`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`GlobalPlatform
`
`
`
`__________________________
`Card Specification
`Version 2.1.1
`March 2003
`
`
`Recipients of this document are invited to submit, with their comments, notification of any relevant
`patent rights or other intellectual property rights of which they may be aware which might be infringed
`by the implementation of the specification set forth in this document, and to provide supporting
`documentation.
`
`IPR2022-00412
`Apple EX1006 Page 1
`
`
`
`IPR2022-00412
`Apple EX1006 Page 2
`
`IPR2022-00412
`Apple EX1006 Page 2
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`Table of Contents
`
`3
`
`1. INTRODUCTION.....................................................................................................................................16
`
`1.1
`
`1.2
`
`1.3
`
`1.4
`
`Audience .........................................................................................................................................................16
`
`Normative References ...................................................................................................................................17
`
`Terminology and Definitions ........................................................................................................................17
`
`Abbreviations and Notations ........................................................................................................................20
`
`Revisions History ...........................................................................................................................................21
`1.5
`1.5.1
`Open Platform Card Specification v2.0 to Open Platform Card Specification v2.0.1.............................21
`1.5.2 Major Adjustments in GlobalPlatform Card Specification V2.1 .............................................................22
`1.5.3
`Revisions in GlobalPlatform Card Specification V2.1.1 .........................................................................24
`
`2. SYSTEM ARCHITECTURE....................................................................................................................27
`
`3. CARD ARCHITECTURE ........................................................................................................................28
`
`3.1
`
`Runtime Environment...................................................................................................................................29
`
`Card Manager................................................................................................................................................29
`3.2
`3.2.1
`GlobalPlatform Environment (OPEN).....................................................................................................29
`3.2.2
`Issuer Security Domain............................................................................................................................30
`3.2.3
`Cardholder Verification Management .....................................................................................................30
`
`3.3
`
`Security Domains...........................................................................................................................................30
`
`3.4 GlobalPlatform API.......................................................................................................................................30
`
`3.5
`
`Card Content..................................................................................................................................................31
`
`4. SECURITY ARCHITECTURE ................................................................................................................32
`
`4.1 Goals ...............................................................................................................................................................32
`
`Security Responsibilities ...............................................................................................................................33
`4.2
`4.2.1
`Card Issuer's Security Responsibilities ....................................................................................................33
`4.2.2
`Application Provider's Security Responsibilities.....................................................................................33
`4.2.3
`Controlling Authority's Security Responsibilities....................................................................................33
`4.2.4
`On-Card Components' Security Requirements ........................................................................................34
`4.2.5
`Back-End System Security Requirements ...............................................................................................35
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00412
`Apple EX1006 Page 3
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`4
`Cryptographic support..................................................................................................................................36
`4.3
`4.3.1
`Integrity and Authentication for Card Content Management...................................................................36
`4.3.2
`Secure Communication............................................................................................................................37
`
`5. LIFE CYCLE MODELS...........................................................................................................................39
`
`Card Life Cycle..............................................................................................................................................39
`5.1
`5.1.1
`Card Life Cycle States .............................................................................................................................39
`5.1.2
`Card Life Cycle Transitions.....................................................................................................................42
`
`Executable Load File/ Executable Module Life Cycle................................................................................43
`5.2
`5.2.1
`Executable Load File Life Cycle .............................................................................................................43
`5.2.2
`Executable Module Life Cycle ................................................................................................................43
`
`Application and Security Domain Life Cycle..............................................................................................43
`5.3
`5.3.1
`Application Life Cycle States ..................................................................................................................44
`5.3.2
`Security Domain Life Cycle States..........................................................................................................47
`
`5.4
`
`Sample Life Cycle Illustration......................................................................................................................49
`
`6. CARD MANAGER ..................................................................................................................................51
`
`Card Manager Overview ..............................................................................................................................51
`6.1
`6.1.1
`OPEN.......................................................................................................................................................51
`6.1.2
`Issuer Security Domain............................................................................................................................53
`6.1.3
`CVM Handler ..........................................................................................................................................53
`
`Card Manager Services.................................................................................................................................53
`6.2
`6.2.1
`Application Access to OPEN Services ....................................................................................................53
`6.2.2
`Application Access to CVM Services......................................................................................................54
`6.2.3
`Application Access to Issuer Security Domain Services .........................................................................54
`6.2.4
`Issuer Security Domain Access to Applications ......................................................................................55
`
`Command Dispatch .......................................................................................................................................55
`6.3
`6.3.1
`Basic Logical Channel.............................................................................................................................56
`6.3.2
`Supplementary Logical Channel..............................................................................................................59
`
`Card Content Management ..........................................................................................................................62
`6.4
`6.4.1
`Card Content Loading and Installation ....................................................................................................62
`6.4.2
`Content Removal .....................................................................................................................................67
`6.4.3
`Content Extradition..................................................................................................................................70
`
`6.5
`
`Delegated Management .................................................................................................................................71
`
`6.6 GlobalPlatform Registry ...............................................................................................................................72
`6.6.1
`Issuer Security Domain Data Elements Description................................................................................72
`6.6.2
`Application/Executable Load File/Executable Module Data Elements ...................................................73
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00412
`Apple EX1006 Page 4
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`5
`6.7
