35
Java Card Technology Ch02: Smart card Basics Instructors: Instructors: Fu-Chiung Cheng Fu-Chiung Cheng ( ( 鄭鄭鄭 鄭鄭鄭 ) ) Associate Professor Associate Professor Computer Science & Computer Science & Engineering Engineering Tatung University Tatung University

Java Card Technology Ch02: Smart card Basics

Embed Size (px)

DESCRIPTION

Java Card Technology Ch02: Smart card Basics. Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung University. Smart card. Smart cards are often, called chip cards, or integrated circuit(IC) cards. - PowerPoint PPT Presentation

Citation preview

Page 1: Java Card Technology Ch02: Smart card Basics

Java Card TechnologyCh02: Smart card Basics

Instructors: Instructors:

Fu-Chiung Cheng Fu-Chiung Cheng

((鄭福炯鄭福炯 ))

Associate Professor Associate Professor

Computer Science & EngineeringComputer Science & Engineering

Tatung UniversityTatung University

Page 2: Java Card Technology Ch02: Smart card Basics

Smart card

Smart cards Smart cards are often, called chip cards, or integrated are often, called chip cards, or integrated

circuit(IC) cards.circuit(IC) cards. are used for data transmission, storage, are used for data transmission, storage,

and processingand processing do not contain a power supply, a display or do not contain a power supply, a display or

a keyboard (Need a CAD)a keyboard (Need a CAD) The physical appearance and properties of a The physical appearance and properties of a

smart card are defined in ISO 7816, part 1 smart card are defined in ISO 7816, part 1 (see Fig 2.1)(see Fig 2.1)

Page 3: Java Card Technology Ch02: Smart card Basics

Divided into two card type

memory cards &memory cards &

microprocessor cards microprocessor cards

contact cards & contact cards &

contactless cardscontactless cards

Page 4: Java Card Technology Ch02: Smart card Basics

Memory cards

hold up 1k to 4k of datahold up 1k to 4k of data used for prepaid cards for public phones or used for prepaid cards for public phones or

other goods and services that are sold against other goods and services that are sold against prepaymentprepayment

does not have a cpu so it has limited functions does not have a cpu so it has limited functions and cannot be reprogrammingand cannot be reprogramming

also cannot be reused after the value in the also cannot be reused after the value in the card is spentcard is spent

can be counterfeited relatively easilycan be counterfeited relatively easily Low cost (simple technology)Low cost (simple technology)

Page 5: Java Card Technology Ch02: Smart card Basics

Microprocessor cards

contain a processor contain a processor offer greatly increased security and offer greatly increased security and

multifunctional capabilitymultifunctional capability data are never directly available to the external data are never directly available to the external

applicationsapplications Microprocessor controls data handling and Microprocessor controls data handling and

memory access according to passwords, memory access according to passwords, encryptions encryptions

very flexible so it can be optimized for one very flexible so it can be optimized for one application or can integrate several different application or can integrate several different applicationsapplications

Page 6: Java Card Technology Ch02: Smart card Basics

Contact cards

must be inserted in a card acceptance must be inserted in a card acceptance devicedevice

communicate with the outside world by communicate with the outside world by using serial communication interfaceusing serial communication interface

Page 7: Java Card Technology Ch02: Smart card Basics

Contactless cards

communicate with the outsize world through communicate with the outsize world through an antenna wound into the card an antenna wound into the card

power can be provided by an internal battery power can be provided by an internal battery or can be collected by the antennaor can be collected by the antenna

transmit data to a card acceptance device transmit data to a card acceptance device through electromagnetic fieldsthrough electromagnetic fields

Page 8: Java Card Technology Ch02: Smart card Basics

Contactless cards

Advantages:Advantages: No contacts to become worm from No contacts to become worm from

excessive useexcessive use Cards do no need to be carefully inserted Cards do no need to be carefully inserted

into a CADinto a CAD Cards do not have to be a standard Cards do not have to be a standard

thickness to fit in a CAD slotthickness to fit in a CAD slot Disadvantages:Disadvantages:

ExpensiveExpensive Transmitted data may be interceptedTransmitted data may be intercepted

Page 9: Java Card Technology Ch02: Smart card Basics

Smart card hardware

Smart card contact points: (see Fig 2.2 on P.15)Smart card contact points: (see Fig 2.2 on P.15) Vcc: supply power.Vcc: supply power. RST: sending the signal to reset the RST: sending the signal to reset the

microprocessormicroprocessor (it is called a warm reset and a cold reset is done (it is called a warm reset and a cold reset is done

by switching the power supply off and on again)by switching the power supply off and on again) CLK: CLK:

