Smart Card - Introduction To Smart Card Technology

Contents
Preface................................................................................................................3
1.Introduction....................................................................................................5 2.SmartCardBasic..........................................................................................9
2.1Whatissmartcard........................................................................................9 2.2Historyofsmartcarddevelopment...........................................................10 2.3Differenttypesofsmartcards...................................................................11 2.3.1MemoryCards.....................................................................................11 2.3.2ContactCPUCards.............................................................................11 2.3.3ContactlessCards...............................................................................12 2.3.4CombiCard.........................................................................................13 2.4Differentstandardsofsmartcards............................................................13
3.CurrentSmartCardApplications.................................................................16
3.1ElectronicpaymentApplications...............................................................16 3.1.1ElectronicPurse...................................................................................16 3.1.2StoredValueCards.............................................................................17 3.2SecurityandAuthenticationApplications................................................17 3.2.1Cryptographicuses..............................................................................18 3.2.2Identitycard.........................................................................................19 3.2.3Accesscontrolcard.............................................................................19 3.2.4Digitalcertificate..................................................................................20 3.2.5Computerlogin....................................................................................20 3.3Transportationuses....................................................................................21 3.4TelecommunicationApplications..............................................................22 3.5HealthCareApplications.............................................................................22
4.TechnologyAspectsofSmartCard.............................................................25
4.1OverviewofISO7816Standards.............................................................25 4.2CommunicationProtocolbetweenTerminalandSmartCards...............26 4.3OverviewofFileSystems..........................................................................31 4.4OverviewofNamingScheme.....................................................................32 4.5OverviewoftheSecurityArchitecture......................................................32 4.6AnExampleofSmartCardApplication:SmartFlowInternetPayment
3.6LoyaltyApplications...................................................................................23
5.JavaCardProgramming..............................................................................38 6.Buildingyourownsmartcardapplication....................................................43
6.1Planthesmartcardsolution......................................................................43 6.2Understandtheneedofsmartcard...........................................................46
System...............................................................................................................33
GuidetoSmartCardTechnology
Page1
6.3Managingdatastorageonthecard...........................................................47 6.4Determinetherequiredbackendsupport................................................54 6.5Choosingcardsideandhostsideenvironment......................................56
7.Futuretrendofsmartcard...........................................................................63
6.6MiscellaneousTools...................................................................................58
7.1UnificationofsmartcardhostsidestandardsonPC..............................64 7.1.1PersonalComputer/SmartCardstandard(PC/SC)..............................64 7.1.2AlternativestandardofsmartcardinPCandMinicomputer(OpenCard Framework).................................................................................................71 7.2Trendsinsmartcardcardsidestandards................................................74 7.2.1Javainside...........................................................................................75 7.2.2MondexMULTOSOS..........................................................................77 7.2.3MicrosoftWindowsinSmartcard.........................................................79 7.2.4CardOSfuture.....................................................................................81 7.3Smartcardinelectroniccommerce..........................................................82 7.3.1SmartCardPaymentProtocol.............................................................83 7.3.2Smartcardasprepaidandloyaltycard................................................84 7.3.3Smartcardaselectronicwallet............................................................85 7.3.4ElectronicPaymentoverMobileTelecommunications.........................85 7.4SmartcardinInternetsecurity..................................................................86 7.4.1SmartcardasDigitalID.......................................................................87 7.4.2SmartcardasComputeraccesslogonkey.........................................89 7.4.3SmartcardinIntrusiondetectionSystemasuserprofileholder..........92 7.4.4Biometricauthentication.......................................................................94
8.SummariesandConclusions.......................................................................95 Glossary........................................................................................................100 References....................................................................................................111 Appendix.......................................................................................................119

A.PriceComparisonofdifferentcardsandreaders...................................119 B.Resources.................................................................................................123 CollectionsofSmartCardBooks...............................................................123 CollectionsofGeneralSmartCardInternetResources.............................123 CollectionsofJavaCardTechnologyonInternet......................................124 CollectionsofSmartCardSecurityTechnologyonInternet.......................125 CollectionsofSmartCardPaymentTechnologyonInternet.....................125 CollectionsofSmartCardVendors............................................................126
Page2
Preface
Thishandbookaimstoprovideacomprehensiveoverviewofthecurrentstateof the art in smart card software technology development, applications, and future trends.TheinformationwouldbeusefultoITmanagersandexecutiveswishingto explorethepossibilityofdevelopingsmartcardapplications. Thehandbookconsistsofthreesections.Thebasicconceptsofsmartcardsand current applications are presented in the first section in layman's language. The secondsectiongetsintosomeofthetechnicalaspectsofsmartcardinternals,and offerssuggestionsonsmartcarddevelopmentproceduresaswellasgeneralideas in programming smart cards, including the new Java Card. This section is for programmersandITmanagerswhowouldliketogobeyondthebasicconceptsand getanideaonwhat ittakestodevelopsmartcardapplications.Finally,thethird sectionpresentsourviewsonfuturetrendsinsmartcarddevelopmentframework, standards and possible applications. A list of useful reference materials is also included. ThegrowthofsmartcardadoptioninAsiaisincreasingrapidlyandwebelieve thistechnologywillbeanimportantoneinthenearfuture.TheCyberspaceCenteris working to develop the security, biometric identification, micropayment and other aspects of smart card technology for use over the Internet. The handbook summarizessomeofourexperienceinthiswork. Many people have contributed to the handbook, especially Ricci Ieong, Andy Fung,IvanLeung,PatrickHung,JamesPangandRonaldChan.Ricci,Ivan,Andy andPatrickinparticular,wrotepartsofthehandbook. This document can be accessed online from the Cyberspace Center's home page http://www.cyber.ust.hk. Some chapters are actually better viewed online sincetheyprovideURLsdirectlytosourcesofadditionalinformation. Finally,IwouldliketoacknowledgetheIndustryDepartmentoftheHongKong SAR for funding the Cyberspace Center. Our objective is to help Hong Kong industriesmakemoreeffectiveuseoftheInternettoenhancetheircompetitiveness
Page3
intheworldmarkets.Thisandourotherhandbooksarepartoftheeffortinattaining thisgoal.Pleasevisitourwebsitetolearnaboutsomeofourotheractivities.
