Java Card Technology Ch02: Smart card Basics

1
Java Card TechnologyCh02 Smart card Basics

• Instructors
• Fu-Chiung Cheng
• (???)
• Associate Professor
• Computer Science Engineering
• Tatung University

2
Smart card

• Smart cards
• are often, called chip cards, or integrated
  circuit(IC) cards.
• are used for data transmission, storage, and
  processing
• do not contain a power supply, a display or a
  keyboard (Need a CAD)
• The physical appearance and properties of a smart
  card are defined in ISO 7816, part 1 (see Fig
  2.1)

3
Divided into two card type

• memory cards
• microprocessor cards
• contact cards
• contactless cards

4
Memory cards

• hold up 1k to 4k of data
• used for prepaid cards for public phones or other
  goods and services that are sold against
  prepayment
• does not have a cpu so it has limited functions
  and cannot be reprogramming
• also cannot be reused after the value in the card
  is spent
• can be counterfeited relatively easily
• Low cost (simple technology)

5
Microprocessor cards

• contain a processor
• offer greatly increased security and
  multifunctional capability
• data are never directly available to the external
  applications
• Microprocessor controls data handling and memory
  access according to passwords, encryptions
• very flexible so it can be optimized for one
  application or can integrate several different
  applications

6
Contact cards

• must be inserted in a card acceptance device
• communicate with the outside world by using
  serial communication interface

7
Contactless cards

• communicate with the outsize world through an
  antenna wound into the card
• power can be provided by an internal battery or
  can be collected by the antenna
• transmit data to a card acceptance device through
  electromagnetic fields

8
Contactless cards

• Advantages
• No contacts to become worm from excessive use
• Cards do no need to be carefully inserted into a
  CAD
• Cards do not have to be a standard thickness to
  fit in a CAD slot
• Disadvantages
• Expensive
• Transmitted data may be intercepted

9
Smart card hardware

• Smart card contact points (see Fig 2.2 on P.15)
• Vcc supply power.
• RST sending the signal to reset the
  microprocessor
• (it is called a warm reset and a cold
  reset is done by switching the power supply off
  and on again)
• CLK
• Smart cards do not posses internal clock
• CLK point supplies the external clock signal from
  which the internal clock is derived

10
Smart card hardware

• Smart card contact points (see Fig 2.2 on P.15)
• GND
• is used as a reference voltage
• its value is considered to be zero volts
• Vpp optional, only used in older cards. (for
  EEPROM)
• I/O transfer data and commands between the
  smart card and the outside world in half-duplex
  mode. (half duplex means that commands or data
  can be transmitted in only one direction at any
  particular time)
• RFU reserved for future use.

11
Smart card central Processing unit

• CPU in most current card chips is an 8-bit
  micro-controller,
• usually using the Motorola 6805 or Intel 8051
  instruction set.
• Low end up to 5MHz
• High end up to 40MHz (5MHz x 2,4,8)
• Newer smart card chips
• have a 16-bit or 32 bit micro-controller and
• use reduced instruction set (RISC) architecture
• 16-bit or 32-bit smart cards will likely become
  more common.

12
Smart card Coprocessors

• Smart card chips for security applications have
  built-in crytographic coprocessor
• The crytographic coprocessor is a special IC for
  expediting calculations
• Modular arithmetic
• Large integer operations
• ex RSA algorithm
• Affects cost of the chips

13
Smart Card Memory System

• ROM,RAM,EEPROM are the most widely used memories.

14
ROM(read-only memory)

• is used for storing the fixed program of the card
  (e.g. operating system, permanent data)
• no power is needed to hold data in this kind of
  memory but also can't be written to after the
  card is manufactured
• can be accessed an unlimited number of times

15
EEPROM(electrical erasable programmable
read-only memory)

• can preserve data content when power is turned
  off
• equivalent of the hard disk on a PC
• reading from EEPROM is as fast as reading from
  RAM, but writing to EEPROM is 1000 times slower
  than writing to RAM
• reliably accept at least 100,000 write cycles
• retain data for 10 years.

16
RAM(random access memory)

• is non-persistent memory
• is used as temporary working space for storing
  and modifying data.
• the information content is not preserved when
  power is removed.
• can be accessed an unlimited number of times

17
flash memory

• a kind of persistent mutable memory (like EEPROM)
• more efficient in power and space than EEPROM
• can be read bit by bit but can be updated only as
  a block
• is typically used for storing additional programs
  or large chunks of data that are updated as
  wholes.

18
Smart Card Communication Model

• the communication pathway between the card and
  the host is half-duplexed
• (that is, the data can either be sent from the
  host to the card or from the card to the host but
  not both at the same time.)
• smart card speak to other computer by using their
  own data packets-called APDUs (application
  protocol data units)
• an APDU contains either a command or a response
  message
• See Fig 2.3 page 18

19
Command APDU structureMandatory header

• Format of a Command APDU (see Table 2.1)
• CLA (class of instruction) identify a category
  of command and response APDUs.
• INS (instruction code) specify the instruction
  of the command.
• P1 and P2 (parameters 1 and 2) used to provide
  further qualification to the instruction.

