< draft-urien-core-racs-12.txt   draft-urien-core-racs-13.txt >
CORE Working Group P. Urien CORE Working Group P. Urien
Internet Draft Telecom ParisTech Internet Draft Telecom ParisTech
Intended status: Experimental Intended status: Experimental
December 2018 June 2019
Expires: June 2019 Expires: December 2019
Remote APDU Call Secure (RACS) Remote APDU Call Secure (RACS)
draft-urien-core-racs-12.txt draft-urien-core-racs-13.txt
Abstract Abstract
This document describes the Remote APDU Call Protocol Secure (RACS) This document describes the Remote APDU Call Protocol Secure (RACS)
protocol, dedicated to Grid of Secure Elements (GoSE). These servers protocol, dedicated to Grid of Secure Elements (GoSE). These servers
host Secure Elements (SE), i.e. tamper resistant chips offering host Secure Elements (SE), i.e. tamper resistant chips offering
secure storage and cryptographic resources. secure storage and cryptographic resources.
Secure Elements are microcontrollers whose chip area is about 25mm2; Secure Elements are microcontrollers whose chip area is about 25mm2;
they deliver trusted computing services in constrained environments. they deliver trusted computing services in constrained environments.
RACS supports commands for GoSE inventory and data exchange with RACS supports commands for GoSE inventory and data exchange with
secure elements. It is designed according to the representational secure elements. It is designed according to the representational
State Transfer (REST) architecture. RACS resources are identified by State Transfer (REST) architecture. RACS resources are identified by
dedicated URIs. An HTTP interface is also supported. dedicated URIs. An HTTP interface is also supported.
An open implementation [OPENRACS] is available An open implementation is available
(https://github.com/purien) for various OS. (https://github.com/purien) for various OS.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119.
Status of this Memo Status of this Memo
skipping to change at page 1, line 52 skipping to change at page 1, line 52
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 2019. This Internet-Draft will expire on December2019.
. .
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
RACS December 2018
Table of Contents Table of Contents
Abstract........................................................... 1 Abstract........................................................... 1
Requirements Language.............................................. 1 Requirements Language.............................................. 1
Status of this Memo................................................ 1 Status of this Memo................................................ 1
Copyright Notice................................................... 2 Copyright Notice................................................... 2
1 Overview......................................................... 5 1 Overview......................................................... 5
1.1 What is a Secure Element.................................... 5 1.1 What is a Secure Element.................................... 5
1.2 Grid Of Secure Elements (GoSE).............................. 6 1.2 Grid Of Secure Elements (GoSE).............................. 6
1.3 Secure Element Identifier (SEID)............................ 7 1.3 Secure Element Identifier (SEID)............................ 7
1.3.1 SlotID example ....................................... 7 1.3.1 SlotID example ....................................... 7
skipping to change at page 4, line 4 skipping to change at page 4, line 4
5.1 Authorization.............................................. 24 5.1 Authorization.............................................. 24
5.2 Secure Element access...................................... 24 5.2 Secure Element access...................................... 24
5.3 Applications security policy............................... 25 5.3 Applications security policy............................... 25
5.3.1 Users-Table ......................................... 25 5.3.1 Users-Table ......................................... 25
5.3.2 SEID-Table .......................................... 25 5.3.2 SEID-Table .......................................... 25
5.3.3 APDU-Table .......................................... 25 5.3.3 APDU-Table .......................................... 25
5.4 Overview of the security policy............................ 26 5.4 Overview of the security policy............................ 26
6 IANA Considerations............................................. 26 6 IANA Considerations............................................. 26
7 References...................................................... 26 7 References...................................................... 26
7.1 Normative References....................................... 26 7.1 Normative References....................................... 26
RACS December 2018
7.2 Informative References..................................... 26 7.2 Informative References..................................... 26
8 Authors' Addresses.............................................. 27 8 Authors' Addresses.............................................. 27
RACS December 2018
1 Overview 1 Overview
This document describes the Remote APDU Call Protocol Secure (RACS) This document describes the Remote APDU Call Protocol Secure (RACS)
protocol, dedicated to Grids of Secure Elements (GoSE). These protocol, dedicated to Grids of Secure Elements (GoSE). These
servers host Secure Elements (SE), i.e. tamper resistant chips servers host Secure Elements (SE), i.e. tamper resistant chips
offering secure storage and cryptographic resources. offering secure storage and cryptographic resources.
