Java Card TechnologyCh02: Smart card BasicsInstructors: Fu-Chiung Cheng ()Associate Professor Computer Science & EngineeringTatung University
Smart cardSmart cards are often, called chip cards, or integrated circuit(IC) cards.are used for data transmission, storage, and processingdo not contain a power supply, a display or a keyboard (Need a CAD)The physical appearance and properties of a smart card are defined in ISO 7816, part 1 (see Fig 2.1)
Divided into two card type
memory cards µprocessor cards
contact cards & contactless cards
Memory cards hold up 1k to 4k of dataused for prepaid cards for public phones or other goods and services that are sold against prepaymentdoes not have a cpu so it has limited functions and cannot be reprogrammingalso cannot be reused after the value in the card is spentcan be counterfeited relatively easilyLow cost (simple technology)
Microprocessor cardscontain a processor offer greatly increased security and multifunctional capabilitydata are never directly available to the external applicationsMicroprocessor controls data handling and memory access according to passwords, encryptions very flexible so it can be optimized for one application or can integrate several different applications
Contact cards must be inserted in a card acceptance devicecommunicate with the outside world by using serial communication interface
Contactless cardscommunicate with the outsize world through an antenna wound into the card power can be provided by an internal battery or can be collected by the antennatransmit data to a card acceptance device through electromagnetic fields
Contactless cardsAdvantages:No contacts to become worm from excessive useCards do no need to be carefully inserted into a CADCards do not have to be a standard thickness to fit in a CAD slotDisadvantages:ExpensiveTransmitted data may be intercepted
Smart card hardwareSmart card contact points: (see Fig 2.2 on P.15)Vcc: supply power.RST: sending the signal to reset the microprocessor (it is called a warm reset and a cold reset is done by switching the power supply off and on again)CLK: Smart cards do not posses internal clockCLK point supplies the external clock signal from which the internal clock is derived
Smart card hardwareSmart card contact points: (see Fig 2.2 on P.15)GND: is used as a reference voltage; its value is considered to be zero voltsVpp: optional, only used in older cards. (for EEPROM)I/O: transfer data and commands between the smart card and the outside world in half-duplex mode. (half duplex means that commands or data can be transmitted in only one direction at any particular time)RFU: reserved for future use.
Smart card central Processing unitCPU in most current card chips is an 8-bit micro-controller,usually using the Motorola 6805 or Intel 8051 instruction set.Low end: up to 5MHzHigh end: up to 40MHz (5MHz x 2,4,8)Newer smart card chips have a 16-bit or 32 bit micro-controller anduse reduced instruction set (RISC) architecture 16-bit or 32-bit smart cards will likely become more common.
Smart card CoprocessorsSmart card chips for security applications have built-in crytographic coprocessor The crytographic coprocessor is a special IC for expediting calculationsModular arithmeticLarge integer operations ex RSA algorithmAffects cost of the chips
Smart Card Memory SystemROM,RAM,EEPROM are the most widely used memories.
ROM(read-only memory)is used for storing the fixed program of the card (e.g. operating system, permanent data) no power is needed to hold data in this kind of memory but also can't be written to after the card is manufacturedcan be accessed an unlimited number of times
EEPROM(electrical erasable programmable read-only memory)can preserve data content when power is turned offequivalent of the hard disk on a PCreading from EEPROM is as fast as reading from RAM, but writing to EEPROM is 1000 times slower than writing to RAMreliably accept at least 100,000 write cyclesretain data for 10 years.
RAM(random access memory)is non-persistent memoryis used as temporary working space for storing and modifying data.the information content is not preserved when power is removed.can be accessed an unlimited number of times
flash memory a kind of persistent mutable memory (like EEPROM)more efficient in power and space than EEPROMcan be read bit by bit but can be updated only as a blockis typically used for storing additional programs or large chunks of data that are updated as wholes.