SamuelChanson Director CyberspaceCenter
Page4
1. INTRODUCTION
Smartcardtechnologyhasbeenaroundformorethan20years.Sinceitsfirst introductionintothemarket,itsmainapplicationisforthepayphonesystem.Ascard manufacturingcostdecreases,smartcardusagehasexpanded.ItsuseinAsiais expectedtobegrowingatamuchfasterpacethaninEurope.Accordingtoasurvey performedbyOvumLtd.[Microsoft1998a],thenumberofsmartcardunitswillreach 2.7billionby 2003.Thelargestmarketswillbeinprepaymentapplications,followed byaccesscontrol,andelectroniccashapplications.Accordingtoarecentstudyby Dataquest [Microsoft1998c], the overall market for memory and microprocessor basedcardswillgrowfrom544millionunitsin1995to3.4billionunitsby 2001. Of thatfigure,microprocessorbasedsmartcards,whichaccountedforonly84million unitsin1995willgrowto1.2billionunitsin2001. BasedonthereportfromHongKongSARGovernmentIndustryDepartmenton theDevelopmentandManufacturingTechnologyofSmartCard[HKSAR1997],Hong Kong industries have the capability and should participate in development and manufacturing of smart card IC chips, readers and card operating systems. To promotethis,HongKongSARgovernmenthasdecidedtoformaHongKongSmart CardForum.UnderthisactiveparticipationandencouragementfromtheHongKong SARGovernment,smartcarddevelopmentandsupportwillexpandinHongKong. Although theOctopus cardis relatively new toHongKong, smartcards have alreadybeenintroducedinHongKongforatleasttwoyears.TheseincludeMondex byHongKongbankandGSMcardsinthemobilephonemarket.However,using this powerful and highly secure card on Personal computer (PC) as well as the Internetisstillnotcommon.Manyinternationalcompanieshaveidentifiedthesmart cardasoneofthenewdirectionsinelectronicmoneyandpersonalidentificationand authenticationtools. In May 1996, several companies including Microsoft, HewlettPacket and SchlumbergerformedaPC/SCworkgroupwhichaimedatintegratingthesmartcard withpersonalcomputer(PC).Thisworkgroupmainlyconcentratesonproducinga
GuidetoSmartCardTechnology Page5
commonsmartcardandPCinterfacestandardsforthesmartcardandPCsoftware producers. Many of the interface standards and hierarchy have already been established.Someoftheseprototypeproductsarenowavailableonthemarket. Moreover,NetscapeandMicrosofthavealsoannouncedthatthesmartcardwill betheirnewdirectionincomputersecurityandelectroniccommercearea.Microsoft hasevenpublishedsomedocumentsonitsroleinthesmartcardmarket.Althoughit willnotbeasmartcardmanufacturingcompany,ithasindicatedthatthesmartcard willbeakeycomponentinMicrosoftWindows98andWindowsNT5.0.Together with the latest smart card operating system announcement [Microsoft1998a], Microsoft will be actively involved in the smart card market. Furthermore, programming modules for smart cards using Visual C++, Visual J++ and Visual Basichavealsobeendeveloped. TheCyberspaceCenterbelievessmartcardtechnologywillplayamajorrolein Internet applications in the future. Therefore, we decided to start evaluating the availableSmartcarddevelopmenttoolsandstudytheuseofSmartcardinInternet securityandelectroniccommerce.Withfirsthandinformationandexperience, we willbeabletoprovideadviceandassistancetotheHongKongIndustry. Thesmartcardisexpectedtobeusedinmanyapplicationsandespeciallyin personal security related applications such as access control, computer logon, secureemailsendingandretrievingservices. The reason for this growth lies in the smart cards portability and security characteristics. In addition, as the recent growth of palmtop computers shows, peoplearelookingforsmallerandsmallerdevicesforcarryingtheirdatawiththem. Smartcardprovidesagoodsolutionformanyapplications. Applicationsarethedrivingforcebehindthenewsmartcardmarket.Manyof these applications have already been implemented, such as prepayment for services, credit and debit card, loyalty card, and access control card. The most commonlyknownexampleistheprepaymentservicescards,namely,prepaidphone cards,transportationcardsandparkingcards.Basedontheepursecard,people couldperformbanktransactionfromATMmachinesathomeorinthebank.Withthe use of loyalty cards, companies could store discount information and shopping preferencesoftheircustomers.Usingtheseshoppingpreferences,companiescould
Page6
designnewstrategiesfortheusers.Accesscontrolsystemstobuildings,computers orothersecureareaswillsoonbehandledbyasinglesmartcard. Inthishandbook,weshallbrieflydescribewhatsmartcardisandhowitcanbe usedindifferentapplications.Theaimofthishandbookistoprovideabusinessand executiveoverviewtocompaniesthatwishtojointhesmartcardera.Thishandbook isdividedinto8chaptersclassifiedinto3sectionsSmartcardOverview,Smart cardinDetails,andSmartcardintheFuture. Inthefirstsection,basicconceptsofsmartcardswillbedescribed.Inchapter2, wereviewthehistoryofsmartcards.Thenweoutlinethedifferenttypesofsmart cards and their standards. Current applications and uses of smart cards are mentionedinchapter3. In the second section, technical aspects of smart card internals as well as programming tips are briefly described in chapter 4. Because programming and designmethodologyfortheJavacardisdifferentfromtraditionalcardprogramming, in chapter 5, we describe the basics in Java Card programming. In chapter 6, proceduresofsmartcarddevelopmentaregiven. In the last section of this handbook, the future of smart card development is presented.Differentideasonfuturesmartcardapplicationsareusedinformulatinga forecastinchapter7. Lastly,weconcludethehandbookwithasummaryofdifferentresearch,survey andreportsonsmartcards.Referencesandglossariesareprovidedattheendof thishandbook. Wehopethatbasedonourhandbook,companyexecutives,technicalmanagers andsoftwaredeveloperswouldgainknowledgeandinsightintotheemergingsmart cardtechnologyandapplications.
