1 / 19

Technical Walkthrough of NOD Proof of Concept and Secure Communication Interface

This document provides a technical walkthrough of the NOD Proof of Concept (PoC), demonstrating a vertical slice of the system architecture. It details the necessary specifications for secure communication between the NOD system and card interfaces, coupled with latency measurements and third-party security reviews. The document also outlines the REST and PL4 WEB services involved in validating orders and session commands, offering clear examples of command sets and their expected responses for effective integration.

paulette-lemaire
Download Presentation

Technical Walkthrough of NOD Proof of Concept and Secure Communication Interface

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NOD Technical Walkthrough Karl Ivar Dahl (karl-ivar.dahl@capgemini.com) Kim Richard Hansen (kim-richard.hansen@capgemini.com)

  2. NOD Proof Of ConceptPrimary Goals • Vertical slice • Specification of interfaces • Part of HB206 • Secure communication between NOD and Card • Demo + walkthrough • Latency measurements • Initial measurements • Security review by 3.rd party • After POC

  3. Interfaces • PL4 WEB Services • AddOrders • GetOrderGroups • UpdateOrderGroups • NOD REST Services • GET /ecard/<mediaSerialNumberID>/groups/ • POST /ecard/<mediaSerialNumberID>/nodsession • POST /group/<groupId>/nodsession • GET /group/<groupId>/nodsession/<nodsessionId>/cmdset/<cmdsetId> • POST /group/<groupId>/nodsession/<nodsessionId>/cmdset/<cmdsetId> • PLUGIN REST Services • GET /admin/schema • POST /order/execute • GET+POST /admin/*

  4. SecureCommuncation between NOD and Card • CASE: Credit Tpurse 50 NOK • Command Set 1 : • Create NOD Session • Short Beep • SelectApplication • Authenticate Step 1 (key7) • Command Set 2: • Authenticate Step 2 • GetValue (Read card image) • AuthenticateStep 1 (key 5) • Plugin Command: • ProcessOrder • Command Set 3: • AuthenticateStep 2 • Credit (Actual order) • WriteRecord (T_SVReloadLog) • AuthenticateStep1 (key6) • Command Set 4: • AuthenticateStep2 • WriteRecord (T_SpecialEventLog) • Commit • Command Set 5: • Long Beep • Demo

  5. Request (Create NOD Session) POST https://xxx:8443/nod/ecard/1000000001/nodsession?capability=01010 HTTP/1.1 Content-Type: */* Accept: application/xml Content-Language: no Authorization: Basic dGVzdDp0ZXN0 User-Agent: Apache CXF 2.4.0 Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Content-Length: 0 NOTE: In the future, the NOD Client Context will be submitted with this POST.

  6. Response (NOD Session Created, Command Set 1 returned) HTTP/1.1 200 OK Server: Apache-Coyote/1.1 location: https://xxx:8443/nod/group/1234/nodsession/7563/cmdset/1 Date: Wed, 17 Aug 2011 07:20:46 GMT Content-Type: application/xml Content-Length: 542 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" mlns:ns3="http://ioas.no/nod/commands/acr128u" xmlns:ns4="http://ioas.no/nod/commands/apdu" > <command cmdID="1" expectedResult="false"> <ns3:acr128uCommand> <frame>280114</frame> </ns3:acr128uCommand> </command> <command cmdID="2"> <ns4:apduFrame> <!–- SelectApplication TransportDF --> <frame>5A018057</frame> </ns4:apduFrame> </command> <command cmdID="3"> <ns4:apduFrame> <!– AuthenticateStep1, key 7 --> <frame>0A07</frame> </ns4:apduFrame> </command> </ns2:commands>

  7. Request (Command Set 1 Result submitted back to NOD server) POST https://xxx:8443/nod/group/1234/nodsession/7563/cmdset/1 HTTP/1.1 Content-Type: application/xml Accept: application/xml Content-Language: no Authorization: Basic dGVzdDp0ZXN0 Content-Length: 382 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" > <command cmdID="2"> <result>006300</result> </command> <command cmdID="3"> <!–- ek(RndB) --> <result>AF42BD22623D4393BB</result> </command> </ns2:commands>

