FMCOS Dedicated Technical 用

使
Manual 司
公
限
有
技
科
能
智
瑞
Prepared: Lu jun/Shen Xinyue Date:2019-5-30
赛
Reviewed: Duan yanfang Date:2019-5-31
市
莞 Approved: Chen Anxin Date:2019-6-3

东 Release: 2.0

供
仅 Shanghai Fudan Microelectronics Group Company Limited

Shanghai China

1
 Contents
FMCOS Dedicated Technical Manual................................................................................................. 1
1 Dedicated Instructions................................................................................................................ 4
1.1 CREATE FILE................................................................................................................. 4
1.1.1 Definition.............................................................................................................4
1.1.2 Command APDU................................................................................................. 4
1.1.3 Data Field of Command APDU............................................................................4
1.1.4
1.1.5
Data Field of Response APDU............................................................................. 7
Status Word(SW) of Response APDU..................................................................7 用
1.2 ERASE DF..................................................................................................................... 8
使
司
1.2.1 Definition.............................................................................................................8
1.2.2 Command APDU................................................................................................. 8
1.2.3
1.2.4 公
Data Field of Command APDU............................................................................8
Data Domain of Response APDU........................................................................ 8
1.2.5
限
SW of Response APDU........................................................................................ 8

有
1.3 WRITE KEY................................................................................................................... 9
1.3.1 Definition.............................................................................................................9
1.3.2
1.3.3 技
Command APDU................................................................................................. 9
Data Domain of Command APDU.......................................................................9
1.3.4
科
Data Field of Response APDU........................................................................... 12

能
1.3.5 Status Words of Response APDU......................................................................12
2 Transmission Protocol............................................................................................................... 13
2.1
2.2 智
ATR Response Information........................................................................................13
ATS Response Information........................................................................................ 13
3
瑞
File management...................................................................................................................... 15
3.1
3.2 赛
Definition...................................................................................................................15
File Structure.............................................................................................................15
3.2.1
市
Master File (MF)................................................................................................16

莞
3.2.2 Secondary Master File...................................................................................... 17
3.2.3 Directory File.....................................................................................................17

3.3东 3.2.4 Elementary File................................................................................................. 17

File Space Structure.................................................................................................. 18

供 4 Security Architectures...............................................................................................................19

仅
4.1 Security Statuses....................................................................................................... 19
4.1.1 Definition.......................................................................................................... 19
4.1.2 Description of Security Statuses.......................................................................19
4.1.3 Description of Security Attributes.................................................................... 19
4.1.4 Description of Security Mechanisms................................................................ 20
4.2 Secure Message Transmission.................................................................................. 22
4.2.1 Definition.......................................................................................................... 22
4.2.2 Secure Message Transmission.......................................................................... 22
4.2.3 How to achieve secure message transmission.................................................22

2
 4.2.4 MAC Calculation................................................................................................23
4.2.5 Calculation of Data Encryption and Decryption............................................... 23
4.2.6 Command Statuses of Secure Message Transmission..................................... 23
4.3 Diversion Algorithm.................................................................................................. 25
4.3.1 Definition.......................................................................................................... 25
4.3.2 Algorithm Description.......................................................................................25
4.4 Encryption and Decryption Algorithm......................................................................26
4.4.1 Definition.......................................................................................................... 26
4.4.2 Calculation of Data Encryption/Decryption..................................................... 26
4.5
4.5.1
MAC Algorithm..........................................................................................................29
Definition.......................................................................................................... 29 用
4.5.2 MAC Calculation................................................................................................29
使
司
公
限
有
技
科
能
智
瑞
赛
市
莞
东
供
仅

3
 1 Dedicated Instructions

1.1CREATE FILE

用
1.1.1 Definition
使
CREAT FILE command is used to build file system, which includes MF, DF and EF.
司
公
1.1.2 Command APDU
限
The command APDU for CREAT FILE is as follows:
有
Code Hex 技
CLA 80
科
能
INS E0
P1

智
File ID
P2

瑞
Lc XX
Data The file control information and the

赛 name of DF

市
1.1.3 Data Field of Command APDU
莞
东
The data field of command APDU contains file control information. If the file built is DF, then the
name of DF might also be contained in that field. The length of DF's name is 5 to 16 bytes. All file

供 control information is listed below:

仅
File Type
 Dedicated File DF (including MF)
File Space Access Right Access Application File Type RFU ['FF' DF's
of Creating Right of File ID Explanation +Transmission Name
Erasing Key]
38 2 Bytes 1 Byte 1 Byte XX XF FF 'FF'+4 Bytes 5 to 16
Bytes
No te : Th e item in bracket s is onl y use d wh e n bu il din g main MF.

