在Cammon Criteria标准的第二部分中,有一个名为FTP的类。在智能卡和Java卡的安全目标中,提到卡必须满足这些要求。下面您可以看到我的 JCOP v2.4.2 r3 智能卡的此类的两个元素:
6.1.9.10 FTP_ITC.1/CM Inter-TSF trusted channel
- FTP_ITC.1.1/CM :
The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification or disclosure.
- FTP_ITC.1.2/CM : [Editorially Refined]
The TSF shall permit the CAD placed in the card issuer secured environment to initiate communication via the trusted channel.
- FTP_ITC.1.3/CM
The TSF shall initiate communication via the trusted channel for loading/installing a new application package on the card. Application note: There is no dynamic package loading on the Java Card platform. New packages can be installed on the card only on demand of the card issuer.
6.1.14.2 FTP_ITC.1/ LifeCycle Inter-TSF Trusted Channel
- FTP_ITC.1.1/LifeCycle :
The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification or disclosure.
- FTP_ITC.1.2/ LifeCycle :
The TSF shall permit [assignment: another trusted IT product] to initiate communication via the trusted channel.
- FTP_ITC.1.3/ LifeCycle :
The TSF shall initiate communication via the trusted channel for [assignment: setting the Card Life Cycle State and setting the OS Internal Life Cycle State].
问题是我如何测试该卡是否满足这些要求?在向卡发送和接收 APDU 时使用加密方法,是否满足该方法的证明?
我可以以加密形式向卡发送 APDU 吗?我的意思是,我可以以加密形式而不是普通形式(= 00a40400 ...)向卡发送 SELECT APDU 命令吗?是否可以?
最佳答案
如果您不是该卡的制造商,则无需证明该要求。您只需要索取认证报告即可。当然,您可能仍然需要遵守特定应用程序的保护配置文件/安全目标。在这种情况下,您必须确保遵守之前制定的上述规则。可以对此进行审查和审核(如果保护级别足够高)。
如果您有全局平台 key ,则可以将加密的 APDU 发送到卡。然后,您可以通过 GP 安全通道使用 STORE DATA 来个性化卡上的应用程序(小程序)。当然,这种情况下的小程序必须已编程为使用卡上 GP API 解包 APDU。然而,按名称选择是由卡运行时拾取的,并且应该以纯文本形式发送。
关于smartcard - 通用标准(FTP 类)的智能卡和安全通道要求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28210009/