Secure Session

  • A class that manages the secure session for NFC communication, including security configuration, secure channels, and secure messaging.

    The NFCSecureSession class is responsible for establishing secure communication sessions for NFC (Near Field Communication) using SecurityConfiguration, SecureChannel, and SecureMessaging.

    • Tip: It enables secure data exchange and provides methods for configuring, establishing, and clearing the secure session.

    See also

    SecurityConfiguration, SecureChannel, SecureMessaging and SessionKeyGenerator

    See more

    Declaration

    Swift

    internal final class NFCSecureSession

  • Represents a secure communication channel with cryptographic parameters.

    This class defines a secure communication channel with encryption keys (KSenc, KSmac) and a Send Sequence Counter (SSC) for secure messaging during a session. The SSC is an unsigned integer and its bit size matches the block size of the block cipher used for secure messaging, which is 64 bits for 3DES and 128 bits for AES.

    See also

    NFCSecureSession, SecurityConfiguration, SecureMessaging and SessionKeyGenerator
    See more

    Declaration

    Swift

    internal final class SecureChannel

  • A class responsible for protecting APDU commands sent and unprotecting APDU responses received during a secure session in NFC communication.

    The SecureMessaging class is in charge of safeguarding the confidentiality and integrity of APDU commands and responses exchanged in a NFCSecureSession. It employs either 3DES or AES in encrypt-then-authenticate mode, ensuring the data is padded, encrypted, and authenticated.

    Session Initiation

    Secure Messaging is initiated when a secure session is established. Session keys are derived using a key derivation function (KDF), and the data is padded, encrypted, and authenticated in this mode.

    Session Termination

    Secure Messaging is terminated if a Secure Messaging error occurs or a plain APDU is received. In such cases, the stored session keys are deleted, and the terminal’s access rights are reset.

    3DES Modes of Operation

    • Encryption: Two-key 3DES in CBC mode with a zero IV, using padding method 2.

    • Message Authentication: Cryptographic checksums are calculated using MAC algorithm 3 with block cipher DES, zero IV, and padding method 2. The MAC length must be 8 bytes.

    • Send Sequence Counter (SSC): For Secure Messaging following Basic Access Control (BAC), the SSC is initialized by concatenating the four least significant bytes of RND.IC and RND.IFD. In all other cases, the SSC is initialized to zero.

    AES Modes of Operation

    • Encryption: AES in CBC mode with a specific IV.
    • Message Authentication: AES in CMAC mode with a MAC length of 8 bytes.

    • Send Sequence Counter (SSC): The SSC is initialized to zero.

    See also

    NFCSecureSession, SecurityConfiguration SecureChannel and SessionKeyGenerator

    See more

    Declaration

    Swift

    internal final class SecureMessaging

  • Represents a security configuration for cryptographic operations.

    This class encapsulates a security configuration, including encryption algorithm and key derivation settings.

    See also

    NFCSecureSession, SecureChannel, SecureMessaging SessionKeyGenerator, EncryptionAlgorithm andHashAlgorithm
    See more

    Declaration

    Swift

    internal final class SecurityConfiguration

  • A generator for session keys using specified key derivation mechanisms.

    The SessionKeyGenerator class is responsible for deriving session keys based on defined key derivation mechanisms. These session keys are used for various purposes, such as encryption, message authentication and security protocols.

    Key Derivation Function

    The key derivation function KDF(K, c) takes the shared secret value K and a 32-bit, big-endian integer c as inputs. It produces an octet string keydata as output, which is computed as keydata = H(K || c). The hash function H() used in the key derivation must have a bit-length greater than or equal to the derived key’s bit-length.

    Note

    The hash value is interpreted as a big-endian byte output.

    Using 3DES

    To derive 128-bit (112-bit excluding parity bits) 3DES keys, the SHA-1 hash function is used, and the following additional steps must be performed:

    • Use octets 1 to 8 of keydata to form keydataA and octets 9 to 16 to form keydataB. Additional octets are not used.
    • Optionally, adjust the parity bits of keydataA and keydataB to form correct DES keys.

    Using AES

    To derive 128-bit AES keys, the SHA-1 hash function is used, and the following additional step must be performed:

    • Use octets 1 to 16 of keydata. Additional octets are not used.

    For 192-bit and 256-bit AES keys, SHA-256 is used as the hash function.

    For 192-bit AES keys, the following additional step must be performed:

    • Use octets 1 to 24 of keydata; additional octets are not used.

    KeyDerivationFunctionMode

    The SessionKeyGenerator includes an enum called KeyDerivationFunctionMode, which defines different modes for deriving session keys. Each mode corresponds to a specific use case:

    • ENC_MODE: For deriving session keys used in encryption.
    • MAC_MODE: For deriving session keys used in message authentication.

    • PACE_MODE: For deriving session keys used in the PACE protocol.

    See also

    NFCSecureSession, SecurityConfiguration SecureChannel and SecureMessaging

    See more

    Declaration

    Swift

    internal final class SessionKeyGenerator