4
 In file type explanation, bits 3 to 0 indicate the application type. (EDEP should be '1111'.) Bit 4 set
to'1' indicates the MF built is a main MF. Bit 4 set to'0' indicates the MF is a secondary MF. Bits 5
to 7 are reserved for future use.
Note: When building main MF, the whole value of p1 and p2is fixed to '3F00'. In this case, there
should a 1- byte value '0xFF', and a 4-byte transmission key after RFU. The value of 4-byte
transmission key must be the same as the value written in when EEPROM is initialized. (i.e. If
4-byte transmission key is '0x12345678', then the value should be ' 0xFF12345678'.)

Application file ID:

If file returned after Select File is '0015', this byte should be '95'.
If bit 7 of Application file ID is '1', the file built is ADF. 用
If bit 7 of Application file ID is '0', the file built is DDF.
使
Dedicated file (Except for MF) cannot be automatically selected after built.
司
 公
Conditions for valid permission: While dedicated file is selected, key file must be built and

限
thus at least one key must be loaded. If the condition is not satisfied, the access right under

有
that directory (not including sub-directory) is not valid.


技
Recommended method: After the dedicated file is built, select the dedicated file, build the
key file and load the main control key . If other files (like the binary file and recode file, etc.)

科
is immediately built, reading and writing operation this file will not require corresponding

能
authorization. The corresponding access right will be verified after re-selected this dedicated
file.

智
Elementary file EF (Including the key file)

瑞


File Type
File Type BYTE1 赛 BYTE2~3
Command APDU Data Field
BYTE4 BYTE5 BYTE6 BYTE7

Binary File 市28 File Space

Access Right Access Right
FF See Instructions

莞
of Read of Write
Fixed-length Access Right Access Right

东
2A File Space FF See Instructions
Record File of Read of Write
Circular Record Access Right Access Right

供 File
2E File Space
of Read of Write
FF See Instructions

仅 PBOC ED/EP

Variable-length
2F

2C
02 08

File Space
Access Right
Of use
Access Right
Keep（00）

Access Right
FF

FF
Transaction
Record Short ID

See Instructions
Record File of Read of Write
DF File Add Access
Key File 3F File Space FF See Instructions
Short ID Right
 The first thing to do after DF file is built must be building key file and loading main control
key. If the above condition is violated, then the sub-directory or EF built under DF is not
restricted by access right before loading the main control key. If there are only key files but
5
 no main control keys under the DF, than the DF is unrestricted.
 If plain text with MAC is used, the most significant bit of Byte1 should be '1'. ('28'changes to
'A8')
If cipher text is used, the second most significant bit should be '1'.('28' is changed to '68')
 For record files (including fixed-length record file, circular record file and deposit file), the
first byte of file space records the total number of files; The second byte records the record
length; Total physical spaces is (number of files*(record length +1)+8).
 The last byte of elementary file (except for key file and PBOC ED/EP file) defines as follows:
b8 b7 b6 b5 b4 b3 b2 b1 Meanings
1 - - - - - - - Only allow plain text reading.
Binary file is allowed to change when doing 用
- 1/0 - - - - - -
compound transaction：
使
司
=1 Not Permitted
=0 Permitted

公
Whether access rights required when
processing record file or binary file compound
- - 1/0 - - - - - transaction：
限
=1 Required
有
=0 Not Required

技
Whether MAC and cipher text are required to

科
be matched when processing compound
- - - 1/0 - - - - transaction：

能 =1 Required
=0 Not Required (Plain Text)
- - - - 1
智
1 1 1 Key ID: '00'

瑞
- - - - 1 1 1 0 Key ID of the key used Key ID: '01'
- - - - 1 1 0 1 when doing writing Key ID: '02'
- - - -
赛1 1
……
0 0 operation. Key ID: '03'

市
（Take bit inversion of
- - - - 0 0 1 1 the lowest 4 bits to Key ID: '0C'
-
-
-
- 莞-
-
-
-
0
0
0
0
1
0
0
1
become key ID. Up to
16 keys are supported.)
Key ID: '0D'
Key ID: '0E'
-
东- - - 0 0 0 0 Key ID: '0F'

供  For PBOC ED/EP, the TAC key ID is the ID of key with key type '34', which is used while

仅 calculating TAC. The transaction detailed file indicates the short file ID used when ED/EP
record transaction details.
 Transaction record file must be built.
 Basic file after built is selected automatically. It can be operated in the same way as
operating the current file.
 The meaning of the access right of use of PBOC ED/EP file is the access right of off-line
transactions (Consumption and cash withdrawal). Online transactions (load, update
overdraw limit and unload) need to satisfy both access right of use(byte 4) restriction and

6
 PIN authentication.
 The bit 5 of the last byte in key file: default value is '1'. When it equals to '0', ED/EP purse
only needs to satisfy the restriction of the access right byte. PIN does not need to be verified
(same case for recharge and consumer jurisdiction).

1.1.4 Data Field of Response APDU

Data field of response APDU doesn't exist.

