370 likes | 992 Views
Java Card Technology Ch02: Smart card Basics Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung University Smart card Smart cards are often, called chip cards, or integrated circuit(IC) cards.
E N D
Java Card TechnologyCh02: Smart card Basics Instructors: Fu-Chiung Cheng (鄭福炯) Associate Professor Computer Science & Engineering Tatung University
Smart card • Smart cards • are often, called chip cards, or integrated circuit(IC) cards. • are used for data transmission, storage, and processing • do not contain a power supply, a display or a keyboard (Need a CAD) • The physical appearance and properties of a smart card are defined in ISO 7816, part 1 (see Fig 2.1)
Divided into two card type memory cards & microprocessor cards contact cards & contactless cards
Memory cards • hold up 1k to 4k of data • used for prepaid cards for public phones or other goods and services that are sold against prepayment • does not have a cpu so it has limited functions and cannot be reprogramming • also cannot be reused after the value in the card is spent • can be counterfeited relatively easily • Low cost (simple technology)
Microprocessor cards • contain a processor • offer greatly increased security and multifunctional capability • data are never directly available to the external applications • Microprocessor controls data handling and memory access according to passwords, encryptions • very flexible so it can be optimized for one application or can integrate several different applications
Contact cards • must be inserted in a card acceptance device • communicate with the outside world by using serial communication interface
Contactless cards • communicate with the outsize world through an antenna wound into the card • power can be provided by an internal battery or can be collected by the antenna • transmit data to a card acceptance device through electromagnetic fields
Contactless cards • Advantages: • No contacts to become worm from excessive use • Cards do no need to be carefully inserted into a CAD • Cards do not have to be a standard thickness to fit in a CAD slot • Disadvantages: • Expensive • Transmitted data may be intercepted
Smart card hardware • Smart card contact points: (see Fig 2.2 on P.15) • Vcc: supply power. • RST: sending the signal to reset the microprocessor (it is called a warm reset and a cold reset is done by switching the power supply off and on again) • CLK: • Smart cards do not posses internal clock • CLK point supplies the external clock signal from which the internal clock is derived
Smart card hardware • Smart card contact points: (see Fig 2.2 on P.15) • GND: • is used as a reference voltage; • its value is considered to be zero volts • Vpp: optional, only used in older cards. (for EEPROM) • I/O: transfer data and commands between the smart card and the outside world in half-duplex mode. (half duplex means that commands or data can be transmitted in only one direction at any particular time) • RFU: reserved for future use.
Smart card central Processing unit • CPU in most current card chips is an 8-bit micro-controller, • usually using the Motorola 6805 or Intel 8051 instruction set. • Low end: up to 5MHz • High end: up to 40MHz (5MHz x 2,4,8) • Newer smart card chips • have a 16-bit or 32 bit micro-controller and • use reduced instruction set (RISC) architecture • 16-bit or 32-bit smart cards will likely become more common.
Smart card Coprocessors • Smart card chips for security applications have built-in crytographic coprocessor • The crytographic coprocessor is a special IC for expediting calculations • Modular arithmetic • Large integer operations • ex RSA algorithm • Affects cost of the chips
Smart Card Memory System • ROM,RAM,EEPROM are the most widely used memories.
ROM(read-only memory) • is used for storing the fixed program of the card (e.g. operating system, permanent data) • no power is needed to hold data in this kind of memory but also can't be written to after the card is manufactured • can be accessed an unlimited number of times
EEPROM(electrical erasable programmable read-only memory) • can preserve data content when power is turned off • equivalent of the hard disk on a PC • reading from EEPROM is as fast as reading from RAM, but writing to EEPROM is 1000 times slower than writing to RAM • reliably accept at least 100,000 write cycles • retain data for 10 years.
RAM(random access memory) • is non-persistent memory • is used as temporary working space for storing and modifying data. • the information content is not preserved when power is removed. • can be accessed an unlimited number of times
flash memory • a kind of persistent mutable memory (like EEPROM) • more efficient in power and space than EEPROM • can be read bit by bit but can be updated only as a block • is typically used for storing additional programs or large chunks of data that are updated as wholes.
Smart Card Communication Model • the communication pathway between the card and the host is half-duplexed; (that is, the data can either be sent from the host to the card or from the card to the host but not both at the same time.) • smart card speak to other computer by using their own data packets-called APDUs (application protocol data units) • an APDU contains either a command or a response message • See Fig 2.3 page 18
Command APDU structureMandatory header • Format of a Command APDU (see Table 2.1) • CLA (class of instruction): identify a category of command and response APDUs. • INS (instruction code): specify the instruction of the command. • P1 and P2 (parameters 1 and 2): used to provide further qualification to the instruction.