`Security Management....................................................................................................................................76
`6.7.1
`Application Locking ................................................................................................................................76
`6.7.2
`Card Locking ...........................................................................................................................................77
`6.7.3
`Card Termination.....................................................................................................................................78
`6.7.4
`Operational Velocity Checking................................................................................................................79
`6.7.5
`Tracing and Event Logging .....................................................................................................................80
`6.7.6
`Securing Content Loading and Installation..............................................................................................80
`
`Issuer Security Domain .................................................................................................................................81
`6.8
`6.8.1
`Issuer Identification Number ...................................................................................................................82
`6.8.2
`Card Image Number ................................................................................................................................82
`6.8.3
`Card Recognition Data.............................................................................................................................82
`6.8.4
`On-Card Key Information........................................................................................................................83
`
`CVM Management ........................................................................................................................................84
`6.9
`6.9.1
`CVM States..............................................................................................................................................84
`6.9.2
`CVM Format............................................................................................................................................85
`
`7. SECURITY DOMAINS............................................................................................................................86
`
`7.1 Overview.........................................................................................................................................................86
`
`Security Domain Services..............................................................................................................................87
`7.2
`7.2.1
`Application Access to Security Domain Services....................................................................................87
`7.2.2
`Security Domain Access to Applications.................................................................................................88
`
`7.3
`
`7.4
`
`7.5
`
`Personalization Support................................................................................................................................88
`
`Runtime Messaging Support.........................................................................................................................90
`
`DAP Verification............................................................................................................................................91
`
`Delegated Management .................................................................................................................................91
`7.6
`7.6.1
`Delegated Loading...................................................................................................................................92
`7.6.2
`Delegated Installation ..............................................................................................................................92
`7.6.3
`Delegated Extradition ..............................................................................................................................95
`7.6.4
`Delegated Deletion ..................................................................................................................................95
`
`Delegated Management Tokens and Receipts and DAP Verification .......................................................96
`7.7
`7.7.1
`Load Token..............................................................................................................................................97
`7.7.2
`Load Receipt............................................................................................................................................97
`7.7.3
`Install and Extradition Tokens.................................................................................................................98
`7.7.4
`Install Receipt ..........................................................................................................................................98
`7.7.5
`Extradition Receipt ..................................................................................................................................99
`7.7.6
`Delete Receipt..........................................................................................................................................99
`7.7.7
`Load File Data Block Hash......................................................................................................................99
`7.7.8
`Load File Data Block Signature (DAP Verification).............................................................................100
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00412
`Apple EX1006 Page 5
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`6
`8. SECURE COMMUNICATION...............................................................................................................101
`
`8.1
`
`Secure Channel ............................................................................................................................................101
`
`Explicit / Implicit Secure Channel .............................................................................................................101
`8.2
`8.2.1
`Explicit Secure Channel Initiation.........................................................................................................102
`8.2.2
`Implicit Secure Channel Initiation.........................................................................................................102
`8.2.3
`Secure Channel Termination .................................................................................................................102
`
`8.3
`
`8.4
`
`8.5
`
`8.6
`
`Direct / Indirect Handling of a Secure Channel Protocol ........................................................................102
`
`Entity Authentication ..................................................................................................................................103
`
`Secure Messaging.........................................................................................................................................103
`
`Secure Channel Protocol Identifier............................................................................................................103
`
`9. APDU COMMAND REFERENCE ........................................................................................................105
`
`9.1 General Coding Rules..................................................................................................................................106
`9.1.1
`Life Cycle Status Coding.......................................................................................................................106
`9.1.2
`Application Privileges Coding...............................................................................................................107
`9.1.3
`General Error Conditions.......................................................................................................................108
`9.1.4
`Class Byte Coding .................................................................................................................................108
`9.1.5
`APDU Command and Response Data ...................................................................................................109
`9.1.6
`Key Type Coding...................................................................................................................................109
`9.1.7
`Optional Receipts in Delegated Management Response Messages .......................................................109
`
`9.2
`
`DELETE Command ....................................................................................................................................110
`
`9.3 GET DATA Command................................................................................................................................112
`
`9.4 GET STATUS Command ...........................................................................................................................114
`
`9.5
`
`9.6
`
`INSTALL Command...................................................................................................................................118
`
`LOAD Command.........................................................................................................................................124
`
`9.7 MANAGE CHANNEL Command .............................................................................................................127
`
`9.8
`
`9.9
`
`PUT KEY Command...................................................................................................................................129
`
`SELECT Command.....................................................................................................................................133
`
`9.10 SET STATUS Command ............................................................................................................................135
`
`9.11 STORE DATA Command...........................................................................................................................137
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00412
`Apple EX1006 Page 6
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`7