Smart cards do not posses internal clockSmart cards do not posses internal clock CLK point supplies the external clock signal CLK point supplies the external clock signal

from which the internal clock is derivedfrom which the internal clock is derived

Page 10: Java Card Technology Ch02: Smart card Basics

Smart card hardware

Smart card contact points: (see Fig 2.2 on P.15)Smart card contact points: (see Fig 2.2 on P.15) GND: GND:

is used as a reference voltage; is used as a reference voltage; its value is considered to be zero voltsits value is considered to be zero volts

Vpp: optional, only used in older cards. (for Vpp: optional, only used in older cards. (for EEPROM)EEPROM)

I/O: transfer data and commands between the I/O: transfer data and commands between the smart card and the outside world in half-duplex smart card and the outside world in half-duplex mode. (half duplex means that commands or data mode. (half duplex means that commands or data can be transmitted in only one direction at any can be transmitted in only one direction at any particular time)particular time)

RFU: reserved for future use.RFU: reserved for future use.

Page 11: Java Card Technology Ch02: Smart card Basics

Smart card central Processing unit

CPU in most current card chips is an 8-bit CPU in most current card chips is an 8-bit micro-controller,micro-controller, usually using the Motorola 6805 or Intel 8051 usually using the Motorola 6805 or Intel 8051

instruction set.instruction set. Low end: up to 5MHzLow end: up to 5MHz High end: up to 40MHz (5MHz x 2,4,8)High end: up to 40MHz (5MHz x 2,4,8)

Newer smart card chips Newer smart card chips have a 16-bit or 32 bit micro-controller andhave a 16-bit or 32 bit micro-controller and use reduced instruction set (RISC) architecture use reduced instruction set (RISC) architecture 16-bit or 32-bit smart cards will likely become more 16-bit or 32-bit smart cards will likely become more

common.common.

Page 12: Java Card Technology Ch02: Smart card Basics

Smart card Coprocessors

Smart card chips for security applications Smart card chips for security applications have built-in crytographic coprocessor have built-in crytographic coprocessor

The crytographic coprocessor is a special IC The crytographic coprocessor is a special IC for expediting calculationsfor expediting calculations Modular arithmeticModular arithmetic Large integer operationsLarge integer operations ex RSA algorithmex RSA algorithm

Affects cost of the chipsAffects cost of the chips

Page 13: Java Card Technology Ch02: Smart card Basics

Smart Card Memory System

ROM,RAM,EEPROM are the most ROM,RAM,EEPROM are the most widely used memories.widely used memories.

Page 14: Java Card Technology Ch02: Smart card Basics

ROM(read-only memory)

is used for storing the fixed program of is used for storing the fixed program of the card (e.g. operating system, the card (e.g. operating system, permanent data) permanent data)

no power is needed to hold data in this no power is needed to hold data in this kind of memory but also can't be written kind of memory but also can't be written to after the card is manufacturedto after the card is manufactured

can be accessed an unlimited number can be accessed an unlimited number of timesof times

Page 15: Java Card Technology Ch02: Smart card Basics

EEPROM(electrical erasable programmable read-only memory)

can preserve data content when power is can preserve data content when power is turned offturned off

equivalent of the hard disk on a PCequivalent of the hard disk on a PC reading from EEPROM is as fast as reading reading from EEPROM is as fast as reading

from RAM, but writing to EEPROM is 1000 from RAM, but writing to EEPROM is 1000 times slower than writing to RAMtimes slower than writing to RAM

reliably accept at least 100,000 write cyclesreliably accept at least 100,000 write cycles retain data for 10 years.retain data for 10 years.

Page 16: Java Card Technology Ch02: Smart card Basics

RAM(random access memory)

is non-persistent memoryis non-persistent memory is used as temporary working space for is used as temporary working space for

storing and modifying data.storing and modifying data. the information content is not preserved the information content is not preserved

when power is removed.when power is removed. can be accessed an unlimited number can be accessed an unlimited number

of timesof times

Page 17: Java Card Technology Ch02: Smart card Basics

flash memory

a kind of persistent mutable memory (like a kind of persistent mutable memory (like EEPROM)EEPROM)

more efficient in power and space than more efficient in power and space than EEPROMEEPROM

can be read bit by bit but can be updated only can be read bit by bit but can be updated only as a blockas a block

is typically used for storing additional is typically used for storing additional programs or large chunks of data that are programs or large chunks of data that are updated as wholes.updated as wholes.