  8. Response (Command Set 2 created) HTTP/1.1 200 OK Server: Apache-Coyote/1.1 location: https://xxx:8443/nod/group/1234/nodsession/7563/cmdset/2 Date: Wed, 17 Aug 2011 07:20:46 GMT Content-Type: application/xml Content-Length: 533 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" xmlns:ns3="http://ioas.no/nod/commands/acr128u" xmlns:ns4="http://ioas.no/nod/commands/apdu”> <command cmdID="4"> <ns4:apduFrame> <!–- AuthenticateStep2 --> <frame>AF22330BE8433837570978E0729CE8CAC5</frame> </ns4:apduFrame> </command> <command cmdID="5"> <ns4:apduFrame> <!– GetValue --> <frame>6C04</frame> </ns4:apduFrame> </command> <command cmdID="6"> <ns4:apduFrame> <!– AuthenticateStep1, key 5 --> <frame>0A05</frame> </ns4:apduFrame> </command> </ns2:commands>

  9. Request (Command Set 2 Result submitted back to NOD Server) POST https://xxx:8443/nod/group/1234/nodsession/7563/cmdset/2 HTTP/1.1 Content-Type: application/xml Accept: application/xml Content-Language: no Authorization: Basic dGVzdDp0ZXN0 User-Agent: Apache CXF 2.4.0 Content-Length: 458 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" xmlns:ns4="http://ioas.no/nod/commands/apdu" xmlns:ns3="http://ioas.no/nod/commands/acr128u”> <command cmdID="4"> <result>004108BDEF73D9330F</result> </command> <command cmdID="5"> <!–- GetValue result, part of Image --> <result>0060DE0200DE6A5897</result> </command> <command cmdID="6"> <result>AFDB3246D39514093B</result> </command> </ns2:commands>

  10. Plugin Request (Source Image and Order submitted to Plugin) Example content: POST http://localhost:8443/nod/plugin/hb206/order/execute HTTP/1.1 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/plugin/commands" xmlns:ns5="http://ioas.no/nod/plugin/image/desfire"> <command> <processOrder> <srcImage> <ns5:image> <application> <applicationName>TransportDF</applicationName> <file> <fileName>T_StoredValue</fileName> <content>00000000</content> </file> </application> </ns5:image> </srcImage> <orderDescription>PD94bWwgdmVyc2lvbj0iMS4wIiB....</orderDescription> </processOrder> </command> </ns2:commands>

  11. Plugin Response (Target Image and Transaction returned by Plugin) Example Content HTTP/1.1 200 OK <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/plugin/commands" xmlns:ns4="http://ioas.no/nod/plugin/dis/j" xmlns:ns5="http://ioas.no/nod/plugin/image/desfire"> <command> <processOrder> <targetImage> <ns5:image> <application> <applicationName>TransportDF</applicationName> <file> <fileName>T_StoredValue</fileName> <content>000001F4</content> </file> </application> </ns5:image> </targetImage> <transaction> <ns4:disTransaction> ... </ns4:disTransaction> </transaction> </processOrder> <result>00</result> </command> </ns2:commands>

  12. Response (Command Set 3 generated based on Plugin Image DIFF) HTTP/1.1 200 OK Server: Apache-Coyote/1.1 location: https://xxx:8443/nod/group/1234/nodsession/7563/cmdset/3 Date: Wed, 17 Aug 2011 07:20:46 GMT Content-Type: application/xml Content-Length: 643 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" xmlns:ns4="http://ioas.no/nod/commands/apdu"> <command cmdID="7"> <ns4:apduFrame> <!–- AuthenticateStep2 --> <frame>AF4707F2792B130E2CD2F570990FDFA2AE</frame> </ns4:apduFrame> </command> <command cmdID="8"> <ns4:apduFrame> <!–- Credit --> <frame>0C04F401000045F04844</frame> </ns4:apduFrame> </command> <command cmdID="9"> <ns4:apduFrame> <!-– WriteRecord T_SVReloadLog --> <frame>3B0600000001000001</frame> </ns4:apduFrame> </command> <command cmdID="10"> <ns4:apduFrame> <!–- AuthenticateStep1, key 6 --> <frame>0A06</frame> </ns4:apduFrame> </command> </ns2:commands>