1.1.5 Status Word(SW) of Response APDU 用

使
The SW of successful command execution is '9000'.
IC card may return the following error SW: 司
SW1 SW2 Meanings
公
67
69
00
82
Wrong length
Building access right is not satisfied 限
6A 80
有
Record number is smaller than 2 or the

技
directory Series is larger than 3
6A 84 File does not have enough space
6A 86
科
File already exists

能
6E 00 CLA does not support or is wrong

智
瑞
赛
市
莞
东
供
仅

7
 1.2 ERASE DF

1.2.1 Definition

ERASE DF command is used to erase all the files (not including DF itself)in the current DF when
conditions for erasing DF are satisfied.

1.2.2 Command APDU 用

使
Command APDU code shown below:
Code Hex 司
CLA 80
公
限
INS 0E
00 ： Erasing all the files under directory.(secondary MF

P1
cannot be erased)
有
02 ： Erasing all the files under directory including

技
directory header. (For erasing secondary MF only. Must

科
select secondary MF first before erasing.)
P2 00
Lc 00
能
智
Data Not exist
Le Not exist

瑞
Table - Command APDU of ERASE DF

赛
1.2.3 Data Field of Command APDU
市
莞
Data field of the command APDU does not exist.

东 1.2.4 Data Domain of Response APDU

供
仅 Data field of response APDU does not exist.

1.2.5 SW of Response APDU

The successful SW is'9000'

IC card might return the following error SW:
SW1 SW2 Meanings

8
 65 81 Writing EEPROM is not successful
69 82 Erasing access right is not satisfied

Note: After files under DF and DF itself are erased, any files can be built under that DF without
restriction. After the key file is built, entering DF will be restricted next time. Thus, setting the
access right of erasing to the highest level is recommended. If erasing is not allowed, erasing
access right byte of this DF should be set as 'EF'. After DF is erased successfully, all the
elementary files(EFs) and dedicated files(DFs) under that DF will be lost, so that DF will become
an empty dedicated file; but the access rights and spaces of the DF itself and other DFs will not
change.
用
If the current dedicated file is MF, then all the other elementary files(EFs) and dedicated files(DFs)
使
of the card, except for MF and secondary MF, will be deleted.
司
公
1.3WRITE KEY
限
1.3.1 Definition 有
技
WRITE KEY is used to add or modify key in the key file.
科
1.3.2 Command APDU 能
智
Code 瑞
The structure of WRITE KEY command APDU is as follows:
Hex

赛
CLA 80/84

市
INS D4
01：Indicates this WRITE KEY command

莞 P1
is used to add key

东
XX：Indicates this WRITE KEY command
is used to update the key with

供 P2
specified type in p1
Key ID

仅 Lc
Data
See 1.3.3 Data Field of the command
APDU
Le Not exist

1.3.3 Data Domain of Command APDU

 CASE1 ： The internal authentication key, TAC key, consumption, load, unload and update
9
 overdraw limit.
CLA INS P1 P2 Lc DATA
30/34/3C/3 Right Right Access Key
Algorithm 8 to 10
80 D4 01 Key ID 0D/15 D/ Access of Versi
ID Bytes Key
3E/3F of Use Modification on

 CASE2：Add external authentication key.

CLA INS P1 P2 Lc DATA
Right Right Access
80 D4 01 Key ID 0D/15 39 Access of
Subsequent Retry 8 to 10 Bytes
State Counter Key 用
of Use Modification
使
 CASE3：Add PIN.
司
公
CLA INS P1 P2 Lc DATA
Right

限
Subsequent Retry 2 to 8 Bytes PIN
80 D4 01 Key ID 07-0D 3A Access EF
State Counter Number
of Use

有
 CASE4：Add PUK(PIN Unlocking Key).
CLA INS P1 P2 Lc 技 DATA
Right Right Access
科 Retry
80 D4 01 Key ID 0D/15 37 Access of
能
of Use Modification
FF
Counter
8 to 10 Bytes Key

智
瑞
 CASE5：Add the key used to protect file line or reload PIN.
CLA INS P1 P2 Lc DATA
80 D4 01 Key ID
赛
0D/15 36/38 Right Right Access FF Retry 8 to 10 Bytes Key

市
Access of Counter
of Use Modification

莞
东 Key Type
30
Meanings
Internal Authentication Key(Encryption Key)

供 31 Internal Authentication Key(Decryption key)

仅
32 Internal Authentication Key(Generating MAC Key)
34 TAC Key
36 File Line Protection Key(Key ID '00' is used to unlock
or lock application)
37 PUK
38 PIN Reload Key
39 External Authentication Key(Key '00' indicates main
control key)
3A PIN
10
 Key Type Meanings
3C Modify Overdraft limits
3D Unload Key
3E Consumption Key
3F Load Key
Notes:
 Key ID cannot be 'FF'.
 The length of PIN is variable. (PIN must contain 4 to 16 BCD numbers.)
 Only three ways of adding new key is supported: plain text, cipher text and cipher text MAC.
Plain text MAC is not supported.
用
 All four ways of updating the new key are supported. Related method is taken depending on
the configuration of key type. More details are shown below: 使
Bit 7 Bit 6 Bit 5-0 Protection Type
司
公
0 0 Plain Text(e.g. 0x3A )
0 1 Encryption Protection

