1. Preface Non-contact smart cards have been widely used in various types of access control systems, public transportation payment systems, e-purse systems, highway toll collection systems, IBMS (Intelligent Building Management System), customs transit identification, and medical care. Insurance system and more.
The contactless smart card has been widely used for its high security and confidentiality, high speed communication, ease of use, and low cost, which has greatly improved our quality of life. Therefore, how to recognize and understand smart cards, especially contactless smart cards with very mysterious colors, has caused great interest and hobbies for many smart card users, including IT researchers who are professionally developed by smart cards. I am very willing to exchange and share my experience in smart card (contact smart card and contactless smart card) and software and hardware application development with you for many years to achieve further development of China's gold card engineering business. development of.
Here, I will use the Mifare1S50 series of contactless smart cards and their read/write device-specific IC (ASIC) RC150/170 modules that conform to the ISO/IEC14443TYPEA standard, and I will work with you about "contactless smart cards and their readers." The ASIC module's 'password operation' is used for some research and discussion, and the actual Intel-51 series microprocessor assembly language will be used for practical application development. Among the many smart card projects that the author has designed and developed, the applications given in this article have a good running effect.
2, contactless smart card and its reader ASIC module RC150/170
The Mifare1S50 contactless smart card has 16 sectors; each sector contains 4 blocks; each block has a storage capacity of 16 bytes. Sector is defined as Sector0 to Sector15; Block is divided into Block0 to Block3; the entire Mifare1S50 contactless smart card has 64 blocks.
Block0 in Sector0 records the serial number (SerialNumber) of the smart card and the manufacturer's logo information. The information has been solidified when the card is shipped and cannot be changed. Therefore, the block can no longer be reused as an application data block.
Block3 in each Sector is specially used to store passwords and access rights for data access to the application blocks Block0, 1, 2 and its own Block3 in the Sector. The entire Mifare1S50 contactless smart card has a total of 16 Block3s. According to absolute address addressing, they can be programmed as Block3 (in Sector0), Block7 (in Sector1), Block11 (in Sector2), and Block63 (in Sector15) and so on.
The absolute address addressing for Block3 in a Sector can be calculated by the following formula:
Block X=(N+1)*4-1
Where: X: block number of the address addressed by the absolute address N: Sector fan number, 0 to 15
Usually, each sector's Block0, 1, and 2 stores very confidential data, such as the amount of money that has been purchased at the bus company's designated location before the bus/taxi, and the control required for the smart building/smart community to enter and exit. Information, stock trading when holding a stock trading smart card must confirm the transaction password data (such as account, deposit information, purchased stock quantity / variety, etc.) already stored in the smart card, in order to be able to trade stocks, etc. .
Since each block 3 contains the cipher byte of the sector and the access control privilege byte for data processing of the remaining blocks 0, 1, 2 in the sector, how to handle Block 3 will be very important. The following will expand the study of Block3 for each sector.
Block3 consists of 16 bytes. The first 6 bytes are password A (KEYA), the default value of KEYA may be “A0A1A2A3A4A5â€; the last 6 bytes are password B (KEYB), the default value of KEYB may be “B0B1B2B3B4B5â€; the middle 4 words The section is the control byte. The default value may be "FFH07H80H69H". By using KEYA or KEYB and obeying the access conditions already defined in the 4 control bytes, we can use the corresponding sector of the password (KEYA or KEYB). The application block Block0, 1, 2 within the data performs operations such as data read/write/update.
