智能卡文件结构的安全访问条件

Question

We are working with SCOSTA smart card with ISO7816-4 APDU Commands. I had create file structure but didn't understand how to set security Access Condition in Compact and Extended Format For Example.

I am using TLV structure for Creating File MF,DF,EF,SE etc

Deticated File will have following FCP:

• Tag 8C
• Len 08
• Security Attribute AM 7F
• VALUE FF Delete File(Self):Never
• VALUE FF Terminate DF:Never
• VALUE 22 Activate File:(SE#2)
• VALUE 22 Deactivate File:(SE#2)
• VALUE 22 Create File EF:(SE#2)
• VALUE 22 Create File DF:(SE#2)
• VALUE FF Delete File(child):Never

So My Question is : Where from VALUE 22 Set and what is the meaning of SE#2 ?

How to calculate AM Byte?

I refer ISO/IEC 7816-4:2005(E) Document Page No:24-25

Answer 1

Tag 8C indicates an access rule in compact format . There an Access Mode Byte (7F) is followed by as many Security Condition Byte s as bits are set in the access mode byte. The example looks reasonable, even if in my opinion, it would be more intuitive, to leave out the bits (and corresponding SCBs) for which only a NEVER security condition byte follows. (An operation not explicitly allowed, should be rejected anyway).

The coding of the Access mode byte for a DF is found in table 16 and the encoding of the security condition byte is in table 20 of ISO 7816-4.

SE#2 means, that the key IDs necessary for User Authentication, External Authentication and Secure Messaging are determined by Security Environment 2, the value 22 means, that in your case only an external authentication is necessary.