限
(Encryption: e.g.
'0x7A')
1 0
Key Type 有
Line Protection (MAC:

1 1 技 e.g. '0xBA' )
Line Encryption

科 Protection

能
(Encryption +MAC;
e.g.'0xFA')

智
瑞
Note：Under one application, only main control key can protect other keys. If main control key is
not built, when cipher text MAC method loads new key, the main control key in the upper
directory is used.
赛
市
For each key type, there is only one key under that directory, in principle, the key ID should be
'00'. Otherwise, the key should start from '01'.

莞
Access right of use ： The condition to be satisfied while that key is used.(i.e. while doing

东
verification, authentication, and operation)
e.g. The right of use '41' indicates that when using that key, the current security status

供 
register must be larger or equal to 1 and smaller or equal to 4.
Change access right ： Define as the access right of using WRITE KEY to change the key

仅 
content. While condition is satisfied, WRITE KEY can be used to modify the key content, but
the value of retry counter cannot be changed.
Retry counter: The largest 4 significant bits indicate how many continuous times the wrong
attempts can occur in total，the lower 4 bits indicate the number of remaining attempts. If
the number of wrong attempts is larger than the number defined, the key is automatically
locked.
e.g. The value of retry counter '33' indicates 3 more wrong attempts can be accepted. After
the next wrong attempt, the value becomes '32'.After the second wrong attempt, the value
becomes '31'. If the next authentication or authorization is true, the value will change into
11
 '33'.
When using a PUK, if the value of PUK is right, the value of the lower half byte would be set
into the higher half byte. At the same time, the PUK is changed. If the PUK is wrong, the
allowed attempt number would reduce one. If PUK or external authentication key is locked,
unlock cannot be done.
 Subsequent status：After PIN is verified or external authentication is successful，the value of
security status register is the lower half byte of the subsequent status.
 PIN reload Key, PUK and PIN need to appear one-to-one through key ID. The PIN reload key
that has the same key ID as PIN is responsible for the PIN reload process. The PUK that has


the same key ID as PIN is responsible for the PIN unlock process.
The code to change the key is as follows： 用
While changing the key, the length of key header and key value must be the same as the
使
司
original key.
And the following parameters are used:
P1 P2
公
限
Key Type Key ID
Data field parameters of this situation are the same as these parameters used when key
was added.
有
1.3.4 Data Field of Response APDU 技
科
 Data field of response does not exist.
能
智
1.3.5 Status Words of Response APDU
瑞
赛
The successful status words is '9000'.
The error codes that IC card might send back are shown below ：

市 SW1
65
SW2
81
Meaning
Writing EEPROM is not successful.

莞 67 00 Key length is wrong.

东 69 82 The access right of modify or add is not

satisfied

供 69 83 Key is locked.

仅
6A 82 KEY file cannot be found.
6A 88 Key cannot be found.
6A 84 KEY file space is full.
93 02 Line protection is wrong when
changing the key.

12
 2 Transmission Protocol
用
2.1ATR Response Information 使
司
Bytes Hex Meaning
公
TS '3B' or '3F'
限
Denotes direct convention or inverse
convention.
T0 '6X'
有
TB1 and TC1 exist, X indicates the number of

技
existing historical bytes.
TB1 '00' Not using VPP.
TC1 '00' to 'FF'
科
Indicates the number needed for extra

能
protection time. The value of 'FF' has special
meaning.

智
2.2ATS Response Information 瑞
赛
Bytes
TL 市 Byte Information
'0x10'
Meaning
Length Byte

莞 T0 '0x78' TA1, TB1 and TC1 exist；

东 TA1 '0x80'
FSCI=8( FSC=256 Bytes)
Two directions can support

供 the same D. DR=1 and

仅
DS=1are supported.
TB1 '0x80', FWI=0x8(FWT=77ms)
'0x90', FWI=0x9(FWT=155ms)
'0xA0', FWI=0xA(FWT=310ms)
'0xB0' FWI=0xB(FWT=620ms)
SFGI=0(SFGT=302us)
TC1 '0x02' NAD not supported.
CID supported
T1 '0x20' COS version number 2.0
13
 T2 '0x90' COS manufacturer's
identification code (Shanghai
Fudan Microelectronics Group
Company Limited)
T3 '0x00' RFU
T4-T11 xx CardSequenceNumber

用
使
司
公
限
有
技
科
能
智
瑞
赛
市
莞
东
供
仅

14
 3 File management

3.1Definition

A description of the COS file structure.