Secure Elements are microcontrollers whose chip area is about 25mm2; Secure Elements are microcontrollers whose chip area is about 25mm2;
they deliver trusted computing services in constrained environments. they deliver trusted computing services in constrained environments.
skipping to change at page 6, line 5 skipping to change at page 6, line 5
are able to execute embedded program written in the JAVACARD are able to execute embedded program written in the JAVACARD
language. Because these devices are dedicated to security purposes language. Because these devices are dedicated to security purposes
they support numerous cryptographic resources such as digest they support numerous cryptographic resources such as digest
functions (MD5, SHA1, SHA2...), symmetric cipher (3xDES, AES) or functions (MD5, SHA1, SHA2...), symmetric cipher (3xDES, AES) or
asymmetric procedures (RSA, ECC). asymmetric procedures (RSA, ECC).
A set of Global Platform [GP] standards control the lifecycle of A set of Global Platform [GP] standards control the lifecycle of
embedded software, i.e. application downloading, activation and embedded software, i.e. application downloading, activation and
deletion. deletion.
RACS December 2018
As an illustration a typical Secure Element has the following As an illustration a typical Secure Element has the following
characteristics: characteristics:
- JAVACARD operating system; - JAVACARD operating system;
- Compliant with the GP (Global Platform) standards; - Compliant with the GP (Global Platform) standards;
- 160 KB of ROM; - 160 KB of ROM;
- 72 KB of EEPROM; - 72 KB of EEPROM;
- 4KB of RAM; - 4KB of RAM;
- Embedded crypto-processor; - Embedded crypto-processor;
- 3xDES, AES, RSA, ECC; - 3xDES, AES, RSA, ECC;
skipping to change at page 7, line 5 skipping to change at page 7, line 5
Clock->| | | |<-Input/Output Clock->| | | |<-Input/Output
+----+ +----+ +----+ +----+
| | | | | | | |
+----+----+----+ +----+----+----+
Figure 2. Illustration of an ISO7816 Secure Element Figure 2. Illustration of an ISO7816 Secure Element
A grid of Secure Elements (GoSE) is a server hosting a set of secure A grid of Secure Elements (GoSE) is a server hosting a set of secure
elements. elements.
RACS December 2018
The goal of these platforms is to deliver trusted services over the The goal of these platforms is to deliver trusted services over the
Internet. These services are available in two functional planes, Internet. These services are available in two functional planes,
- The user plane, which provides trusted computing and secure - The user plane, which provides trusted computing and secure
storage. storage.
- The management plane, which manages the lifecycle (downloading, - The management plane, which manages the lifecycle (downloading,
activation, deletion) of applications hosted by the Secure Element. activation, deletion) of applications hosted by the Secure Element.
A grid of Secure Elements offers services similar to HSM (Hardware A grid of Secure Elements offers services similar to HSM (Hardware
Secure Module), but may be managed by a plurality of administrators, Secure Module), but may be managed by a plurality of administrators,
dealing with specific secure microcontrollers. dealing with specific secure microcontrollers.
skipping to change at page 8, line 5 skipping to change at page 8, line 5
secure element, the IP address of the GoSE, the associated TCP port, secure element, the IP address of the GoSE, the associated TCP port,
and the SEID. and the SEID.
1.3.1 SlotID example 1.3.1 SlotID example
According to the PC/SC (Personal Computer/Smart Card) standard According to the PC/SC (Personal Computer/Smart Card) standard
[PS/SC], a smart card reader MAY include a serial number. This [PS/SC], a smart card reader MAY include a serial number. This
attribute (VENDOR-IFD-SERIAL) is associated to the tag 0x0103 in the attribute (VENDOR-IFD-SERIAL) is associated to the tag 0x0103 in the
class VENDOR-INFO. class VENDOR-INFO.
RACS December 2018
1.3.2 SEID for Secure Elements 1.3.2 SEID for Secure Elements
According to the Global Platform standard [GP] the Issuer Security According to the Global Platform standard [GP] the Issuer Security
Domain (ISD) manages applications lifecycle (downloading, Domain (ISD) manages applications lifecycle (downloading,
activation, deletion). The command 'initialize update' is used to activation, deletion). The command 'initialize update' is used to
start a mutual authentication between the administration entity and start a mutual authentication between the administration entity and
the secure element; it collects a set of data whose first ten bytes the secure element; it collects a set of data whose first ten bytes
are called the 'key diversification data'. This information is used are called the 'key diversification data'. This information is used
to compute symmetric keys, and according for example to [EMV] MAY to compute symmetric keys, and according for example to [EMV] MAY
comprise a serial number. comprise a serial number.
