Hello,
I think I gave the wrong impression when I discussed channel management.
I don't feel that ISO's 4 channel channel management is a solution by any
means nor do I feel that PIN caching is a good solution.
I would like to see a new kind of channel management where the card is sent
a command to establish a connection and receive a handle for a particular
application. The card would do a key exchange with the application and the
card and application/card driver would share this secret key as a handle.
This key would be used to encrypt commands to the card and decrypt
responses and to also send a symmetric digital signature of each command
for verification. The card would be responsible for checking this
symmetric digital signature and use that channel to establish state again
such as file pointers, authentication, etc.
I see it working like this:
Application -----------------------> Card
new command on the card 'Establish Channel'
performs a key exchange using mental poker or something.
This key is used as a session key for the card to manage state
of this particular application. The key is not sent with each command
but rather is used to encrypt the commands being sent to the card. The
card will verify the sender by checking a trailer set of bytes that are
encrypted using the session key. These trailer set of bytes could be a
pre-established number that identifies the application. I haven't worked
out the details here yet but it would be nice if this changes to a
predictable result by the other party in the transaction like this:
100440033 ----->
203030033 <-----
and so on. This would be encrypted by the session key and verified at
either the host or card level.
Here might be the packet
[Header] [Encrypted APDU] [Digital Signature] [Checksum]
The nice part is that all transactions to the card have a sort of VPN to
the application. Still this is not 100% possible in a non-trusted OS. We
must assume that someone at the kernel level exists and can trace around
memory to guess these session keys.
In this realm there is no PIN caching - the card manages state by verifying
a digital signature and changes it's file pointers and current state of
authentication accordingly.
This by no means exists now and would require a bit of work. Let me know
if you think this is far fetched.
Best Regards,
Dave
David Corcoran Purdue University
1008 Cherry Lane
West Lafayette, IN 47906
[EMAIL PROTECTED]
765 - 427 - 5147 http://www.linuxnet.com
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