3.2File Structure 用
使
司
The basic file system of FMCOS IC card is the combination of master files(MFs), Secondary Mater
Files (secondary MFs), directory files(DFs) and elementary files(EFs). There can only be one

公
Master file(MF) in an IC card. Under MFs, there are many directory files(DFs) and elementary
files(EFs). For each DF under a MF, there can be many elementary files(EFs) and sub-directory

限
files(DFs). In this document, DFs with sub-DFs are denoted as DDFs; DFs without secondary DFS

有
are denoted as ADF.
FMCOS describes the file structure which satisfies<China financial integrated circuit card

技
specifications JR/T 0025 >. These applications are described as payment system application. The
payment system application can be activated by choosing the payment system environment; A

科
successful payment system environment can get access to directory structures.

能
From the view of devices，payment system environment file, which is related with the payment
system application, is presented like a tree structure that can get access in through directory

智
structure; Each node of tree is an application data file ADF. An ADF is an entrance of one or

瑞
multiple elementary files; An ADF and its related data files are on the same brunch of one tree.
The following graph presents an example of the internal structure of the card's files. This card

赛
supports e-deposit, e-purse, magnetic strip card application(Easy entry) and an undefined issuer's
application.

市
莞
东
供
仅

15
 用
使
司
公
限
有
技
科
能
智
瑞
赛
市
莞
3.2.1 Master File (MF)

东
In FMCOS card, there is only one MF, which is the root of the card file system. It equals to the

供 root directory of DOS. After IC card is reloaded, card will automatically choose MF file as the
current file. FMCOS cards support a directory structure which is used under payment system

仅 environments. The payment system environment is selected though directory by issuers. A

directory structure contains a compulsory payment system directory file and some other
additional records, which are quoted because of DDFs，and are optional. The number of directory
files is only restricted by the space of EEPROM.

After the card is powered on, it automatically chooses the main MF.

16
 3.2.2 Secondary Master File

Secondary master file is assigned by issuer. The space and authority are independent of MF. In
one card, multiple secondary master files can be built and their access rights are independent of
each other.
The main MF is automatically selected after the card is powered on. Can use FID or AID to choose
secondary MF.
Building secondary MF or DF, which contains the same FID and AID of other secondary MFs,
under MF is not allowed. Otherwise, the secondary MF cannot be chosen.
The space of secondary MF can be recycled by using special erasing command in the reverse 用
order of the establishment. If the order of secondary MF establishment is 'DDF3, DDF2, DDF1';
then the erasing order should be 'DDF1, DDF2, DDF3'. If order is not followed, the secondary MF 使
will not be recycled fully.
司
3.2.3 Directory File 公
限
有
A directory File is like the directory of DOS. Under each DDF, can build one directory file, but this

技
is not compulsory. Every DFs are physically and logically independent; They all have their own
secure mechanisms and application datum. Can use the application selection to visit their logical

科
structure. Can treat one DF, and one or multiple EFs as an application. While using IC card, users
can define an application depends on different application environments.

能
3.2.4 Elementary File
智
瑞
Elementary file is used to store user data or key. The file that stores user data is called working

赛
elementary file; Under certain security conditions, users can operate these files. The file stores
key is called internal elementary file, and it cannot be read; But when the access right after

市
authorization is gained, the operation related with the key can be done in card. When access

莞
right of right is satisfied, the key can be changed.
A KEY file must be an internal elementary file.

东
KEY files must be built under MF/DF. Also, one directory can only have one KEY file. KEY file can
have multiple PINs, external authentication keys and DES operation keys. Every key is a record in

供 TLV structure.

仅 


Binary File：A binary file is a data unit sequence; Data is write and read in binary unit. The
data structure in it is explained by the application user.
Fixed-length Record File：Every records in fixed length record file have the same length. The
saved data unit is record with maximum length 248 bytes.
 Circular record File：Circular files are cyclic files with fixed length. Every records have only
one data field; The maximum length of field is 247 bytes. When using files, can only add
records in order. When writing records, the current record writing in is the first record, and
thus the previous record written is the second one: It's a continuous scrolling pattern. The
record can only be written in the range that defined in command header. When the last
17
 space is written by the previous record, the new one will cover the space of the initial record
instead.
 Purse File：Purse file has an inner exclusive structure and is maintained by COS，preserving
information like balance of e-purse and e-deposit, and overdraft limit.
 Variable-length Record File: A record in a variable-length record file has variable length. The
storage unit is record. When updating a record, the length of new record should be the same
as the formal record, otherwise, the update is invalid. The maximum length should not
exceed 247 bytes.

用
Variable record structure TLV is as follows:
TAG：TAG Length：Data Length Val：The data in byte L

3.3 File Space Structure 使

司
公
The structure of every files put in EEPROM is as follows：
11 Bytes File Header

限
(File Type, File ID, Main File Space, Permission, Authentication, etc.)