  13. Request (Command Set 3 Result submitted back to NOD Server) POST https://xxx:8443/nod/ group/1234/nodsession/7563/cmdset/3 HTTP/1.1 Content-Type: application/xml Accept: application/xml Content-Language: no Authorization: Basic dGVzdDp0ZXN0 User-Agent: Apache CXF 2.4.0 Content-Length: 499 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:commands xmlns:ns2="http://ioas.no/nod/commands"> <command cmdID="7"> <result>002616BB9C40FB100B</result> </command> <command cmdID="8”> <result>006300</result> </command> <command cmdID="9"> <result>006300</result> </command> <command cmdID="10”> <result>AF2B196BBC57E306F6</result> </command> </ns2:commands>

  14. Response (Command Set 4 created) HTTP/1.1 200 OK Server: Apache-Coyote/1.1 location: https://xxx:8443/nod/group/1234/nodsession/7563/cmdset/4 Date: Wed, 17 Aug 2011 07:20:46 GMT Content-Type: application/xml Content-Length: 548 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" xmlns:ns4="http://ioas.no/nod/commands/apdu" > <command cmdID="11"> <ns4:apduFrame> <!–- AuthenticateStep2 --> <frame>AF22330BE8433837576FEC627085536A6B</frame> </ns4:apduFrame> </command> <command cmdID="12"> <ns4:apduFrame> <!– WriteRecord T_SpecialEventLog --> <frame>3B0500000001000002</frame> </ns4:apduFrame> </command><command cmdID="13"> <ns4:apduFrame> <!-- Commit --> <frame>C7</frame> </ns4:apduFrame> </command> </ns2:commands>

  15. Request (Command Set 4 Result submitted back to NOD Server) POST https://xxx:8443/nod/group/1234/ nodsession/7563/cmdset/4 HTTP/1.1 Content-Type: application/xml Accept: application/xml Content-Language: no Authorization: Basic dGVzdDp0ZXN0 User-Agent: Apache CXF 2.4.0 Content-Length: 437 <?xml version="1.0" encoding="UTF-8" standalone="yes"? ><ns2:commands xmlns:ns2="http://ioas.no/nod/commands" > <command cmdID="11"> <result>004108BDEF73D9330F</result> </command> <command cmdID="12"> <result>006300</result> </command> <command cmdID="13”> <!-- COMMIT OK --> <result>006300</result> </command> </ns2:commands>

  16. Response (Command Set 5, final response) HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Connection: close location: https://xxx:8443/nod/group/1234/ nodsession/7563/cmdset/5 Date: Wed, 17 Aug 2011 07:20:46 GMT Content-Type: application/xml Content-Length: 381 <?xml version="1.0" encoding="UTF-8" standalone="yes"? > <ns2:commands xmlns:ns2="http://ioas.no/nod/commands" xmlns:ns3="http://ioas.no/nod/commands/acr128u”> <command cmdID="14" expectedResult="false"> <ns3:acr128uCommand> <frame>280164</frame> </ns3:acr128uCommand> </command> </ns2:commands>

  17. Initial Latency Measurements

  18. Other Features • Mapping between Order and Plugin • Support for lost requests (Re-query) • Support for duplicate POSTs (HTTP 303) • Future support for binary formats (application/exi) • Backwards compatibility w/capabilities & NameSpaces • Support for other responsetypes such as GIF

More Related