Page7
PartI.Smartcard Overview
Page8
2.SMARTCARDBASIC
Asmartcardisaplasticcardwithamicroprocessorchipembeddedinit.The cardlookslikeanormalcreditcardexceptforitsmetalcontact(incontactcardonly), butapplicationsperformedcouldbetotallydifferent.Otherthannormalcreditcard and bankcard functions, a smart card could act as an electronic wallet where electroniccashiskept.Withtheappropriatesoftware,itcouldalsobeusedasa secure access control token ranging from door access control to computer authentication. Thetermsmartcardhasdifferentmeaningsindifferentbooks[Guthery1998, Rankl1997]becausesmartcardshavebeenusedindifferentapplications.Inthis chapter,weprovideourdefinitionofsmartcardtoputthesubsequentchaptersin context.Wealsodescribethedevelopmenthistoryofsmartcardsanddepictthe types of card available on market. Finally, descriptions on different smart card standards,suchasISOandEMVaregivenattheendofthischapter.
2.1 Whatissmartcard
InthearticleSmartcards:Aprimer[DiGiorgio1997a],thesmartcardisdefined asacreditcardwithabrainonit,thebrainbeingasmallembeddedcomputer chip. Because of this embedded brain, smart card is also known as chip or integratedcircuit (IC)card.Sometypesofsmartcardmayhaveamicroprocessor embedded,whileothersmayonlyhaveanonvolatilememorycontentincluded.In general,aplasticcardwithachipembeddedinsidecanbeconsideredasasmart card. Ineithertypeofsmartcard,thestoragecapacityofitsmemorycontentismuch largerthanthatinmagneticstripecards.Thetotalstoragecapacityofamagnetic stripecardis125byteswhilethetypicalstoragecapacityofasmartcardranges from1Kbytesto64Kbytes.Inotherwords,thememorycontentofalargecapacity smartcardcanholdthedatacontentofmorethan500magneticstripecards. Obviously,largestoragecapacityisoneoftheadvantagesinusingsmartcard, but thesinglemost important feature ofsmart cardconsists of thefactthat their
Page9
storeddatacanbeprotectedagainstunauthorizedaccessandtampering.Insidea smart card, access to the memory content is controlled by a secure logic circuit within the chip. As access to data can only be performed via a serial interface supervisedbytheoperatingsystemandthesecurelogicsystem,confidentialdata writtenontothecardispreventedfromunauthorizedexternalaccess.Thissecret datacanonlybeprocessedinternallybythemicroprocessor. Duetothehighsecuritylevelofsmartcardsanditsofflinenature,itisextremely difficultto"hack"thevalueoffacard,orotherwiseputunauthorizedinformationon thecard.Becauseitishardtogetthedatawithoutauthorization,andbecauseitfits inonespocket,asmartcardisuniquelyappropriateforsecureandconvenientdata storage. Without permission of the card holder, data could not be captured or modified.Therefore,smartcardcouldfurtherenhancethedataprivacyofuser. Therefore, smart card is not only a data store, but also a programmable, portable, tamperresistant memory storage. Microsoft considers smart card as an extension of a personal computer and the key component of the publickey infrastructureinMicrosoftWindows98and2000(previousknownasWindowsNT 5.0)[Microsoft1997a].
2.2 Historyofsmartcarddevelopment
A card embedded with a microprocessor was first invented by 2 German engineersin1967.ItwasnotpublicizeduntilRolandMoreno,aFrenchjournalist, announcedtheSmartCardpatentinFrancein1974[Rankl1997].Withtheadvances inmicroprocessormanufacturingtechnology,thedevelopmentcostofthesmartcard has been greatly reduced. In 1984, a breakthrough was achieved when French PostalandTelecommunicationsservices(PTT)successfullycarriedoutafieldtrial withtelephonecards.Sincethen,smartcardsarenolongertiedtothetraditional bankcardmarketeventhoughthephonecardmarketisstillthelargestmarketof smartcardsin1997. Due to the establishment of the ISO7816 specification in 1987 (a worldwide smart card interface standard), the smart card format is now standardized. Nowadays, smart cards from different vendors could communicate with the host machineusingacommonsetoflanguage.
Page1 0
2.3 Differenttypesofsmartcards
According to the definitions of smart card in the Smart card technology frequentlyaskedquestionslist[Priisalu1995],thewordsmartcardhasthreedifferent meanings: ICcardwithISO7816interface ProcessorICcard PersonalidentitytokencontainingICs
Basically,basedontheirphysicalcharacteristics,ICcardscanbecategorized into4maintypes,memorycard,contactCPUcard,contactlesscardandcombicard.
2.3.1 MemoryCards
Amemorycardisacardwithonlymemoryandaccesslogiconboard.Similarto themagneticstripecard,amemorycardcanonlybeusedfordatastorage.Nodata processingcapabilityshouldbeexpected.WithouttheonboardCPU,memorycards use a synchronous communication mechanism between the reader and the card where the communication channel is always under the direct control of the card reader.Datastoredonthecardcanberetrievedwithanappropriatecommandtothe card. In traditional memory cards, no security control logic is included. Therefore, unauthorizedaccesstothememory content onthecardcouldnotbeprevented. Whileincurrentmemorycards,withthesecuritycontrollogicprogrammedonthe card,accesstotheprotectionzoneisrestrictedtouserswiththeproperpassword only.
2.3.2 ContactCPUCards
A more sophisticated version of smart card is the contact CPU card. A microprocessorisembeddedinthecard.Withthisrealbrain,programstoredinside the chip can be executed. Inside the same chip, there are four other functional blocks: the maskROM, Nonvolatile memory, RAM and I/O port [HKSAR1997, Rankl1997]. Except for the microprocessor unit, a memory card contains almost all componentsthatareincludedinacontactCPUcard.BothofthemconsistofNon
Page1 1
volatilememory,RAM,ROMandI/Ounit.BasedonISO7816specifications,the external appearance of these contact smart cards is exactly the same. The only differenceistheexistenceoftheCPUandtheuseofROM.IntheCPUcard,ROMis maskedwiththechipsoperatingsystemwhichexecutesthecommandsissuedby theterminal,andreturnsthecorrespondingresults.Dataandapplicationprogram codes are stored in the nonvolatile memory, usually EEPROM, which could be modifiedafterthecardmanufacturingstage. OneofthemainfeaturesofaCPUcardissecurity.Infact,contactCPUcardhas beenmainlyadoptedforsecuredatatransaction.Ifausercouldnotsuccessfully authenticatehim/herselftotheCPU,datakeptonthecardcouldnotberetrieved. Therefore,evenwhenasmartcardislost,thedatastoredinsidethecardwillnotbe exposed if the data is properly stored [Rankl1997]. Also, as a secure portable computer, a CPU card can process any internal data securely and outputs the calculatedresulttotheterminal.