RACS December 2018
1.4 APDUs 1.4 APDUs
According to the [ISO7816] standards secure element process ISO7816 According to the [ISO7816] standards secure element process ISO7816
request messages and return ISO7816 response messages, named APDUs request messages and return ISO7816 response messages, named APDUs
(application protocol data unit). (application protocol data unit).
1.4.1 ISO7816 APDU request 1.4.1 ISO7816 APDU request
An APDU request comprises two parts: a header and an optional body. An APDU request comprises two parts: a header and an optional body.
skipping to change at page 10, line 5 skipping to change at page 10, line 5
reading. Operation result MUST be fetched by the ISO reading. Operation result MUST be fetched by the ISO
Get Response APDU (CLA=00, INS=C0, P1=P2=00, P3=XX) Get Response APDU (CLA=00, INS=C0, P1=P2=00, P3=XX)
- '6C' 'XX', the P3 value is wrong, request must be performed - '6C' 'XX', the P3 value is wrong, request must be performed
again with the LE parameter value sets to 'XX' again with the LE parameter value sets to 'XX'
- '6E' 'XX', wrong instruction class (CLA) given in the request - '6E' 'XX', wrong instruction class (CLA) given in the request
- '6D' 'XX', unknown instruction code (INS) given in the request - '6D' 'XX', unknown instruction code (INS) given in the request
- '6B' 'XX', incorrect parameter P1 or P2 - '6B' 'XX', incorrect parameter P1 or P2
- '67' 'XX', incorrect parameter P3 - '67' 'XX', incorrect parameter P3
- '6F' 'XX', technical problem, not implemented... - '6F' 'XX', technical problem, not implemented...
RACS December 2018
2 The RACS protocol 2 The RACS protocol
+-----------------+ +-----------------+
| RACS | | RACS |
+-----------------+ +-----------------+
| TLS | | TLS |
+-----------------+ +-----------------+
| TCP | | TCP |
+-----------------+ +-----------------+
| IP | | IP |
skipping to change at page 11, line 5 skipping to change at page 11, line 5
A command line MAY comprise other tokens, which are called the A command line MAY comprise other tokens, which are called the
command parameters. command parameters.
A RACS request MUST start by a BEGIN command and MUST end by an END A RACS request MUST start by a BEGIN command and MUST end by an END
command. command.
Each command line is associated to an implicit line number. The Each command line is associated to an implicit line number. The
BEGIN line is associated to the zero line number. BEGIN line is associated to the zero line number.
RACS December 2018
The processing of a RACS request is stopped after the first error. The processing of a RACS request is stopped after the first error.
In that case the returned response contained the error status In that case the returned response contained the error status
induced by the last executed command. induced by the last executed command.
2.2 Structure of a RACS response 2.2 Structure of a RACS response
A RACS response is a set of lines, encoded according to the ASCII A RACS response is a set of lines, encoded according to the ASCII
format. Each line ends by the Cr (carriage return) and line feed format. Each line ends by the Cr (carriage return) and line feed
(Lf) characters. The RACS protocol is case sensitive. (Lf) characters. The RACS protocol is case sensitive.
skipping to change at page 12, line 4 skipping to change at page 12, line 4
2.2.3 Status line 2.2.3 Status line
A status header indicates a status line. A status header indicates a status line.
It begins by the character '+' in case of success or '-' if an error It begins by the character '+' in case of success or '-' if an error
occurred during the RACS request execution. It is followed by an occurred during the RACS request execution. It is followed by an
ASCII encoded integer, which is the value of the status. ASCII encoded integer, which is the value of the status.
The second mandatory token of a status line is the command line The second mandatory token of a status line is the command line
number (starting from zero) number (starting from zero)
RACS December 2018
A status line MAY comprise other tokens, which are called the A status line MAY comprise other tokens, which are called the
response parameters. response parameters.