Smart Card Communication Modelthe communication pathway between the card and the host is half-duplexed; (that is, the data can either be sent from the host to the card or from the card to the host but not both at the same time.)smart card speak to other computer by using their own data packets-called APDUs (application protocol data units) an APDU contains either a command or a response messageSee Fig 2.3 page 18
Command APDU structureMandatory headerFormat of a Command APDU (see Table 2.1)CLA (class of instruction): identify a category of command and response APDUs.INS (instruction code): specify the instruction of the command.P1 and P2 (parameters 1 and 2): used to provide further qualification to the instruction.
Command APDU structureOptional bodyFormat of a Command APDU (see Table 2.1)Lc: specify the length of the data fielddata field: contains data that are sent to the card for executing the instruction specified in the APDU headerLe: specify the number of bytes expected by the host in the card's response
Response APDU structureOptional bodyFormat of Response APDU (see Table 2.2) Contain data field whose length is determined by the Le field in the corresponding command APDU
Response APDU structureMandatory TrailerFormat of Response APDU (see Table 2.2) SW1 & SW2: together called the status word, denoting the processing state in the card after executing the command APDU. For example: status word 0x9000 means that a command was executed successfully and completely
Command and response APDU casesThere are 4 cases (see Fig 2.4 in pp 20)Case 1: host (command only) smart card(Status word)Case 2: host (command only) smart card(data+Status word)Case 3: host (command + data) smart card(Status word)Case 4: host (command + data) smart card(data + Status word)
TPDUAPDUs are transmitted by the next-level protocol (i.e. transport protocol), defined by ISO 7816-3.The data structures exchanged by a host and a card using transport protocol are called Transmission Protocol Data Units (TPDUs).Two transport protocols in primary useT=0 protocol: byte oriented T=1 protocol: block oriented
Answer To Reset (ATR)Immediately after a smart card is powered up, it sends out an answer to reset (ATR) message to the hostATR message contains the parameters required by the card for establishing a data communication pathway.Transmission parameters Transport protocol supported (T=0 or T=1)Data transmission rateCard hardware parametersChip serial number and mask version number ATR is up to 33 bytes
Smart Card Operating SystemsSmart card operating systems (SCOS) have little resemblance to desktop OS.SCOS supports a collection of instructions on which user applications can be built.ISO 7816-4 standardizes a wide range of instructions in the format of APDUs.Most SMOS supports File Systems
Smart Card File SystemSmart card file system defined in ISO7816-4 can have a hierarchical file system structure (see Fig 2.5 in pp 21)ISO7816-4 file system supports three types of files:master file (MF)dedicated file (DF) andelementary file (EF)
Smart Card File Systemmaster file (MF)the root of the file system.can contain DF & EFThere is only one MF in a smart carddedicated file (DF)is a smart card directory file that holds other DF & EFa MF is a special type of DFelementary file (EF)is a data file; can't contain other files.
Smart Card SystemsSmart card systems are distributed systems that consist of two parts:Host system: residing in the computer connected to the readerCard system: inside a smart cardMost smart card software, including system software and user application software, runs on host side
Smart Card SystemsSystem software on host system recognizes a specific smart card and handles communication between the user and the cardprovides supports to the smart cardsCard managementSecurityKey management
Smart Card SystemsUser applications on host systems implement functions that work with a specific cardA simple user application: handle a set of APDUs exchanged with the cardATM application: provide user authentication, transaction processing, and a friendly user interface for easy access.
Smart Card SystemsUser applications on host systems implement functions that work with a specific cardA simple user application: handle a set of APDUs exchanged with the cardATM application: provide user authentication, transaction processing, and a friendly user interface for easy access.Host software is usually written in high-level languages such as Java, C, and C++
Smart Card SystemsCard software is the software that run on the smart card itselfCard software also includesSystem software OS and utilities that control memory management, handle I/O communication with the host, ensure data integrity and security, support ISO file system and provide system utilities to the card applicationsUser application software:Data and functions
Smart Card SystemsCard software can be implemented either in assembly language o