[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

 Internet Draft                                                P.Urien
 Document: draft-urien-eap-smartcard-11.txt                  G.Pujolle

 Expires:                                                February 2007

                         EAP-Support in Smartcard


Status of this Memo

  By submitting this Internet-Draft, each author represents that any
  applicable patent or other IPR claims of which he or she is aware
  have been or will be disclosed, and any of which he or she becomes
  aware will be disclosed, in accordance with Section 6 of BCP 79.

  Internet-Drafts are working documents of the Internet Engineering
  Task Force (IETF), its areas, and its working groups. Note that
  other groups may also distribute working documents as Internet-
  Drafts.

  Internet-Drafts are draft documents valid for a maximum of six
  months and may be updated, replaced, or obsoleted by other documents
  at any time. It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as "work in progress."

  The list of current Internet-Drafts can be accessed at
  http://www.ietf.org/ietf/1id-abstracts.txt.

  The list of Internet-Draft Shadow Directories can be accessed at
  http://www.ietf.org/shadow.html.

  This Internet-Draft will expire on February, 2007.

Copyright Notice

  Copyright (C) The Internet Society (2006).

1 Abstract

This document describes the functional interface, based on the ISO7816
standard, for EAP methods fully and securely executed in smartcards.












  Urien & All      Informational - Expires February 2007            1

                    EAP-Support in Smartcard             August 2006

Table of Contents

  Copyright Notice...................................................1
  1 Abstract.........................................................1
  2 Overview.........................................................5
  3 Terms............................................................5
  4 Relationship with RFC 3748.......................................6
     4.1 EAP multiplexing model......................................6
     4.2 EAP smartcards..............................................6
     4.3 Overview of EAP smartcards in the IETF context..............7
         4.3.1 Network Interface.....................................8
         4.3.2 Other services........................................9
  5 Identification label.............................................9
  6 UserID Coding Rules.............................................10
  7 EAP smartcard services..........................................10
     7.1 Add-Identity...............................................10
     7.2 Delete-Identity............................................10
     7.3 Get-Preferred-Identity.....................................11
     7.4 Get-Current-Identity.......................................11
     7.5 Get-Next-Identity..........................................11
     7.6 Get-Profile-Data...........................................11
     7.7 Set-Identity...............................................11
     7.8 Process-EAP................................................12
     7.9 Get-Session-Key............................................12
     7.10 Get-State.................................................13
     7.11 Reset-State...............................................13
     7.12 Method Functions..........................................13
     7.13 Relationship with the 802.1X supplicant state machine.....14
     7.14 Multiple EAP Identity selection...........................14
     7.15 Get-Exported-Parameter....................................15
     7.16 Get-AMSK..................................................16
  8 IEEE 802.16 services............................................16
     8.1 Get-Certificate............................................16
     8.2 Private-Key-Decryption.....................................16
  9 Relationships with the Smartcard Interface......................17
  10 ISO 7816-4 APDUs...............................................17
     10.1 ISO 7816 Status Word......................................17
     10.2 Segmentation/Reassembly rules.............................18
         10.2.1 Segmentation........................................18
         10.2.2 Reassembly..........................................18
     10.3 PIN Management............................................18
         10.3.1 Verify PIN..........................................19
         10.3.2 Change PIN..........................................19
         10.3.3 Enable PIN..........................................19
         10.3.4 Disable PIN.........................................19
         10.3.5 Unblock PIN.........................................19
     10.4 Multi-Applications smartcard considerations...............20
     10.5 Add-Identity..............................................20
     10.6 Delete-Identity...........................................20
     10.7 Get-Preferred-Identity....................................21
     10.8 Get-Current-Identity......................................21

  Urien & All        Informational -    Expires February 2007      2

                    EAP-Support in Smartcard             August 2006

     10.9 Get-Next-Identity.........................................21
     10.10 Get-Profile-Data.........................................21
     10.11 Set-Identity.............................................22
     10.12 Set-Multiple-Identity....................................22
     10.13 Process-EAP..............................................22
     10.14 Method Functions.........................................24
     10.15 IEEE 802.16 Services.....................................24
     10.16 Get-Session-Key..........................................25
     10.17 Get-Current-Version......................................26
     10.18 Get-State................................................26
     10.19 Reset-State..............................................26
     10.20 Get-Exported-Parameter...................................27
     10.21 Get-AMSK.................................................27
     10.22 Commands summary.........................................28
  11 State Machine Sequence.........................................29
     11.1 Supplicant software state machine sequence................29
     11.2 Smartcard EAP framework state machine sequence............29
  12 Security Considerations........................................30
     12.1 Security Claims...........................................30
     12.2 Smart Card Technology.....................................30
     12.3 Tamper Resistant Storage and Execution....................30
     12.4 Multi Factor Authentication...............................31
     12.6 Cryptographic Capabilities................................31
     12.7 Secure Provisioning.......................................31
     12.8 Certification.............................................31
     12.9 Smart Cards and EAP Security Claims.......................32
         12.9.1 Mutual Authentication...............................32
         12.9.2 Confidentiality.....................................32
         12.9.3 Key Derivation......................................32
         12.9.4 Man-in-the-Middle Attacks...........................32
         12.9.5 Dictionary Attacks..................................32
         12.9.6 Cryptographic Binding...............................32
         12.9.7 Channel Binding.....................................33
         12.9.8 Protection Against Rogue Networks...................33
         12.9.9 Authentication Method Security......................33
  13 Intellectual Property Right Notice.............................33
  14 Annex 1, EAP-SIM packet details................................34
  15 Annex 2, EAP-MD5 packet details................................35
  16 Annex 3 - TLS support..........................................37
     16.1 Unix Time issue...........................................37
     16.2 Fragment Maximum Size.....................................38
     16.3 EAP/TLS messages format...................................38
     16.4 Example of EAP/TLS Authentication.........................39
  17 Annex 4 ASN.1 BER Tag coding for the subscriber profile
  information.......................................................39
     17.1 ASN.1 Subscriber Profile Encoding.........................40
         17.1.1 EapID...............................................40
         17.1.2 EapType.............................................40
         17.1.3 Version.............................................40
         17.1.4 User Credential.....................................40
         17.1.5 UserProfile.........................................41

  Urien & All        Informational -    Expires February 2007      3

                    EAP-Support in Smartcard             August 2006

         17.1.6 UserProfile encoding example........................41
  18 Annex 5 APDUs exchange example.................................42
  19 Annex 6, EAP-TLS ISO7816 APDUs Trace (T=0 Protocol)............43
     19.1 EAP-TLS session parameters................................43
         19.1.2 CA Public Key (2048 bits)...........................43
         19.1.3 Server Public Key (1024 bits).......................43
         19.1.4 Client Private Key (1024 bits)......................43
     19.2 Full EAP-TLS trace (mode 2)...............................44
     19.3 EAP-TLS mode1 ISO7816 trace (T=0 protocol)................51
  20 Annex 7, EAP-AKA ISO7816 APDUs Trace (T=0 Protocol)............54
  21 References.....................................................58
  22 Authors's and contributors' addresses..........................60
  Intellectual Property Statement...................................61
  Disclaimer of Validity............................................61
  Copyright Statement...............................................61
  Acknowledgment....................................................61




































  Urien & All        Informational -    Expires February 2007      4

                    EAP-Support in Smartcard             August 2006

2 Overview

  All wireless LAN technologies derived from IEEE 802.11 or IEEE
  802.16 specifications, need strong security protocols for data
  privacy, integrity and network access.

  The 802.1X specification describes the risks and the protocols for
  the protection of the exchanged data during the network connection.
  In addition it requires the Extensible Authentication Protocol (EAP)
  to be used as the framework for application dependent authentication
  processes, with a mutual authentication between the supplicant and
  the authenticator. It is obvious that the role of the supplicant in
  this specification could partly be implemented in the smartcard as
  an authentication processing mean.

  The flexibility of EAP [RFC 3748] specification does not provide a
  Mandatory-to-Implement solution. The structure of the EAP frames
  allows the applications to identify the EAP type of consequently to
  operate the appropriate authentication.

  This draft describes a standard interface to an EAP implementation
  embedded in a smartcard. This device is generally considered as the
  most secure computing platform. As an illustration NIST [NIST-PIV]
  recently issued a draft about the Personal Identity Verification
  (PIV) integrated circuit card.

3 Terms

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
  document are to be interpreted as described in RFC-2119.

  AS: Authentication Server

  Authenticator: See the IEEE 802.1X specification for a definition of
  this concept.

  EAP: Extensible Authentication Protocol

  GSM: Global System for Mobile communications

  IMSI: International Mobile Subscriber Identifier, used in GSM to
  identify subscribers.

  NAI: Network Access Identifier

  PIN: Personal Identification Number

  MSK: Master Session Key

  SIM: Subscriber Identity Mobile

  Urien & All        Informational -    Expires February 2007      5

                    EAP-Support in Smartcard             August 2006


  SUPPLICANT: an IEEE 802.1X concept, which in the context of IEEE
  802.11 represents a STA (station) seeking to attach to an IEEE 802
  LAN via an IEEE 802.1X Port. See the IEEE 802.1X specification for a
  complete definition.

4 Relationship with RFC 3748

4.1 EAP multiplexing model

  According to [RFC 3748], EAP implementations conceptually consist of
  the four following components:

  1- Lower layer. The lower layer is responsible for transmitting and
  receiving EAP frames between the peer and authenticator. EAP has
  been run over a variety of lower layers including
  - PPP;
  - Wired IEEE 802 LANs [IEEE-802.1X];
  - IEEE 802.11 wireless LANs [IEEE-802.11];
  - IEEE 802.16e Wireless Metropolitan LANs [IEEE-802.16e];
  - UDP (L2TP [L2TP] and IKEv2 [IKEv2])

  2- EAP layer. The EAP layer receives and transmits EAP packets via
  the lower layer, implements duplicate detection and retransmission,
  and delivers and receives EAP messages to and from EAP methods.

  3- EAP peer and authenticator layers. Based on the Code field, the
  EAP layer demultiplexes incoming EAP packets to the EAP peer and
  authenticator layers. Typically, an EAP implementation on a given
  host will support either peer or authenticator functionality.

  4- EAP method. EAP methods implement the authentication algorithms
  and receive and transmit EAP messages. Since fragmentation support
  is not provided by EAP itself, this is the responsibility of EAP
  methods.

4.2 EAP smartcards

  An EAP smartcard implements one or several EAP methods, and works in
  cooperation with a smartcard interface entity, that sends and
  receives EAP messages to/from this device. The simplest form of this
  interface is a software bridge that transparently forwards EAP
  messages to smartcard.









  Urien & All        Informational -    Expires February 2007      6

                    EAP-Support in Smartcard             August 2006

            +-+-+-+-+-+-+
            | EAP method|
            | Smartcard |
            +-+-+-+-+-+-+
                  !
            +-+-+-+-+-+-+-+-+-+-+-+-+-+  +-+-+-+-+-+-+-+-+-+-+-+-+-+
            |  Smartcard  | EAP method|  | EAP method  | EAP method|
            |  Interface  | Type = Y  |  |  Type = X   | Type = Y  |
            |    Entity   |           |  |             |           |
            |  Type = X   |           |  |       ^     |           |
            +-+-+-+-V-+-+-+-+-+-+-+-+-+  +-+-+-+-!-+-+-+-+-+-+-+-+-+
            |       !                 |  |       !                 |
            |  EAP  !  Peer Layer     |  |  EAP  !  Auth. Layer    |
            |       !                 |  |       !                 |
            +-+-+-+-!-+-+-+-+-+-+-+-+-+  +-+-+-+-!-+-+-+-+-+-+-+-+-+
            |       !                 |  |       !                 |
            |  EAP  ! Layer           |  |  EAP  !  Layer          |
            |       !                 |  |       !                 |
            +-+-+-+-!-+-+-+-+-+-+-+-+-+  +-+-+-+-!-+-+-+-+-+-+-+-+-+
            |       !                 |  |       !                 |
            | Lower !  Layer          |  | Lower !  Layer          |
            |       !                 |  |       !                 |
            +-+-+-+-!-+-+-+-+-+-+-+-+-+  +-+-+-+-!-+-+-+-+-+-+-+-+-+
                    !                            ! Authentication
                    !   Peer                     ! Server
                    +------------>---------------+

4.3 Overview of EAP smartcards in the IETF context.

  Peer-Layer Interface         EAP Smartcard                 Exported-
  (RFC 4137)                Additional Services             Parameters

  |                        |Content  |Security |Identity             |
  |                        |Mngt     |Mngt     |Mngt                 |
  |                        |         |         |                     |
  |                       +V+-+-+-+-+V+-+-+-+-+V+                    |
  |                       |    EAP Smartcard    |  SC.Get-Exp-Param  |
  |                       |        Method       |-> Channel Binding  |
  | SC.Reset,SC.Get-State |                     |-> Peer-ID          |
  |         MethodState ->|    Secure Method    |-> Server-ID        |
  |                       |      Processing     |-> Method-ID        |
  |        SC.Process-EAP |                     |                    |
  |          eapReqData ->|  Secure Storage of  | SC.Get-Session-Key |
  |                       |  method credentials |-> MSK              |
  |                       |                     |                    |
  |                       |     Keys caching    | SC.Get-AMSK        |
  |                       |         (EMSK)      |-> AMSK             |
                          +-+-+-+-+-+-+-+-+-+-+-+




  Urien & All        Informational -    Expires February 2007      7

                    EAP-Support in Smartcard             August 2006

  The EAP smartcard offers four classes of services, the network
  interface, the content management, the security management and the
  identity management.

 4.3.1 Network Interface

  Network services comprise two kinds of functional interfaces,
  described in [RFC 4137] and in [EAP-KEY], that we call Peer-Layer
  and Exported-Parameters.

  The interface between EAP methods and the Peer-Layer is introduced
  in [RFC 4137] and comprises two main procedures:

  - methodState() initializes a method or gets its current state. This
  function is realized by two EAP-Smartcard procedures named SC.Reset-
  State and SC.Get-State.

  - eapReqData() forwards EAP messages to methods, and optionally
  returns a response. The EAP smartcard uses the SC.Process-EAP
  command for that purpose.

  Upon success, the method computes a set of values, whose use is more
  precisely defined in [EAP-KEY], and which are made available for
  other EAP layers:

  - The Master Session Key (MSK) used as a shared secret, involved in
  cryptographic material generation. The SC.Get-Session-Key command
  returns this value.

  - An additional key, the Extended Master Session Key (EMSK), never
  shared with a third party. This key is cached by the EAP-Smartcard.

  - Application Master Session Keys (AMSK) introduced by in [EAP-EXT]
  and obtained through a key distribution function (KDF) using EMSK
  and other values, as input parameters. This key is collected by the
  SC.Get-AMSK command.

  - Method-ID used as an unique identifier of an EAP conversation.
  It’s typically obtained by the concatenation of two random values
  generated by server and client entities. This value is obtained via
  the SC.Get-Exported-Parameter command.

  - Server-ID corresponding to the identity, if any, of the server.
  For example it’s the subject field of an X.509 certificate. This
  value is obtained via the SC.Get-Exported-Parameter command.

  - Peer-ID used for the identity of the client, if any. It could be
  the subject field of an X.509 certificate. This value is obtained
  via the SC.Get-Exported-Parameter command.



  Urien & All        Informational -    Expires February 2007      8

                    EAP-Support in Smartcard             August 2006

  - Channel Bindings used as elements of information, typically
  relative to the IEEE 802.1x access point (Called-Station-Id, ,
  Calling-Station-Id, NAS-Identifier, NAS IP-Address, etc.). They are
  optionally mirrored during an EAP session, from server to client.
  This value is obtained via the SC.Get-Exported-Parameter command.

 4.3.2 Other services

  An EAP-Smartcard has a physical interface with the EAP-Peer layer
  and produces output values as described in the previous section.
  However other management services are required for practical
  reasons:

  - Content Management. It’s the set of operations needed to download
  credentials required by a particular method (X.509 certificates,
  cryptographic key,...).