20
Command APDU structureOptional body

• Format of a Command APDU (see Table 2.1)
• Lc specify the length of the data field
• data field contains data that are sent to the
  card for executing the instruction specified in
  the APDU header
• Le specify the number of bytes expected by the
  host in the card's response

21
Response APDU structureOptional body

• Format of Response APDU (see Table 2.2)
• Contain data field whose length is determined by
  the Le field in the corresponding command APDU

22
Response APDU structureMandatory Trailer

• Format of Response APDU (see Table 2.2)
• SW1 SW2 together called the status word,
  denoting the processing state in the card after
  executing the command APDU.
• For example status word 0x9000 means that a
  command was executed successfully and completely

23
Command and response APDU cases

• There are 4 cases (see Fig 2.4 in pp 20)
• Case 1 host (command only) ltgt smart
  card(Status word)
• Case 2 host (command only) ltgt smart
  card(dataStatus word)
• Case 3 host (command data) ltgt smart
  card(Status word)
• Case 4 host (command data) ltgt smart
  card(data Status word)

24
TPDU

• APDUs are transmitted by the next-level protocol
  (i.e. transport protocol), defined by ISO 7816-3.
• The data structures exchanged by a host and a
  card using transport protocol are called
  Transmission Protocol Data Units (TPDUs).
• Two transport protocols in primary use
• T0 protocol byte oriented
• T1 protocol block oriented

25
Answer To Reset (ATR)

• Immediately after a smart card is powered up, it
  sends out an answer to reset (ATR) message to the
  host
• ATR message contains the parameters required by
  the card for establishing a data communication
  pathway.
• Transmission parameters
• Transport protocol supported (T0 or T1)
• Data transmission rate
• Card hardware parameters
• Chip serial number and mask version number
• ATR is up to 33 bytes

26
Smart Card Operating Systems

• Smart card operating systems (SCOS) have little
  resemblance to desktop OS.
• SCOS supports a collection of instructions on
  which user applications can be built.
• ISO 7816-4 standardizes a wide range of
  instructions in the format of APDUs.
• Most SMOS supports File Systems

27
Smart Card File System

• Smart card file system defined in ISO7816-4 can
  have a hierarchical file system structure (see
  Fig 2.5 in pp 21)
• ISO7816-4 file system supports three types of
  files
• master file (MF)
• dedicated file (DF) and
• elementary file (EF)

28
Smart Card File System

• master file (MF)
• the root of the file system.
• can contain DF EF
• There is only one MF in a smart card
• dedicated file (DF)
• is a smart card directory file that holds
  other DF EF
• a MF is a special type of DF
• elementary file (EF)
• is a data file can't contain other files.

29
Smart Card Systems

• Smart card systems are distributed systems that
  consist of two parts
• Host system residing in the computer connected
  to the reader
• Card system inside a smart card
• Most smart card software, including system
  software and user application software, runs on
  host side

30
Smart Card Systems

• System software on host system
• recognizes a specific smart card and handles
  communication between the user and the card
• provides supports to the smart cards
• Card management
• Security
• Key management

31
Smart Card Systems

• User applications on host systems implement
  functions that work with a specific card
• A simple user application handle a set of APDUs
  exchanged with the card
• ATM application provide user authentication,
  transaction processing, and a friendly user
  interface for easy access.

32
Smart Card Systems

• User applications on host systems implement
  functions that work with a specific card
• A simple user application handle a set of APDUs
  exchanged with the card
• ATM application provide user authentication,
  transaction processing, and a friendly user
  interface for easy access.
• Host software is usually written in high-level
  languages such as Java, C, and C

33
Smart Card Systems

• Card software is the software that run on the
  smart card itself
• Card software also includes
• System software
• OS and utilities that control memory management,
  handle I/O communication with the host, ensure
  data integrity and security, support ISO file
  system and provide system utilities to the card
  applications
• User application software
• Data and functions

34
Smart Card Systems

• Card software can be implemented either in
  assembly language of the card microprocessor or
  in a high-level programming language that can be
  interpreted by the microprocessor
• Smart card systems involve co-operations between
  providers of the card OS, venders of card
  terminals, application developers (both card side
  and host side) and card issuers
• These parties are often not from the same
  companies
• Java card technology provides a ubiquitous
  platform in which card-side applications can be
  written in java and can run on any smart card
  that supports the Java Card runtime environment

35
Smart card standards and specifications

• ISO 7816 Standards
• GSM(Global System for Mobile Communications)
  defined by
• ETSI (European Telecommunication Standards
  Institute)
• EMV (Europay,MasterCard and Visa)
• OP (Open Platform)
• OCF (OpenCard Framework)