7 Replies Latest reply on Nov 19, 2012 10:49 AM by johnnybravo

    Card Example with AES Usage

      If there is a good example/tutorial on how to e.g have a copy-card using AES that would be very helpful to me!

      I am starting with this technology, wrote a couple of examples but although it sounds easy I am hanging on getting into it!
        • 1. Re: Card Example with AES Usage

          Are you looking for an example of a stored value card (say wallet) for copy machines etc using AES encryption? Do you have control over both ends of the system (card and terminal)?

          - Shane
          • 2. Re: Card Example with AES Usage
            1 person found this helpful
            • 3. Re: Card Example with AES Usage
              Yes, such an example if any exists! And yes, I do have control of terminal and the card
              • 4. Re: Card Example with AES Usage
                I am not aware of any tutorials but if you give us a high level overview of what you are trying to achieve I am sure we would help out.

                Are you trying to just encrypt data between the two? Are you looking at authenticating with AES to add/remove credit? You could start with the wallet example from the JCDK and add security to that.

                - Shane

                Edited by: safarmer on Nov 15, 2012 10:12 AM
                • 5. Re: Card Example with AES Usage
                  Well, I'd like to have a mutual authentication between card and terminal, but also a secure data transfer to decrease/increase the card value. I know - one at a time, but that is what I try to learn/achieve!

                  I'd like to start with the wallet example, I just don't have one, where is that to be found?
                  • 6. Re: Card Example with AES Usage

                    You can find sample in the JCDK. There is a samples directory and I believe JC 2.2.2 and 3.0 both have a sample wallet applet.

                    You could model your authentication off TLS/SSL and the GlobalPlatform secure channel protocols. Some basic steps you could use:

                    1. Send a nonce (random challenge) to the card.
                    2. Card generates a nonce and combines the two with a master AES to generate a session key. You can search for key derivation algorithms (and example is KDF1 - key derivation function 1).
                    3. Use the session key to generate a MAC of the two nonces.
                    4. Return the card nonce and MAC to the host.
                    5. The host uses the nonce from the card to generate a session key (should match card session key).
                    6. Host verifies the MAC received from the card using the two nonces and session key.
                    7. Generate a different MAC using the same data and key but opposite order when combining nonces.
                    8. Send MAC to the card to prove that the host has the same key. The card verifies this MAC.

                    After this you have proven that both sides have the same session key based on a shared secret. You can use the session key to encrypt the commands sent to the card.

                    - Shane
                    • 7. Re: Card Example with AES Usage
                      Thank you SO much shane!!!

                      I will try this out!