`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`GlobalPlatform
`
`
`
`__________________________
`Card Specification
`Version 2.1.1
`March 2003
`
`
`Recipients of this document are invited to submit, with their comments, notification of any relevant
`patent rights or other intellectual property rights of which they may be aware which might be infringed
`by the implementation of the specification set forth in this document, and to provide supporting
`documentation.
`
`IPR2022-00413
`Apple EX1006 Page 1
`
`
`
`IPR2022-00413
`Apple EX1006 Page 2
`
`IPR2022-00413
`Apple EX1006 Page 2
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`Table of Contents
`
`3
`
`1. INTRODUCTION.....................................................................................................................................16
`
`1.1
`
`1.2
`
`1.3
`
`1.4
`
`Audience .........................................................................................................................................................16
`
`Normative References ...................................................................................................................................17
`
`Terminology and Definitions ........................................................................................................................17
`
`Abbreviations and Notations ........................................................................................................................20
`
`Revisions History ...........................................................................................................................................21
`1.5
`1.5.1
`Open Platform Card Specification v2.0 to Open Platform Card Specification v2.0.1.............................21
`1.5.2 Major Adjustments in GlobalPlatform Card Specification V2.1 .............................................................22
`1.5.3
`Revisions in GlobalPlatform Card Specification V2.1.1 .........................................................................24
`
`2. SYSTEM ARCHITECTURE....................................................................................................................27
`
`3. CARD ARCHITECTURE ........................................................................................................................28
`
`3.1
`
`Runtime Environment...................................................................................................................................29
`
`Card Manager................................................................................................................................................29
`3.2
`3.2.1
`GlobalPlatform Environment (OPEN).....................................................................................................29
`3.2.2
`Issuer Security Domain............................................................................................................................30
`3.2.3
`Cardholder Verification Management .....................................................................................................30
`
`3.3
`
`Security Domains...........................................................................................................................................30
`
`3.4 GlobalPlatform API.......................................................................................................................................30
`
`3.5
`
`Card Content..................................................................................................................................................31
`
`4. SECURITY ARCHITECTURE ................................................................................................................32
`
`4.1 Goals ...............................................................................................................................................................32
`
`Security Responsibilities ...............................................................................................................................33
`4.2
`4.2.1
`Card Issuer's Security Responsibilities ....................................................................................................33
`4.2.2
`Application Provider's Security Responsibilities.....................................................................................33
`4.2.3
`Controlling Authority's Security Responsibilities....................................................................................33
`4.2.4
`On-Card Components' Security Requirements ........................................................................................34
`4.2.5
`Back-End System Security Requirements ...............................................................................................35
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00413
`Apple EX1006 Page 3
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`4
`Cryptographic support..................................................................................................................................36
`4.3
`4.3.1
`Integrity and Authentication for Card Content Management...................................................................36
`4.3.2
`Secure Communication............................................................................................................................37
`
`5. LIFE CYCLE MODELS...........................................................................................................................39
`
`Card Life Cycle..............................................................................................................................................39
`5.1
`5.1.1
`Card Life Cycle States .............................................................................................................................39
`5.1.2
`Card Life Cycle Transitions.....................................................................................................................42
`
`Executable Load File/ Executable Module Life Cycle................................................................................43
`5.2
`5.2.1
`Executable Load File Life Cycle .............................................................................................................43
`5.2.2
`Executable Module Life Cycle ................................................................................................................43
`
`Application and Security Domain Life Cycle..............................................................................................43
`5.3
`5.3.1
`Application Life Cycle States ..................................................................................................................44
`5.3.2
`Security Domain Life Cycle States..........................................................................................................47
`
`5.4
`
`Sample Life Cycle Illustration......................................................................................................................49
`
`6. CARD MANAGER ..................................................................................................................................51
`
`Card Manager Overview ..............................................................................................................................51
`6.1
`6.1.1
`OPEN.......................................................................................................................................................51
`6.1.2
`Issuer Security Domain............................................................................................................................53
`6.1.3
`CVM Handler ..........................................................................................................................................53
`
`Card Manager Services.................................................................................................................................53
`6.2
`6.2.1
`Application Access to OPEN Services ....................................................................................................53
`6.2.2
`Application Access to CVM Services......................................................................................................54
`6.2.3
`Application Access to Issuer Security Domain Services .........................................................................54
`6.2.4
`Issuer Security Domain Access to Applications ......................................................................................55
`
`Command Dispatch .......................................................................................................................................55
`6.3
`6.3.1
`Basic Logical Channel.............................................................................................................................56
`6.3.2
`Supplementary Logical Channel..............................................................................................................59
`
`Card Content Management ..........................................................................................................................62
`6.4
`6.4.1
`Card Content Loading and Installation ....................................................................................................62
`6.4.2
`Content Removal .....................................................................................................................................67
`6.4.3
`Content Extradition..................................................................................................................................70
`
`6.5
`
`Delegated Management .................................................................................................................................71
`
`6.6 GlobalPlatform Registry ...............................................................................................................................72
`6.6.1
`Issuer Security Domain Data Elements Description................................................................................72
`6.6.2
`Application/Executable Load File/Executable Module Data Elements ...................................................73
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00413
`Apple EX1006 Page 4
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`5
`6.7
`Security Management....................................................................................................................................76