2.3.3 ContactlessCards
EventhoughcontactCPUsmartcardismoresecurethanmemorycard,itmay notbesuitableforallkindsofapplications,especiallywheremassivetransactions areinvolved,suchastransportationuses.Becauseinpublictransportuses,personal datamustbecapturedbythereaderwithinashortperiodoftime,contactsmartcard which requires the user to insert the card to the reader before the data can be captured from the card would not be a suitable choice. With the use of radio frequency, the contactless smart card can transmit user data from a fairly long distancewithinashortactivationperiod.Thecardholderwouldnothavetoinsertthe card into the reader. The whole transaction process could be performed without removingthecardfromtheuserswallet. Contactlesssmartcardsuseatechnologythatenablescardreaderstoprovide powerfortransactionsandcommunicationswithoutmakingphysicalcontactwiththe cards.Usuallyelectromagneticsignalisusedforcommunicationbetweenthecard andthereader.Thepowernecessarytorunthechiponthecardcouldeitherbe supplied by the battery embedded in the card or transmitted at microwave frequenciesfromthereaderontothecard.
Page1 2
Contactless card ishighly suitable for large quantity of card access and data transaction.However,contactlesssmartcardhasnotbeenstandardized.Thereare about16differentcontactlesscardtechnologiesandcardtypesinthemarket[ADE]. Eachofthesecardshasitsspecificadvantages,buttheymaynotbecompatiblewith eachother.Nevertheless,becauseofitshighproductioncostandthetechnologyis relativelynew,thistypeofcardshasnotbeenwidelyadopted.
2.3.4 CombiCard
Atthecurrentstage,contactandcontactlesssmartcardsareusingtwodifferent communication protocols and development processes. Both cards have their advantagesanddisadvantages.Contactsmartcardshavehigherlevelofsecurity and readilyavailable infrastructure, while contactless smart cards provide amore efficientandconvenienttransactionenvironment.Inordertoprovidecustomerswith the advantages of these two cards, two methods could be employed. The first methodistobuildahybridcardreader,whichcouldunderstandtheprotocolsofboth typesofcards.Thesecondmethodistocreateacardthatcombinesthecontact functions with the contactless functions. Because the manufacturing cost of the hybridreaderisveryexpensive,thelatersolutionisusuallychosen. Sometimes, the term combi card is being misused by manufacturers. In general,therearetwotypesofcombinecontactcontactlesssmartcards,namelythe hybrid card and the combi card. Both cards have contact and contactless parts embeddedtogetherintheplasticcard.However,inthehybridcard,thecontactIC chip and contactless chip are separate modules. No electrical connections have beenincludedforcommunicationsbetweenthetwochips.Thesetwomodulescan be considered as separate but coexisting chips on the same card. While in the combi card, the contact and contactless chips could communicate between themselves, thus giving the combi card the capability to talk with external environmentviaeitherthecontactorcontactlessmethod. As the combi card possess the advantages of both contact and contactless cards,theonlyreasonthatishinderingitsacceptanceiscost.Whenthecostand technicalobstaclesareovercome,combicardswillbecomeapopularsmartcard solution.
2.4 Differentstandardsofsmartcards
GuidetoSmartCardTechnology Page1 3
Throughoutthehistoryofsmartcarddevelopment,variousstandardshavebeen establishedforresolvingtheinteroperabilityproblem.Theveryfirststandardisthe ISO 7816 smart card standard published by the International Organization for Standardization (ISO) in 1987. Before this, card vendors and manufacturers developed their own proprietary cards and readers which could not interoperate. WiththeISOstandard,smartcards couldcommunicateusingthesameprotocol. Thephysicalappearanceanddimensionsofacardisalsofixed.Themeaningand location of the contacts, the protocols and contents of the high and low level messagesexchangedwiththeICcardareallstandardized.Thisensuresthatcard manufacturedandissuedbyonecompanycanbeacceptedbyadevicefromother companies. Because this specification is important to card programming development,detailsofthisstandardisgiveninChapter4,TechnicalAspectsof smartcard,ofthishandbook. Twootherimportantstandardsinthisareaare EMV (Europay,Mastercardand Visa)andGSM(GlobalStandardforMobileCommunications).EMVstandardisfor debit/credit cards where major international financial institutions Visa, Mastercard and Europay are involved. It started in 1993 and was finalized in 1996 [HKSAR1997].Thisstandardcoverstheelectromechanical,protocol,dataelements andinstructionpartstogetherwiththetransactions involvingbankmicroprocessor smartcards.ThegoaloftheEMVspecificationisforpaymentsystemstosharea commonPointofSales(POS)Terminal,astheydoformagneticstripeapplications. Because themagnetic stripebased banking card would soon bereplaced by the smartcard,thisstandardhastobeestablishedtoensurethatthenewsmartcard basedbankingcardwouldbecompatiblewiththebanktransactionsystem.Based onthisspecification,allbankrelatedsmartcardsolutionswouldbecompatiblewith one another as well as the previous magnetic stripe card solution. Terminal manufacturerscoulddevelopandmodifytheirownsetsofAPIinEMVstandardfor their terminals, so these terminals could be used in different payment systems. Credit, debit, electronic purse and loyalty functions could be processed on these EMVcompliantterminals.WiththeflexibilityprovidedbytheEMVstandard,banks areallowed toadd their ownoptions and special requirements inthe smartcard paymentsystem. TheGSMstandardisoneofthemostimportantsmartcardanddigitalmobile telecommunication standards. GSM specification started in 1982 under CEPT
Page1 4
(Conference Europeenne des Postes et Telecommunications) and was later continuedbyETSI(EuropeanTelecommunicationsStandardsInstitute).Originally, thisspecificationisdesignatedforthemobilephonenetwork.However,whenthe smart card is used in the mobile phone system as the Subscriber Identification Module(SIM),partsoftheGSMspecificationbecomesasmartcardstandard.This partoftheGSMspecificationstartedinJanuary1988bytheSubscriberIdentification ModuleExpertGroup(SIMEG). WithinaGSMnetwork,allGSMsubscriberswouldbeissuedaSIMcardwhich canbeviewedasthesubscriberskeyintothenetwork.ThesizeofaSIMcardis fixedtobeeitherthenormalcreditcardorminicardsize.Becausethiscardisused forhandlingtheGSMnetworkfunctions,aratherhighperformancemicrocontroller(a 16bitmicroprocessor)isusedandtheEEPROMmemoryisdedicatedforstoringthe applicationdata,includingthenetworkparametersandsubscriberdata. TheGSMspecificationisdividedintotwosections.Thefirstsectiondescribes the general functional characteristics, while the second section deals with the interfacedescriptionandlogicalstructuresofaSIMcard.Detailsofthisspecification aregivenin[Scourias]. Before the smart card could be widely adopted by the market, one or more standardized card development environment is needed. Currently, four significant smartcardstandardshavebeenrecentlyestablishedinthesmartcardindustry,they are PC/SC, OpenCard Framework, JavaCard and MULTOS and all of them are compatibletotheISOsmartcardstandard.Detailsofthesespecificationsarebriefly mentionedinchapters5and7ofthishandbookwhileotherspecificationscouldbe foundin[CityU1997].
