8.12.1 Functional
When the device receives the Verify Crypto command, it computes a challenge based on the received random number, Q, the internally stored associated cryptogram, Ci, and the secret seed, Gi (or session encryption key, Si). The device also decrements the associated attempts counter. It then compares the computed challenge with the challenge sent by the host. If the challenges match, the device computes and writes a new Ci and Si. The device utilizes the success or failure information of the authentication process and updates the attempts counter accordingly.
Key index:
- b0000_00nn : Secret Seed G0-G3
- b0001_00nn : Session Encryption Key S0-S3
Data:
- Q : Host Random Number, 8 bytes
- CH : Host Challenge, 8 bytes
Once the sequence has been carried out, the device requires the host to perform an ACK polling with either the Read User Zone ($B2) command or the System Read ($B6) command. To verify whether the authentication succeeded, the host can either read the associated attempts counter to confirm the value is $FF, or read the post-authentication cryptogram from the device and compare it with the cryptogram generated when the host computed the challenge bytes.