  - Security Management. This service manages mechanisms (PIN code,
  biometric techniques,...) that restrict EAP-Smartcard use to
  authorized bearers.

  - Identity Management. When several methods are available, this
  service allows to select one of them.

5 Identification label

  The [IEEE 801.1X] specification  requires an authentication between
  the authentication server (AS) and the supplicant. The
  authentication is embedded in the Extensible Authentication Protocol
  (EAP) [RFC 3748] specification. The authentication consists of a
  challenge response between both parties, without consideration of
  the involved crypto-suite. Before starting the mutual
  authentication, the AS needs the supplicant identity to establish
  the session. The AS or the authenticator sends an EAP Request
  Identity to the supplicant that returns its system identity. A user
  may own several identities associated to corporate, personal
  networks or operators' networks.

  The identification label is a pointer to a system identity (the EAP-
  ID value returned in the EAP-Identity.response message) stored in
  smartcard; it may be of various types:

  1- A network SSID as described in the 802.11 standard [IEEE 802.11].
  2- A user's identification (UserID) e.g. an ASCII string (as
  described in section 6). A network access identifier, NAI [RFC 2486]
  may be used as UserID.
  3- A pseudonym, e.g. a friendly name.

  According to the network environment, the supplicant software needs
  to set the appropriate identity


  Urien & All        Informational -    Expires February 2007      9

                    EAP-Support in Smartcard             August 2006

  The subsequent sections give the description of the methods used by
  a supplicant for processing an 802.1X authentication using the
  smartcard.

  Annex one provides a reference implementation example for a SIM
  based authentication [EAP-SIM]. Annex two provides a reference
  implementation example for a MD5 based authentication. Annex three
  provides a reference implementation for a TLS based authentication
  [EAP-TLS]. Annex four describes the user's profile according to the
  ASN.1 [ASN.1] syntax. Annex five illustrates an MD5 authentication
  scenario that works with an EAP smartcard. Annex six shows ISO 7816
  data exchanges with EAP-TLS smartcards. Annex seven presents ISO
  7816 data exchanges with EAP-AKA [EAP-AKA] smartcards.

6 UserID Coding Rules

  This section describes the structure and the architecture of the
  UserID.

  A UserID consists of 2 fields separated by the Internet symbol "@".
  The right hand side of the "@" symbol is the UserID realms while the
  left hand side is an application dependent and unique identification
  number.

  EAP/SIM has defined the UserID where the application identification
  is "1IMSI". Other UserID such as eMail address can be used by the
  application.

7 EAP smartcard services

  Mandatory services MUST be implemented in any smartcard that claims
  conformance with this draft.

  Optional services are not required by basic authentication
  operations.

  Secure services MAY be protected by a PIN code. Non secure services
  MUST be freely accessible.

7.1 Add-Identity
  Status: Optional.
  Security: Secure(ISSUER).
  This command and the Delete-Identity are part of the user's identity
  management protocols. The smartcard is initially manufactured
  without any identification label. The personalization or the
  supplicant software adds in the smartcard user's identification
  label that can be retrieved by other smartcard command.

7.2 Delete-Identity
  Status: Optional
  Security: Secure(ISSUER)

  Urien & All        Informational -    Expires February 2007      10

                    EAP-Support in Smartcard             August 2006

  This command and the Add-Identity are part of the user's identity
  management protocols. The smartcard contains a list of one or
  several identification labels that can be retrieved by the
  supplication software. The command deletes one entry of the
  smartcard list.

7.3 Get-Preferred-Identity
  Status: Optional
  Security: Non Secure.
  The smartcard contains at least one user's identity. The supplicant
  software gets from the smartcard the initial and preferred
  identification label. If the user has more than one identity the
  supplicant software uses the Get-Next-Identity to read all available
  identities.

7.4 Get-Current-Identity
  Status: Mandatory
  Security: Non Secure
  The smartcard contains at least one user's identity related to the
  user's network subscription. The supplicant software gets from the
  smartcard its current identification label.

7.5 Get-Next-Identity
  Status: Mandatory
  Security: Non Secure
  The smartcard may contain one or more user's identities according to
  the user's network subscriptions. The supplicant software should
  prompt the user's identity and a subsequent selection allows the
  smartcard to process the appropriate EAP authentication type. The
  Get-Next-Identity command allows the supplicant software to read all
  the available user's identities.

  The Get-Next-Identity command MAY inform the supplicant software
  when all user's identities have been read. Otherwise the supplicant
  software detects the identity list end, when it gets again the first
  identity.

7.6 Get-Profile-Data
  Status: Optional
  Security: Secure(BEARER)
  The Authentication Agent or the Supplicant MAY request the
  subscriber profile information. The Get-Profile-Data returns all
  related information available in the smartcard. Details of the
  subscriber’s profile information are given in annex 4. The
  implementation of the information may be ruled but ASN.1 BER coding
  specification [ASN.1] or by an XML dialect [XML].

7.7 Set-Identity
  Status: Mandatory
  Security: Secure(BEARER)


  Urien & All        Informational -    Expires February 2007      11

                    EAP-Support in Smartcard             August 2006

  Once the Identity selection is processed, the supplicant software
  needs to set the smartcard EAP framework, according to the selected
  user's identity. The Set-Identity sets the smartcard EAP state
  machine to the AUTHENTICATING state.

7.8 Process-EAP
  Status: Mandatory
  Security: Secure(BEARER)
  The EAP process is described in the RFC 3748 specification and
  involves several EAP requests and responses packets,

  1) EAP request/response Identity;
  2) A suite of EAP request/response related to a particular
  authentication scenario; and
  3) EAP success or failure.

  The Set-Identity restarts the smartcard EAP framework state machine
  for further processing using the EAP-Packets method.

  An incoming EAP/Request/Identity restarts the smartcard EAP
  framework state machine for further processing using other EAP-
  Packets methods.

  The smartcard receives the RFC 3748 frames. It retrieves the
  appropriate EAP authentication type in the frame and the identifier.

  The smartcard maintains the EAP state machine and returns an EAP NAK
  packet if this state sequence is broken. In that case it reaches the
  NOT-AUTHENTICATED state.

  Any EAP request is silently ignored if the state machine was not
  started.

  The last step of the protocol retrieves the Session Key from the
  smartcard.

7.9 Get-Session-Key
  Status: Mandatory.
  Security: Secure(BEARER)

  At the end of a successful authentication the supplicant needs to
  update the appropriate crypto suite (if any) using the master
  session key (MSK).

  The Get-Session-Key returns to the supplicant software the key to
  initialize radio security protocols like TKIP, or CCMP.

  In an 801.1X context, MSK should be interpreted as the unicast key.

  In an 802.11i or WPA context MSK should be interpreted as the PMK
  (Pairwise Master Key).

  Urien & All        Informational -    Expires February 2007      12

                    EAP-Support in Smartcard             August 2006


7.10 Get-State.
  Status: Optional.
  Security: Secure(BEARER)

  This command returns the current smartcard state:

  1) IDENTITY-NOT-SET, no authentication identity has been selected.
  2) AUTHENTICATING, an authentication session is in progress.
  3) AUTHENTICATED, last authentication session was successful.
  4) NOT-AUTHENTICATED, last authentication session failed.

7.11 Reset-State.
  Status: Optional.
  Security: Secure(BEARER)

  If the current state is IDENTITY-NOT-SET, this command has no
  effect.

  Otherwise this command forces the EAP smartcard in the
  AUTHENTICATING state.

7.12 Method Functions
  Status: Optional.
  Security: Secure(BEARER)

  EAP smartcards that are not able to completely process an EAP method
  MAY support some essential security procedures, like for example,

   -X509 Certificate storage
   -Random generator
   -Private key encryption
   -Private key decryption
   -Public key encryption
   -Public key decryption
   -Symmetric key encryption
   -Symmetric key decryption















  Urien & All        Informational -    Expires February 2007      13

                    EAP-Support in Smartcard             August 2006

7.13 Relationship with the 802.1X supplicant state machine

                                   reset
       +-------------------+      +------>+----------------------+
   +-->|     ACQUIRED      |      |   +-->|    AUTHENTICATING    |<-+
   |   +-------------------+      |   |   +----------------------+  |
   |   | txRspId(reveiveId,|      |   |   | txRspAuth(receivedId,|  |
   |   |        previousId)|      |   |   |           previousId)|  |
   |   | previousId=       |      |   |   | previousId=          |  |
   |   |     receivedId    |      |   |   |     reveivedId       |  |
   |   +-------------------+      |   |   +--+---+----------+----+  |
   |             |                |   |      |   | reqId    |       |
   |             +----------------+   +--<---+   |          +---->--+
   |                                  reqAuth    |             error
   +--------------------<------------------------+

  The supplicant state machine, as described in 802.1x standard is
  split between the terminal and the smartcard. The smartcard only
  implements the AUTHENTICATING state.

  Upon reception of the Set-Identity command smartcard unconditionally
  transits in the AUTHENTICATING state.

  Upon reception of the EAP Identity-Request message, smartcard
  unconditionally moves in the ACQUIRED state, delivers an Identity
  response message and re-enters the AUTHENTICATING state.

  In agreement with the 802.1X state machine all EAP requests are
  processed in the AUTHENTICATING state.

  The final EAP notification message (either success or failure)
  indicates the end of the authentication process. It’s optionally
  forwarded to the EAP smartcard.

  If any error occurs during the authentication procedure (reception
  of NAK or failure messages ...) the smartcard restarts at the
  AUTHENTICATING state where it will wait for an identity request or
  the first EAP-Type request.

  If the EAP smartcard support security features like PIN code or
  biometric identification, all EAP messages will be silently discard
  before the occurrence of a successful bearer’s authentication.

7.14 Multiple EAP Identity selection

  Status: Optional.
  Security: Secure(BEARER)

  Multiple EAP authentications may be processed simultaneously in the
  same smartcard. If this capability is supported, the following rules
  apply:

  Urien & All        Informational -    Expires February 2007      14

                    EAP-Support in Smartcard             August 2006


  1) Multiple EAP Identities may be selected at the same time.
  2) The supplicant software shall indicate in the Set-Identity
  command the short identifier to be associated with the selected EAP
  identity.

  The supplicant software shall include this short identifier when
  necessary, in order to inform which of the selected EAP identities
  the command is targeted to.

  The smartcard software shall maintain a separate EAP state machine
  for each of the different selected EAP identities.

7.15 Get-Exported-Parameter

  Status: Optional.
  Security: Secure(BEARER)

  According to [EAP-KEY], EAP methods export a set of parameters that
  MAY be used by other EAP layers. In this draft, each attribute is
  identified by an index, and is read thanks to the Get-Exported-
  Parameter(index) command.

  Six indexes are defined, that are associated to the following
  attributes,

  Index 1: Peer-ID.
  The peer identity authenticated by the EAP method.

  Index 2: Server-ID:
  It’s the optional server identity, authenticated by the EAP method.

  Index 3: Method-ID.
  EAP method specifications deriving keys MUST specify a temporally
  unique method identifier known as the Method-ID.

  Index 4: Session-ID.
  The Session-ID uniquely identifies an EAP session between an EAP
  peer (as identified by the Peer-ID) and server (as identified by the
  Server-ID).

  Index 5: Key-Lifetime.
  While EAP itself does not support key lifetime negotiation, it is
  possible to specify methods that do.

  Index 6: Channel Bindings.
  Channel Bindings include lower layer parameters that are verified
  for consistency between the EAP peer and server. In order to avoid
  introducing media dependencies, EAP methods that transport Channel
  Binding data MUST treat this data as opaque octets.


  Urien & All        Informational -    Expires February 2007      15

                    EAP-Support in Smartcard             August 2006

7.16 Get-AMSK

  According to [RFC 4017] EMSK is an "additional keying material
  derived between the EAP client and server that is exported by the
  EAP method. The EMSK is at least 64 octets in length. The EMSK is
  not shared with the authenticator or any other third party. The EMSK
  is reserved for future uses that are not yet defined".

  It has been suggested in [EAP-EXT] to derive Application-specific
  Master Session Keys (AMSKs)from EMSK. As an illustration AMSK MAY be
  obtained by a Key Derivation Function (KDF), such as

                       AMSK = KDF(EMSK, label, length)

  The Get-AMSK(index,label) command is used to compute AMSK key,
  identified by an index and optionally associated to a label, needed
  to its calculation.

8 IEEE 802.16 services

  The [IEEE 802.16] security is based on the PKM (Privacy Key
  Management) protocol which requires, on the user’s side, an X509
  certificate and a private RSA key.

  [IEEE 802.16e] MAY support a version of PKM ,referred as PKM-EAP,
  which at the end of authentication scenario, produces a MSK key,
  according to [RFC 3748]

  An IEEE 802.16 service is a couple of credentials (X509Certificate,
  Private RSA Key), associated to a given identification label, and
  therefore working with a particular EAP method.

  Two services are defined.

8.1 Get-Certificate

  Status: Optional.
  Security: Secure(BEARER)

  This command reads the X509 certificate, associated with an
  identification label, which is either implicit or identified by an
  index.

8.2 Private-Key-Decryption

  Status: Optional.
  Security: Secure(BEARER)

  This command decrypts a message encrypted with the client public
  key, according to [PKCS1]


  Urien & All        Informational -    Expires February 2007      16

                    EAP-Support in Smartcard             August 2006

9 Relationships with the Smartcard Interface.

  The Smartcard Interface is a piece of software implemented in the
  supplicant that processes the authentication method. This component
  must be able to detect a smartcard. If this device is not present,
  or if it silently discards, an EAP.request message, then Smartcard
  Interface MUST reject all incoming request messages by the NAK code.

10 ISO 7816-4 APDUs

  This section of the document provides an implementation of the
  previous descriptions for an ISO 78176-4 compatible smartcard. The
  section does not preclude of the transport protocol used between the
  smartcard and the reader. Thus, this specification does not mandate-
  to-implement any transport protocol such as T=0 or T=1, which are
  not in the scope of this document. It should be noticed that all
  values are in hex representation.

  The restriction and security related descriptions are not present in
  the document. Annexes of this document give implementation examples.

  Note: Class byte value defined in this section ('A0') shall be
  interpreted as an implementation example. Other values may be used
  respecting conventions, defined in ISO 78176-4.

10.1 ISO 7816 Status Word

  According to ISO 7816, the status word SW1,SW2 is a two bytes word,
  giving information about current operation either success or
  failure.

  '90' '00' indicates an operation success
  '98' '04' indicates one of the following events,
       - Access Condition not fulfilled, e.g. a pin code presentation
       is required.
       - Unsuccessful user PIN verification, at least one attempt left.
  '98' '40' indicates one of the following events
       - Unsuccessful user PIN verification, no attempt left
       - Smartcard blocked
  '9F' 'xx' indicates that xx bytes (mod 256) are ready for reading.
       - The FETCH command (A0120000xx) is used for reading xx bytes
  '67' 'XX'
       - Incorrect parameter P3
  '6B' 'XX'
       - Incorrect parameter P1 or P2
  '6D' 'XX'
       - Unknown instruction code (INS) given in the command
  '6E' 'XX'
       - Wrong instruction class (CLA) given in the command
  '6F' 'XX'
       - Technical problem, not implemented...

  Urien & All        Informational -    Expires February 2007      17

                    EAP-Support in Smartcard             August 2006

  '61 ''XX'
       - Operation result MUST be fetched by the ISO Get Response APDU
       (CLA = 'C0', P3= 'XX')
  '6C ''XX'
        - Operation must be performed again, with the LE parameter
       value sets to 'XX'.
  '70' '00'
       - Packet silently discarded.
  '70' '01'
       - Authentication failure

10.2 Segmentation/Reassembly rules

 10.2.1 Segmentation

  When a command transfers a payload, whose size is greater than 255
  bytes, the less significant bit of the P1 byte is used as a More
  flag.

