是否可以在NFC卡中实现令牌队列? [英] Is it possible to implement a token queue in NFC cards?

问题描述

该问题专门与MIFARE Ultralight C/EV1，MIFARE DESFire EV1甚至NTAG卡有关.我想实现一个令牌系统，以便普通用户每次读取其中一张卡时，都会得到一个可用的令牌.该令牌将从他们正在读取的NFC卡中弹出".换句话说，每次读取NFC芯片时，它将从卡的存储中发出不同的可用令牌.这可能实现吗?

This question is specifically about MIFARE Ultralight C/EV1, or MIFARE DESFire EV1, or even NTAG cards. I want to implement a system of tokens, so that each time a normal user reads one of those cards they'll get one available token; that token will "pop out" from the NFC card they're reading. In other words, every time that NFC chip is read, it will issue a different usable token from the card's storage. Is this possible to implement?

推荐答案

常见的非可编程智能卡通常提供以下内容之一(或某种组合):

Common non-programmable smart cards usually provide one of (or some combination) of the following:

• 保险丝位-单个位的值只能以一种方式(从零到一或从一到零，但不能同时改变)的存储区域

• fuse bits -- a memory area where values of individual bits can change only in one way (either from zero to one or from one to zero, but never both of them)

单调计数器-卡上存储的整数值，个性化后只能在一个方向上更改(增加或减少，但不能同时改变)

monotonic counter -- an integer value stored on card which can change only in a single direction after the personalisation (either increase or decrease, but never both of them)

电子钱包-一个整数值，一个实体可以减小它，而另一个实体(两个实体都通过不同的秘密密钥证明自己)可以增加

electronic purse -- an integer value which can be decreased by one entity and increased by another entity (both entities proving themselves by a distinct secret key)

这些功能都不能直接提供任何不可预测的标记(请参见注释1).

None of those functions directly provide any unpredictable tokens (see note 1).

另一方面是您的令牌收集者"必须拥有一个密钥，以允许对卡进行写访问(以便能够修改计数器/钱包)-这使他们可以轻松耗尽所有剩余的保险丝位或计数器/钱包值(有效地导致其他令牌收集者"的服务条件被拒绝).访问控制不能细化为仅允许单个令牌收集(这可能是您想要的).

Another aspect is that your 'token collectors' would have to possess a key allowing card write access (to be able to modify counters/purse) -- which allows them to easily deplete all remaining fuse bits or counter/purse values (effectively resulting in a denial of service condition for other 'token collectors'). Access control can't be fine-grained to allow only single token collection (which is probably what you want).

使用可编程智能卡，您可以(半)轻松实现所需的任何操作语义-看一下Java Card(尽管可编程智能卡价格更高).

With a programmable smart card you can (semi) easily implement any operation semantics you need -- have a look at Java Card (programmable smartcards are more expensive though).

鉴于您的令牌收集器"在读取卡时处于联机状态，那么最简单的方法可能是仅使用卡来证明令牌收集器"在附近并在服务器上生成令牌".

Given your 'token collectors' are online while reading the card then probably the simplest way is to use the card only to prove that 'token collector' is in its proximity and generate the 'token' on the server.

为证明与卡片的距离，令牌收集者"将使用他/她的NFC电话在服务器和卡片之间中继相互身份验证命令.他/她不需要知道任何卡钥匙.

To prove the proximity to the card the 'token collector' would use his/her NFC phone to relay mutual authentication commands between the server and card. He/she does not need to know any of card keys for that.

在这种情况下，可以使用任何具有相互身份验证的智能卡(例如Ultralight-C或DESFire)(请参见注释2和3).

Any smartcard with mutual authentication (e.g. Ultralight-C or DESFire) is usable in this scenario (see notes 2 and 3).

用于DESFire的通信看起来与此类似:

Communication for DESFire would look similarly to this:

祝你好运！

注1:实际上，有些卡可以为其电子钱包生成不可预测的余额证书"，但是我不知道有支持此功能的CL卡.

Note 1: Actually there are cards which can generate an unpredictable 'balance certificate' for their electronic purse, but I am not aware of any CL card supporting this.

注2:具有基于密码的身份验证的卡不适合使用，因为令牌收集器"可以轻松拦截发送给卡的密码. MIFARE Classic不适合使用，并且加密密钥需要直接加载到读取器中(无法中继).

Note 2: Cards with password based authentication are not suitable as 'token collectors' could easily intercept the password being sent to the card. MIFARE Classic is not suitable as well as encryption key needs to be loaded directly to the reader (relaying is not possible).

注3:请注意，通过执行此中继身份验证，您将授予令牌收集器"绑定到相应密钥的所有访问权限(尽管他/她不知道会话密钥的值).因此，Ultralight-C并不是一个不错的选择，因为从技术上讲，他/她将完全允许他/她访问该卡.同样，请勿将DESFire卡主密钥用于中继身份验证-使用两个应用程序密钥(只有您自己知道的随机值)创建一个新的应用程序，并使用第二个密钥(而非应用程序主密钥)进行中继身份验证.请记住也要更改卡的主密钥.

Note 3: Notice that by performing this relayed authentication you grant the 'token collector' all access rights bound to the respective key (although he/she does not know the value of the session key). Thus Ultralight-C is not a good choice as you would technically give him/her a complete access to the card. Similarly do not use DESFire card master key for relayed authentication -- create a new application with 2 application keys (with random values known only to you) and use the second key (not application master key) for relayed authentication. Remember to change the card master key as well.

注4:DESFire EV2具有命令中继保护功能，因此您必须测试它是否适用于您的方案.

Note 4: DESFire EV2 has protection for command relaying so you would have to test if it works in your scenario.

这篇关于是否可以在NFC卡中实现令牌队列?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！