relevant Secret Code EF
SECRET CODE
Length = 4 Bytes
Extracts From The Least Significant Nibble Of Each Character Of Eight-Byte Secret Code
INTERNAL APPLICATION DATA FILE (IADF)
FDB: 0000 1001 b or 09 h
Transparent EF
Interpreted By The MPCOS Applet In Order To Return Information After The Selection Of A DF
Allows The Implementation Of The File Control Information (FCI) To Be Returned After The Selection of A DF
Any Number Of IADFs Can Be Created In A DF, But Only The First One Can Be Interpreted By OS
IADF STRUCTURE
BLOCK SIZE OF BLOCK 1 (BS1)
Length = 1 Byte
Defines The Block Size Of Block 1
If Size = 0 h No FCI Will Be Returned By The Card
BLOCK 1
Codes The Answer To Select FCI
Directly Interpreted By The MPCOS Applet To Build The Response Message When Selecting The DF
BLOCK 1
TLg Total Length Of The Response In Bytes
Tn, Ln, Vn Represent a proprietary TLV Format And Are Interpreted By The MPCOS Applet
Tn Represent A Proprietary Tag.
TAG VALUE
Tn = 55 h (Direct Addressing) : Vn Holds The Data To Be Sent And Ln Holds Its Length
Tn = AA h (Logical Addressing) : Vn Holds Logical Information Used By The Card To Access The Data And Ln
Holds Data Length
TAG VALUE
T Type (0: EF, 1: DF)
L Level (0: Global, 1: Local)
Short ID Short File Identifier (SFI) Of The File
Offset / Rec.nb. The Most Significant Bytes Of The Offset In The Case Of A Transparent File
Rec.nb. In The Case Of A Structured File
Offset Offset in Bytes :
•Logical Addressing In A DF Data Forms Part Of The DF Name
•Logical Addressing And When Addressing An EF The Read Access Conditions Should Be Unrestricted
•The Sum L1+L2+…+Ln Must Be Equal To TLg
BLOCK SIZE OF BLOCK 2 (BS2)
Length = 1 Byte
Defines The Block Size Of Block 2
BLOCK 2
Has No Administrative Meaning And May Be Used For Applicative Purpose
DIRECTORY FILE
Directory EF Is A Record EF Listing DDFs And Application Definitions Files Contained Within The Directory
Must Be Accessible By The Read Record Command
APPLICATION ELEMENTARY FILE
Application EF Is An Record EF That Contains The Data Element And TLV Format Used By The Application In Its Processing
Must Be Accessible By The Read Record Command
EF STRUCTURE
Transparent File
Structured File
TRANSPARENT FILE
FDB: 0000 0001 b or 01 h
Unstructured Sequence Of Bytes That Can Be Accessed By Specifying An Offset Relative To The Start Of EF
Offset Size = 4 Bytes
First Byte Relative Address 00 h
DATA REFERENCING IN A TRANSPARENT FILE
STRUCTURED FILE
Linear Fixed Files
Linear Variable Files
Cyclic Files
LINEAR FIXED FILE
FDB: 0000 0010 b or 02 h – No Further Information
Or FDB : 0000 0011 b or 03 h – Simple TLV (Tag, Length, Value)
Consist Of Sequence Of Individually Identifiable Records Of The Same Size
The Size Is Determined During The File Creation And Is Stored In The File Descriptor
LINEAR FIXED FILE
Records Are Referenced #1, #2, #3
Updating A Record Does Not Modify The Record Number
The Record Number Assigned To A Linear Fixed File Cannot Be Higher That 255
LINEAR FIXED FILE
LINEAR VARIABLE FILE
FDB: 0000 0100 b or 04 h – No Further Information
Or FDB : 0000 0101 b or 05 h – Simple TLV (Tag, Length, Value)
LINEAR VARIABLE FILE
The Record Selection Is The Same As For Linear Files With Records Of Fixed Size
The Is Handled By The Interface As A Sequence Of Independent Record
LINEAR VARIABLE FILE
CYCLIC ELEMENTARY FILE
FDB: 0000 0110 b or 06 h – No Further Information
Or FDB : 0000 0111 b or 06 h – Simple TLV (Tag, Length, Value)
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
DISCUSSION
AGENDA
1. Abstract
2. Features
3. File and Data Structure
4. Access Condition
5. Cryptography
6. Command Format
7. Commands
8. Discussion
9. References
REFERENCES
• MPCOS- Reference Manual, Document Reference: DOC108514B, 2007
• MPCOS-Product Training, 2008