CITI Previous | Index | Next

Cyberflex Protection Model

Cyberflex cards use access control lists (acls) to protect the file system.
There are seven principals (like a user ID) plus a default (world rights):

Default, CHV1, CHV2, AUT0, AUT1, AUT2, AUT3, AUT4.

CHV is "Card Holder Verification" and is associated with a PIN.
When a user sends the PIN to the card (via a keypad and APDU), the user obtains the rights associated with the CHV until the card is reset or powered off.

AUT is a longer, more cryptographically secure key, usually a 56 bit DES key. This key can be verified either by submitting the key itself, or by answering a challenge presented by the card.

For each of the eight principals there is a vector of eight rights bits:
Read, Write, Execute/Append/Protect, Invalidate, Rehabilitate, Decrease, Increase.