  - This bit is equal to zero for a non fragmented payload or a last
  fragment (More = 0 = False).

  - This bit is set to one (More = 1 = True) for a payload fragment.

  See annexes for examples.

 10.2.2 Reassembly

  - When a command reads less than 256 bytes, or in the last bloc
  case, the returned payload ends by the 9000 Status Word.

  - When a command returns more than 256 bytes, each payload bloc
  (excepted the last one) ends by the 9yxx Status Word, in which xx
  indicates the length of the next bloc and y MAY have any value
  between 1 and F. The FETCH (INS=12) command (A0120000xx) is used to
  read the next bloc.

  - See annexes for examples.

10.3 PIN Management

  Some services require that the smartcard’s bearer presents its PIN
  code.

  Smartcard returns the '98' '04' status word when it’s necessary to
  check the PIN code, before accessing to a particular service (see
  previous section). A PIN code is typically a four/eight digits
  decimal number, ASCII encoded, and ranging between '0000' and
  '9999'.



  Urien & All        Informational -    Expires February 2007      18

                    EAP-Support in Smartcard             August 2006

 10.3.1 Verify PIN
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  | Verify | A0  |  20 | 00 | 00 | 08 | 00 |
  +--------+-----+-----+----+----+----+----+

  The ISO APDU Verify is used when a PIN code presentation is required

  Lc is the PIN code length, typically height ASCII encoded bytes.

 10.3.2 Change PIN

  This APDU modifies the user PIN code.
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  | Change | A0  |  24 | 00 | 00 | 10 | 00 |
  +--------+-----+-----+----+----+----+----+

  The old PIN (8 bytes) and new PIN (8 bytes) are presented

 10.3.3 Enable PIN

  This APDU enables the user PIN function.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  | Enable | A0  |  26 | 00 | 00 | 08 | 00 |
  +--------+-----+-----+----+----+----+----+

  The user PIN code (8 bytes) is presented.

 10.3.4 Disable PIN
  This APDU disables the user PIN function.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  | Disable| A0  |  28 | 00 | 00 | 08 | 00 |
  +--------+-----+-----+----+----+----+----+

  The user PIN code is presented.

 10.3.5 Unblock PIN

  This APDU unblocks a smartcard, blocked after three wrong PIN code
  presentations.



  Urien & All        Informational -    Expires February 2007      19

                    EAP-Support in Smartcard             August 2006

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  | Unblock| A0  |  2C | 00 | 00 | 10 | 00 |
  +--------+-----+-----+----+----+----+----+

  The user PIN code (8 bytes) and an unblock code (8 bytes) are
  presented.

10.4 Multi-Applications smartcard considerations

  A smartcard may store several applications, each of them being
  identified by a set of bytes referred as the Application IDentifier
  (AID).
  The ISO APDU Select is used when it's necessary to select an
  application, able to process one or more EAP authentication scenari.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  | Select | 00  |  A4 | 04 | 00 | xx | 00 |
  +--------+-----+-----+----+----+----+----+

  Lc is the AID length.

  According to ISO 7816-7 AID is made of two parts
  -RID, a mandatory 5 bytes field that identifies a company or a
  standardization body.
  -PIX, up to 11 bytes, which identifies an application.

10.5 Add-Identity

  This command adds an identification label as described in the
  section: Identification Label Coding Rules. The smartcard list is
  managed by the smartcard. The identification label is appended as
  the last element of the list.

  Identity coding guidelines are not yet specified.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  17 | 00 | 81 | xx | 00 |
  +--------+-----+-----+----+----+----+----+

10.6 Delete-Identity

  This command deletes the identification label as described in the
  section: Identification Label Coding Rules. The command parameter
  gives the identification label to be deleted.


  Urien & All        Informational -    Expires February 2007      20

                    EAP-Support in Smartcard             August 2006

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  17 | 00 | 82 | xx | 00 |
  +--------+-----+-----+----+----+----+----+

10.7 Get-Preferred-Identity

  This command returns the user's preferred identification label

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  17 | 00 | 02 | 00 | XX |
  +--------+-----+-----+----+----+----+----+

10.8 Get-Current-Identity

  This command returns user's current identification label.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  18 | 00 | AA | 00 | XX |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity command.

10.9 Get-Next-Identity

  This command returns an user's identification label.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  17 | 00 | 01 | 00 | XX |
  +--------+-----+-----+----+----+----+----+

10.10 Get-Profile-Data

  The command returns the related subscriber profile information
  according to the application requirements and format. Profile coding
  rules are defined in annex 4.



  Urien & All        Informational -    Expires February 2007      21

                    EAP-Support in Smartcard             August 2006

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  1A | 00 | AA | 00 | YY |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described

10.11 Set-Identity

  The command resets and initializes the state machine for processing
  the EAP Packets. The first step after this command is an EAP request
  identity packet. If a different EAP packet is sent to the smartcard
  the smartcard returns an EAP NAK response.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  16 | 00 | 80 | XX | 00 |
  +--------+-----+-----+----+----+----+----+

10.12 Set-Multiple-Identity

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  16 | 00 | 83 | XX | 00 |
  +--------+-----+-----+----+----+----+----+

  The command resets and initializes the state machine for processing
  the EAP Packets. The first step after this command is an EAP request
  identity packet. If a different EAP packet is sent to the smartcard
  the smartcard returns an EAP NAK response.

  When "multiple EAP Identity selection" is supported, then the first
  status byte is '90' and the second one indicates the short
  identifier (coded in one byte) to be associated with the selected
  identity.

10.13 Process-EAP

  The command is the method for EAP packet management. The smartcard
  identifies the EAP packet type and processes the EAP authentication
  according to current state machine. The state machine sequences have


  Urien & All        Informational -    Expires February 2007      22

                    EAP-Support in Smartcard             August 2006

  to be respected and the smartcard enforces the EAP sequence
  processing.
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  | 80  | 00 | AA | XX | YY |
  +--------+-----+-----+----+----+----+----+
  The EAP request or response packet lengths are represented by the
  unknown value XX and YY. The supplicant software should set these
  elements in accordance with the EAP packet types.

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity command.

  Most EAP request packets will produce an EAP response packet from
  the smartcard. If no response is to be produced (e.g. packet
  silently discard because invalid sequence) the smartcard shall
  inform the client software with an alert status word ('7000').

  Success and failure packets do not require any response from the EAP
  client. A "successfully ending of command (90 00)" Status Word shall
  be send from the smartcard once a success EAP packet is processed.

  An alert status word ('7000') MAY be sent from the smartcard once a
  failure EAP packet is received.

  EAP Identity packets are independent of the authentication type;
  this section of the document provides the packet details. The rest
  of the EAP packet being authentication protocol dependent, they are
  detailed in the informative annex of this document.

  The description of the EAP/Request/Identity is detailed according to
  the IETF RFC 2284 [1].

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |    Request    |  Identifier   |          Length = 5           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 01   |
  +-+-+-+-+-+-+-+-+

  The description of the EAP/Response/identity is detailed according
  to the IETF RFC 3748.



  Urien & All        Informational -    Expires February 2007      23

                    EAP-Support in Smartcard             August 2006

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |    Response   |  Identifier   |            Length             |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 01   |                                               |
  +-+-+-+-+-+-+-+-+                                               |
  |                        User Identity                          |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

10.14 Method Functions.

  EAP smartcards that are not able to process a specific full EAP
  method may support some essential security procedures.

  +------------+-----+----------+----+----+----+----+
  |   Command  |Class|    INS   | P1 | P2 | Lc | Le |
  +------------+-----+----------+----+----+----+----+
  | Method-FCT | A0  | 60 or 82 | zz | AA | xx | yy |
  +------------+-----+----------+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.

  xx is the length of the input value.
  yy is the length of the returned value.

  P1 identifies a particular function, and is organized according to
  the following scheme:

  b7b6     00-Do.Final, 01-Initialize  10-More 11-Reserved
  b5b4     Function index
  b3b2b1   Function type
   0 X509      Certificate reading
   1 Random    Number Generator
   2 Private   key encryption
   3 Private   key decryption
   4 Public    key encryption
   5 Public    key decryption
   6 Symmetric key encryption
   7 Symmetric key decryption
  b0 reserved (More bit)

10.15 IEEE 802.16 Services

  Each EAP method MAY be associated to IEEE 802.16 services.

  Urien & All        Informational -    Expires February 2007      24

                    EAP-Support in Smartcard             August 2006


  +------------+-----+-----+----+----+----+----+
  |   Command  |Class| INS | P1 | P2 | Lc | Le |
  +------------+-----+-----+----+----+----+----+
  | Method-FCT | A0  | 84  | zz | AA | xx | yy |
  +------------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.

  xx is the length of the input value.
  yy is the length of the returned value.

  P1 identifies a particular function, and is organized according to
  the following scheme:

  b7b6     00-Do.Final, 01-Initialize  10-More 11-Reserved
  b5b4     RFU (always 00)
  b3b2b1   Function type
   0 X509      Certificate reading
   3 Private key decryption
  b0 reserved (More bit)

10.16 Get-Session-Key

  Once the state machine has received the EAP Success packet the
  Smartcard Interface is able to send the Master Session Key used by
  the 802.1X or the 802.11i specification for the crypto-suite.

  As an illustration the EAP SIM authentication specifies the Session
  Key usage according to the system cryptographic suite.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  | A6  | 00 | AA | 00 | 40 |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.


  Urien & All        Informational -    Expires February 2007      25

                    EAP-Support in Smartcard             August 2006

10.17 Get-Current-Version

  This command returns the EAP-Type protocol version and the WLAN-SCC
  version.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  18 | xx | yy | 00 | 02 |
  +--------+-----+-----+----+----+----+----+

  P1=00, Reserved
  P1 is the current EAP-Type
  P2=0, gets the EAP-Type version

10.18 Get-State

  This command returns the current smartcard state.


  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  19 | 00 | AA | 00 | 01 |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.

  Returned values:
  01 IDENTITY-NOT-SET, EAP messages silently discarded.
  02 AUTHENTICATING, Authentication in progress.
  03 AUTHENTICATED, waiting for an EAP/Request
  04 NOT-AUTHENTICATED, waiting for an EAP/Request

10.19 Reset-State

  This command forces the EAP smartcard to the AUTHENTICATING state
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  19 | 10 | AA | 00 | 01 |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  Urien & All        Informational -    Expires February 2007      26

                    EAP-Support in Smartcard             August 2006


  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.

  Returned values:
  01 IDENTITY-NOT-SET, EAP messages are silently discarded.
  04 NOT-AUTHENTICATED, waiting for an EAP/Request

10.20 Get-Exported-Parameter

  This command read an exported parameter, identified by its index
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  86 | 00 | AA | 01 | yy |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.

  Returned value: The value of the requested parameter.

10.21 Get-AMSK

  This command reads an AMSK key, identified by its index. An optional
  label may be provided for this AMSK calculation.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  |  88 | 00 | AA | xx | yy |
  +--------+-----+-----+----+----+----+----+

  If "multiple EAP Identity selection" is not supported, P2 (AA value)
  shall be set to '00'.

  If "multiple EAP Identity selection" is supported, P2 (AA value)
  shall indicate the short identifier associated with the selected EAP
  identity to which the command is targeted. These short identifiers
  are coded as described in Set-Identity Command.

  The less significant bit of P1 is used as a "More" indicator, as
  previously defined in 10.2. Other bits of P1 (b7...b1) represent the


  Urien & All        Informational -    Expires February 2007      27

                    EAP-Support in Smartcard             August 2006

  left shifted value of an AMSK index (a value ranging between 0 and
  127).

  Lc gives the length (in bytes) of an optional label.

  Returned value: The value of the requested parameter. If no AMSK is
  available, the Le field is null.

10.22 Commands summary.

   +------------------------+-----+-----+----+----+----+----+
   |         Command        |Class| INS | P1 | P2 | Lc | Le |
   +------------------------+-----+-----+----+----+----+----+
   |       Process-EAP      | A0  |  80 | 00 | ii | xx | yy |
   +------------------------+-----+-----+----+----+----+----+
   |        Method-FCT      | A0  |60-82| zz | ii | xx | yy |
   +------------------------+-----+-----+----+----+----+----+
   |  IEEE-802.16-Services  | A0  |  84 | zz | ii | xx | yy |
   +------------------------+-----+-----+----+----+----+----+
   | Get-Exported-Parameter | A0  |  86 | 00 | ii | 01 | yy |
   +------------------------+-----+-----+----+----+----+----+
   |        Get-AMSK        | A0  |  88 | zz | ii | xx | yy |
   +------------------------+-----+-----+----+----+----+----+
   |        Get-State       | A0  |  19 | 00 | ii | 00 | 01 |
   +------------------------+-----+-----+----+----+----+----+
   |       Reset-State      | A0  |  19 | 10 | ii | 00 | 01 |
   +------------------------+-----+-----+----+----+----+----+
   |     Get-Session-Key    | A0  |  A6 | 00 | ii | 00 | xx |
   +------------------------+-----+-----+----+----+----+----+
   |    Get-Profile-Data    | A0  |  1A | 00 | ii | 00 | yy |
   +------------------------+-----+-----+----+----+----+----+
   |  Get-Current-Identity  | A0  |  18 | 00 | ii | 00 | yy |
   +------------------------+-----+-----+----+----+----+----+
   |    Get-Next-Identity   | A0  |  17 | 00 | 01 | 00 | yy |
   +------------------------+-----+-----+----+----+----+----+
   | Get-Preferred-Identity | A0  |  17 | 00 | 02 | 00 | yy |
   +------------------------+-----+-----+----+----+----+----+
   |      Set-Identity      | A0  |  16 | 00 | 80 | xx | 00 |
   +------------------------+-----+-----+----+----+----+----+
   | Set-Multiple-Identity  | A0  |  16 | 00 | 83 | xx | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |       Add-Identity     | A0  |  17 | 00 | 81 | xx | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |     Delete-Identity    | A0  |  17 | 00 | 82 | xx | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |   Get-Current-Version  | A0  |  18 | xx | yy | 00 | 02 |
   +------------------------+-----+-----+----+----+----+----+
   |       Verify-PIN       | A0  |  20 | 00 | 00 | 08 | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |       Change-PIN       | A0  |  24 | 00 | 00 | 10 | 00 |
   +------------------------+-----+-----+----+----+----+----+

  Urien & All        Informational -    Expires February 2007      28

                    EAP-Support in Smartcard             August 2006

   |       Enable-PIN       | A0  |  26 | 00 | 00 | 08 | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |       Disable-PIN      | A0  |  28 | 00 | 00 | 08 | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |       Unblock-PIN      | A0  |  2C | 00 | 00 | 10 | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |       Select-AID       | A0  |  A4 | 04 | 00 | xx | 00 |
   +------------------------+-----+-----+----+----+----+----+
   |      Get-Response      | A0  |  C0 | 00 | 00 | 00 | xx |
   +------------------------+-----+-----+----+----+----+----+
   |          FETCH         | A0  |  12 | 00 | 00 | 00 | xx |
   +------------------------+-----+-----+----+----+----+----+

11 State Machine Sequence

11.1 Supplicant software state machine sequence

  +-----------------------+   +-----------------------+
  |A-Get user's identity  |<->|B-Set user's identity  |>>>
  +-----------------------+   +-----------v-----------+
                                          |
               +--------------------------+
               |
  +------------v--------------+   +-------------------+
  |C-send/receive EAP packets |<->|D-Get-Session-Key  |
  +---------------------------+   +-------------------+

  Transitions:

  A-B : All available identities received by Get-Next-Identity
  commands
  B-C : Set-Identity command successfully performed
  C-D : Successful ending of EAP-Packets command with no outgoing
  packet(Status word of the command equals '9000'). This can be also
  detected by 'authenticated' status following the Authentication-
  Status command.
  D-C : An incoming EAP/Request packet

11.2 Smartcard EAP framework state machine sequence

  +----------------------+   +----------------------+
  | Z-IDENTITY-NOT-SET   |-->|W-NOT-AUTHENTICATED   |<-+
  +----------------------+   +----------------------+  |
                                                       |
             +-----------------------------------------+
             |
  +----------v-----------+   +----------------------+
  | Y-AUTHENTICATING     |<--|    X-AUTHENTICATED   |
  +----------------------+   +----------------------+



  Urien & All        Informational -    Expires February 2007      29

                    EAP-Support in Smartcard             August 2006

  Transitions:

  Z-W : An available identity successfully set
  Y-X : Authentication Successful.
  Y-W : Authentication Error.
  X-Y : First Authentication Request received.
  W-Y : First Authentication Request received

12 Security Considerations
  Smart cards are a highly effective means of enforcing security
  policies. They are typically carried by one party (the end user,
  such as an employee or customer) but are controlled by another party
  (the issuer, such as an enterprise or service provider).
  Applications running on the Smart Card are controlled by the issuer,
  and serve to protect the interests of the issuer.