`A. GLOBALPLATFORM API ...................................................................................................................140
`
`A.1 Deprecated Open Platform Java Card API...............................................................................................141
`
`A.2 GlobalPlatform on a Java Card .................................................................................................................160
`
`A.3 GlobalPlatform on Windows Powered Smart Card .................................................................................186
`
`B. ALGORITHMS (CRYPTOGRAPHIC AND HASHING)........................................................................189
`
`B.1 Data Encryption Standard (DES) ..............................................................................................................189
`B.1.1
`Encryption/Decryption...........................................................................................................................189
`B.1.2 MACing.................................................................................................................................................189
`
`B.2 Hashing Algorithms.....................................................................................................................................189
`B.2.1
`Secure Hash Algorithm (SHA-1)...........................................................................................................190
`
`B.3
`
`Public Key Cryptography Scheme 1 (PKCS#1) ........................................................................................190
`
`B.4 DES Padding ................................................................................................................................................190
`
`C. SECURE CONTENT MANAGEMENT.................................................................................................191
`
`C.1 Keys...............................................................................................................................................................191
`C.1.1
`Issuer Security Domain Keys ................................................................................................................191
`C.1.2
`Security Domain Keys...........................................................................................................................191
`
`C.2 Load File Data Block Hash .........................................................................................................................192
`
`C.3 Tokens...........................................................................................................................................................192
`C.3.1
`Load Token............................................................................................................................................192
`C.3.2
`Install Token ..........................................................................................................................................193
`C.3.3
`Extradition Token ..................................................................................................................................194
`
`C.4 Receipts.........................................................................................................................................................195
`C.4.1
`Load Receipt..........................................................................................................................................196
`C.4.2
`Install Receipt ........................................................................................................................................196
`C.4.3
`Delete Receipt........................................................................................................................................197
`C.4.4
`Extradition Receipt ................................................................................................................................197
`
`C.5 DAP Verification..........................................................................................................................................198
`C.5.1
`PKC Scheme..........................................................................................................................................198
`C.5.2
`DES Scheme ..........................................................................................................................................198
`
`D. SECURE CHANNEL PROTOCOL '01'................................................................................................199
`
`D.1
`
`Secure Communication ...............................................................................................................................199
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00412
`Apple EX1006 Page 7
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`8
`SCP01 Secure Channel ..........................................................................................................................199
`D.1.1
`D.1.2 Mutual Authentication ...........................................................................................................................199
`D.1.3 Message Integrity...................................................................................................................................202
`D.1.4 Message Data Confidentiality................................................................................................................202
`D.1.5
`ICV Encryption......................................................................................................................................202
`D.1.6
`Security Level........................................................................................................................................202
`
`D.2 Cryptographic Keys.....................................................................................................................................203
`
`D.3 Cryptographic Usage...................................................................................................................................203
`D.3.1
`DES Session Keys .................................................................................................................................203
`D.3.2
`Authentication Cryptograms..................................................................................................................205
`D.3.3
`APDU Command MAC Generation and Verification ...........................................................................205
`D.3.4
`APDU Data Field Encryption and Decryption ......................................................................................207
`D.3.5
`Key Sensitive Data Encryption and Decryption ....................................................................................208
`
`Secure Channel APDU Commands............................................................................................................208
`D.4
`D.4.1
`INITIALIZE UPDATE Command ........................................................................................................209
`D.4.2
`EXTERNAL AUTHENTICATE Command .........................................................................................211
`
`E. SECURE CHANNEL PROTOCOL '02'................................................................................................213
`
`Secure Communication ...............................................................................................................................213
`E.1
`E.1.1
`SCP02 Secure Channel ..........................................................................................................................213
`E.1.2
`Entity Authentication.............................................................................................................................214
`E.1.3 Message Integrity...................................................................................................................................216
`E.1.4 Message Data Confidentiality................................................................................................................217
`E.1.5
`Security Level........................................................................................................................................217
`
`E.2 Cryptographic Keys.....................................................................................................................................218
`
`E.3 Cryptographic Algorithms..........................................................................................................................218
`E.3.1
`Cipher Block Chaining (CBC)...............................................................................................................218
`E.3.2 Message Integrity ICV using Explicit Secure Channel Initiation ..........................................................218
`E.3.3 Message Integrity ICV using Implicit Secure Channel Initiation ..........................................................219
`E.3.4
`ICV Encryption......................................................................................................................................219
`
`E.4 Cryptographic Usage...................................................................................................................................219
`E.4.1
`DES Session Keys .................................................................................................................................219
`E.4.2
`Authentication Cryptograms in Explicit Secure Channel Initiation.......................................................220
`E.4.3
`Authentication Cryptogram in Implicit Secure Channel Initiation ........................................................220
`E.4.4
`APDU Command C-MAC Generation and Verification .......................................................................221
`E.4.5
`APDU Response R-MAC Generation and Verification.........................................................................223
`E.4.6
`APDU Command Data Field Encryption and Decryption.....................................................................224
`E.4.7
`Sensitive Data Encryption and Decryption............................................................................................225
`
`E.5
`
`Secure Channel APDU Commands..