CDA for PBOC/EMV (Composite data authentication)

Reprinted please indicate the source

Author: Pony

 

CDA is actually a derivative method of DDA, so it has many similarities with DDA. First, briefly describe several key points of CDA:

1. It also executes SDA, which is consistent with DDA.

 

2. It also implements DDA, and more advanced technologies are always backward compatible.

 

3. It also uses the dynamic application data of the signature. However, this data is requested by the terminal during GAC instead of internal authentication requests. in addition to some components similar to DDA (DOL data), this data also includes ciphertext data (TC or arqc ).

 

4. Since the dynamic data of the signature is more than the encrypted data of the card, the verification phase also involves some more steps than that of DDA. cda also needs to compare the ciphertext.

The detailed steps are as follows:

Step 1: Obtain the IC card Public Key
This is the same as the DDA method.

 

Step 2: Obtain the dynamic data of the signature

Returned through GAC. When the IC card returns non-AAC ciphertext, if the terminal requests CDA, the IC card returns the signature data.

The generation of this signature data is also a little more complex than that of DDA. In fact, the principle is the same, except that the data items involved in the signature are added, that is, the data items used to generate the hash result are added. if it is the first time that GAC generates a CDA signature, the data items involved in the calculation include data in pdol, data in cdol1, and other data (such as the Data header and length ), if the second GAC generates the CDA signature, add the data item specified in cdol2.

Step 3: verify the data
As mentioned above, the last step of data verification is compared with that of DDA with an application ciphertext. The terminal first compares the restored ciphertext data with the ciphertext data returned by GAC. if not, CDA fails.

The remaining steps are the same as those of DDA.

Since CDA and DDA have many machines in the same place, what does it mean? Let me talk about my understanding.

The core difference between CDA and DDA lies in that CDA encrypts the ciphertext generated by card behavior analysis to ensure that the ciphertext comes from a valid card. this is a bit like the password we entered when we took the money on the ATM, encrypted and then transferred to the Bank's server. the bank server decrypts the password and then verifies the correctness. this is safer.

In addition, when the number of data items that CDA participates in the hash operation increases, the authentication mechanism is more rigorous. For example, I have met a terminal country.CodeCDA fails due to incorrect value setting.

According to the rules of the Development of the Information Security Industry, CDA should gradually eliminate SDA and DDA as the mainstream and even mandatory requirements. Of course, a new and more secure data authentication mechanism may also emerge in the future.