Table of Contents
Advertisement
This authentication protects from counterfeited products containing a valid "Public key" taken on a valid product.
However it does not contain the "Secret Key" that is stored in the product and that is not readable. The
counterfeited product is not able to compute the "Shared Secret" nor the "AES Session key", so it fails this
authentication phase.
2.6
Encrypted data transfer
Once the mutual authentication has been run, all the imminent communications over NFC are encrypted using the
current AES session key, which means:
•
Someone spying the NFC communication is not able to decrypt the transmitted data (because the current
"AES Session key" is unknown).
•
A message not encrypted with the current "AES Session key" is rejected
•
A valid message (encrypted with the current "AES Session key") maliciously modified is rejected (thanks to
the message authentication).
The AES encryption is performed by using the GCM.
This encryption method requires to transmit additional metadata along with the encrypted data:
1.
An initialization vector (12-bytes) required to initialize the decryption process. This initialisation vector
changes for every new encrypted message.
2.
A GMAC of 16 bytes used to ensure the message integrity and source.
Note:
No block-padding is required by this encryption method.
UM2684 - Rev 2
Figure 5.
Firmware authentication over NFC
Encrypt
Smartphone
Encrypted data transfer
Decrypt
Firmware
UM2684
page 8/27
Advertisement
Table of Contents
Need help?
Do you have a question about the ST25DV-I2C and is the answer not in the manual?
Questions and answers