12.1 Security Claims

  Security claims expressed in this section are imported from [EAP-SC]

  Integrity Protection:  no
  Replay Protection:     no
  Confidentiality:       yes (section 12.9.2)
  Key Derivation:        yes (section 12.9.3)
  Key Strength:          no
  Dictionary Attacks:    yes (section 12.9.5)
  Fast Reconnect:        no
  Cryptographic Binding: yes (section 12.9.6)
  Session Independence:  no
  Fragmentation:         no
  Channel Binding:       yes (section 12.9.7)

12.2 Smart Card Technology
  The Smart Card consists of a microprocessor and non-volatile memory
  chipset enclosed in a physically tamper resistant module. This
  module is then embedded in a plastic card, or the module may be
  integrated into an alternative form factor, such as a USB device.

12.3 Tamper Resistant Storage and Execution
  Smart cards provide protective measures against physical and logical
  attacks against the processor and non-volatile memory. This enables
  the secure storage of end user cryptographic keys and user
  credentials, and secures execution of security sensitive operations
  such as encryption and digital signatures.

  The EAP-SC Authentication Method MUST store all secret cryptographic
  keys on the smart card in non-volatile memory. The EAP-SC
  Authentication Method MUST execute in the smart card all
  cryptographic functions that use stored secret cryptographic keys.
  The EAP-SC Authentication Method MUST NOT export any secret
  cryptographic keys from the smart card.

  Urien & All        Informational -    Expires February 2007      30

                    EAP-Support in Smartcard             August 2006


12.4 Multi Factor Authentication
  Smart cards generally require a Smart Card handler to authenticate
  to the Smart Card in order to access data or application
  functionality. This makes it possible to enforce multi factor user
  authentication by combining something the user has (the smart card)
  with something the user knows (such as PIN) or is (Biometric
  authentication).

  The EAP Authentication Method MUST enforce the use of the user PIN
  or Biometric before user credentials may be accessed or used.

12.5 Random Number Generation
  Smart Cards generally contain a hardware based true random number
  generator independent of external or internal clocks and immune to
  outside interferences. The quality of the hardware generator is
  further enhanced by logical processing to ensure excellent
  statistical properties; and these properties are checked regularly
  on-board.

  The EAP Authentication Method MUST use the Smart Card Random Number
  Generator anywhere Random Numbers are required.

12.6 Cryptographic Capabilities
  Smart cards provide certified, built-in implementation and optimized
  execution of common cryptographic algorithms such as AES, DES, RSA,
  and ECC...

  The EAP Authentication Method MUST use the built-in Smart Card
  cryptographic capabilities for the execution of any cryptographic
  functionality.

12.7 Secure Provisioning
  Smart cards provide a secure method of provisioning credentials,
  applications and trusted network information from the issuer or
  service provider to the end user, and managing this information
  after the card has been issued. Smart cards support automated
  personalization (including card initialization, loading of card data
  and printing) enabling issuance in very large numbers.

  The EAP-SC Authentication method MUST implement support for pre-
  issuance personalization, as for example by supporting [GLOBAL
  PLATFORM] or similar functionality. The EAP-SC Authentication method
  SHOULD implement support for post-issuance card and application
  management.

12.8 Certification
  The processes for designing and manufacturing smart cards are
  subject to rigorous security controls. This makes possible the
  certification of Smart Card functionality and applications by
  standardization organizations.

  Urien & All        Informational -    Expires February 2007      31

                    EAP-Support in Smartcard             August 2006


  The EAP-SC Authentication method MUST be implemented on a Smart Card
  platform that has been evaluated for security by a standards
  organization program such as [FIPS] or [COMMON CRITERIA].

12.9 Smart Cards and EAP Security Claims

  EAP-SC enhances the security of Authentication Methods by enabling
  the enforcement of security policies on the End User platform. The
  overall security of EAP-SC is dependent on the security of the
  Authentication Method implemented on the Smart Card.

  The following section discusses certain EAP Security Claims and how
  they are enhanced by Smart Card security features.

 12.9.1 Mutual Authentication

  Mutual authentication processes are generally based upon the use of
  random numbers. Smart Cards enhance the security of these processes
  by providing true random number generation.

 12.9.2 Confidentiality

  Smart Cards improve the robustness of EAP messages encryption, by
  providing tamper resistant storage for the encryption keys and
  secure execution of the encryption algorithms.
 12.9.3 Key Derivation

  Smart Cards improve the confidentiality of the key derivation
  process by providing tamper resistant storage for the master keys
  and secure execution of the key derivation algorithms.

 12.9.4 Man-in-the-Middle Attacks

  Smart Cards improve security against Trojan Horse attacks by
  providing a logically tamper resistant environment for the full
  implementation of EAP methods and secure execution of the encryption
  algorithms.

 12.9.5 Dictionary Attacks

  Smart Cards access is commonly protected via pin codes with a
  limited number of retries; permanent blocking of the device is
  enforced when the number of retries is exceeded. This mechanism
  provides enhanced protection against dictionary attacks aiming at
  discovering passwords.

 12.9.6 Cryptographic Binding




  Urien & All        Informational -    Expires February 2007      32

                    EAP-Support in Smartcard             August 2006

  Smart Cards provides tamper resistant storage for cryptographic keys
  and secure execution of the tunnel creation algorithms thus
  enhancing the cryptographic binding process.

 12.9.7 Channel Binding

  Smart Cards can be used as a secure out of band distribution method
  for channel parameters and therefore enhance the channel binding
  process.

 12.9.8 Protection Against Rogue Networks

  Smart Cards facilitate the provisioning and secure storage of
  information about trusted parties, such as the root certificates of
  trusted networks. This protects the end user against rogue networks
  and enables the enforcement of network roaming policies.

 12.9.9 Authentication Method Security

  The overall security of EAP-SC is dependent on the encapsulated EAP-
  SC Authentication Method. Weaknesses in the underlying method, such
  as weaknesses in integrity protection, replay protection or key
  strength, are detrimental to the overall security.

13 Intellectual Property Right Notice

  To be specify according to the Author and Participants.

























  Urien & All        Informational -    Expires February 2007      33

                    EAP-Support in Smartcard             August 2006

14 Annex 1, EAP-SIM packet details.

  The protocol implementation is out of the scope of this document but
  as a reference implementation this section gives details using the
  SIM as specified by [EAP-SIM]. This section of the document gives
  the APDU coding .

  The following traces illustrate a full EAP-SIM authentication
  scenario, as described in annex A (tests vector)of EAP-SIM [EAP-SIM]
  specification

  EAP-Request/Identity
  Tx: A0 80 00 00 05 01 00 00 05 01
  Rx: 61 20
  EAP-Request/Identity
  Tx: A0 C0 00 00 20
  Rx: 02 00 00 20 01 31 32 34 34 30 37 30 31 30 30 30
      30 30 30 30 31 40 65 61 70 73 69 6d 2e 66 6f 6f
      90 00

  EAP-Request/SIM/Start
  Tx: A0 80 00 00 10 01 01 00 10 12 0a 00 00 0f 02 00
      02 00 01 00 00
  Rx: 61 20
  EAP-Response/SIM/Start
  Tx: A0 C0 00 00 20
  Rx: 02 01 00 20 12 0a 00 00 07 05 00 00 01 23 45 67
      89 ab cd ef fe dc ba 98 76 54 32 10 10 01 00 01
      90 00

  EAP-Request/SIM/Challenge
  Tx: A0 80 01 00 FF 01 02 01 18 12 0b 00 00 01 0d 00
      00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e
      1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e
      2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e
      3f 81 05 00 00 9e 18 b0 c2 9a 65 22 63 c0 6e fb
      54 dd 00 a8 95 82 2d 00 00 55 f2 93 9b bd b1 b1
      9e a1 b4 7f c0 b3 e0 be 4c ab 2c f7 37 2d 98 e3
      02 3c 6b b9 24 15 72 3d 58 ba d6 6c e0 84 e1 01
      b6 0f 53 58 35 4b d4 21 82 78 ae a7 bf 2c ba ce
      33 10 6a ed dc 62 5b 0c 1d 5a a6 7a 41 73 9a e5
      b5 79 50 97 3f c7 ff 83 01 07 3c 6f 95 31 50 fc
      30 3e a1 52 d1 e1 0a 2d 1f 4f 52 26 da a1 ee 90
      05 47 22 52 bd b3 b7 1d 6f 0c 3a 34 90 31 6c 46
      92 98 71 bd 45 cd fd bc a6 11 2f 07 f8 be 71 79
      90 d2 5f 6d d7 f2 b7 b3 20 bf 4d 5a 99 2e 88 03
      31 d7 29 94 5a ec 75 ae 5d 43 c8 ed a5 fe 62 33
      fc ac 49 4e
  Rx: 90 00
  Tx: A0 80 00 00 19 e6 7a 0d 50 4d 0b 05 00 00 fe f3
      24 ac 39 62 b5 9f 3b d7 82 53 ae 4d cb 6a

  Urien & All        Informational -    Expires February 2007      34

                    EAP-Support in Smartcard             August 2006

  Rx 61 1C
  EAP-Response/SIM/Challenge
  TX: A0 C0 00 00 1C 02 02 00 1c 12 0b 00 00 0b 05 00
      00 f5 6d 64 33 e6 8e d2 97 6a c1 19 37 fc 3d 11
      54

  EAP-Success
  Tx: A0 80 00 00 04 03 02 00 04
  Rx: 90 00

  Reading MSK and EMSK keys.
  Tx: A0 A6 00 00 80
  Rx: 39 d4 5a ea f4 e3 06 01 98 3e 97 2b 6c fd 46 d1
      c3 63 77 33 65 69 0d 09 cd 44 97 6b 52 5f 47 d3
      a6 0a 98 5e 95 5c 53 b0 90 b2 e4 b7 37 19 19 6a
      40 25 42 96 8f d1 4ª 88 8f 46 b9 a7 88 6e 44 88
      59 49 ea b0 ff f6 9d 52 31 5c 6c 63 4f d1 4a 7f
      0d 52 02 3d 56 f7 96 98 fa 65 96 ab ee d4 f9 3f
      bb 48 eb 53 4d 98 54 14 ce ed 0d 9a 8e d3 3c 38
      7c 9d fd ab 92 ff bd f2 40 fc ec f6 5a 2c 93 b9
      9000

15 Annex 2, EAP-MD5 packet details

  The first EAP packet is the EAP Request Identity. This initial
  packet format complies with the RFC 2284. The smartcard returns an
  EAP response identity according to the NAI length.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  | 80  | 00 | 00 | 05 | YY |
  +--------+-----+-----+----+----+----+----+

  The description of the EAP/Request/identity is detailed according to
  the [RFC 3748].

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Request     |  Identifier   |            Length = 5         |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |  Type = 01    |
  +-+-+-+-+-+-+-+-+

  The description of the EAP/Response/identity is detailed according
  to [RFC 3748].





  Urien & All        Informational -    Expires February 2007      35

                    EAP-Support in Smartcard             August 2006

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Response    |  Identifier   |            Length             |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 01   |                                               |
  |-+-+-+-+-+-+-+-+             Identity Value                    |
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  The second EAP Packet is the EAP/request/MD5/challenge as
  represented in [RFC 3748].
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  | 80  | 00 | 00 | XX | 16 |
  +--------+-----+-----+----+----+----+----+
  The description of the EAP/Request/MD5/challenge is detailed
  according to [RFC 3748].
   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |    Request    |  Identifier   |           Length              |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 04   |                                               |
  |-+-+-+-+-+-+-+-+           MD5-Challenge.Value                 |
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  The description of the EAP/Response/MD5/challenge is detailed
  according to [RFC 37481].

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |    Response   |  Identifier   |        Length = 16            |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 04   |  Type_Size=10 |                               |
  |-+-+-+-+-+-+-+-+---------------+     MD5 Digest Value          |
  |                                                               |
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  The third EAP Packet is the EAP success notification as represented
  in the IETF RFC 2284 [1].
  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  | 80  | 00 | 00 | 04 | 00 |
  +--------+-----+-----+----+----+-- -+----+


  Urien & All        Informational -    Expires February 2007      36

                    EAP-Support in Smartcard             August 2006

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |    Success    |  Identifier   |          Length = 04          |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Further information can be retrieved from [RFC 3748].

16 Annex 3 - TLS support.

  EAP-TLS smartcards securely store at least the following items
  - Client X509 certificate
  - Client Private RSA Key
  - Certification Authority Public Key

  According to the smartcard computing capacities, two modes are
  defined in this draft (see details in annex 6)

  - Mode 1: smartcard supports five functions :
      - Public Key Encryption, with the server public key
      - Private Key Encryption, with the client private key
      - Public Key decryption, with the Certification Authority (CA)
        public key
      - Reading of the client's certificate
      - Random Number Generator

  - Mode 2: smartcard fully processes the EAP-TLS protocol

16.1 Unix Time issue.

  As mentioned in [RFC 2716] TLS RFC the client hello message includes
  a 32 byte random number, whose first 4 bytes are interpreted as the
  Unix Time. As smartcard is not able to maintain a clock, this
  parameter MUST be added to the EAP-TLS Start message by the
  Smartcard Interface.

  +--------+-----+-----+----+----+----+----+
  |Command |Class| INS | P1 | P2 | Lc | Le |
  +--------+-----+-----+----+----+----+----+
  |        | A0  | 80  | 00 | 00 | 0A | YY |
  +--------+-----+-----+----+----+----+----+

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |     Code=01   |  Identifier   |      Length  = 6              |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 13   |     Flag=20   |          Unix Time            |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |             Unix Time         |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Urien & All        Informational -    Expires February 2007      37

                    EAP-Support in Smartcard             August 2006


16.2 Fragment Maximum Size.

  A single TLS record may be up to 16384 octets in length, but a TLS
  message may span multiple TLS records, and a TLS certificate message
  may in principle be as long as 16MB. The group of EAP-TLS messages
  sent in a single round may thus be larger than the maximum RADIUS
  packet size of 4096 octets, or the maximum 802 LAN frame size.

  The chaining and extended length mechanisms identified in this
  document provide enough extension to manage incoming and outgoing
  EAP-TLS packets. Then, authenticator shall not necessary follow a
  specific fragment policy regarding whether EAP-TLS is provided by
  the smartcard or not.

  However, in order to prevent multiple segmentation and re-assembly
  operations, the maximum EAP message length of no fragmented packets
  issued by smartcard SHALL be set to an adapted value.

  As defined in EAP-TLS, when the smartcard receives an EAP-Request
  packet with the M bit set, it MUST respond with an EAP-Response with
  EAP-Type=EAP-TLS and no data.  This serves as a fragment ACK.