2.2.4 Examples of RACS responses: 2.2.4 Examples of RACS responses:
BEGIN CrLf BEGIN CrLf
+001 000 Success CrLf +001 000 Success CrLf
END CrLf END CrLf
BEGIN moon1969 CrLf BEGIN moon1969 CrLf
skipping to change at page 13, line 5 skipping to change at page 13, line 5
An optional parameter is the request identifier, which MUST be An optional parameter is the request identifier, which MUST be
echoed in the parameter of the first response line (i.e. starting by echoed in the parameter of the first response line (i.e. starting by
the BEGIN header). the BEGIN header).
2.3.2 END 2.3.2 END
This command ends a request message. It returns the response message This command ends a request message. It returns the response message
triggered by the last command. triggered by the last command.
RACS December 2018
Example1 Example1
======== ========
Request: Request:
BEGIN CrLf BEGIN CrLf
END CrLf END CrLf
Response: Response:
BEGIN CrLf BEGIN CrLf
+001 000 Success CrLf +001 000 Success CrLf
END CrLF END CrLF
skipping to change at page 14, line 4 skipping to change at page 14, line 4
Response: Response:
BEGIN SanchoPanza CrLf BEGIN SanchoPanza CrLf
+006 002 [ISO7816-Response-2] CrLf +006 002 [ISO7816-Response-2] CrLf
END CrLf END CrLf
Request: Request:
BEGIN DonQuichotte CrLf BEGIN DonQuichotte CrLf
APDU 100 [ISO7816-Request-1] APPEND CrLf APDU 100 [ISO7816-Request-1] APPEND CrLf
APDU 100 [ISO7816-Request-2] APPEND CrLf APDU 100 [ISO7816-Request-2] APPEND CrLf
END CrLf END CrLf
RACS December 2018
Response: Response:
BEGIN DonQuichotte CrLf BEGIN DonQuichotte CrLf
+006 001 [ISO7816-Response-1] CrLf +006 001 [ISO7816-Response-1] CrLf
+006 002 [ISO7816-Response-2] CrLf +006 002 [ISO7816-Response-2] CrLf
END CrLf END CrLf
2.3.4 GET-VERSION 2.3.4 GET-VERSION
This command requests the current version of the RACS protocol. This command requests the current version of the RACS protocol.
The returned response is the current version encoded by two integer The returned response is the current version encoded by two integer
skipping to change at page 15, line 4 skipping to change at page 15, line 4
BEGIN CrLf BEGIN CrLf
-403 001 Error line 1 RACS 2.0 is not supported CrLf -403 001 Error line 1 RACS 2.0 is not supported CrLf
END CrLf END CrLf
Example 2 Example 2
========= =========
Request: Request:
BEGIN CrLf BEGIN CrLf
SET-VERSION 1.0 CrLf SET-VERSION 1.0 CrLf
END CrLf END CrLf
RACS December 2018
Response: Response:
BEGIN CrLf BEGIN CrLf
+003 001 RACS 1.0 has been activated CrLf +003 001 RACS 1.0 has been activated CrLf
END CrLf END CrLf
2.3.6 LIST 2.3.6 LIST
This command requests the list of SEID plugged in the GoSE. This command requests the list of SEID plugged in the GoSE.
It returns a list of SEIDs separated by space (0x20) character(s). It returns a list of SEIDs separated by space (0x20) character(s).
skipping to change at page 16, line 5 skipping to change at page 16, line 5
END CrLf END CrLf
2.3.7 RESET 2.3.7 RESET
This command resets a secure element. The first parameter gives the This command resets a secure element. The first parameter gives the
secure element identifier (SEID). An optional second parameter secure element identifier (SEID). An optional second parameter
specifies a warm reset. The default behavior is a cold reset. specifies a warm reset. The default behavior is a cold reset.
The response status indicates the success or the failure of this The response status indicates the success or the failure of this
operation. operation.
RACS December 2018
Syntax: RESET SEID [WARM] CrLf Syntax: RESET SEID [WARM] CrLf
Example 1 Example 1
========= =========
Request: Request:
BEGIN CrLf BEGIN CrLf
RESET device#45 CrLf RESET device#45 CrLf
END CrLf END CrLf
Response: Response:
skipping to change at page 17, line 5 skipping to change at page 17, line 5
2.3.8 APDU 2.3.8 APDU
This command sends an ISO7816 request to a secure element or a set This command sends an ISO7816 request to a secure element or a set
of ISO7816 commands. of ISO7816 commands.