Page 18: Java Card Technology Ch02: Smart card Basics

Smart Card Communication Model

the communication pathway between the card and the communication pathway between the card and the host is half-duplexed;the host is half-duplexed;

(that is, the data can either be sent from the host to (that is, the data can either be sent from the host to the card or from the card to the host but not both at the card or from the card to the host but not both at the same time.)the same time.)

smart card speak to other computer by using their smart card speak to other computer by using their own data packets-called APDUs (application protocol own data packets-called APDUs (application protocol data units) data units)

an APDU contains either a command or a response an APDU contains either a command or a response messagemessage See Fig 2.3 page 18See Fig 2.3 page 18

Page 19: Java Card Technology Ch02: Smart card Basics

Command APDU structureMandatory header

Format of a Command APDU (see Table 2.1)Format of a Command APDU (see Table 2.1) CLA (class of instruction): identify a CLA (class of instruction): identify a

category of command and response category of command and response APDUs.APDUs.

INS (instruction code): specify the INS (instruction code): specify the instruction of the command.instruction of the command.

P1 and P2 (parameters 1 and 2): used to P1 and P2 (parameters 1 and 2): used to provide further qualification to the provide further qualification to the instruction.instruction.

Page 20: Java Card Technology Ch02: Smart card Basics

Command APDU structureOptional body

Format of a Command APDU (see Table 2.1)Format of a Command APDU (see Table 2.1) Lc: specify the length of the data fieldLc: specify the length of the data field data field: contains data that are sent to data field: contains data that are sent to

the card for executing the instruction the card for executing the instruction specified in the APDU headerspecified in the APDU header

Le: specify the number of bytes expected Le: specify the number of bytes expected by the host in the card's responseby the host in the card's response

Page 21: Java Card Technology Ch02: Smart card Basics

Response APDU structureOptional body

Format of Response APDU (see Table Format of Response APDU (see Table 2.2)2.2) Contain data field whose length is Contain data field whose length is

determined by the Le field in the determined by the Le field in the corresponding command APDUcorresponding command APDU

Page 22: Java Card Technology Ch02: Smart card Basics

Response APDU structureMandatory Trailer

Format of Response APDU (see Table 2.2)Format of Response APDU (see Table 2.2) SW1 & SW2: together called the status SW1 & SW2: together called the status

word, denoting the processing state in the word, denoting the processing state in the card after executing the command APDU.card after executing the command APDU. For example: status word 0x9000 For example: status word 0x9000

means that a command was executed means that a command was executed successfully and completelysuccessfully and completely

Page 23: Java Card Technology Ch02: Smart card Basics

Command and response APDU cases There are 4 cases (see Fig 2.4 in pp 20)There are 4 cases (see Fig 2.4 in pp 20)

Case 1: host (command only) <==> smart Case 1: host (command only) <==> smart card(Status word)card(Status word)

Case 2: host (command only) <==> smart Case 2: host (command only) <==> smart card(data+Status word)card(data+Status word)

Case 3: host (command + data) <==> Case 3: host (command + data) <==> smart card(Status word)smart card(Status word)

Case 4: host (command + data) <==> Case 4: host (command + data) <==> smart card(data + Status word)smart card(data + Status word)

Page 24: Java Card Technology Ch02: Smart card Basics

TPDU

APDUs are transmitted by the next-level APDUs are transmitted by the next-level protocol (i.e. transport protocol), defined by protocol (i.e. transport protocol), defined by ISO 7816-3.ISO 7816-3.

The data structures exchanged by a host and The data structures exchanged by a host and a card using transport protocol are called a card using transport protocol are called Transmission Protocol Data Units (TPDUs).Transmission Protocol Data Units (TPDUs).

Two transport protocols in primary useTwo transport protocols in primary use T=0 protocol: byte oriented T=0 protocol: byte oriented T=1 protocol: block orientedT=1 protocol: block oriented

Page 25: Java Card Technology Ch02: Smart card Basics

Answer To Reset (ATR)

Immediately after a smart card is powered up, it sends Immediately after a smart card is powered up, it sends out an answer to reset (ATR) message to the hostout an answer to reset (ATR) message to the host

ATR message contains the parameters required by ATR message contains the parameters required by the card for establishing a data communication the card for establishing a data communication pathway.pathway. Transmission parameters Transmission parameters

Transport protocol supported (T=0 or T=1)Transport protocol supported (T=0 or T=1) Data transmission rateData transmission rate Card hardware parametersCard hardware parameters

Chip serial number and mask version number Chip serial number and mask version number ATR is up to 33 bytesATR is up to 33 bytes

Page 26: Java Card Technology Ch02: Smart card Basics

Smart Card Operating Systems Smart card operating systems (SCOS) have Smart card operating systems (SCOS) have

little resemblance to desktop OS.little resemblance to desktop OS. SCOS supports a collection of instructions on SCOS supports a collection of instructions on

which user applications can be built.which user applications can be built. ISO 7816-4 standardizes a wide range of ISO 7816-4 standardizes a wide range of

instructions in the format of APDUs.instructions in the format of APDUs. Most SMOS supports File SystemsMost SMOS supports File Systems