`6.7.1
`Application Locking ................................................................................................................................76
`6.7.2
`Card Locking ...........................................................................................................................................77
`6.7.3
`Card Termination.....................................................................................................................................78
`6.7.4
`Operational Velocity Checking................................................................................................................79
`6.7.5
`Tracing and Event Logging .....................................................................................................................80
`6.7.6
`Securing Content Loading and Installation..............................................................................................80
`
`Issuer Security Domain .................................................................................................................................81
`6.8
`6.8.1
`Issuer Identification Number ...................................................................................................................82
`6.8.2
`Card Image Number ................................................................................................................................82
`6.8.3
`Card Recognition Data.............................................................................................................................82
`6.8.4
`On-Card Key Information........................................................................................................................83
`
`CVM Management ........................................................................................................................................84
`6.9
`6.9.1
`CVM States..............................................................................................................................................84
`6.9.2
`CVM Format............................................................................................................................................85
`
`7. SECURITY DOMAINS............................................................................................................................86
`
`7.1 Overview.........................................................................................................................................................86
`
`Security Domain Services..............................................................................................................................87
`7.2
`7.2.1
`Application Access to Security Domain Services....................................................................................87
`7.2.2
`Security Domain Access to Applications.................................................................................................88
`
`7.3
`
`7.4
`
`7.5
`
`Personalization Support................................................................................................................................88
`
`Runtime Messaging Support.........................................................................................................................90
`
`DAP Verification............................................................................................................................................91
`
`Delegated Management .................................................................................................................................91
`7.6
`7.6.1
`Delegated Loading...................................................................................................................................92
`7.6.2
`Delegated Installation ..............................................................................................................................92
`7.6.3
`Delegated Extradition ..............................................................................................................................95
`7.6.4
`Delegated Deletion ..................................................................................................................................95
`
`Delegated Management Tokens and Receipts and DAP Verification .......................................................96
`7.7
`7.7.1
`Load Token..............................................................................................................................................97
`7.7.2
`Load Receipt............................................................................................................................................97
`7.7.3
`Install and Extradition Tokens.................................................................................................................98
`7.7.4
`Install Receipt ..........................................................................................................................................98
`7.7.5
`Extradition Receipt ..................................................................................................................................99
`7.7.6
`Delete Receipt..........................................................................................................................................99
`7.7.7
`Load File Data Block Hash......................................................................................................................99
`7.7.8
`Load File Data Block Signature (DAP Verification).............................................................................100
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00413
`Apple EX1006 Page 5
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`6
`8. SECURE COMMUNICATION...............................................................................................................101
`
`8.1
`
`Secure Channel ............................................................................................................................................101
`
`Explicit / Implicit Secure Channel .............................................................................................................101
`8.2
`8.2.1
`Explicit Secure Channel Initiation.........................................................................................................102
`8.2.2
`Implicit Secure Channel Initiation.........................................................................................................102
`8.2.3
`Secure Channel Termination .................................................................................................................102
`
`8.3
`
`8.4
`
`8.5
`
`8.6
`
`Direct / Indirect Handling of a Secure Channel Protocol ........................................................................102
`
`Entity Authentication ..................................................................................................................................103
`
`Secure Messaging.........................................................................................................................................103
`
`Secure Channel Protocol Identifier............................................................................................................103
`
`9. APDU COMMAND REFERENCE ........................................................................................................105
`
`9.1 General Coding Rules..................................................................................................................................106
`9.1.1
`Life Cycle Status Coding.......................................................................................................................106
`9.1.2
`Application Privileges Coding...............................................................................................................107
`9.1.3
`General Error Conditions.......................................................................................................................108
`9.1.4
`Class Byte Coding .................................................................................................................................108
`9.1.5
`APDU Command and Response Data ...................................................................................................109
`9.1.6
`Key Type Coding...................................................................................................................................109
`9.1.7
`Optional Receipts in Delegated Management Response Messages .......................................................109
`
`9.2
`
`DELETE Command ....................................................................................................................................110
`
`9.3 GET DATA Command................................................................................................................................112
`
`9.4 GET STATUS Command ...........................................................................................................................114
`
`9.5
`
`9.6
`
`INSTALL Command...................................................................................................................................118
`
`LOAD Command.........................................................................................................................................124
`
`9.7 MANAGE CHANNEL Command .............................................................................................................127
`
`9.8
`
`9.9
`
`PUT KEY Command...................................................................................................................................129
`
`SELECT Command.....................................................................................................................................133
`
`9.10 SET STATUS Command ............................................................................................................................135
`
`9.11 STORE DATA Command...........................................................................................................................137
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00413
`Apple EX1006 Page 6
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`7
`A. GLOBALPLATFORM API ...................................................................................................................140