Command APDU structureOptional body • Format of a Command APDU (see Table 2.1) • Lc: specify the length of the data field • data field: contains data that are sent to the card for executing the instruction specified in the APDU header • Le: specify the number of bytes expected by the host in the card's response
Response APDU structureOptional body • Format of Response APDU (see Table 2.2) • Contain data field whose length is determined by the Le field in the corresponding command APDU
Response APDU structureMandatory Trailer • Format of Response APDU (see Table 2.2) • SW1 & SW2: together called the status word, denoting the processing state in the card after executing the command APDU. • For example: status word 0x9000 means that a command was executed successfully and completely
Command and response APDU cases • There are 4 cases (see Fig 2.4 in pp 20) • Case 1: host (command only) <==> smart card(Status word) • Case 2: host (command only) <==> smart card(data+Status word) • Case 3: host (command + data) <==> smart card(Status word) • Case 4: host (command + data) <==> smart card(data + Status word)
TPDU • APDUs are transmitted by the next-level protocol (i.e. transport protocol), defined by ISO 7816-3. • The data structures exchanged by a host and a card using transport protocol are called Transmission Protocol Data Units (TPDUs). • Two transport protocols in primary use • T=0 protocol: byte oriented • T=1 protocol: block oriented
Answer To Reset (ATR) • Immediately after a smart card is powered up, it sends out an answer to reset (ATR) message to the host • ATR message contains the parameters required by the card for establishing a data communication pathway. • Transmission parameters • Transport protocol supported (T=0 or T=1) • Data transmission rate • Card hardware parameters • Chip serial number and mask version number • ATR is up to 33 bytes
Smart Card Operating Systems • Smart card operating systems (SCOS) have little resemblance to desktop OS. • SCOS supports a collection of instructions on which user applications can be built. • ISO 7816-4 standardizes a wide range of instructions in the format of APDUs. • Most SMOS supports File Systems
Smart Card File System • Smart card file system defined in ISO7816-4 can have a hierarchical file system structure (see Fig 2.5 in pp 21) • ISO7816-4 file system supports three types of files: • master file (MF) • dedicated file (DF) and • elementary file (EF)
Smart Card File System • master file (MF) • the root of the file system. • can contain DF & EF • There is only one MF in a smart card • dedicated file (DF) • is a smart card directory file that holds other DF & EF • a MF is a special type of DF • elementary file (EF) • is a data file; can't contain other files.
Smart Card Systems • Smart card systems are distributed systems that consist of two parts: • Host system: residing in the computer connected to the reader • Card system: inside a smart card • Most smart card software, including system software and user application software, runs on host side
Smart Card Systems • System software on host system • recognizes a specific smart card and handles communication between the user and the card • provides supports to the smart card’s • Card management • Security • Key management
Smart Card Systems • User applications on host systems implement functions that work with a specific card • A simple user application: handle a set of APDUs exchanged with the card • ATM application: provide user authentication, transaction processing, and a friendly user interface for easy access.
Smart Card Systems • User applications on host systems implement functions that work with a specific card • A simple user application: handle a set of APDUs exchanged with the card • ATM application: provide user authentication, transaction processing, and a friendly user interface for easy access. • Host software is usually written in high-level languages such as Java, C, and C++
Smart Card Systems • Card software is the software that run on the smart card itself • Card software also includes • System software • OS and utilities that control memory management, handle I/O communication with the host, ensure data integrity and security, support ISO file system and provide system utilities to the card applications • User application software: • Data and functions
Smart Card Systems • Card software can be implemented either in assembly language of the card microprocessor or in a high-level programming language that can be interpreted by the microprocessor • Smart card systems involve co-operations between providers of the card OS, venders of card terminals, application developers (both card side and host side) and card issuers • These parties are often not from the same companies • Java card technology provides a ubiquitous platform in which card-side applications can be written in java and can run on any smart card that supports the Java Card runtime environment
Smart card standards and specifications • ISO 7816 Standards • GSM(Global System for Mobile Communications) defined by • ETSI (European Telecommunication Standards Institute) • EMV (Europay,MasterCard and Visa) • OP (Open Platform) • OCF (OpenCard Framework)