The first parameter specifies the SEID. The first parameter specifies the SEID.
The second parameter is an ISO7816 request. The second parameter is an ISO7816 request.
Three optional parameters are available; they MUST be located after Three optional parameters are available; they MUST be located after
the second parameter. the second parameter.
RACS December 2018
- CONTINUE=value, indicates that the next RACS command will be - CONTINUE=value, indicates that the next RACS command will be
executed only if the ISO7816 status word (SW) is equal to a given executed only if the ISO7816 status word (SW) is equal to a given
value. Otherwise an error status is returned. value. Otherwise an error status is returned.
- MORE=value, indicates that a FETCH request will be performed (i.e. - MORE=value, indicates that a FETCH request will be performed (i.e.
a new ISO7816 request will be sent) if the first byte of the ISO7816 a new ISO7816 request will be sent) if the first byte of the ISO7816
status word (SW1) is equal to a given value. status word (SW1) is equal to a given value.
- FETCH=value fixes the four bytes of the ISO7816 FETCH request - FETCH=value fixes the four bytes of the ISO7816 FETCH request
(i.e. CLA INS P1 P2). The default value (when FETCH is omitted) is (i.e. CLA INS P1 P2). The default value (when FETCH is omitted) is
00C00000 (CLA=00, INS=C0, P1=00, P2=00) 00C00000 (CLA=00, INS=C0, P1=00, P2=00)
skipping to change at page 18, line 4 skipping to change at page 18, line 4
10. { iso7816-request = FETCH || sw2 ; } 10. { iso7816-request = FETCH || sw2 ; }
11. Else 11. Else
12. { DoIt=false;} 12. { DoIt=false;}
13. } 13. }
14. } 14. }
15. While (DoIt == true) 15. While (DoIt == true)
16. iso7816-response = BODY || SW ; 16. iso7816-response = BODY || SW ;
17. If (SW != CONTINUE) Error ; 17. If (SW != CONTINUE) Error ;
18. Else No Error; 18. Else No Error;
RACS December 2018
Example 1 Example 1
========= =========
Request: Request:
BEGIN CrLf BEGIN CrLf
APDU SEID ISO7816-REQUEST CrLf APDU SEID ISO7816-REQUEST CrLf
END CrLf END CrLf
Response: Response:
BEGIN CrLf BEGIN CrLf
+006 001 ISO7816-RESPONSE CrLf +006 001 ISO7816-RESPONSE CrLf
skipping to change at page 19, line 4 skipping to change at page 19, line 4
========= =========
BEGIN CrLf BEGIN CrLf
APDU SEID ISO7816-REQUEST-1 CONTINUE=9000 CrLf APDU SEID ISO7816-REQUEST-1 CONTINUE=9000 CrLf
APDU SEID ISO7816-REQUEST-2 CrLf APDU SEID ISO7816-REQUEST-2 CrLf
END CrLf END CrLf
Response: Response:
BEGIN CrLf BEGIN CrLf
+006 002 ISO7816-RESPONSE-2 CrLf +006 002 ISO7816-RESPONSE-2 CrLf
END CrLf END CrLf
RACS December 2018
Example 5 Example 5
========= =========
BEGIN CrLf BEGIN CrLf
APDU SEID ISO7816-REQUEST-1 CONTINUE=9000 CrLf APDU SEID ISO7816-REQUEST-1 CONTINUE=9000 CrLf
APDU SEID ISO7816-REQUEST-2 CrLf APDU SEID ISO7816-REQUEST-2 CrLf
END CrLf END CrLf
Response: Response:
BEGIN CrLf BEGIN CrLf
-006 001 Request Error line 1 wrong SW CrLf -006 001 Request Error line 1 wrong SW CrLf
skipping to change at page 20, line 4 skipping to change at page 20, line 4
The RACS response is set to The RACS response is set to
+006 003 body-0 || body-1 || SW-1 CrLf +006 003 body-0 || body-1 || SW-1 CrLf
where ||indicates a concatenation operation. where ||indicates a concatenation operation.
2.3.9 SHUTDOWN 2.3.9 SHUTDOWN
This command powers down a secure element. The first parameter gives This command powers down a secure element. The first parameter gives
the secure element identifier (SEID). the secure element identifier (SEID).