Page1 5
3.CURRENTSMARTCARD APPLICATIONS
WiththerapidexpansionofInternettechnologyandelectroniccommerce,smart cardsarenowmorewidelyacceptedinthecommercialmarketasstoredvalueand securestoragecards.Moreover,ithasalsobeenwidelyusedasanidentitycard. Forinstance,inCityUniversityofHongKong,theoldstudent/staffcardshavebeen replacedbythehybridcardbasedidentitycards.Thisidentitycardcanbeusedfor normalaccesscontrolaswellaselectronicpayment. ThesmartcardhasalsobeenusedintransportationsuchastheOctopuscard whichhasbeenadoptedbytheMTRCandKCRCtoreplaceoftheoldMagnetic stripecard.Medicalrecordcanalsobestoredinthesmartcard.Thisenablescritical informationofthepatienttoberetrievedwheneveritisrequired.Withthehelpof smart cardtechnology, many secure data suchas thecomputer login nameand password can also be kept, so user need not remember a large number of passwords. In this chapter, we shall briefly describe some current applications of smart cards. These applications can be classified into 6 main categories: Electronic Payment,SecurityandAuthentication,Transportation,Telecommunications,Loyalty ProgramandHealthCareApplications.
3.1 ElectronicpaymentApplications
3.1.1 ElectronicPurse
TheElectronicPurseisalsoknownaselectroniccash.Fundscanbeloadedonto acardforuseascash.Theelectroniccashcanbeusedforsmallpurchaseswithout necessarily requiring the authorization of a PIN. The card is credited from the cardholdersbankaccountorsomeotherways.Whenitisusedtopurchasegoods or services, electronic value is deducted from the card and transferred to the
Page1 6
retailersaccount.Similartoarealwallet,thecardholdercouldcredithis/hercardat thebankanytimewhenrequired. ElectroniccashtransactionsdonotusuallyrequiretheuseofaPIN.Thisspeeds up the transactions but the electronic cash on the card is then vulnerable like conventionalcash.Theamountsinvolved,fortunately,areusuallysmall,soloseswill notbesignificant.Widespreadadoptionofelectroniccashwillreducethecoststo banksandretailersinhandlinglargequantitiesofcash. Since 1994, there has been significant development of Intersector electronic purseapplicationsinEuropewhichhasbeenextendedtooutsideofEurope.Several globalcardprojectshavebeendevelopedforthispurpose,suchasProtoncardby Banksys,VisaCashbyVisaInternationalandMondexcardbyMastercard[Bull1998]. Thesehaveallbeenadoptedbyshopsfromallovertheworld.
3.1.2 StoredValueCards
Anotheruseofsmartcardsinelectroniccommerceis Electronictoken.Itisan exampleofthestoredvaluecard.Theprincipleisthatsomememoryinthesmart cardissetasidetostoreelectronictokensorelectronictickets.Asmartcardcan storetokensfordifferentservicesandeachofthetokenscanberefilled,depending on the types of the memory card. This allows the cost to be distributed over a numberofservicesandoveramuchlongerlifespan. Forexample,thecardcouldbeusedtopayforgasandinsteadofputtingcoins inaparkingmeter.Consumersloadupthecardfromavendingmachine.Thecard can then be used to operate the meters. One advantage of this system is that collectionsofcoinswouldnolongerbenecessary.Thiswouldreducetheoperation overheadandeliminatetheft.Thiswouldalsobenefittheconsumerastokenscould beboughtandstoredinthecardinadvancesoitisnotnecessarytocarrymany heavycoinsaround.Itisalsopossiblethatthecardcouldmonitorpatternsofuse and return the information to the merchant as well as the consumer, so better shoppingmodelcouldbederived[McCrindle1990].
3.2 SecurityandAuthenticationApplications
Page1 7
3.2.1 Cryptographicuses
Fromthepointofviewofthesupplierandsystemoperator,themainrequirement ofalmostallmachinereadablecardsystemsistoensurethatthecardpresentedis validandthecardholderisindeedthepersonentitledtousethatparticularcard.To verifythecardholdersidentity,usersarerequiredtoentertheirPINcode(personal identificationnumber).ThisPINcodeiskeptinthecardratherthanontheterminals orhostmachines. Identificationandauthenticationprocedurestakeplaceatthecardterminal.One oftheproblemsistoensurethatthecardfurnishessomesortofmachinereadable authenticitycriterion.Thiscanbesolvedbytheuseofencryptedcommunications between the card and terminal. It is well known that encryption can be used to ensuresecrecyofmessagessentandalsotoauthenticatemessages. Inordertoperformtheencryptionprocedure,thecryptographicsmartcardsmust havethefollowingproperties: Thecardsmusthavesufficientcomputationalpowertorunthecryptographic algorithms. Thecryptographicalgorithmsmustbetheoreticallysecure.Thismeansthatit isnotpossibletoderivethesecretkeyfromthecorrespondingtexts. The smart cards must be physically secure. It should not be possible to extractthesecretkeyfromthecardsmemory.
Provided these conditions are met, and with advances in card microcontroller technology,themicroprocessorbasedsmartcardcanbemadetomeettherequired securitylevel[Chaum1989]. Forinstance,VerisignandSchlumbergerhavedevelopedtheuseofCryptoflex smartcardforcarryingaVerisignClass1DigitalID[Verisign9701].Cryptoflexcard isthefirstcryptographicsmartcardintheindustry,whichisdesignedbasedonthe PC/SC specifications. This enables the use of smart card for portable Internet accesswithMicrosoftInternetExplorer3.0atallsitesacceptingVerisignDigitalIDs. InMichiganUniversity,theCyberflexcardhasbeenusedforstoringKerberos keysinasecureloginproject[Michgan9701].
