This update of the amendment introduces new implementation options S8 and S16, where S8 mode corresponds to the legacy SCP03 protocol and S16 mode introduces stronger cryptographic strength with 16-byte challenges and cryptograms and 16-byte (non-truncated) C-MAC and R-MAC. S16 mode is introduced based on recommendations from the GlobalPlatform Security Task Force. It also extends the class byte values for INITIALIZE UPDATE and EXTERNAL AUTHENTICATE commands.
This document is a maintenance release.
This document proposes a new secure channel protocol based on AES keys and specifies: - A new mechanism to generate session keys. - The schemes to be used with AES for C-MAC, R-MAC, command data field encryption and response data field encryption. - The format of PUT KEY for AES. This new protocol is based on existing SCP01 and SCP02 protocols. It supports AES-based cryptography in lieu of TDEA. The protocol protects bidirectional communication between the Host and the card (decryption/MAC verification for incoming commands, encryption/MAC generation on card response). In addition, the document defines the formats and requirements for DAPs, Tokens and Receipts if AES is used for card content management activities.