Syntax: SHUTDOWN SEID CrLf Syntax: SHUTDOWN SEID CrLf
RACS December 2018
Example Example
========= =========
Request: Request:
BEGIN Goodbye CrLf BEGIN Goodbye CrLf
SHUTDOWN device#45 CrLf SHUTDOWN device#45 CrLf
END CrLf END CrLf
Response: Response:
BEGIN Goodbye CrLf BEGIN Goodbye CrLf
+007 001 device#45 has been powered down CrLf +007 001 device#45 has been powered down CrLf
skipping to change at page 21, line 4 skipping to change at page 21, line 4
BEGIN CrLf BEGIN CrLf
-708 001 error device#45 is already in use CrLf -708 001 error device#45 is already in use CrLf
END CrLf END CrLf
Example 3 Example 3
========= =========
Request: Request:
BEGIN CrLf BEGIN CrLf
POWERON device#45 CrLf POWERON device#45 CrLf
END CrLf END CrLf
RACS December 2018
Response: Response:
BEGIN CrLf BEGIN CrLf
-608 001 error unauthorized access CrLf -608 001 error unauthorized access CrLf
END CrLf END CrLf
2.3.11 ECHO 2.3.11 ECHO
This command echoes a token. The first parameter is the token (word) This command echoes a token. The first parameter is the token (word)
to be echoed by the response. to be echoed by the response.
skipping to change at page 22, line 5 skipping to change at page 22, line 5
2.4 Status header encoding 2.4 Status header encoding
The first token of a response line is the status header. It begins The first token of a response line is the status header. It begins
by a '+' or a '-' character, and comprises three decimal digits by a '+' or a '-' character, and comprises three decimal digits
(xyz). (xyz).
The first digit (x) MUST indicates an event class. The first digit (x) MUST indicates an event class.
The second and third digits (yz) MAY indicate a command class. The second and third digits (yz) MAY indicate a command class.
RACS December 2018
2.4.1 Event class 2.4.1 Event class
This draft only defines the meaning of the first digit located at This draft only defines the meaning of the first digit located at
the left most side. the left most side.
+0yz: No error +0yz: No error
-0yz: Command execution error -0yz: Command execution error
-1yz: Unknown command, the command is not defined by this draft -1yz: Unknown command, the command is not defined by this draft
-2yz: Not implemented command -2yz: Not implemented command
-3yz: Illegal command, the command can't be executed -3yz: Illegal command, the command can't be executed
skipping to change at page 23, line 4 skipping to change at page 23, line 4
01 BEGIN 01 BEGIN
02 GET-VERSION 02 GET-VERSION
03 SET-VERSION 03 SET-VERSION
04 LIST 04 LIST
05 RESET 05 RESET
06 APDU 06 APDU
07 SHUTDOWN 07 SHUTDOWN
08 POWERON 08 POWERON
09 ECHO 09 ECHO
RACS December 2018
3 URI for the GoSE 3 URI for the GoSE
The URI addressing the resources hosted by the GoSE is represented The URI addressing the resources hosted by the GoSE is represented
by the string: by the string:
RACS://GoSE-Name:port/?request RACS://GoSE-Name:port/?request
where request is the RACS request to be forwarded to a the GoSE. where request is the RACS request to be forwarded to a the GoSE.
RACS command lines are encoded in a way similar to the INPUT field RACS command lines are encoded in a way similar to the INPUT field
skipping to change at page 24, line 4 skipping to change at page 24, line 4
the command line i.e. a set of ASCII characters is written according the command line i.e. a set of ASCII characters is written according
to the URL encoding rules. End of line characters, i.e. carriage to the URL encoding rules. End of line characters, i.e. carriage
return (Cr) and line feed (Lf) are omitted. return (Cr) and line feed (Lf) are omitted.
As a consequence a RACS request is written as As a consequence a RACS request is written as
https://GoSE-Name/RACS?cmd1=cmd1-parameters&cmd2=cmd2-parameters https://GoSE-Name/RACS?cmd1=cmd1-parameters&cmd2=cmd2-parameters
Example: Example:
https://GoSE-Name/RACS?BEGIN=&APDU=SEID%20[ISO7816-REQUEST]&END= https://GoSE-Name/RACS?BEGIN=&APDU=SEID%20[ISO7816-REQUEST]&END=
RACS December 2018
4.2 HTTPS response 4.2 HTTPS response
The RACS response is returned in an XML document. The RACS response is returned in an XML document.