有
File main part

技
Space that every elementary file takes in EEPROM = 11 bytes of file header + File body Space
Body space of fixed-length file or circular record file = record number×(record length+1)
Body space of e-purse and e-deposit =22 Bytes
科
EEPROM Space that every DF takes=11 bytes of DF header +the space that all the files under DF
takes +DF name length
能
智
Space of MF=11 Bytes MF header +All File Space under DF + Name Length of MF(If default name
is not used.)

瑞
The space of MF cannot exceed the space capacity of card's EEPROM. If space of MF built is
smaller than the space of EEPROM, then the rest space cannot be used.

赛
市
莞
东
供
仅

18
 4 Security Architectures

4.1 Security Statuses

用
4.1.1 Definition 使
司
A description of security statuses, security attributes and security mechanisms.
公
4.1.2 Description of Security Statuses 限
有
技
Security Status is defined as the current security level that the card is in. Root directories and
application directories of FMCOS have 16 different security statuses. FMCOS uses security status

科
registers to indicate security levels in cards. The value of register has the range from '0' to 'F'.

能
The value of the current directory's security status register will be set to 0 after reload or
choosing directory file command is successfully done. If the value is set to 0 when choosing

智
sub-directory file, the value of status register will change, after PIN verification or external
authentication of the current directory is passed.

瑞
赛
4.1.3 Description of Security Attributes
市
莞
Security attribute means the condition needed to be satisfied when certain action is taken on
files. It is also the value of security status register when taking certain action.

东
Security attributes are also called access rights. One access right of a file is denoted by one byte

供 when creating that file. The access rights in FMCOS is different from permissions in other
operating systems. It uses a field to strictly restrict other illegal visitors.

仅 When access right is 'FY', the value of security status register of MF is required to be greater or
equal to Y. If the access right of read of a file is 'F5', this indicates that the value of security status
register must be larger or equal to 5 before read process is done to that file.
When the access right is 'XY', if X>Y, this is the case that the value of current directory's security
status register is required to be larger or equal to Y, and smaller or equal to X. If X=Y, this is the
case that the value of current directory's security status register is required to equal to X. If X<Y,
this indicates that the operation is not allowed. If the access right of write of a file is '53', this
presents that the value of current security register must be 3, 4 or 5, before doing write
operation to that file.
19
 i.e. The access right of read of a file is 'F0', the access right of write is 'F1'. In this case, any read
access is allowed. When writing, the value of current security register must be larger or equal to
'1'.

4.1.4 Description of Security Mechanisms

Security mechanism means a way to transfer a security status to another. FMCOS uses PIN

用
verification and external authentication to change the value of security status register. If under
MF, when the authentication is passed, values of current directory and MF 's security status
register are all changed. If not under MFs and authentication is passed, only the value of current
directory's security status register is changed. 使
When building PINs or external authentication keys, the subsequent status of parameters shows
司
公
the value that should be set to the value of current directory's security status register after
command authentication or external authentication is passed. If subsequent status of a PIN is '01',

限
the value of current directory's security status will be 1, after PIN is verified. If power-on reload
or entered to a directory from its parent directory, the value of the current directory's security
status register will all be set to 0.
有
技
To understand better the security architecture of FMCOS, here is an example:
Assume, for one card, there is one binary file under a directory, the access right of read of this

科
binary file is defined as 'F1'; The access right of write is 'F2'. Also, there is one PIN under that
directory; The subsequent state after the PIN is verified as true is '1'. Each card also has one

能
external authentication key with use permission '11'. The subsequent state after the external
authentication is passed is '2'.
智
瑞
The detailed operations and the changes of current directory's state register is shown below:

赛
市
莞
东
供
仅

20
 用
使
司
公
限
有
技
科
能
智
瑞
赛
市
莞
东
供
仅

21
 4.2Secure Message Transmission

4.2.1 Definition

A description of the general secure message.

4.2.2 Secure Message Transmission

用
When card and the outside doing transmission (Card receives and responses.), if information is
使
sent by clear text, the attacker could high-jack these datum, analysis the structure of the card and
thus understand these data. At the meantime, they can also modify the data transmitted. 司
How to avoid this problem? The answer is using secure message transmission.
公
限
The purpose of secure message transmission is to guarantee the reliability and integrity of data
and the authentication of transmitter. There are three ways of secure message transmission:

data passed authentication can be accepted. This method prevents data modification to the 有
Line protection: Add a 4-byte MAC code, the receiver then verifies after receiving. Only the

data transmitted.
技

科
Line encryption: Encrypt the transmitted data. Then the data transmitted is cipher text. Even
if the attacker gets these datum, the datum will be meaningless to them; They would get the
wrong result after analysis.
能
智
The reliability of data is guaranteed through encryption of the data domain.
Line encryption protection: After encryption of the data transmitted, add 4-byte MAC code.