Page 27: Java Card Technology Ch02: Smart card Basics

Smart Card File System

Smart card file system defined in ISO7816-4 Smart card file system defined in ISO7816-4 can have a hierarchical file system structure can have a hierarchical file system structure (see Fig 2.5 in pp 21)(see Fig 2.5 in pp 21)

ISO7816-4 file system supports three types of ISO7816-4 file system supports three types of files:files: master file (MF)master file (MF) dedicated file (DF) anddedicated file (DF) and elementary file (EF)elementary file (EF)

Page 28: Java Card Technology Ch02: Smart card Basics

Smart Card File System

master file (MF)master file (MF) the root of the file system.the root of the file system. can contain DF & EFcan contain DF & EF There is only one MF in a smart cardThere is only one MF in a smart card

dedicated file (DF)dedicated file (DF) is a smart card directory file that holds other is a smart card directory file that holds other

DF & EFDF & EF a MF is a special type of DFa MF is a special type of DF

elementary file (EF)elementary file (EF) is a data file; can't contain other files.is a data file; can't contain other files.

Page 29: Java Card Technology Ch02: Smart card Basics

Smart Card Systems

Smart card systems are distributed Smart card systems are distributed systems that consist of two parts:systems that consist of two parts: Host system: residing in the computer Host system: residing in the computer

connected to the readerconnected to the reader Card system: inside a smart cardCard system: inside a smart card

Most smart card software, including Most smart card software, including system software and user application system software and user application software, runs on host sidesoftware, runs on host side

Page 30: Java Card Technology Ch02: Smart card Basics

Smart Card Systems

System software on host system System software on host system recognizes a specific smart card and recognizes a specific smart card and

handles communication between the handles communication between the user and the carduser and the card

provides supports to the smart card’sprovides supports to the smart card’sCard managementCard managementSecuritySecurityKey managementKey management

Page 31: Java Card Technology Ch02: Smart card Basics

Smart Card Systems

User applications on host systems implement User applications on host systems implement functions that work with a specific cardfunctions that work with a specific card A simple user application: handle a set of A simple user application: handle a set of

APDUs exchanged with the cardAPDUs exchanged with the card ATM application: provide user ATM application: provide user

authentication, transaction processing, and authentication, transaction processing, and a friendly user interface for easy access.a friendly user interface for easy access.

Page 32: Java Card Technology Ch02: Smart card Basics

Smart Card Systems

User applications on host systems implement User applications on host systems implement functions that work with a specific cardfunctions that work with a specific card A simple user application: handle a set of A simple user application: handle a set of

APDUs exchanged with the cardAPDUs exchanged with the card ATM application: provide user ATM application: provide user

authentication, transaction processing, and authentication, transaction processing, and a friendly user interface for easy access.a friendly user interface for easy access.

Host software is usually written in high-level Host software is usually written in high-level languages such as Java, C, and C++languages such as Java, C, and C++

Page 33: Java Card Technology Ch02: Smart card Basics

Smart Card Systems

Card software is the software that run on the Card software is the software that run on the smart card itselfsmart card itself

Card software also includesCard software also includes System software System software

OS and utilities that control memory management, OS and utilities that control memory management, handle I/O communication with the host, ensure handle I/O communication with the host, ensure data integrity and security, support ISO file system data integrity and security, support ISO file system and provide system utilities to the card applicationsand provide system utilities to the card applications

User application software:User application software:Data and functionsData and functions

Page 34: Java Card Technology Ch02: Smart card Basics

Smart Card Systems Card software can be implemented either in assembly Card software can be implemented either in assembly

language of the card microprocessor or in a high-level language of the card microprocessor or in a high-level programming language that can be interpreted by the programming language that can be interpreted by the microprocessormicroprocessor

Smart card systems involve co-operations between Smart card systems involve co-operations between providers of the card OS, venders of card terminals, providers of the card OS, venders of card terminals, application developers (both card side and host side) and application developers (both card side and host side) and card issuerscard issuers

These parties are often not from the same companiesThese parties are often not from the same companies Java card technology provides a ubiquitous platform in Java card technology provides a ubiquitous platform in

which card-side applications can be written in java and which card-side applications can be written in java and can run on any smart card that supports the Java Card can run on any smart card that supports the Java Card runtime environmentruntime environment

Page 35: Java Card Technology Ch02: Smart card Basics

Smart card standards and specifications

ISO 7816 StandardsISO 7816 Standards GSM(Global System for Mobile GSM(Global System for Mobile

Communications) defined byCommunications) defined by ETSI (European Telecommunication ETSI (European Telecommunication

Standards Institute)Standards Institute) EMV (Europay,MasterCard and Visa)EMV (Europay,MasterCard and Visa) OP (Open Platform)OP (Open Platform) OCF (OpenCard Framework)OCF (OpenCard Framework)