Since the operation of the contactless smart card, including the transfer of the data stream, is done in a "contactless" manner, there must be an intermediate medium between the MCU and the contactless smart card to pass the password (or data stream). That is, the ASIC module. The RC150/170 is such an ASIC module. It is responsible for the important task of transferring all passwords/data between the contactless smart card and the MCU (microprocessor). The cryptographic operation of the contactless smart card becomes the cryptographic operation of the RC150/170 ASIC module. The information transfer between the RC150/170 ASIC module and the contactless smart card (including passwords, etc.) is transparent to the user and is automatically transferred and completed. So how to perform a "password operation" (operation on Block3) on a contactless smart card becomes how to perform cryptographic operations on the RC150/170 ASIC module. Philips' MCM200 module, MCM500 module or SB201, SB601 (product of Uni-Vision Engineering Ltd.) modules contain RC150/170 ASIC modules, so the content discussed in this article, including the programs designed below, also applies to these modules. The RC170 is a new generation of ASIC modules for the RC150, which is faster.
Most of the contactless smart card readers and devices we use today include one of the ASIC modules listed above.
Figure 1 shows the basic cipher transfer relationship between the user (MCU) and the contactless smart card, and pay special attention to the role of the ASIC module RC150/170 and so on.
Where MSB ("A/L" bit) is set to "0", it means that the "state" of the current "password operation" is "LOAD_KEY"; if it is set to "1", then The current status of "Password Operation" is "AUTHENTICATION".
The last 2 bits: KS0KS1 is the choice of the cipher set keyset. There are 3 sets of keysets and a transport key (TransportKey) in the ASIC. Setting the value of KS0, KS1 is actually a different memory unit (password box) that stores the password inside the ASIC module. If "LOAD_KEY" (password access) is used with keyset0, then "AUTHENTICATION" can only use keyset0, not keyset1 or keyset2 or others, because the cryptographic memory address unit specified by keyset0 in the ASIC module The cryptographic memory address unit specified by keyset1 or keyset2 is a different unit. This is like going to the supermarket to shop. Before entering the supermarket, you will store your parcel in the parcel box A in front of the supermarket, and get the (opening) password note with the parcel box A open; when you want to retrieve the parcel When you take the (opening) password strip of parcel box A and open the box door of parcel box B or C, of ​​course you can't open it, because your address (box number) is wrong, of course, your parcel can't be obtained. This is an error in the authentication of the password. There are similarities in ASICs. If "LOAD_KEY" (password access) uses keyset0 and stores the password, and in "AUTHENTICATION" (key authentication), use keyset1 or keyset2 or other to verify the password just stored, of course, the ASIC module will return The authentication error ("AE=1").
When KS1KS0=“00â€, choose to use keyset0;
When KS1KS0=“01â€, choose to use keyset1;
When KS1KS0=“10â€, choose to use keyset2;
When KS1KS0 = "11", choose to use the transport password (TransportKey).
The following is the procedure to set the password status / control register KeyStatus & ControlRegister (KEYSTACON):
SETUP_KEYSTACON:
MOV 7EH, #00000000B; Select to use keyset0 and indicate "LOAD_KEY"
MOV A, 7EH ; 7EH unit stores the value of setting KEYSTACON MOV R0, #0BH; KEYSTACON register address is 0Bh
OVX @R0,A ;Set KEYSTACON register If we want to choose to use keyset2, we can set the 7EH unit to #00000010b(0x02), namely:
MOV 7EH, #00000010B
3.1.3 Setting the Password Address Register KeyAddressRegister (Register Address: 0x0C)
After successfully setting the password status/control register (KEYSTACON), the password address register KeyAddressRegister must be set immediately, but the password data register KeyDataRegister cannot be set or other settings, otherwise an error will occur. Because the memory unit that receives the MCU instruction/data inside the ASIC operates in the FIFO ("FirstInFirstOut" or "first in, first out" mode).
Since a contactless smart card has 16 sectors, and each sector may have its own different password, there will be different password memories in the ASIC module. When a cryptographic operation is performed on one of the 16 sectors, the cryptographic memory corresponding to the sector in the ASIC module must be addressed to find the exact location of the cryptographic memory. However, the addressing address sent by the MCU is only the "part" address of the ASIC's second addressing (address change) within it. The "part" referred to here is for reasons of high security and confidentiality.