Page1 8
3.2.2 Identitycard
Theidentificationofanindividualisoneofthemostcomplexprocessesinthe fieldofInformationTechnology.Itrequiresboththeindividualtoidentifyhimselfand forthesystemtorecognizetheincomingconnectionisgeneratedbyalegaluser. Thesystemthenacceptsresponsibilityforallowingallsubsequentactions,sagein theknowledgethattheuserhasauthorizationtodowhateverheisaskingofthe system. Ifasmartcardisused,theinformationstoredonthecardcanbeverifiedlocally againstapasswordorPINbeforeconnectionismadetothehost.Thispreventsthe passwordfrombeingeavesdroppedbyperpetratorsontheInternet. Some of the smart cards will have personal data stored on the card. For example,thecardholdersname,IDnumber,anddateofbirth[Devargas1992].
3.2.3 Accesscontrolcard
The most common devices used to control access to private areas where sensitive work is being carried out or where data is held, are keys, badges and magneticcards.Theseallhavethesamebasicdisadvantages:theycaneasilybe duplicatedandwhenstolenorpassedon,theycanallowentrybyanunauthorized person.Thesmartcardovercomestheseweaknessesbybeingverydifficulttobe reproducedandcapableofstoringdigitizedpersonalcharacteristics.Withsuitable verificationequipment,thisdatacanbeusedatthepointofentrytoidentifywhether theuseristheauthorizedcardholder.Thecardcanalsobeindividuallypersonalized toallowaccesstolimitedfacilities,dependingontheholderssecurityclearance.A logoftheholdersmovements,throughasecuritysystem,canbestoredonthecard asasecurityaudittrail[McCrindle1990]. Thecardcouldcontaininformationontheusersprivileges(i.e.accesstosecure areasofthebuilding,automaticvehicleidentificationatentrancestocompanycar parks, etc.) and time restrictions. All information are checked on the card itself. Access to different areas of the building can be distinguished by different PINs. Furthermore it can also track the users movement around the building [Devargas1992].
Page1 9
3.2.4 Digitalcertificate
Themostimportantsecuritymeasuresweencounterinourdailybusinesshave nothingtodowithlocksandguards.Acombinationofasignedmessageandtheuse ofpublickeycryptosystem,socalleddigitalsignature,aretypicallyused. A digitally signed message containing a public key is called a certificate. In additiontoapublickey,acertificatetypicallycontainsaname,address,andother informationdescribingtheholderofthecorrespondingsecretkey.Allofthesecarry thedigitalsignatureofaregistryservicethatrecordspublickeysforallmembersof thecommunity.Tobecomeamemberofthiscommunity,asubscribermustdotwo things: Provide the directory service with a public key and the associated identification information so that other people will be able to verify his/her signature. Obtainthepublickeyofthedirectoryservicesothathe/shecanverifyother peoplessignatures.
Becausecertificatesareextremelytamperresistant,theauthenticityofacertificateis apropertyofthecertificateitself,ratherthanoftheauthenticityofthechannelover whichitwasreceived.Thisimportantpropertyallowscertificatestobeemployedin very much the same way as a passport. The border police expect to see your passportandinmostcasescountonthepassportstamperresistancetoguarantee its authenticity. Because of the fragility of paper credentials, however, there are circumstancesinwhichthisisnotconsideredadequate.Inmakingaclassifiedvisit toamilitaryinstallation,forexample,nobadgeorletterofintroductionbyitselfis sufficient.Priorarrangementsmusthavebeenmadeusingchannelsmaintainedfor the purpose. Because public key certificates are more secure than any paper document, they can be safely authenticated by direct signature checking and no trusteddirectoryisneeded.
3.2.5 Computerlogin
AccesstotheComputerroomanditsservicescanbecontrolledbythesmart card.Intermsofnetworkaccess,smartcardcanauthenticatetheusertothehost.
Page2 0
Furthermore,dependingontheenvironmentbeingprotectedthenetworkaccess cardcanalsoperformthefollowingfunctions: Manipulationofdifferentauthenticationcodesfordifferentlevelsofsecurity. Useofbiometrictechniquesasanaddedsecuritymeasure. Maintaininganaudittrailoffailuresandattemptedviolations.
Meanwhile,intermsofaccesstothecomputerroomitself,PINcheckingcanbe doneonthecardwithouttheneedforhardwiringtheaccess points toacentral computer. Theidentificationofauserisusuallydonebymeansofa(PersonalIdentification Number) PIN.ThePINisverifiedbythemicrocomputer ofthecardwiththePIN storedinitsRAM.Ifthecomparisonisnegative,theCPUwillrefusetowork.The chipalsokeepstackofthenumberofconsecutivewrongPINentries.Ifthisnumber reachesapresetthreshold,thecardblocksitselfagainstanyfurtheruse.
3.3 Transportationuses
Thesmartcardcanactaselectronicmoneyforcardriverswhowouldneedto payafeebeforebeingabletousearoadortunnel.Itwouldthencontainabalance that can be increased at payment stations or in the prepaid process, and is decreasedforeachuse. Ifprivacyisnotanissue(i.e.thedriverdoesnotcareifheisidentifiedasusinga particularstretchofmotorwayataparticularpointintime),thenthecardcouldbe linkedtoabankdebitingsystemasadebitcard.Besides,thecardcouldalsoactas acreditcard. AnotherexampleistheOctopuscard.Thisserviceaimsatreducingtheamount of cash handled by the service provider and also increasing management information. This information wouldbeinvaluable ingivingthecustomer theright serviceattherighttime. Eachindividualwouldpossessareloadablecardthatcouldeitherbepaiddirectly (immediately)orasacreditpaymentbasedsystemwheremonthlysettlementwould berequired.Ifthecardhasapositivebalance,thecardholdercouldusethecardin anyofthetransportservicesbysimplyinsertingthecardintothecardreaderwhich wouldbeeitheronthebusorattheentrancetotheMTRstation.
Page2 1
Ifthetravelchargeisdifferentfordifferentzones,thenthecardwouldneedtobe usedattheentranceofthebusorstationandalsoattheexit.Thisprocesswould thencalculatetheamountowedforacertainjourney[Devargas1992].
