NFC / SWP访问的SIM卡的UID
[英]UID of a NFC/SWP-accessed SIM card
问题描述
SIM card is used as a secure element in my project. 
SIM卡在我的项目中用作安全元素。 It is accessed through NFC-SWP contactless interface from a terminal device. 可通过NFC-SWP非接触式接口从终端设备进行访问。
I need to identify the SIM card somehow with a unique and permanent identifier and I need to be able to read the identifier through NFC. 我需要使用唯一且永久的标识符来识别SIM卡,并且需要能够通过NFC读取标识符。 ICCID seems to be the best choice, but I would have to expose the EF ICCID file through the contactless interface, which might be dangerous. ICCID似乎是最好的选择,但是我必须通过非接触式界面公开EF ICCID文件,这可能很危险。 Moreover, the EF ICCID file is out of my scope on SIM card - access to my dedicated security domain is all I have. 此外,EF ICCID文件超出了我在SIM卡上的范围-我拥有对我专用安全域的访问权。
I also tried to use the 4-byte long UID specified in ISO/IEC 14443 Type A, but I get a different UID each time I read the SIM card through NFC. 我还尝试使用ISO / IEC 14443 Type A中指定的4字节长的UID,但是每次通过NFC读取SIM卡时,都会得到一个不同的UID。 Why? 为什么?
Another solution would be accessing the card serial number through Global Platform Get Data command (Card Production Life Cycle Data (CPLC)), but I would have to be able to select the card manager through contactless interface, which is forbidden by default and not recommended because of security. 另一个解决方案是通过“全局平台获取数据”命令(卡生产生命周期数据(CPLC))访问卡序列号,但是我必须能够通过非接触式界面选择卡管理器,默认情况下是禁止的,不建议这样做因为安全。
Is there any typical way to solve this issue? 有没有解决此问题的典型方法?
1 个解决方案
解决方案1
2 已采纳 2015-06-01 06:47:51
The 4 byte UID for type A (same for PUPI for type B) is allowed to be random (ISO 14443-3, chap. 6.4.4 "fixed unique number or random number"). 类型A的4字节UID(与类型B的PUPI相同)允许是随机的(ISO 14443-3,第6.4.4章“固定唯一数或随机数”)。 Their purpose is only, to select one of several cards currently in the field of the reader. 它们的目的仅仅是从阅读器领域中当前选择的几种卡中选择一种。 Therefore the description of UID is in the anticollision chapter. 因此,UID的描述在“防冲突”一章中。
Getting the serial number of the card is surely the solution, but since this allows card tracking ( I do not know, who this is, but she was present 10 minutes ago already ) in privacy-aware context it is frequently only allowed after some kind of authentication (and possibly establishing a secure channel, so eavesdroppers don't benefit). 获取卡的序列号肯定是解决方案,但是由于这允许在具有隐私意识的上下文中跟踪卡( 我不知道这是谁,但她已经在10分钟前出现了 ),因此通常只允许在某种情况下进行身份验证(并可能建立安全通道,因此窃听者无益)。 For ideas, how to handle this, take a look at the ICAO specifications under BAC or EAC. 有关如何处理此问题的想法,请查看BAC或EAC下的ICAO规范。 I would not expect to find a privacy-aware solution for a card without being able to place specific information onto it. 如果不能够在卡上放置特定信息,我不会期望找到一种用于卡的隐私保护解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.