The following is a description of the 8-bit password address register:
Therefore, the first password byte (byte) sent by the password data register receiving MCU must be the first byte in KEYA, that is, the "A0" byte in the table. Otherwise the password sent to the contactless smart card will be the reverse 6 bytes.
The password KEYB has the same.
3.1.5 Verify the STACON register to determine if the "LOAD_KEY" is valid. After completing the above operation, the above result should be verified to determine the "LOAD_KEY" ( Password access) is valid. This can be done by verifying the "AE" bit in the STACON register.
The STACON register is an extremely important status register and control register in the ASIC module.
When any read/write operation is performed on an ASIC module, it is a status register that indicates the state of the read/write operation at that time. The STACON register at this time has the following 8-bit status format:
When we perform a password operation, when reading or writing an ASIC module, it only involves the "AuthenticationError" bit ("AE" bit) in the STACON register.
â— When "AE" = "1", it indicates that the previous password operation ("LOAD_KEY" or "AUTHENTICATION") was not successful;
â— When "AE" = "0", it indicates that the previous password operation ("LOAD_KEY" or "AUTHENTICATION") is successful;
The following is a verification procedure to verify the STACON register to determine if the "LOAD_KEY" password access operation is valid:
VERIFY_LOAD_KEY_Operationroutine:
VERIFY_LOAD_KEY_OP:
MOV R0, #01H ; STACON register address is "01H"
MOV XA, @R0 ; Read the STACON register in the ASIC; if "AE" = "1", the error processing JB ACC.2, LOAD_KEY_Operation_ERR; otherwise "AE" = "00", this time "LOAD_KEY" succeeds MOV B, #00H; Send OK sign "00"
AJMP LOAD_KEY_Operation_OK
LOAD_KEY_Operation_ERR:
MOV B, #99H; Send error flag "99", this time "LOAD_KEY" failed...
(error handling)
......
AJMP VERIFY_EXIT
LOAD_KEY_Operation_OK:
MOV A, B
ACALL DISPLAY
......
("OK" processing)
......
VERIFY_EXIT:
RET
3.2 "AUTHENTICATION" (password authentication)
The "AUTHENTICATION" operation must be performed in the following steps:
â—Set the TOC/BCNTS register in the ASIC module, etc. â—Set the password status/control register KeyStatus&ControlRegister(KEYSTACON)
â— Set the password address register KeyAddressRegister (register address: 0x0C)
â— Set AUTHENTICATION command code â— Password address conversion â— Check the STACON register to determine whether the "AUTHENTICATION" password authentication is valid. â— Turn off the TOC and some other operations. Because the "AUTHENTICATION" operation is the same as "LOAD_KEY" (password). Access operations are similar to each other and will not be repeated here.
Only after completely completing the above two main cryptographic operation steps and having the response of the ASIC module "OK", the contactless smart card corresponds to Block0,1 in a sector Sectorm that has just been cryptographically operated. , 2 can be accessed by the MCU, including data operations such as reading/writing. Once data reading and writing to the block in another sector Sectorn is required, the sector sectorn must be restarted with cryptographic operations, including "LOAD_KEY" (password access) operation and "AUTHENTICATION" operation.
4. Conclusion Non-contact smart card technology has only matured for 4 to 5 years, but it has been popularized because of its high confidentiality and ease of use. This popularity has accelerated the rapid development of contactless smart card technology. It is integrated with the bank's contact CPU card, resulting in a new dual interface smart card (Contact & ContactlessInterface), which has achieved great success in the e-purse electronic wallet system. Some famous big companies in the world, such as SONY, have also been involved in the field of contactless smart card technology, and SONY's contactless smart card technology has a very unique. According to the author's use, research and understanding of SONY's contactless smart card technology, compared with MIFARE, it has greatly improved the speed, stability and bit error rate of card reading, which is also a new one. Due to the technology.
Permanent Hair Color Cream,Hair Color Cream,Permanent Hair Dye Color,Ammonia Free Hair Color
DELIN HAIR COSMETICS , https://www.hairstylingwaxfactory.com