3 Replies Latest reply: May 8, 2012 10:04 AM by 893199 RSS

    SCP 02 Protocol

    934613
      If I had installed a Security Domain with SCP02 protocol having identifier 15 & 55 i.e (81 02 0215 , 81 02 0255)than which will be used means either scp 02 protocol with variant 15 is used or scp 02 protocol with identifier 55 will be used .

      I would also like to know how i can test this.

      Thanks,
      Udit
        • 1. Re: SCP 02 Protocol
          safarmer
          Hi,

          Look at Appendix F.3 - Security Domain Management Data from GP Card Spec 2.1.1. The response to select will give you the information you need.

          Shane

          Edited by: safarmer on 7/05/2012 19:30 - the second suggestion is not as easy to verify (and may have been misleading) so it was removed.
          • 2. Re: SCP 02 Protocol
            801926
            SCP02 option i=15 is saying 'use any random number', can be true random, pseudo or even a constant. Option i=55 is more specific and defines a pseudo random, which is calculated using the session MAC key on the AID of the currently selected Security Domain. As such it's not predictable if the master key is now known.

            You can verify only option i=55 by checking if you really can pre-compute the random returned by the card. Option i=15 can be the same as i=55 or something different. Here you need to check the documentation of the card.
            • 3. Re: SCP 02 Protocol
              893199
              One card I've seen returns '15' even though it actually implements '55' because of backwards compatibility. E.g. You can treat '55' as '15' without having to change anything.