16.3 EAP/TLS messages format.

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |     Code      |  Identifier   |      Length  <= 240           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type = 13   |     Flag      |        TLS Message Length     |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |       TLS Message Length      |          TLS DATA             |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
  |                                                               |
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  Flags
   0 1 2 3 4 5 6 7
  +-+-+-+-+-+-+-+-+
  |L M S R R R R R|
  +-+-+-+-+-+-+-+-+
  L = Length included.
  M = More fragments
  S = EAP-TLS start, set in an EAP-TLS Start message.
  R = Reserved





  Urien & All        Informational -    Expires February 2007      38

                    EAP-Support in Smartcard             August 2006

16.4 Example of EAP/TLS Authentication

     Smartcard           Authentication Server
                             <- EAP-Request/
                                Identity
  EAP-Response/
  Identity (MyID) ->
                             <- EAP-Request/
                             EAP-Type=EAP-TLS
                             (TLS Start)
  EAP-Response/
  EAP-Type=EAP-TLS
  TLS client_hello)->
                             <- EAP-Request/
                                EAP-Type=EAP-TLS
                               (TLS server_hello,
                                TLS certificate,
                                TLS certificate_request,
                                TLS server_hello_done)
                                (Fragment 1: L, M bits set)
  EAP-Response/
  EAP-Type=EAP-TLS ->
                             <- PPP EAP-Request/
                                EAP-Type=EAP-TLS
                               (Fragment 2)

  EAP-Type=EAP-TLS
  (TLS certificate,
   TLS client_key_exchange,
   TLS certificate_verify,
   TLS change_cipher_spec,
   TLS finished) ->
                             <- EAP-Request/
                                EAP-Type=EAP-TLS
                               (TLS change_cipher_spec,
                                TLS finished)
  EAP-Response/
  EAP-Type=EAP-TLS ->
                             <- EAP-Success

17 Annex 4 ASN.1 BER Tag coding for the subscriber profile information

  The subscriber profile is a collection of data associated to every
  identity. It can be used be the operating system of a wireless
  terminal in order to get information about user credentials.

  Various information (photos...) MAY be also available.





  Urien & All        Informational -    Expires February 2007      39

                    EAP-Support in Smartcard             August 2006

17.1 ASN.1 Subscriber Profile Encoding

 17.1.1 EapID

  EapID ::= OCTET STRING

  The EAP-ID associated to the current identity.

 17.1.2 EapType

  EapType ::= INTEGER

  The EAP type associated to the current identity.

 17.1.3 Version

  Version ::= INTEGER

  The protocol version associated to an EAP type.

 17.1.4 User Credential

  UserCredential ::= SEQUENCE OF CredentialObject

  CredentialObject ::= SEQUENCE {
  ObjectValue SubscriberInformation
  }

  SubscriberInformation ::= CHOICE {

  SSIDList [0] IMPLICIT SEQUENCE OF {
  SSIDName OCTET STRING
  },

  SubscriberCertificate [1] IMPLICIT SEQUENCE OF {
  Certificate X509Certificate
  },

  RootCertificate [2] IMPLICIT SEQUENCE OF {
  Certificate X509Certificate
  }

  UserData [3] IMPLICIT SEQUENCE OF {
  { SubscriberFile UserFile
  }

  UserFile SEQUENCE OF {
  Name  OCTET STRING,
  Value BIT STRING Value
  }


  Urien & All        Informational -    Expires February 2007      40

                    EAP-Support in Smartcard             August 2006

  X509Certificate an ASN.1 definition, as described in [PKCS#6].
 17.1.5 UserProfile

  UserProfile ::= SEQUENCE {
  ThisEapID   EapID,
  ThisEapType EapType,
  ThisVersion Version,
  ThisCredential UserCredential
  }

 17.1.6 UserProfile encoding example

  30 82 xx yy
   04 05 31 32 33 34 35          EapID   = 1235
   02 01 0D                      EapType = EAP-TLS
   02 01 01                      Version = 1
   30 xx
    A0 0E
     04 05 61 62 63 64 65       SSID = abcde
     04 05 66 67 68 69 6A       SSID = fghij
    A1 82 xx yy
     First  X509Certificate
     Second X509Certificate
    A2 82 xx yy
     First  Root X509Certificate
     Second Root X509Certificate
    A3 82 xx yy
     30 82 zz tt
      04 05 61 62 63 64 65  // Name = abcde
      03 82 zz tt
       File content





















  Urien & All        Informational -    Expires February 2007      41

                    EAP-Support in Smartcard             August 2006

18 Annex 5 APDUs exchange example

  This annex shows ISO 7816 (T=0) TPDUs exchanged between the
  smartcard and the authentication agent

  // Select EAP application (AID= 11 22 33 44 55 66 01)
  Select.request:  00 A4 04 00 07 11 22 33 44 55 66 01
  Select.response: 90 00

  // Get current identity
  Get-Current-Identity.request:       A0 18 00 00 00
  Get-Current-Identity.response       98 04
  // !Pin code is requested

  // PIN code verification      (0000)
  Verify.request:             A0 20 00 00 08 30 30 30 30 FF FF FF FF
  Verify.response:            90 00

  // Try again
  Get-Current-Identity.request:       A0 18 00 00 00
  Get-Current-Identity.response:      6C 04
  Get-Current-Identity.request        A0 18 00 00 04
  Get-Current-Identity.response:      61 62 63 64 90 00


  // Get-Next-Identity()
  Get-Next-Identity.request:  A0 17 00 01 00
  Get-Next-Identity.response: 6C 04
  Get-Next-Identity.request:  A0 17 00 01 04
  Get-Next-Identity.response: 61 62 63 64 90 00

  // Set-Identity()
  Set-Identity.request:  A0 16 00 80 04 61 62 63 64
  Set-Identity.response: 90 00

  // Process EAP-Packets()
  EAP-Packet.request:   A0 80 00 00 05 01 A5 00 05 01
  EAP-Packet.response:  61 09
  GetResponse.request:  A0 C0 00 00 09
  GetResponse.response: 02 A5 00 09 01 61 62 63 64 90 00
  EAP-Packet.request    A0 80 00 00 08 01 A6 00 08 04 02 12 34
  EAP-Packet.response:  61 16
  GetResponse.request:  A0 C0 00 00 16
  GetResponse.response: 02 A6 00 16 04 10 CF A5 2D CD 63 5F 5C 6D
                        55 B8 09 FD B7 BB EC 3C 90 00







  Urien & All        Informational -    Expires February 2007      42

                    EAP-Support in Smartcard             August 2006

19 Annex 6, EAP-TLS ISO7816 APDUs Trace (T=0 Protocol)

19.1 EAP-TLS session parameters

 19.1.2 CA Public Key (2048 bits)

  modulus:
      00:a5:62:a0:41:52:9a:ec:8e:27:24:a1:0c:a2:45:
      68:e3:ed:bd:3d:64:9a:7c:c2:74:5a:e2:60:fa:ac:
      6d:0f:dd:4c:45:ce:9d:b9:74:4e:35:fd:74:cd:13:
      63:dd:dc:ce:19:25:b9:d7:06:31:13:d7:ea:1e:54:
      1a:07:36:eb:97:2f:88:19:58:c5:76:ec:f9:b3:71:
      66:fa:3a:4e:94:f9:04:98:ff:b0:7f:b0:dc:af:c3:
      c8:a6:35:3d:ab:d4:67:07:ff:c6:e8:f0:03:a5:f1:
      5b:00:c8:8f:36:a1:f3:88:e8:23:f1:04:c6:d4:26:
      af:37:ad:a2:54:83:ab:13:56:83:8e:6f:b4:3a:d3:
      63:95:00:ad:ec:57:5d:95:2d:01:f5:7b:ae:6c:b6:
      43:4b:da:2b:e1:ed:f4:ab:e1:75:27:0f:2e:06:5c:
      42:30:b4:5e:06:59:58:e4:4b:b6:0e:ba:71:d6:1c:
      a0:70:ac:b1:2c:b2:fe:6b:7d:d8:42:1d:45:9d:d5:
      4a:62:06:2e:e2:dc:88:5b:8b:72:45:ac:e1:24:ea:
      08:66:30:5f:8c:e6:52:12:37:70:04:b0:37:5c:09:
      1e:3b:d4:97:0c:9b:41:3f:86:08:d7:db:19:cb:07:
      a3:b9:cb:75:49:99:dc:20:cd:f0:db:52:19:4b:15:
      f1:6d
  publicExponent: 65537 (0x10001)

 19.1.3 Server Public Key (1024 bits)
  modulus:
      00:bc:67:01:3c:b9:15:ec:12:81:e6:5a:4d:af:49:
      80:1d:db:6d:5c:f3:0c:fd:2f:f6:3f:5d:37:79:29:
      c7:39:1b:fd:76:6f:67:dd:0f:e9:e8:42:51:43:ba:
      46:ae:95:ff:76:91:9f:30:a3:9c:45:9a:22:f2:2b:
      75:66:52:97:95:c3:2f:ee:7d:cf:c9:dc:de:11:69:
      a3:46:ef:e8:25:24:62:14:df:02:2b:ad:f9:83:b9:
      3c:bb:a8:1c:44:c1:5a:11:39:70:1b:69:f9:95:4c:
      9b:d2:fd:fa:1a:e4:01:e3:bd:6f:d0:6c:f5:85:41:
      3c:28:ae:80:2b:46:70:a8:f3
  publicExponent: 65537 (0x10001)

 19.1.4 Client Private Key (1024 bits)
  modulus: // N
      00:de:7d:0e:f5:1d:17:16:c0:6f:51:b0:4c:ef:2e:
      c6:ca:f4:d8:66:01:bc:7b:21:12:37:ce:dc:61:72:
      f3:c8:ff:83:5c:2f:f5:2b:f8:f0:0f:bd:89:86:6a:
      3f:c2:8b:3b:bd:c7:98:fd:4b:1d:67:8f:85:66:12:
      74:6f:64:74:d0:31:07:46:04:ba:b1:74:70:b1:fc:
      d9:42:44:f8:97:c2:74:b9:45:5c:84:15:33:ec:4a:
      cb:41:d2:6e:7c:6d:bd:bc:cd:3e:64:ff:8f:33:63:
      fe:06:55:69:96:c6:96:fa:17:db:f8:7f:eb:5b:fe:
      00:3e:d1:8e:42:83:62:be:c3

  Urien & All        Informational -    Expires February 2007      43

                    EAP-Support in Smartcard             August 2006

  publicExponent: 65537 (0x10001)
  privateExponent:
      00:9f:ad:4b:5d:d9:79:e7:a7:46:7d:6f:35:57:f7:
      cf:4e:7b:f9:0f:04:b1:fc:00:99:2d:9a:76:0a:2e:
      51:0e:71:6b:1a:6f:84:db:01:37:71:64:8b:5d:ff:
      c5:30:df:72:89:da:c5:4f:0c:68:d7:19:67:19:01:
      a7:b5:06:78:da:57:2f:2f:f6:c5:ce:75:b7:ca:9d:
      b2:f8:5a:62:27:40:b2:5c:42:f3:78:fd:42:f6:1a:
      56:44:a3:42:94:24:f6:37:53:fc:78:42:06:8a:1a:
      0b:43:cf:f8:92:60:8d:10:61:2c:ff:d3:79:ba:78:
      ed:f7:28:fb:61:dc:88:37:91
  prime1: // P
      00:fc:30:c8:10:41:80:f7:f2:1a:0c:28:2b:58:a0:
      44:3e:01:13:91:66:4f:96:27:0e:c3:0a:4f:58:b5:
      73:9a:3c:7a:fa:b9:19:8f:2b:32:8b:c8:bf:6c:77:
      b3:4d:e5:71:80:e5:74:9a:76:a5:c0:41:14:81:76:
      e0:9b:46:bd:db
  prime2: // Q
      00:e1:d9:6b:5e:41:2d:3e:b9:2a:a8:6b:6e:d0:fc:
      aa:b1:df:a7:4e:90:8d:11:54:7c:0d:ea:64:d5:f5:
      c1:d1:2b:02:77:b2:d2:6e:d8:93:56:ad:ee:ca:5a:
      c0:92:64:4b:b8:d8:f4:a2:8c:f0:18:17:64:51:0b:
      db:04:f3:3b:39
  exponent1: // DP1
      00:db:27:a9:34:37:38:54:3f:d7:d2:e8:b5:82:77:
      03:d6:be:28:bb:1a:25:df:5e:61:bd:ac:9f:f7:7e:
      f7:ce:f8:f0:06:22:04:cc:1d:c5:f7:23:a4:f6:25:
      af:73:ea:08:10:f3:55:b9:45:92:14:d8:79:71:68:
      55:17:9b:0a:31
  exponent2: // DQ1
      37:87:0e:27:d9:5c:77:6c:6d:39:85:58:74:97:7a:
      9c:4b:01:c6:86:31:b8:ce:0d:c6:1a:17:fa:a6:f6:
      a5:27:ae:ee:a1:0f:ad:e3:1f:ae:93:0a:ff:c3:7a:
      4f:43:cb:7e:42:11:3b:99:ed:39:ef:1e:61:f2:c9:
      41:99:4f:b9
  coefficient: //PQ
      5f:88:21:11:1f:0d:f0:cd:56:47:4f:1f:64:81:0e:
      d1:02:eb:39:42:01:c7:e4:4b:b6:31:65:2a:fd:51:
      11:1f:cd:3a:68:d4:e8:3c:4e:47:c1:ce:76:6b:2b:
      52:bd:76:dd:71:81:76:0f:69:9a:94:c3:41:3a:2e:
      c9:47:3c:e5

19.2 Full EAP-TLS trace (mode 2)

  // TLS-START + GMT-UNIX-TIME
  Tx: A080000000A 011400060D20 3FAA2B6A
  Rx: 6150

  Tx: A0C0000050 // Read Client Hello
  Rx: 021400500D800000004616030100410100003D03013FAA2B6A08BDD285B43D1F
      3BC9715FC9F85FC453FE58F3A9E07FF397CD65392200001600040005000A0009

  Urien & All        Informational -    Expires February 2007      44

                    EAP-Support in Smartcard             August 2006

      006400620003000600130012006301009000

  // Forward Server_Hello frag#1 1396 octets, total size = 4710 octets
  // eap.request#15

  Tx: A0800100F0011505740DC00000126616030112610200004603013FAA2B9BCC3D
      6179E2D7E78460A2596342C5014289B753209CA02A31DEDB9142206124000089
      2B16D27FEBD10B93D1EFC224C322B69B994C1A8FB2B5BD4094861A0004000B00
      05A80005A50005A23082059E30820486A003020102020A613116E50000000000
      03300D06092A864886F70D0101050500305231123010060A0992268993F22C64
      01191602667231143012060A0992268993F22C6401191604656E737431153013
      060A0992268993F22C64011916056261647261310F300D060355040313066361
      77696669301E170D3033313030323135323331345A
  Rx: 9000

  Tx: A0800100F0170D3035313030313135323331345A3066310B3009060355040613
      024652311630140603550408130D696C65206465206672616E6365310E300C06
      0355040713057061726973310D300B060355040A1304656E7374310F300D0603
      55040B1306696E66726573310F300D06035504031306616B6B61723130819F30
      0D06092A864886F70D010101050003818D0030818902818100BC67013CB915EC
      1281E65A4DAF49801DDB6D5CF30CFD2FF63F5D377929C7391BFD766F67DD0FE9
      E8425143BA46AE95FF76919F30A39C459A22F22B7566529795C32FEE7DCFC9DC
      DE1169A346EFE825246214DF022BADF983B93CBBA8
  Rx: 9000

  Tx: A0800100F01C44C15A1139701B69F9954C9BD2FDFA1AE401E3BD6FD06CF58541
      3C28AE802B4670A8F30203010001A38202E4308202E0300B0603551D0F040403
      0205A0304406092A864886F70D01090F04373035300E06082A864886F70D0302
      02020080300E06082A864886F70D030402020080300706052B0E030207300A06
      082A864886F70D030730130603551D25040C300A06082B06010505070301301D
      0603551D0E04160414234B9E6578CB280E3D968C5B6C4EA0911C1A7F73301F06
      03551D23041830168014E56DC55020881E3900398AF99EE0789DA4230F893081
      FB0603551D1F0481F33081F03081EDA081EAA081E7
  Rx: 9000