`
`A.1 Deprecated Open Platform Java Card API...............................................................................................141
`
`A.2 GlobalPlatform on a Java Card .................................................................................................................160
`
`A.3 GlobalPlatform on Windows Powered Smart Card .................................................................................186
`
`B. ALGORITHMS (CRYPTOGRAPHIC AND HASHING)........................................................................189
`
`B.1 Data Encryption Standard (DES) ..............................................................................................................189
`B.1.1
`Encryption/Decryption...........................................................................................................................189
`B.1.2 MACing.................................................................................................................................................189
`
`B.2 Hashing Algorithms.....................................................................................................................................189
`B.2.1
`Secure Hash Algorithm (SHA-1)...........................................................................................................190
`
`B.3
`
`Public Key Cryptography Scheme 1 (PKCS#1) ........................................................................................190
`
`B.4 DES Padding ................................................................................................................................................190
`
`C. SECURE CONTENT MANAGEMENT.................................................................................................191
`
`C.1 Keys...............................................................................................................................................................191
`C.1.1
`Issuer Security Domain Keys ................................................................................................................191
`C.1.2
`Security Domain Keys...........................................................................................................................191
`
`C.2 Load File Data Block Hash .........................................................................................................................192
`
`C.3 Tokens...........................................................................................................................................................192
`C.3.1
`Load Token............................................................................................................................................192
`C.3.2
`Install Token ..........................................................................................................................................193
`C.3.3
`Extradition Token ..................................................................................................................................194
`
`C.4 Receipts.........................................................................................................................................................195
`C.4.1
`Load Receipt..........................................................................................................................................196
`C.4.2
`Install Receipt ........................................................................................................................................196
`C.4.3
`Delete Receipt........................................................................................................................................197
`C.4.4
`Extradition Receipt ................................................................................................................................197
`
`C.5 DAP Verification..........................................................................................................................................198
`C.5.1
`PKC Scheme..........................................................................................................................................198
`C.5.2
`DES Scheme ..........................................................................................................................................198
`
`D. SECURE CHANNEL PROTOCOL '01'................................................................................................199
`
`D.1
`
`Secure Communication ...............................................................................................................................199
`
`Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
`The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
`information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
`prohibited.
`
`IPR2022-00413
`Apple EX1006 Page 7
`
`
`
`GlobalPlatform Card Specification 2.1.1
`03/25/2003
`8
`SCP01 Secure Channel ..........................................................................................................................199
`D.1.1
`D.1.2 Mutual Authentication ...........................................................................................................................199
`D.1.3 Message Integrity...................................................................................................................................202
`D.1.4 Message Data Confidentiality................................................................................................................202
`D.1.5
`ICV Encryption......................................................................................................................................202
`D.1.6
`Security Level........................................................................................................................................202
`
`D.2 Cryptographic Keys.....................................................................................................................................203
`
`D.3 Cryptographic Usage...................................................................................................................................203
`D.3.1
`DES Session Keys .................................................................................................................................203
`D.3.2
`Authentication Cryptograms..................................................................................................................205
`D.3.3
`APDU Command MAC Generation and Verification ...........................................................................205
`D.3.4
`APDU Data Field Encryption and Decryption ......................................................................................207
`D.3.5
`Key Sensitive Data Encryption and Decryption ....................................................................................208
`
`Secure Channel APDU Commands............................................................................................................208
`D.4
`D.4.1
`INITIALIZE UPDATE Command ........................................................................................................209
`D.4.2
`EXTERNAL AUTHENTICATE Command .........................................................................................211
`
`E. SECURE CHANNEL PROTOCOL '02'................................................................................................213
`
`Secure Communication ...............................................................................................................................213
`E.1
`E.1.1
`SCP02 Secure Channel ..........................................................................................................................213
`E.1.2
`Entity Authentication.............................................................................................................................214
`E.1.3 Message Integrity...................................................................................................................................216
`E.1.4 Message Data Confidentiality................................................................................................................217
`E.1.5
`Security Level........................................................................................................................................217
`
`E.2 Cryptographic Keys.....................................................................................................................................218
`
`E.3 Cryptographic Algorithms..........................................................................................................................218
`E.3.1
`Cipher Block Chaining (CBC)...............................................................................................................218
`E.3.2 Message Integrity ICV using Explicit Secure Channel Initiation ..........................................................218
`E.3.3 Message Integrity ICV using Implicit Secure Channel Initiation ..........................................................219
`E.3.4
`ICV Encryption......................................................................................................................................219
`
`E.4 Cryptographic Usage...................................................................................................................................219
`E.4.1
`DES Session Keys .................................................................................................................................219
`E.4.2
`Authentication Cryptograms in Explicit Secure Channel Initiation.......................................................220
`E.4.3
`Authentication Cryptogram in Implicit Secure Channel Initiation ........................................................220
`E.4.4
`APDU Command C-MAC Generation and Verification .......................................................................221
`E.4.5
`APDU Response R-MAC Generation and Verification.........................................................................223
`E.4.6
`APDU Command Data Field Encryption and Decryption.....................................................................224
`E.4.7
`Sensitive Data Encryption and Decryption............................................................................................225
`
`E.5
`
`Secure Channel APDU Commands..
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