瑞


No t e : Wh i c h way to us e is de p e n d on us e r ' s re a l si t u at i o n . Th e re a d e r sh o u l d no t e

赛
th at hi g h se c u r i t y is exc h a n g e d by lo we r sp e e d an d la r g e r di ff i c u l t y of re a l i zat i o n . It is
no t th e ca s e th a t hi g h e r th e se c u r i t y is , be t t e r th e way is . It sh o u l d be de f i n e d on th e

市
re a l sp e c i f i c re q u i re m e n t .

莞
4.2.3 How to achieve secure message transmission
东
供 Binary file, Fixed-length record file, variable-length record file, circular record file and purse file
can all be transmitted through secure message transmission. If the above files need to go through

仅 secure message transmission, only need to change two most significant bits in byte that indicates
file type when creating file:
Set the most significant bit to 1 indicates that 4-byte MAC should be added to data field. Set the
second most significant bit to 1 indicates data encryption.
For key, can also use secure message transmission. If use this transmission, only need to change
two most significant bit when installing key:
That the most significant bit is 1 indicates 4-byte MAC should be added to data field. The second
most significant bit is 1 indicates data encryption.
i.e. If line protection is needed when creating file, the most significant bit should be set to 1, i.e.
22
 change the binary type from '28' to 'A8'. If line encryption protection is wanted to be set to the
key, the most significant bit and the second most significant bit will be set to '1', i.e. PIN type is
changed from '3A' to 'FA'
Note: When doing write and read operation, or use key (like verification, unlocking,
authentication and change the key), if secure message transmission is wanted, the lowest half
byte must be set to '4' in hexadecimal. (Except for special command)

4.2.4 MAC Calculation

See the requirement specifications of MAC calculation. 用

使
4.2.5 Calculation of Data Encryption and Decryption
司
See the requirement specifications of data encryption and decryption algorithm.
公
4.2.6 Command Statuses of Secure 限 Message
有
Transmission
技

科
CASE1: In this case, no data is transmitted to card (Lc), and no data is returned from the
card(Le).
能
The structure of command status without secure message transmission is as follows:
CLA INS
智
P1 P2

瑞
The structure of command status with secure message transmission is as follows:
CLA INS P1 P2 Lc MAC

赛
Lower half byte of CLA is '4' indicates the technique used of secure message transmission

市
supported is the second type. (Except for special command) Lc is the length of MAC.
 CASE2: In this case, no data in command is sent to card, but there is data returned from
card.
莞
The structure of command status without secure message transmission is as follows:

东 CLA INS P1 P2 Le

供
The structure of command status with secure message transmission is as follows:
CLA INS P1 P2 Lc MAC Le

仅 
Lower half byte of CLA is '4' indicates the technique of secure message transmission
supported is the second type.(Except for special command) Lc is the length of MAC.
CASE3: In this case, data is transmitted to card, but no data is returned from the card.
The structure of command status without secure message transmission is as follows:
CLA INS P1 P2 Lc Command Data
The structure of command status with secure message transmission is as follows:
CLA INS P1 P2 Lc Command Data MAC
Lower half byte of CLA is '4' indicates the technique of secure message transmission
supported is the second type. (Except for special command) Lc is the length of MAC.
23
  CASE4: In this case, data is transmitted to card, and there is also data returned from the
card.
The structure of command status without secure message transmission is as follows:
CLA INS P1 P2 Lc Command Data Le
The structure of command status with secure message transmission is as follows:
CLA INS P1 P2 Lc Command Data MAC Le
Lower half byte of CLA is '4' indicates the technique of secure message transmission
supported is the second type. (Except for special command) Lc is the length of MAC.

用
使
司
公
限
有
技
科
能
智
瑞
赛
市
莞
东
供
仅

24
 4.3Diversion Algorithm

4.3.1 Definition

A description of diversion algorithm based on DES.

4.3.2 Algorithm Description

用
Double Length Key Dispersion：
使
司
Key diversion algorithm is referred as Diversify. This algorithmmeans, by usinga key MK with
double length to process diverdified data, eventuallycanget a key DK with double length.
The method to generate the left part of DK is:
公
限
 Treat 8 bytes of the diversified data as input data;
 Use MK as encryption key;
 Process 3DES operation to the input data;
The method to deduct the right half of DK is. 有

技
Take the binary inverse of the 8-byte diversified data as input data;

科
 Take MK asencryptionkey;
 Process 3DES operation to the input data.

能
Doing single length key disversion means encrypting the diversified data directly.

智
瑞
赛
市
莞
东
供
仅

25
 4.4Encryption and Decryption Algorithm

4.4.1 Definition

A description of the universal FM encryption and decryption algorithm.

4.4.2 Calculation of Data Encryption/Decryption

用
4.4.2.1 Data Encryption Calculation 使
司
The steps of data encryption are shown below:
公
限
 Use LD to present the length of plain text, add LD before plain-text data to generate new
data block.

有
Split the data block generated in the first step into 8-byte data blocks, denoted as D1, D2,
D3,D4, etc. Length of the last data block might be shorter than 8 bits.