  Tx: A0800100F08681B16C6461703A2F2F2F434E3D6361776966692C434E3D616B6B
      6172312C434E3D4344502C434E3D5075626C69632532304B6579253230536572
      76696365732C434E3D53657276696365732C434E3D436F6E6669677572617469
      6F6E2C44433D62616472612C44433D656E73742C44433D66723F636572746966
      69636174655265766F636174696F6E4C6973743F626173653F6F626A65637443
      6C6173733D63524C446973747269627574696F6E506F696E748631687474703A
      2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E726F6C
      6C2F6361776966692E63726C3082011306082B0601
  Rx: 9000

  Tx: A0800100F0050507010104820105308201013081AA06082B0601050507300286
      819D6C6461703A2F2F2F434E3D6361776966692C434E3D4149412C434E3D5075
      626C69632532304B657925323053657276696365732C434E3D53657276696365
      732C434E3D436F6E66696775726174696F6E2C44433D62616472612C44433D65
      6E73742C44433D66723F634143657274696669636174653F626173653F6F626A
      656374436C6173733D63657274696669636174696F6E417574686F7269747930

  Urien & All        Informational -    Expires February 2007      45

                    EAP-Support in Smartcard             August 2006

      5206082B060105050730028646687474703A2F2F616B6B6172312E6261647261
      2E656E73742E66722F43657274456E726F6C6C2F61
  Rx: 9000

  Tx: A0800000C46B6B6172312E62616472612E656E73742E66725F6361776966692E
      637274302106092B060104018237140204141E12005700650062005300650072
      007600650072300D06092A864886F70D01010505000382010100946E33F7044A
      18F16E18337D8A22A230415DF07766ED94835E8A1FCBB7B16571D6EC6A9564AA
      C163383D17B223C29AB57825AE36156083249AA0A8EABED8C880D7E1EE58A301
      9D04D935EA3C6427052FDE1CCB60681691436C3580439F4C592ABA6489D43ABF
      EF9660EF60DA97FDA9
  Rx: 6106

  Tx: A0C0000006 // READ ACK#15
  Rx: 021500060D009000

  // Transfer Server Hello frag#2 1396 octets eap.request#16

  Tx: A0800100F0011605740D40E8436722315A8D1479DCA19BFFC9F6B15A538D80E1
      A0C107F079DF79DB2674DD914481C8E1B388577645C100F44F4EC3A7E077CC4B
      3AC3577FD1CD0575E651FF1BCD6C716402DD83858563EC791593018CEB0BD9DB
      12F4B2E8D19FC185787E1717265BA3E11E76E343D2DA8AD83C77188E4E96C049
      B3F3B7BCB886BB574858FE331EE4407AA893212C171B1883A3B0EA580D000C63
      0201020C5E00C43081C1310B300906035504061302555331173015060355040A
      130E566572695369676E2C20496E632E313C303A060355040B1333436C617373
      2031205075626C6963205072696D61727920436572
  Rx: 9000

  Tx: A0800100F074696669636174696F6E20417574686F72697479202D204732313A
      3038060355040B1331286329203139393820566572695369676E2C20496E632E
      202D20466F7220617574686F72697A656420757365206F6E6C79311F301D0603
      55040B1316566572695369676E205472757374204E6574776F726B00C43081C1
      310B300906035504061302555331173015060355040A130E566572695369676E
      2C20496E632E313C303A060355040B1333436C6173732034205075626C696320
      5072696D6172792043657274696669636174696F6E20417574686F7269747920
      2D204732313A3038060355040B1331286329203139
  Rx: 9000

  Tx: A0800100F0393820566572695369676E2C20496E632E202D20466F7220617574
      686F72697A656420757365206F6E6C79311F301D060355040B13165665726953
      69676E205472757374204E6574776F726B00D43081D1310B3009060355040613
      025A41311530130603550408130C5765737465726E2043617065311230100603
      55040713094361706520546F776E311A3018060355040A131154686177746520
      436F6E73756C74696E6731283026060355040B131F4365727469666963617469
      6F6E205365727669636573204469766973696F6E312430220603550403131B54
      686177746520506572736F6E616C20467265656D61
  Rx: 9000

  Tx: A0800100F0696C204341312B302906092A864886F70D010901161C706572736F
      6E616C2D667265656D61696C407468617774652E636F6D00D23081CF310B3009
      060355040613025A41311530130603550408130C5765737465726E2043617065

  Urien & All        Informational -    Expires February 2007      46

                    EAP-Support in Smartcard             August 2006

      31123010060355040713094361706520546F776E311A3018060355040A131154
      686177746520436F6E73756C74696E6731283026060355040B131F4365727469
      6669636174696F6E205365727669636573204469766973696F6E312330210603
      550403131A54686177746520506572736F6E616C205072656D69756D20434131
      2A302806092A864886F70D010901161B706572736F
  Rx: 9000

  Tx: A0800100F06E616C2D7072656D69756D407468617774652E636F6D0086308183
      310B3009060355040613025553312D302B060355040A13244669727374204461
      7461204469676974616C2043657274696669636174657320496E632E31453043
      0603550403133C46697273742044617461204469676974616C20436572746966
      69636174657320496E632E2043657274696669636174696F6E20417574686F72
      69747900CE3081CB310B3009060355040613025A41311530130603550408130C
      5765737465726E204361706531123010060355040713094361706520546F776E
      311A3018060355040A131154686177746520436F6E
  Rx: 9000

  Tx: A0800000C473756C74696E6731283026060355040B131F436572746966696361
      74696F6E205365727669636573204469766973696F6E3121301F060355040313
      1854686177746520506572736F6E616C2042617369632043413128302606092A
      864886F70D0109011619706572736F6E616C2D6261736963407468617774652E
      636F6D0061305F310B300906035504061302555331173015060355040A130E56
      6572695369676E2C20496E632E31373035060355040B132E436C617373203320
      5075626C6963205072
  Rx: 6106

  Tx: A0C0000006 // Read ACK#16
  Rx: 021600060D009000

  // Transfer Server Hello frag#3 1396 octets eap.request#17

  Tx: A0800100F0011705740D40696D6172792043657274696669636174696F6E2041
      7574686F726974790061305F310B300906035504061302555331173015060355
      040A130E566572695369676E2C20496E632E31373035060355040B132E436C61
      73732032205075626C6963205072696D6172792043657274696669636174696F
      6E20417574686F726974790061305F310B300906035504061302555331173015
      060355040A130E566572695369676E2C20496E632E31373035060355040B132E
      436C6173732031205075626C6963205072696D61727920436572746966696361
      74696F6E20417574686F7269747900C43081C1310B
  Rx: 9000

  Tx: A0800100F0300906035504061302555331173015060355040A130E5665726953
      69676E2C20496E632E313C303A060355040B1333436C6173732033205075626C
      6963205072696D6172792043657274696669636174696F6E20417574686F7269
      7479202D204732313A3038060355040B13312863292031393938205665726953
      69676E2C20496E632E202D20466F7220617574686F72697A656420757365206F
      6E6C79311F301D060355040B1316566572695369676E205472757374204E6574
      776F726B009C308199310B30090603550406130248553111300F060355040713
      08427564617065737431273025060355040A131E4E
  Rx: 9000


  Urien & All        Informational -    Expires February 2007      47

                    EAP-Support in Smartcard             August 2006

  Tx: A0800100F065744C6F636B2048616C6F7A617462697A746F6E73616769204B66
      742E311A3018060355040B131154616E7573697476616E796B6961646F6B3132
      3030060355040313294E65744C6F636B20557A6C6574692028436C6173732042
      292054616E7573697476616E796B6961646F00473045310B3009060355040613
      02555331183016060355040A130F47544520436F72706F726174696F6E311C30
      1A06035504031313475445204379626572547275737420526F6F740077307531
      0B300906035504061302555331183016060355040A130F47544520436F72706F
      726174696F6E31273025060355040B131E47544520
  Rx: 9000

  Tx: A0800100F04379626572547275737420536F6C7574696F6E732C20496E632E31
      2330210603550403131A475445204379626572547275737420476C6F62616C20
      526F6F7400C63081C3310B300906035504061302555331143012060355040A13
      0B456E74727573742E6E6574313B3039060355040B13327777772E656E747275
      73742E6E65742F43505320696E636F72702E206279207265662E20286C696D69
      7473206C6961622E2931253023060355040B131C286329203139393920456E74
      727573742E6E6574204C696D69746564313A303806035504031331456E747275
      73742E6E6574205365637572652053657276657220
  Rx: 9000

  Tx: A0800100F043657274696669636174696F6E20417574686F7269747900B23081
      AF310B30090603550406130248553110300E0603550408130748756E67617279
      3111300F06035504071308427564617065737431273025060355040A131E4E65
      744C6F636B2048616C6F7A617462697A746F6E73616769204B66742E311A3018
      060355040B131154616E7573697476616E796B6961646F6B3136303406035504
      03132D4E65744C6F636B204B6F7A6A6567797A6F692028436C61737320412920
      54616E7573697476616E796B6961646F00C43081C1310B300906035504061302
      555331173015060355040A130E566572695369676E
  Rx: 9000

  Tx: A0800000C42C20496E632E313C303A060355040B1333436C6173732032205075
      626C6963205072696D6172792043657274696669636174696F6E20417574686F
      72697479202D204732313A3038060355040B1331286329203139393820566572
      695369676E2C20496E632E202D20466F7220617574686F72697A656420757365
      206F6E6C79311F301D060355040B1316566572695369676E205472757374204E
      6574776F726B0070306E310B300906035504061302555331183016060355040A
      130F47544520436F72
  Rx: 6106

  Tx: A0C0000006 // Transfer ACK#17
  RX: 021700060D009000

  // Read Server Hello frag#4 550 octets  eap.request#18
  Tx: A0800100F0011802260D00706F726174696F6E31273025060355040B131E4754
      45204379626572547275737420536F6C7574696F6E732C20496E632E311C301A
      06035504031313475445204379626572547275737420526F6F74009E30819B31
      0B30090603550406130248553111300F06035504071308427564617065737431
      273025060355040A131E4E65744C6F636B2048616C6F7A617462697A746F6E73
      616769204B66742E311A3018060355040B131154616E7573697476616E796B69
      61646F6B313430320603550403132B4E65744C6F636B20457870726573737A20
      28436C6173732043292054616E7573697476616E79

  Urien & All        Informational -    Expires February 2007      48

                    EAP-Support in Smartcard             August 2006

  Rx: 9000

  Tx: A0800100F06B6961646F0054305231123010060A0992268993F22C6401191602
      667231143012060A0992268993F22C6401191604656E737431153013060A0992
      268993F22C64011916056261647261310F300D06035504031306636177696669
      00723070312B3029060355040B1322436F707972696768742028632920313939
      37204D6963726F736F667420436F72702E311E301C060355040B13154D696372
      6F736F667420436F72706F726174696F6E3121301F060355040313184D696372
      6F736F667420526F6F7420417574686F726974790061305F31133011060A0992
      268993F22C6401191603636F6D31193017060A0992
  Rx: 9000

  Tx: A080000046268993F22C64011916096D6963726F736F6674312D302B06035504
      0313244D6963726F736F667420526F6F74204365727469666963617465204175
      74686F726974790E000000
  Rx: 9F00

  // Transfer Smartcard Response, eap.response#18

  // 1st fragment 1594 bytes - 05D6 - Code=2 id=18
  // Length=1494 Type=0D Flag=C0 Size=1825

  Tx: A012000000
  Rx: 021805D60DC00000072116030106F10B0005E10005DE0005DB308205D7308204
      BFA003020102020A61253DFF000000000006300D06092A864886F70D01010505
      00305231123010060A0992268993F22C6401191602667231143012060A099226
      8993F22C6401191604656E737431153013060A0992268993F22C640119160562
      61647261310F300D06035504031306636177696669301E170D30333131303630
      39333635395A170D3034313130353039333635395A306231123010060A099226
      8993F22C6401191602667231143012060A0992268993F22C6401191604656E73
      7431153013060A0992268993F22C64011916056261647261310E300C06035504
      9F00

  Tx: A012000000
  Rx: 0313055573657273310F300D0603550403130668616A6A656830819F300D0609
      2A864886F70D010101050003818D0030818902818100DE7D0EF51D1716C06F51
      B04CEF2EC6CAF4D86601BC7B211237CEDC6172F3C8FF835C2FF52BF8F00FBD89
      866A3FC28B3BBDC798FD4B1D678F856612746F6474D031074604BAB17470B1FC
      D94244F897C274B9455C841533EC4ACB41D26E7C6DBDBCCD3E64FF8F3363FE06
      556996C696FA17DBF87FEB5BFE003ED18E428362BEC30203010001A382032130
      82031D300B0603551D0F0404030205A0304406092A864886F70D01090F043730
      35300E06082A864886F70D030202020080300E06082A864886F70D0304020200
      9F00

  Tx: A012000000
  Rx: 80300706052B0E030207300A06082A864886F70D0307301D0603551D0E041604
      14526E170649667E12FD1EC69D4CC8A02640B75928301706092B060104018237
      1402040A1E080055007300650072301F0603551D23041830168014E56DC55020
      881E3900398AF99EE0789DA4230F893081FB0603551D1F0481F33081F03081ED
      A081EAA081E78681B16C6461703A2F2F2F434E3D6361776966692C434E3D616B
      6B6172312C434E3D4344502C434E3D5075626C69632532304B65792532305365

  Urien & All        Informational -    Expires February 2007      49

                    EAP-Support in Smartcard             August 2006

      7276696365732C434E3D53657276696365732C434E3D436F6E66696775726174
      696F6E2C44433D62616472612C44433D656E73742C44433D66723F6365727469
      9F00

  Tx: A012000000
  Rx: 6669636174655265766F636174696F6E4C6973743F626173653F6F626A656374
      436C6173733D63524C446973747269627574696F6E506F696E74863168747470
      3A2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E726F
      6C6C2F6361776966692E63726C3082011306082B060105050701010482010530
      8201013081AA06082B0601050507300286819D6C6461703A2F2F2F434E3D6361
      776966692C434E3D4149412C434E3D5075626C69632532304B65792532305365
      7276696365732C434E3D53657276696365732C434E3D436F6E66696775726174
      696F6E2C44433D62616472612C44433D656E73742C44433D66723F6341436572
      9F00

  Tx: A012000000
  Rx: 74696669636174653F626173653F6F626A656374436C6173733D636572746966
      69636174696F6E417574686F72697479305206082B0601050507300286466874
      74703A2F2F616B6B6172312E62616472612E656E73742E66722F43657274456E
      726F6C6C2F616B6B6172312E62616472612E656E73742E66725F636177696669
      2E63727430290603551D2504223020060A2B0601040182370A030406082B0601
      050507030406082B06010505070302302F0603551D1104283026A024060A2B06
      0104018237140203A0160C1468616A6A65684062616472612E656E73742E6672
      300D06092A864886F70D0101050500038201010013A233AA6EDB4282A69EF9D0
      9FD6

  Tx: A0120000D6
  Rx: 23D51F32FD0B97AF03C4BACD6B7ED5C155110EBACC3F0FAD6D853DEE845CC33D
      0E9D8ECC7514295F854D16F6409DFEB61A60C9A1EF0BC09AD3C1A93BEE546B2D
      F9DBAB8AD9A90AAB5CEE35FF6751275873D1C5093339B4ADEA0F40C54754DAE7
      461966322B5772B460B7FA2F5985D496C52CAF7456DF2D78E4DE9B1C48F2ACB9
      87BA9BDE3D1624645330F0FBF0103C547DA547C1F03B1C2BB5CDD06D38D2ABFA
      FD06387235E8E49DEDCB7E2B7E80A15B1317A04ECF1ADBF475AC82D67514A6EF
      5EBFFAD40D5D5F7395179677703BFC3A9D34623BD28E9000