3.4 TelecommunicationApplications
Telecommunicationisoneofthelargestmarketsforsmartcardapplications.In 1997,payphonecardsoccupythelargestshareofthesmartcardmarket.Over70% of the smart cards are issued as payphone cards [CardTech1997] and this will continuebethelargestmarketinatleastthenext3years. Since1988,smartcardhasbecomeanessentialcomponentincellularphone systems.Networkdata,subscribersinformationandallmobilenetworkcriticaldata are kept inside the card. With this card, subscribers could make calls from any portable telephone. Moreover, through the IC card, any calls through the mobile phonecouldbeencrypted,andthusensureprivacy.Inthefuture,moreandmore valueaddedservices,suchaselectronicbanking,couldbesupportedbyusingthis microprocessorcard.Examplescanbefoundinchapter7.
3.5 HealthCareApplications
Due to the level of security provided for data storage, IC cards offer a new perspectiveforhealthcareapplications.Medicalapplicationsofsmartcardscanbe used for storing information including personal data, insurance policy, emergency medicalinformation,hospitaladmissiondataandrecentmedicalrecords.Numerous nationalhospitalsinFrance,GermanyandevenHongKonghavealreadystartedto implementthiskindofhealthcarecard. Withthemicrocontrolleronboard,smartcardscouldbeusedformanagingthe levels of information authorized for different users similar to a workflow control system.Doctorswouldbeabletoaccessthemedicalrecordfromthepatientscard, whilechemistscouldmakeuseoftheprescriptioninformationstoredonthecardfor preparingthemedicaltreatment.Emergencydatakeptonthepatientscard,which includesthecardholdersidentity,personstocontactincaseofaccidentandspecial illnessdetails,canbeusedforsavingthepatientslife.Insomecountries,medical insuranceisrequiredforhospitalpayment.Withtheinsurancerecordsstoredinthe patientscard,theadministrativeproceduresaresimplified.
Page2 2
3.6 LoyaltyApplications
Loyaltyprogramisanotherimportantapplicationofsmartcardsintheshopping model.Thepreferredcustomerstatustogetherwithdetailedinformationonshopping habitsisstoredandprocessedonthesmartcard.Withthisinformation,merchants couldderivebettershoppingmodelortailormakepersonalizedcustomershopping profiles. In addition, this shopping habit profile is kept in the customers card; therefore, his/her shopping record could be kept confidential from unauthorized access. Asanextensiontotheloyaltyapplication,storedvaluefunctionscouldbeadded. In current pay television systems, users preferences are kept together with the electronicpaymentscheme.Userswouldnothavetosettheirpreferenceseachtime they use the television system. As this card will also be used as the key to the television,userswouldnotbepermittedtousethetelevisionboxunlesstheyhave paidtheirtelevisionfee.Sosufficientsecurityandconvenienttelevisionusagecould beguaranteed.
Page2 3
PartII.Smartcardin details
Page2 4
4.TECHNOLOGYASPECTSOF SMARTCARD
Fromthetechnicalpoint ofview, smartcardscanbeclassifiedintotwomain types:programmableandnonprogrammable.Asmartcardapplicationprogrammer caneitherputtheapplicationlogicontheterminal,thecard(ifitisaprogrammable card)orboth.Wecanviewthenonprogrammablesmartcardsasexternalstorage, justlikeafloppydisk,withsecurityfeatures. Therefore, wecandesigntostore certainportableinformationonthesmartcardandtheapplicationlogicisallocated ontheterminalside.Ontheotherhand,theprogrammablesmartcard,suchasthe Javacard,allowstheapplicationlogic(intelligence)tobepartiallybuiltonthesmart card.Inthischapter,wearegoingtodescribetheoverviewconceptsofsmartcard programming.
4.1 OverviewofISO7816Standards
ISO7816istheinterfacestandardforsmartcard.Thefollowingsubpartsareof interesttothesmartcardapplicationprogrammer: ISO78161:Physicalcharacteristicsofcards Definesthedimensionsofcardsandthephysicalconstraints. ISO78162:Dimensionsandlocationsofthecontacts Definesthedimensions,locationandroleoftheelectricalcontacts(thepowerVCC, thegroundGND,theclockCLK,theresetRST,theI/OportI/O,theprogramming powerVPPandtwoadditionalreservedcontactsforfutureuse)onthemicrochip. ISO78163:Electronicsignalsandtransmissionprotocols Definesthecharacteristicsoftheelectronicsignalsexchangedbetweenthecardand terminalandtwocommunicationprotocols:T=0(Asynchronoushalfduplexcharacter transmission protocol) and T=1 (Asynchronous half duplex block transmission protocol) ISO78164:Interindustrycommandsforinterchange Definesasetofstandardcommandsandahierarchicalfilesystemstructure.
Page2 5
ISO78165:Numberingsystemandregistrationprocedureforapplication identifiers Definesauniquecardapplicationname. ISO78167:InterindustrycommandsforStructuredCardQueryLanguage (SCQL) Definesasetofcommandstoaccesssmartcardcontentandrelationaldatabase structure. Otherpartsarenotcoveredheresincesmartcardapplicationprogrammersdo notneedtoknowthemandalsosomeofthemarestillunderpreparation.Weshall discussISO78163,ISO78164andISO78165below.
4.2 CommunicationProtocolbetweenTerminal andSmartCards

The communication protocols between the terminal and the smart card are describedinISO78163(TransportProtocol)andISO78164(ApplicationProtocol). Thesetwoprotocolsarebrieflydescribedinthissection. Theterminalinitializesasmartcardbytransmittingasignaltothereset(RST) contactofthecard. Thecardwillresponsebytransmittingastringofbytestothe terminal called the ATR (AnswerToReset). This string of bytes consists of two parts: the protocol bytes provide information about the communication protocols supportedbythecardandthehistoricalbytesprovideinformationaboutthetypeof card.AnexampleisgivenfortheATRofACSACOS1smartcard(whichisatypeof memorycardofAdvancedCardSystemcompany):
ProtocolBytesHistoricalBytes
3BBE1100004101100400120000000000029000(inhexidecimal)
The details of ATR are described in the ISO 78163 standard. We briefly describethefirstthreebytesintheprotocolbyteshere.Thebytes3Bstandforthe methodofbittransfer.BEmeansthatthereisadditionalinformation(14historical bytes).Thebytes11describetheinformationofclockspeedandbittransferrate.