技
If length of the last (or only) data block equals to 8 bytes, turn into step 4. If length is shorter

科
than 8 bytes, add '80' (in hexadecimal) at the right of data block. After, if length is already 8
bytes, turn into step 4; Otherwise, keep adding '00' (in hexadecimal) at the right of the data,
until its length reaches 8 bytes.
能

智
Do encryption to every data block with its corresponding key.(Keys are all specified by
FMCOS command or structural command of PBOC3.0 JR/T 0025.)

瑞
If the key length is 8 bytes, then use the way that is called 'Encryption Algorithm Using

赛
8-byte DES Key' to encrypt data blocks.
 If the key length is 16 bytes, then use the way that is called 'Encryption Algorithm Using

市
16-byte DES Key ' to encrypt data blocks.

莞
After calculation, all encrypted data blocks are put back together in the former order
(encrypted D1, encrypted D2, etc.) Then, put all the result data blocks back to the command

东
field.

供
仅

Figure–Encryption Algorithm Using 8-byte DES Key

26
 用
Figure–Encryption Algorithm Using 16-byte DES Key
使
 If returned data is treated as encrypted return, can also use the above algorithm. 司
公
4.4.2.2 Calculation of Data Decryption 限
有
The steps of data decryption are shown below:
技

 科
Split the data domain block into 8-byte data blocks, denoted as D1, D2, D3, D4, etc.
Decipher every data block use the previous key in encryption. (Keys are all specified by

能
FMCOS command or structural command of PBOC3.0 JR/T 0025.)

智
If the key length is 8 bytes, then use the way that is called 'Decryption Algorithm Using
8-byte DES Key ' to decrypt data blocks.

瑞
If the key length is 16 bytes, then use the way that is called 'Decryption Algorithm

 赛
Using16-byte DES Key' to decrypt data blocks.
After calculation, all decrypted data blocks are put together in the former order (decrypted

市
D1, decrypted D2, etc.) Blocks are combined by LD, plain text and fill character.

莞
Because LD indicates the length of plain text data, it is used to recover plain text data.

东
供
仅
Figure - Decryption Algorithm Using 8-byte DES Key

27
 Figure - Decryption Algorithm Using 16-byte DES Key 用
使
司
公
限
有
技
科
能
智
瑞
赛
市
莞
东
供
仅

28
 4.5MAC Algorithm

4.5.1 Definition

A description of MAC Algorithm.

4.5.2 MAC Calculation

用
MAC is formed by using all the elements in a command (including command header). MAC is the
使
last data unit in command data domain with 4 bytes long.
The steps for MAC calculation are as follows: 司
i. Device send a GET CHALLENGE command to IC card and thus get back a 4-byte random
公
限
number from IC card.
ii. Add '00 00 00 00' at the back of the 4-byte random number that IC card sent back. The
result after is the initial value.
有
iii.
技
Follow the below order to connect the following terms to form data blocks:
CL A ， IN S ， P1 ， P2 ， Lc +4 ， DATA

科
Must set the last half byte of CLA to be '4'( in hexadecimal);

能
If the CLA in dedicated instruction is conflicted with ISO7816-4, the above restriction
is not valid. Dedicated instructions determine whether MAC should be added.

智
In data field of command (if exist), plain text or encrypted data are included.

瑞
(i.e. If line encryption protection is needed, the encrypted data block is transmitted in
command data field.)
iv.
赛
Split the data block into blocks with 8-bytes length, mark as D1, D2,D3, etc. The last block

市
can be 1 to 8 bytes.
v. If the last data block is 8 bytes, still need to add '80 00 00 00 00 00 00 00'(in hexadecimal).

莞
Then turn into step 6.

东
a) If length is 8bytes, turn to step 6.
b) If the total length of data block is less than 8 bytes, add '80'(in hexadecimal) at the end.

供 After, if the total length is still less than 8 bytes, keep adding '00' (in hexadecimal) until

仅
the length is 8 bytes.
vi. Do encryption to every data block with its corresponding key.(Keys are all specified by
FMCOS command or structural command of PBOC3.0 JR/T 0025.)
a) If the key length is 8 bytes, then use the way in figure 1 to generate MAC (Depending
on different lengths of data blocks generated in step 3, total step in calculation might
be less or more than 3 steps. )
b) If the key length is 16 bytes, then use the way in figure 2 to generate MAC (Depending
on different lengths of data blocks generated in step 3, total step in calculation might
be less or more than 3 steps. )
29
vi i. The final value of MAC is the 4 bytes on the left of the calculated result.

用
Figure1 - Algorithm uses 8-byte key to generate MAC
使
 司
Note: Commands for special applications are done according to their special conventions.

公
限
有
技
科
能
智
瑞
赛
市 Figure2 - Algorithm uses 16-byte key to generate MAC

莞
东
供
仅

30