  // Read ACK#19
  Tx: A080000006011900060D00
  Rx: 9F00

  // Transfer 2nd fragment, 347 bytes, Code=2 id=19 Length=347
  // Type=0D Flag=00
  //
  Tx: A012000000
  Rx: 0219015B0D00C9186A1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92F
      A7EB7A0B1000008200808FD83C571FE7D71E76A86405BDBC95BA4BD67A48F4BD
      8084F4F944C1ACDF1FACF85FFC111BE3CE8AFFB48F6DA6C5477761A34C7889CB
      148DA42141BBC1E942BAC8752B7FD255574F654DBED3DEF89EE0F79BEEBF43DC
      737F158F99C17A2461B2C5D5E2A75FCBBD7F5275AD781127300E46EC61408EF2
      BABC200F85363926301E0F0000820080BDD2429D21DAE14D9727D2F715BF30A6
      5E61C7608D5C0B6035BCCC014BAFE24BB98550AF86E13B6D8D371E5A922D20DD
      338B563B7E9C9AF0EF9110C77B468A651915575D348A7D29B89CC5A8D4B8AA71

  Urien & All        Informational -    Expires February 2007      50

                    EAP-Support in Smartcard             August 2006

      9F5B

  Tx: A01200005B
  Rx: 5D53E340E6E7AD6B6E3438F358B870C5DA5E61C45EE5E3F9454219F48A34CC98
      10A946F0C652675E3CA81ABA229309B71403010001011603010020C97EBCFF0C
      20271CAE21FAA80898278660D393CB4C640390CDEB14592A0392F79000

  // Transfer Server last message, eap request #1A
  Tx: A080000035011A00350D800000002B14030100010116030100209255D2089E41
      30B5984AF43B604A108AA11376F368E71BCF81EEFEBC00289C1C
  Rx: 6106

  // Read ACK#1A
  Tx: A0C0000006
  Rx: 021A00060D009000

  // Read PMK
  Tx: A0A6000040
  Rx: 8F0A6773E9C0264015861CE712C9A692844A28B6D5641E4D90D38994A94A2C6D
      B7CD0C7DCBD83D45B2DB1D6598FE696A10176E21B62D8A33AD2970A560CE5E84
      9000
  //
19.3 EAP-TLS mode1 ISO7816 trace (T=0 protocol)

  The EAP-TLS smartcard mode1, supports five functions
  - Public Key Encryption, with the server public key
  - Private Key Encryption, with the client private key
  - Public Key decryption, with the Certification Authority (CA)
    public key
  - Reading of the client's certificate
  - Random Number Generator

  In this mode the EAP-TLS smartcard interface doesn't provide RSA
  functions. Furthermore all client's parameters (RSA keys and
  certificate) are stored in the smartcard.

  // Set-Identity (abc TLS) type=TLS
  Tx: A016800003616263
  Rx: 9000

  // RANDOM Number Generator
  Tx: A060 0200 1C  // 28 bytes
  Rx: 08BDD285B43D1F3BC9715FC9F85FC453FE58F3A9E07FF397CD653922

  // Set Server Public KEY (FCT = Initialize + Public-Encrypt)
  Tx: A0604800870080bc67013cb915ec1281e65a4daf49801ddb6d5cf30cfd2ff63f
      5d377929c7391bfd766f67dd0fe9e8425143ba46ae95ff76919f30a39c459a22
      f22b7566529795c32fee7dcfc9dcde1169a346efe825246214df022badf983b9
      cbba81c44c15a1139701b69f9954c9bd2fdfa1ae401e3bd6fd06cf585413c28a
      e802b4670a8f30003010001


  Urien & All        Informational -    Expires February 2007      51

                    EAP-Support in Smartcard             August 2006

  // Pre-Master Secret Encryption with the Server Public Key
  // FCT = Do-Final + Public-Encrypt
  Tx: A0600800300301c5a68fb75123308e2ddbb27b63fe021e8724e7bc5c17078b3b
      3f90ba00d128f80b07ad786b6de36e5f94ffdfeb49
  RX: 6180
  TX: 8fd83c571fe7d71e76a86405bdbc95ba4bd67a48f4bd8084f4f944c1acdf1fac
      f85ffc111be3ce8affb48f6da6c5477761a34c7889cb148da42141bbc1e942ba
      c8752b7fd255574f654dbed3def89ee0f79beebf43dc737f158f99c17a2461b2
      c5d5e2a75fcbbd7f5275ad781127300e46ec61408ef2babc200f85363926301e

  // Private Encrypt with Client Private Key
  // FCT = Do-Final + Private-Encrypt
  // (Client Certificate Verify)
  Tx: A0604002249c0326e6d899fa802cc981b86e9b65f41234db8e2456e5f3dccd68
      a34f25b4e72153f50e
  Rx: 6180
  Tx: A0C0000080
  Rx: bdd2429d21dae14d9727d2f715bf30a65e61c7608d5c0b6035bccc014bafe24b
      b98550af86e13b6d8d371e5a922d20dd338b563b7e9c9af0ef9110c77b468a65
      1915575d348a7d29b89cc5a8d4b8aa715d53e340e6e7ad6b6e3438f358b870c5
      da5e61c45ee5e3f9454219f48a34cc9810a946f0c652675e3ca81aba229309b7

  // Public Decrypt#1 with CA public key, first byte
  // FCT = Do-Final + Index#1 + Public-Decrypt
  // Checking of server certificate
  Tx: A061 1B 00 01 13
  Rx: 9000
  // Public Decrypt#1 (with CA public key, 255 bytes)
  Tx: A0601A00FFA233AA6EDB4282A69EF9D023D51F32FD0B97AF03C4BACD6B7ED5C1
      55110EBACC3F0FAD6D853DEE845CC33D0E9D8ECC7514295F854D16F6409DFEB6
      1A60C9A1EF0BC09AD3C1A93BEE546B2DF9DBAB8AD9A90AAB5CEE35FF67512758
      73D1C5093339B4ADEA0F40C54754DAE7461966322B5772B460B7FA2F5985D496
      C52CAF7456DF2D78E4DE9B1C48F2ACB987BA9BDE3D1624645330F0FBF0103C54
      7DA547C1F03B1C2BB5CDD06D38D2ABFAFD06387235E8E49DEDCB7E2B7E80A15B
      1317A04ECF1ADBF475AC82D67514A6EF5EBFFAD40D5D5F7395179677703BFC3A
      9D34623BD28EC9186A1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92F
      A7EB7A0B
  Rx: 6123
  Tx: A0C0000023 // Certificate Hash
  Rx: 3021300906052B0E03021A0500041429A563710F25832AFB692E44F4B9AFF36F
      BE91A79000

  // Read Client Certificate
  Tx: A060000000 // Certificate 1st fragment
  Rx: 308205D7308204BFA003020102020A61253DFF000000000006300D06092A8648
      86F70D0101050500305231123010060A0992268993F22C640119160266723114
      3012060A0992268993F22C6401191604656E737431153013060A0992268993F2
      2C64011916056261647261310F300D06035504031306636177696669301E170D
      3033313130363039333635395A170D3034313130353039333635395A30623112
      3010060A0992268993F22C6401191602667231143012060A0992268993F22C64
      01191604656E737431153013060A0992268993F22C6401191605626164726131

  Urien & All        Informational -    Expires February 2007      52

                    EAP-Support in Smartcard             August 2006

      0E300C060355040313055573657273310F300D0603550403130668616A6A6568
      9F00
  Tx: A012000000 // Certificate 2nd fragment
  Rx: 30819F300D06092A864886F70D010101050003818D0030818902818100DE7D0E
      F51D1716C06F51B04CEF2EC6CAF4D86601BC7B211237CEDC6172F3C8FF835C2F
      F52BF8F00FBD89866A3FC28B3BBDC798FD4B1D678F856612746F6474D0310746
      04BAB17470B1FCD94244F897C274B9455C841533EC4ACB41D26E7C6DBDBCCD3E
      64FF8F3363FE06556996C696FA17DBF87FEB5BFE003ED18E428362BEC3020301
      0001A38203213082031D300B0603551D0F0404030205A0304406092A864886F7
      0D01090F04373035300E06082A864886F70D030202020080300E06082A864886
      F70D030402020080300706052B0E030207300A06082A864886F70D0307301D06
      9F00
  Tx: A012000000 // Certificate 3rd fragment
  Rx: 03551D0E04160414526E170649667E12FD1EC69D4CC8A02640B7592830170609
      2B0601040182371402040A1E080055007300650072301F0603551D2304183016
      8014E56DC55020881E3900398AF99EE0789DA4230F893081FB0603551D1F0481
      F33081F03081EDA081EAA081E78681B16C6461703A2F2F2F434E3D6361776966
      692C434E3D616B6B6172312C434E3D4344502C434E3D5075626C69632532304B
      657925323053657276696365732C434E3D53657276696365732C434E3D436F6E
      66696775726174696F6E2C44433D62616472612C44433D656E73742C44433D66
      723F63657274696669636174655265766F636174696F6E4C6973743F62617365
      9F00
  Tx: A012000000 // Certificate 4th fragment
  Rx: 3F6F626A656374436C6173733D63524C446973747269627574696F6E506F696E
      748631687474703A2F2F616B6B6172312E62616472612E656E73742E66722F43
      657274456E726F6C6C2F6361776966692E63726C3082011306082B0601050507
      010104820105308201013081AA06082B0601050507300286819D6C6461703A2F
      2F2F434E3D6361776966692C434E3D4149412C434E3D5075626C69632532304B
      657925323053657276696365732C434E3D53657276696365732C434E3D436F6E
      66696775726174696F6E2C44433D62616472612C44433D656E73742C44433D66
      723F634143657274696669636174653F626173653F6F626A656374436C617373
      9F00
  Tx: A012000000 // Certificate 5th fragment
  Rx: 3D63657274696669636174696F6E417574686F72697479305206082B06010505
      0730028646687474703A2F2F616B6B6172312E62616472612E656E73742E6672
      2F43657274456E726F6C6C2F616B6B6172312E62616472612E656E73742E6672
      5F6361776966692E63727430290603551D2504223020060A2B0601040182370A
      030406082B0601050507030406082B06010505070302302F0603551D11042830
      26A024060A2B060104018237140203A0160C1468616A6A65684062616472612E
      656E73742E6672300D06092A864886F70D0101050500038201010013A233AA6E
      DB4282A69EF9D023D51F32FD0B97AF03C4BACD6B7ED5C155110EBACC3F0FAD6D
      9FDB
  Tx: A0120000DB // Certificate 6th and last fragment
  Rx: 853DEE845CC33D0E9D8ECC7514295F854D16F6409DFEB61A60C9A1EF0BC09AD3
      C1A93BEE546B2DF9DBAB8AD9A90AAB5CEE35FF6751275873D1C5093339B4ADEA
      0F40C54754DAE7461966322B5772B460B7FA2F5985D496C52CAF7456DF2D78E4
      DE9B1C48F2ACB987BA9BDE3D1624645330F0FBF0103C547DA547C1F03B1C2BB5
      CDD06D38D2ABFAFD06387235E8E49DEDCB7E2B7E80A15B1317A04ECF1ADBF475
      AC82D67514A6EF5EBFFAD40D5D5F7395179677703BFC3A9D34623BD28EC9186A
      1078130652552D5CFEF1B6CDBA5197910A4C87CAD1F92FA7EB7A0B9000


  Urien & All        Informational -    Expires February 2007      53

                    EAP-Support in Smartcard             August 2006

20 Annex 7, EAP-AKA ISO7816 APDUs Trace (T=0 Protocol)

  This annex gives test vectors for the EAP-AKA protocol, introduced
  by [EAP-AKA]

  // Select EAP_APPLICATION
  Tx: 00A40400 07 11 22 33 44 55 66 01
  Rx: 9000

  // Verify User PIN ('0000')
  Tx: A020000004 30303030
  Rx: 9000

  // Set-Identity ('zzz') type=AKA
  Tx: A0 16 00 80 03 7A 7A 7A
  // 90 00

  // EAP-Identity request
  Tx: A0 80 00 00 05 01 A4 00 05 01
  // Identity.response: anonymous@dot.com
  Rx: 02 A4 00 16 01 61 6E 6F 6E 79 6D 6F 75 73 40 64 6F 74 2E 63 6F
      6D 90 00

  // EAP-AKA GET AT_PERMANENT_ID_REQ: aka@dot.com
  Tx: A0 80 00 00 0A 01A6 000A 1705 0A01 0000
  Rx: 02 A6 00 16 17 05 0E 04 00 0B 61 6B 61 40 64 6F 74 2E 63 6F 6D
      00 90 00
  //=================
  // Milenage Values=
  //=================
  // These values are imported from
  // 3GPP TS 35.207 V5.0.0 (2002-06),
  // sections 4.3-Test set 1 and  6.3-Test set 1
  // K:   465b5ce8 b199b49f aa5f0a2e e238a6bc
  // OP:  cdc202d5 123e20f6 2b6d676a c72cb318
  // SQN: ff9bb4d0b607
  // AMF: b9b9
  // RAND:23553cbe 9637a89d 218ae64d ae47bf35

  // f1|f1*: 4A 9F FA C3 54 DF AF B3 01 CF AF 9E C4 E8 71 E9
  // f2/sres A5 42 11 D5 E3 BA 50 BF
  // f3/ck   B4 0B A9 A3 C5 8B 2A 05 BB F0 D9 87 B2 1B F8 CB
  // f4/ik   F7 69 BC D7 51 04 46 04 12 76 72 71 1C 6D 34 41
  // f5/ak   AA 68 9C 64 83 70
  // f5*/ak2 45 1E 8B EC A4 3B

  //=============================
  // Values for XKEY & PRF(XKEY)=
  //=============================
  // ID: 61 6B 61 40 64 6F 74 2E 63 6F 6D = aka@dot.com
  // IK: F7 69 BC D7 51 04 46 04 12 76 72 71 1C 6D 34 41

  Urien & All        Informational -    Expires February 2007      54

                    EAP-Support in Smartcard             August 2006

  // CK: B4 0B A9 A3 C5 8B 2A 05 BB F0 D9 87 B2 1B F8 CB
  // XKEY = sha1(ID|IK|CK) =
  // C4 83 4F 21 BE AD F0 9E 7A 3B E8 17 97 5A BA 99 DD B4 0C 9A

  // PRF(XKEY)
  // K_Encr: 28 FF 32 38 42 05 6B 55 4B 85 A5 11 16 34 5A A4
  // K_Auth: B3 08 06 82 48 8E 68 6F AC 3E 1C F8 24 8E 73 63
  // MSK:    BE 12 98 C0 B5 33 8C 91 D6 E1 1B 33 AE 7D 46 2D
  //         E2 99 64 64 0C F5 05 FF 26 AE D5 98 82 2D 41 F9
  //         20 AF 49 FD CB 77 00 8C 2A AC DB A3 A1 AE 79 75
  //         20 8C 25 E5 40 17 5D 22 D5 48 0C DE 88 D7 90 33
  // EMSK:   CD 10 C9 14 BB 54 DC 97 AE E8 96 06 67 F8 C8 59
  //         12 44 DF E7 BD 4A C1 B1 6E 63 1B 4D FA 5D F6 97
  //         4A 4C 51 F5 D8 19 FE 68 E7 37 0F 9E 47 43 9B 43
  //         FD 6E 83 CC 35 7A 01 E7 16 57 F3 BE 6D 26 4A 2B


  //=========================================
  // Test #1 : FULL AUTHENTICATION, GOOD SQN
  //=========================================
  //AT-RAND AT-AUTN AT-MAC
  Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE
      9637A89D 218AE64D AE47BF35 02050000 55F328B43577 B9B9 4A9FFAC3
      54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4