The root element of the document is <RACS-Response> The root element of the document is <RACS-Response>
The optional parameter of the BEGIN header, is the content of the The optional parameter of the BEGIN header, is the content of the
<begin> element. <begin> element.
Each status line is the content of the <Cmd-Response> element, which Each status line is the content of the <Cmd-Response> element, which
skipping to change at page 25, line 4 skipping to change at page 25, line 4
The GoSE software MUST provide a mean to establish a list of SEIDs The GoSE software MUST provide a mean to establish a list of SEIDs
that can be accessed from a client whose identity is the CommonName that can be accessed from a client whose identity is the CommonName
(CN) attribute of its certificate. It MAY allocate a UserID (UID), (CN) attribute of its certificate. It MAY allocate a UserID (UID),
i.e. an integer index from the certfificate common name. i.e. an integer index from the certfificate common name.
5.2 Secure Element access 5.2 Secure Element access
The GoSE MUST manage a unique session identifier (SID) for each TLS The GoSE MUST manage a unique session identifier (SID) for each TLS
session. The SID is bound to the client's certificate CommonName session. The SID is bound to the client's certificate CommonName
(SID(CN)) (SID(CN))
RACS December 2018
A secure element has two states, unlocked and locked. In the locked A secure element has two states, unlocked and locked. In the locked
state the secure element may be only used by the SID that previously state the secure element may be only used by the SID that previously
locked it. locked it.
The first authorized command that successfully accesses to a SEID The first authorized command that successfully accesses to a SEID
(either POWERON ,RESET, APDU) locks a secure element (SEID) with the (either POWERON ,RESET, APDU) locks a secure element (SEID) with the
current session (SID). current session (SID).
The SHUTDOWN command MUST unlock a secure element (SEID). The SHUTDOWN command MUST unlock a secure element (SEID).
skipping to change at page 26, line 4 skipping to change at page 26, line 4
For a given AID and an authorized CN, an APDU-Table MAY be For a given AID and an authorized CN, an APDU-Table MAY be
available. This table acts as a firewall, which defined a set of available. This table acts as a firewall, which defined a set of
forbidden ISO7816 commands. forbidden ISO7816 commands.
For example this filter could be expressed as a set of the four For example this filter could be expressed as a set of the four
first bytes of an APDU-Prefix (CLA INS P1 P2) and a four bytes Mask first bytes of an APDU-Prefix (CLA INS P1 P2) and a four bytes Mask
An ISO7816-Request is firewall if: An ISO7816-Request is firewall if:
ISO7816-Request AND Mask IsEQUAL to APDU-Prefix ISO7816-Request AND Mask IsEQUAL to APDU-Prefix
RACS December 2018
5.4 Overview of the security policy 5.4 Overview of the security policy
The summary of the security policy is illustrated by the figure 3. The summary of the security policy is illustrated by the figure 3.
CN(uid) CN(uid)
/\ /\
TLS-Session / \ TLS-Session / \
/ \ / \
sid sid sid sid
/\ /\ /\ /\
skipping to change at page 27, line 4 skipping to change at page 27, line 4
7.2 Informative References 7.2 Informative References
[REST] Fielding, R., "Architectural Styles and the Design of [REST] Fielding, R., "Architectural Styles and the Design of
Network-based Software Architectures", 2000, Network-based Software Architectures", 2000,
http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
[GP] Global Platform Standards, http://www.globalplatform.org [GP] Global Platform Standards, http://www.globalplatform.org
[EUROSMART] The EUROSMART association, http://www.eurosmart.com [EUROSMART] The EUROSMART association, http://www.eurosmart.com
RACS December 2018
[PC/SC] The PC/SC workgroup, http://www.pcscworkgroup.com [PC/SC] The PC/SC workgroup, http://www.pcscworkgroup.com
[EMV] EMV Card Personalization Specification, Version 1.1, July 2007 [EMV] EMV Card Personalization Specification, Version 1.1, July 2007
[OPENRACS] https://github.com/purien, open RACS implementation for [OPENRACS] https://github.com/purien, open RACS implementation for
Win32, Ubuntu, Raspberrypi Win32, Ubuntu, Raspberrypi
8 Authors' Addresses 8 Authors' Addresses
 End of changes. 30 change blocks. 
55 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/