Summary

Work on EMV perso scripts recently, summarize a few points include Initialize Update, External Authenticate, Store Data.
For some detail data, can refer to my another blog entry GP(Global Platform) External authentication and MAC sending APDU.

INITIALIZE UPDATE

Initialize Update is used to begin the authentication with the applet or Card Manager. Data in will be the host challenge.

CLA	INS	P1	P2	Lc	Data in	Le
80h	50h	Ker Set Version	00h	08h	Host Challenge	00h

Response data is as below,

Field	Length(bytes)
Key Diversification Data	10
Key Set Version (01-7Fh) or FFh	1
SCP ID (02h)	1
Sequence Counter	2
Card Challenge	6
Card Cryptogram	8

example as below,

<< 80500000080000000000000000
>> 611C
<< 00C000001C
>> 0000507101046E6C8B70FF0200072503683B31FAB7F4E8D8857D0CB4

The host challenge data and response data will be used for external authentication.

EXTERNAL AUTHENTICATE

The External Authentication command authenticates the host to the current applet and open a secure channel to communicate to card. The command will include the security level.

Field	Content	Length
CLA	‘84’	1
INS	‘82’	1
P1	Security Level(see below table)	1
CLA	‘00’	1
CLA	‘10’	1
CLA	Host Cryptogram	8
CLA	C-MAC	8

Security level P1,

b8	b7	b6	b5	b4	b3	b2	b1	Description
0	0	0	0	0	0	1	1	Encryption and MAC
0	0	0	0	0	0	0	1	MAC
0	0	0	0	0	0	0	0	No Security

Session Keys

Session Key	IC Card Key	Derivation Data
$SKU_{ENC}$	$K_{ENC}$	‘0182’|| sequence counter || ‘000000000000000000000000’
$SKU_{MAC}$	$K_{MAC}$	‘0101’|| sequence counter || ‘000000000000000000000000’
$SKU_{DEK}$	$K_{DEK}$	‘0181’|| sequence counter || ‘000000000000000000000000’

Continue with the first example, External Authentication command,

Random Data: 0000000000000000
ENC: 404142434445464748494A4B4C4D4E4F
MAC: 404142434445464748494A4B4C4D4E4F
DEK: 404142434445464748494A4B4C4D4E4F
Session ENC: A2268F71917EFE0F33CC6166E1154E27
Session MAC: 7A227D376A9DBE23AB50B7DCB45B2093
Session DEK: F39FCFB2383B09578723B8C2E03B2729
<< 848201001080F1BB4686D30DF9A0B8829AF3E87A16
>> 9000

STORE DATA

The STORE DATA command is used to personalize the EMV applications. Multiple DGI(Data Grouping Identifier) may be sent in one STORE DATA command.
STORE DATA Command Coding

Field	Content	Length
CLA	‘84’ or ‘84’	1
INS	‘E2’	1
P1	See below table	1
P2	Sequence Number	1
Lc	Length of Command data	1 or 3
$DGI_1$	Identifier of first data grouping	2
$Length_1$	Length of first data grouping	1 or 3
$Data_1$	First data to be stored	var.
$DGI_n$	Identifier of n’th data to be stored	2
$Length_n$	Length of n’th data grouping	1 or 3
$Data_n$	n’th data to be stored	var.
C-MAC	Present if CLS = ‘84’	0 or 8

Coding of P1 in STORE DATA COMMAND

b8	b7	b6	b5-b1	Meaning
x				Last STORE DATA command indicator
1				Last STORE DATA command
0				Not the last STORE DATA command
	x	x		Encryption indicators:
	1	1		All DGI encrypted under $SKU_{DEK}$, session DEK, DES ECB algorithm
	0	0		No DGI is encrypted
	0	0		Application dependent
	1	0		RFU
			xxxxx	RFU

DGI: 8201
Length: 48 
Original Data: 588C13E98E5294BE0161E432F8B0E77A208D8AAC95A7D8091099AFEC687A72A59C0CB179A327DFB044F0BFAA21D6232E0C29C99BBAD8A735B3952007F49DF43C8000000000000000 
Session DEK: 33C1D105492068CD86923711B29E6475
Encrypted: 6CF8E1732DE31C85318AB1549978C5D9D67C2CDE8668A4AEBFB36D2C766874B09D968A3DE64E0CE5C53A10F56B2818F4097804BCE8C27C4F9A6993B09C86D4FCC5D7FA98C3AEB6BE
<< 80E2600D4B8201486CF8E1732DE31C85318AB1549978C5D9D67C2CDE8668A4AEBFB36D2C766874B09D968A3DE64E0CE5C53A10F56B2818F4097804BCE8C27C4F9A6993B09C86D4FCC5D7FA98C3AEB6BE
>> 9000

C-MAC Command

If CLA = ‘84’, it will require to calculate the C-MAC and append to the end of the APDU command. The calculation will be using the session MAC key generated at the External Authentication step, and the IV will be using the C-MAC value generated in last C-MAC computing. Refer to my another blog entry for detail, GP(Global Platform) External authentication and MAC sending APDU.
Example:

Session MAC Key: 7A227D376A9DBE23AB50B7DCB45B2093
IV: A0B8829AF3E87A16 
<< 84E60C002C06A0000000031607A00000000316500E315041592E5359532E4444463031011002C900007CC1FECDA12AA91E
>> 6101
<< 00C0000001
>> 00
>> 9000 

Reference

1,Blog Entry: GP(Global Platform) External authentication and MAC sending APDU
2, EMV Card Personalization Specification
3, GlobalPlatform Card Specification Version 2.2 March 2006

---