  // AT-RES AT-MAC
  Rx: 02 A5 0028 17010000 03030040 A54211D5 E3BA50BF
      0B050000 45703D12 9567DCA9 2C9101C4 9392F267 9000

  // Get MSK
  Tx: A0 A6 00 00 40
  Rx: 20 AF 49 FD CB 77 00 8C 2A AC DB A3 A1 AE 79 75 20 8C 25 E5 40
      17 5D 22 D5 48 0C DE 88 D7 90 33 BE 12 98 C0 B5 33 8C 91 D6 E1
      1B 33 AE 7D 46 2D E2 99 64 64 0C F5 05 FF 26 AE D5 98 82 2D 41
      F9 90 00


  //==========================================
  // Test #2 : FULL AUTHENTICATION, WRONG SQN
  //==========================================

  Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE
      9637A89D 218AE64D AE47BF35 02050000 55F328B43577 B9B9 4A9FFAC3
      54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4

  // According to 3GPP TS 33.102 V6.4.0 (2005-09)
  // AT_AUTS = AK2+SQNms | MAC-S
  // MAC-S   = f1*(AMF,RAND,SQNms)
  // AK2     = f5*(RAND)

  // AK2   =  45 1E 8B EC A4 3B

  Urien & All        Informational -    Expires February 2007      55

                    EAP-Support in Smartcard             August 2006

  // SQNms =  ff 9b b4 d0 b6 08
  // MAC-S  = 7C D9 24 E7 39 F1 23 69

  Rx: 02 A5 0018 17040000 0404 BA853F3C1233 7CD924E739F12369 9000

  //==========================================
  // Test #3 : FULL AUTHENTICATION, WRONG MAC=
  //==========================================
  Tx: A0 80 00 0044 01A5 0044 17010000 01050000 23553CBE
      9637A89D 218AE64D AE47BF3*6* 02050000 55F328B43577 B9B9 4A9FFAC3
      54DFAFB3 0B050000 C7003536 662D5201 B011F20F E5DD8CE4

  // AKA-Authentication-Reject
  Rx: 02 A5 0008 17020000 9000

  //===========================================
  // Test #4 : Full Authentication + PSEUDO-ID=
  //===========================================

  // AT_RAND AT_AUTN AT_ENCR AT_MAC
  // AT_ENCR: 82090000 8205000D 31323334 31323334 31323334 31000000
  //          06030000 00000000 00000000

  Tx: A0 80 00 00 7C 01A5 007C 17010000 01050000 23553CBE 9637A89D
      218AE64D AE47BF35 02050000 55F328B43577 B9B9
      4A9FFAC3 54DFAFB3 81050000 12345678 12345678 12345678 12345678
      82090000 819DCAF9 E851072D 660A36FB 79D96C09 6AC36F2E 58D6E32D
      3FC84869 9DA076D4 0B050000 B05E0FFC 0A99A434 2A2BFAD8 1900F1B3

  // AT-RES AT-MAC
  Rx: 02 A5 00 28 17010000 03030040 A54211D5 E3BA50BF 0B050000
      45703D12 9567DCA9 2C9101C4 9392F267 9000

  // AT-FULLAUTH-ID-REQ = "12341234123412341@dot.com"
  Tx: A0 80 00 00 0C 01A6 000C 17050000 11010000
  Rx: 02 A6 00 24 17050000 0E070015 31323334 31323334 31323334
      3140646F 742E636F 6D000000 9000

  // AT-PERMANENT-ID-REQ = "aka@dot.com"
  Tx: A0 80 00 00 0C 01A6 000C 17050000 0A010000

  Rx: 02 A6 00 18 17050000 0E04000B 616B6140 646F742E 636F6D00 9000

  //===========================================
  // Test #5 : Full Authentication + ReAUTH-ID=
  //===========================================
  // AT-RAND AT-AUTN AT-ENCR AT-MAC
  // AT_ENCR: 82090000 8505000D 31323334 31323334 31323334 31000000
  //          06030000 00000000 00000000

  Tx: A0 80 00 00 7C 01A5 007C 17010000 01050000 23553CBE 9637A89D

  Urien & All        Informational -    Expires February 2007      56

                    EAP-Support in Smartcard             August 2006

      218AE64D AE47BF35 02050000 55F328B43577 B9B9
      4A9FFAC354DFAFB3 81050000 12345678 12345678 12345678 12345678
      82090000 49E8E4BE 42452611 89AFE3A1 E913953F 4A966DBE 53D621A8
      CC771072 DA7B1964
      0B050000 4081C920 AB6A42EB A06DD4B6 A598D741

  // AT-RES AT-MAC
  Rx: 02 A5 00 28 17010000 03030040 A5 42 11 D5 E3 BA 50 BF
      0B050000 45703D12 9567DCA9 2C9101C4 9392F267 9000

  // GET AT-ANY-ID REQ: "1234123412341"
  Tx: A0 80 00 00 0C 01A6 000C 17050000 0D010000
  Rx: 02 A6 00 1C 17050000 0E05000D 31323334 31323334 31323334
      31000000 9000

  //==============================
  // Test #6: ReAUTH, GoodCounter=
  //==============================
  // XKEY' = SHA1(Identity|counter|NONCE_S|MK)
  // Identity = "31323334 31323334 31323334 31"
  // Counter=    "0000" +
  // NONCE=      "12345678 12345678 12345678 12345678"
  // MK =
  //BE1298C0B5338C91D6E11B33AE7D462DE29964640CF505FF26AED598822D41F9
  //20AF49FDCB77008C2AACDBA3A1AE7975208C25E540175D22D5480CDE88D79033
  // XKEY'= 5f83882b27d5793c01a512f5ed300e6759e64974
  // PRF(XKEY') =
  // 7a9d9d7e5ca72ef90b63cc466c4a9d0d6a6a5506a56f978d2adea27db5176c3f
  // 3abe04e06673ca3e58c85e6fd01f7cef9bd210a143917e90978aaf3eb4539747

  // AT-IV AT-ENCR AT-MAC
  // ENCR: 82090000 13010000 15050000 12345678 12345678 12345678
  //       12345678 85020004 31323334

  Tx: A0 80 00 00 54 01A5 0054   170D0000 81050000 12345678 12345678
      12345678 12345678 82090000 5A88776E 7DCB1073 7D3D3AB7 6A380B89
      95263616 453079A4 9F7DC97F 15596B2C 0B050000 37B1CFE9 B9A6F304
      4597AEDC 2FD7F41E

  // AT_ENCR: 82090000 13010000 15050000 12345678 12345678 12345678
              12345678 85020004 31323334
  Rx: 02 A5 00 54 170D 0000 81050000 A5A5A5A5 A5A5A5A5 A5A5A5A5
  A5A5A5A5 82090000 FE69186B AAE2DE0E A61B0AA3 18B21F51 5060BA59
  0C6CA984 0E6D6A66 C2340FE6 0B050000 0B17F6F6 2C6F5D86 4B00B55D
  59630015 9000

  // Get MSK
  Tx: A0 A6 00 00 40
  Rx: 3A BE 04 E0 66 73 CA 3E 58 C8 5E 6F D0 1F 7C EF 9B D2 10 A1 43
      91 7E 90 97 8A AF 3E B4 53 97 47 7A 9D 9D 7E 5C A7 2E F9 0B 63
      CC 46 6C 4A 9D 0D 6A 6A 55 06 A5 6F 97 8D 2A DE A2 7D B5 17 6C

  Urien & All        Informational -    Expires February 2007      57

                    EAP-Support in Smartcard             August 2006

      3F 90 00

  //==============================
  // Test #7: ReAUTH,WrongCounter=
  //==============================

  // AT-IV AT-ENCR AT-MAC
  Tx: A0 80 00 00 54 01A5 0054   170D0000 81050000 12345678 12345678
      12345678 12345678 82090000 5A88776E 7DCB1073 7D3D3AB7 6A380B89
      95263616 453079A4 9F7DC97F 15596B2C 0B050000 37B1CFE9 B9A6F304
      4597AEDC 2FD7F41E

  // AT_ENCR AT_COUNTER_TOO_SMALL AT_COUNTER AT_PADDING
  // AT_ENCR: 82050000 14010000 13010000 06020000 00000000
  Rx: 02 A5 00 44 170D0000 81050000 A5A5A5A5 A5A5A5A5 A5A5A5A5
      A5A5A5A5 82050000 76740A5C AD9164CD EB1FC3A5 6A6338E7 0B050000
      8710886D 977A1AC5 652DE50D AA32EC15 9000

21 References

  [RFC 2284] L. Blunk, J. Vollbrecht, "PPP Extensible Authentication
  Protocol (EAP)", RFC 2284, March 1998

  [L2P] W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn, B.
  Palter "Layer Two Tunneling Protocol", RFC 2661, August 1999

   [RFC 2246] T.Dierks, C.Allen, RFC 2246, "The TLS Protocol Version
  1.0", January 1999.

  [GSM 11.11] GSM Technical Specification GSM 11.11. Digital cellular
  telecommunications system (Phase 2+); Specification of the
  Subscriber Identity Module - Mobile Equipment (SIM - ME)

  [IEEE 802.11] Institute of Electrical and Electronics Engineers,
  "Standard for Telecommunications and Information Exchange Between
  Systems  - LAN/MAN Specific Requirements - Part 11: Wireless LAN
  Medium Access Control (MAC) and Physical Layer (PHY)
  Specifications", IEEE Standard 802.11, 1999

  [IEE 802.1X] Institute of Electrical and Electronics Engineers,
  "Local and Metropolitan Area Networks: Port-Based Network Access
  Control", IEEE Standard 802.1X, September 2001.

  [IEEE 802.11i] Institute of Electrical and Electronics Engineers,
  "Approved Draft Supplement to Standard for Telecommunications and
  Information Exchange Between Systems-LAN/MAN Specific Requirements -
  Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer
  (PHY) Specifications: Specification for Enhanced Security", IEEE
  802.11i-2004, 2004.



  Urien & All        Informational -    Expires February 2007      58

                    EAP-Support in Smartcard             August 2006

  [RFC 2486] B. Aboba, M. Beadles, "The Network Access Identifier" RFC
  2486, January 1999

  [ASN.1] ASN.1 standard 2002 edition ISO/IEC 8825.1.
  http://asn1.elibel.tm.fr/en/standards/index.htm

  [XML] Extensible Markup Language (XML) 1.0 (Second Edition), W3C
  Recommendation 6 October 2000

  [RFC 2716] B. Aboba, D. Simon, EAP TLS Authentication Protocol RFC
  2716, October 1999.

  [PEAP] Ashwin Palekar, Dan Simon, Joe Salowey, Hao Zhou, Glen
  Zorn,S. Josefsson, "Protected EAP Protocol (PEAP) Version 2" draft-
  josefsson-pppext-eap-tls-eap-10.txt, work-in-progress, October 2004.

  [PKCS1] "PKCS #1: RSA Encryption Standard", RSA Laboratories,

  [PKCS6] PKCS #6: "Extended-Certificate Syntax Standard, An RSA
  Laboratories Technical Note", RSA Laboratories.

  [RFC 3748] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson Sun, H.
  Levkowetz, "Extensible Authentication Protocol (EAP)" RFC 3748, June
  2004

  [RFC 4017] D. Stanley, J. Walker, B. Aboba, "Extensible
  Authentication Protocol (EAP) Method Requirements for Wireless
  LANs", March 2005.

  [RFC 4137] J. Vollbrecht, P. Eronen, N. Petroni, Y. Ohba, "State
  Machines for Extensible Authentication Protocol (EAP)Peer and
  Authenticator", August 2005

  [EAP-KEY] Bernard Aboba, Dan Simon, P. Eronen, H. Levkowetz,
  "Extensible Authentication Protocol (EAP) Key Management Framework",
  draft-ietf-eap-keying-14.txt, June 2006

  [EAP-EXT] Bernard Aboba, "Extensible Authentication Protocol (EAP)
  Key Management Extensions", draft-aboba-eap-keying-extens-00.txt,
  April 2005

  [EAP-SIM] H. Haverinen, J. Salowey, "Extensible Authentication
  Protocol Method for GSM Subscriber Identity Modules (EAP-SIM)", EAP
  SIM Authentication", RFC 4186, January 2006.

  [EAP-AKA] J. Arkko, H. Haverinen, "Extensible Authentication
  Protocol Method for 3rd Generation Authentication and Key Agreement
  (EAP-AKA)" RFC 4187, January 2006

  [IKEv2] Kaufman, "Internet Key Exchange (IKEv2) Protocol", RFC 4306,
  December 2005

  Urien & All        Informational -    Expires February 2007      59

                    EAP-Support in Smartcard             August 2006


  [NIST-PIV]: Draft Special Publication 800-73-1 Interfaces for
  Personal Identity Verification, February 8, 2006

  [EAP-SC] P.Urien, W.Habraken, D.Flattin , H.Ganem , "draft-urien-
  eap-smartcard-type-02.txt", October 2005

  [IEEE 802.16-2004] IEEE Standard for Local and metropolitan area
  networks. Part 16: Air Interface for Fixed Broadband Wireless Access
  Systems - 2004

  [IEEE 802.16e] IEEE Standard for Local and metropolitan area
  networks. - Part 16: Air Interface for Fixed and Mobile
  Broadband Wireless Access Systems - Amendment 2: Physical and Medium
  Access Control Layers for Combined Fixed and Mobile Operation in
  Licensed Bands and Corrigendum 1, February 2006

22 Authors's and contributors' addresses

  Pascal Urien
  ENST
  37/39 rue Dareau
  75014 Paris               Phone: NA
  France                    Email: Pascal.Urien@enst.fr

  Guy Pujolle
  LIP6 - University Paris 6
  8 rue Capitaine Scott     Phone: NA
  Paris 75015 France        Email: Guy.Pujolle@lip6.fr

  Augustin J. Farrugia
  Impasse des CAMEGIERS     Phone: NA
  Ceyreste, 13600 France    Email: afarrugia@csi.com

  Max de Groot
  Gemplus
  Avenue du Pic de Bertagne
  BP 100, 13881 Gemenos     Phone: NA
  France                    Email: max.de-groot@gemplus.com

  Jorge Abellan
  Axalto.
  50, Av Jean Jaures        Phone: NA
  Montrouge 92542 France    Email: Jorge.abellan@slb.com








  Urien & All        Informational -    Expires February 2007      60

                    EAP-Support in Smartcard             August 2006

Intellectual Property Statement

  The IETF takes no position regarding the validity or scope of any
  Intellectual Property Rights or other rights that might be claimed
  to pertain to the implementation or use of the technology described
  in this document or the extent to which any license under such
  rights might or might not be available; nor does it represent that
  it has made any independent effort to identify any such rights.
  Information on the procedures with respect to rights in RFC
  documents can be found in BCP 78 and BCP 79.

  Copies of IPR disclosures made to the IETF Secretariat and any
  assurances of licenses to be made available, or the result of an
  attempt made to obtain a general license or permission for the use
  of such proprietary rights by implementers or users of this
  specification can be obtained from the IETF on-line IPR repository
  at http://www.ietf.org/ipr.

  The IETF invites any interested party to bring to its attention any
  copyrights, patents or patent applications, or other proprietary
  rights that may cover technology that may be required to implement
  this standard. Please address the information to the IETF at ietf-
  ipr@ietf.org

Disclaimer of Validity

  This document and the information contained herein are provided on
  an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
  REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
  INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
  IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
  THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
  WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

  Copyright (C) The Internet Society (2006).

  This document is subject to the rights, licenses and restrictions
  contained in BCP 78, and except as set forth therein, the authors
  retain all their rights.

Acknowledgment

  Funding for the RFC Editor function is currently provided by the
  Internet Society.






  Urien & All        Informational -    Expires February 2007      61


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/