Page2 6
Thehistoricalbytesgiveinformationaboutthereferencesandversionsofthecards chipandoperatingsystem. AftertheATRwastransmitted,theterminalcancommunicatewiththesmartcard by sending commands. The commands are encapsulated in packets. These packetsarecalledTransportProtocolDataUnit(TPDU). Eachpacketbeginswith thefollowingfivebytes(Header)followedbyanumberofbytesfortheDatafieldif needed: CLA TPDUHeader Theclassbyte(CLA):Aclassofinstructions.Thevaluesofsomeclassbytescan haveaspecificmeaningpertainingtoacertainclassofcommands. Forexample, theclassbyteof ACSACOS1 smartcardis80H andGemplus32bitJavaCardis A8H. Theinstructionbyte(INS):Aparticularinstruction.Forexample,theSUBMITCODE instructionofACSACOS1smartcardis20H. Theparameterbytes (P1&P2):Theparametersfortheinstruction. Forexample, theparametersofSUBMITPINcommandareP1=06HandP2=00H. Theparameterbyte(P3):Thenumberofdatabyteswhicharetransmittedwiththe commandduringtheexchange.Thisbytemayindicatethenumberofbytesthatthe terminalwillsendtothecard(Lc)orthenumberofbytesthattheterminalexpectsto receive from the card (Le). For example, the P3 in the SUBMIT PIN CODE instruction is 08H since the PIN (Personal Identification Number) code in ACS ACOS1smartcardis8byteslong. Afterreceivingtheheader,theterminalwaitsforaprocedurebytefromthesmart card: Anacknowledgebyte:BasedontheINSbyte,itmayindicatetheterminalshould send data or expect to receive data. Based on the acknowledge byte, the applicationlevelprotocolAPDU(ApplicationProtocolDataUnits) commandis INS P1 P2 P3
Page2 7
formed with the TPDU header. There are four possible formats of the APDU command: 1. Nodatabytesexchangerequired. CLA INS P1 P2
Format1ofAPDUcommand 2. Onlyterminalreceivedatabytesfromsmartcard(Le). CLA INS P1 P2 Le
Format2ofAPDUcommand 3. Onlyterminalsendsdatabytestosmartcard(Lc). CLA INS P1 P2 Lc Data
Format3ofAPDUcommand 4. Terminalsendsdatabytestosmartcard(Lc)andalsoreceivesdatabytesfrom smartcard(Le). CLA INS P1 P2 Lc Data Le
Format4ofAPDUcommand IfLe=0,thenthenumberofbytesexpectedisunspecifiedandmustbeprovidedby thesmartcard(maximum256bytes).Whenthedatabyteshavebeentransmitted, theterminalexpectsanewprocedurebyte. ANULbyte(value0x60):Thesmartcardrequestsmoreprocessingtime.The terminalneedstoresetitscardtimeouttimerandwaitforanother procedure byte. Astatus word(SW1and SW2) : Thestatus wordends thecommand. Itis standardinISO78164.Hereisasubsetofcommonstatuswords:
SW1SW2
4.2.1.1.1 Meaning
Page2 8
9000 6700 6966 6A86 6D00 6E00
O.K. WrongP3 Commandnotavailable P1P2incorrect UnknownINS InvalidCLA
BasedonSW1andSW2,anAPDUwillbereturnedinthefollowingformat.The Datapartisoptional,becausesomeAPDUcommandsdonotrequireanydatafrom thesmartcardasincases1and3above. Data SW1 SW2
FormatofresponseAPDU Thecommunicationbetweentheterminalandsmartcard(asshowninfigure41) includesacommandAPDUwhichissentbytheterminaltothesmartcardanda response APDU by the smart card to the terminal based on the result of the command APDU. These exchanges are all encoded in transport protocol level TPDUs. A command/response exchange at the application protocol level APDU mayrequiremorethanoneTPDUexchange.
Page2 9
Figure41.Communicationprotocolbetweenterminalandsmartcard.
Here is an example of command/response APDU between the ACS ACOS1 smartcardandaterminal.Thecommandisusedbythesmartcardtosubmitthe PINcodeforauthenticationtotheterminal. SUBMITPIN: Tosubmitasecretcode(PIN)tothesmartcatd. CommandAPDU:
CLA 80
INS 20
P1 6
P2 00
P3 08
DATA PINCodeorDES(PINCode,#Ks)
PINCode EightbytesPINCode DES(Code,#Ks) EightbytesPINCodeencryptedwithSessionKey(Ks) ResponseAPDU: 4.2.1.2 SW1SW2 Status SpecificStatusCodes:
SW1SW2 63Cn
Meaning WrongCode;n=remainingnumberofretries
Page3 0
6983 6985
ThespecifiedCodeislocked MutualAuthenticationnotsuccessfullycompletedpriorto theSUBMITPINCODEcommand
IntheSUBMITPINprocedure,theterminalcaneithersubmitthePINcodein plaintextformat(withoutencryption)orinDESencryptedformatifthecorresponding optionbitDESintheSecurityOptionRegisterisset.
4.3 OverviewofFileSystems
The file system in theISO78164is one of theimportant components in the smartcardfordatastorage. ThefilesystemisahierarchicalfilesystemlikeMS DOS: Afilesystemhasaroot,whichiscalledthemasterfile(MF). Directorieswhicharecalleddedicatedfilesareusedtoorganize(DF). Normalfilesarecalledelementaryfiles(EF).
Filesarereferencedbyafileidentifier(FID)whichistwobyteslong.Thereare severalkindsofelementaryfiles: Transparentfiles,whichareseenasasequenceofbytes. Linearfixedfiles,whichareseenasasequenceoffixedlengthrecords. Linear variable files, which are seen as a sequence of variablelength records. Cyclicfiles,whichareseenasanendlesssequenceoffixedsizerecords.
In the ACS ACOS1 smart card, the files are defined and constructed in the personalizationstage. Theapplicationprogramrunningontheterminalcanthen accessthefilesusingAPDUcommandsifitisauthenticated.Hereisanexampleof SELECTFILEcommandwhichisusedtoselectadatafileforsubsequentREAD RECORDandWRITERECORDcommands. SELECTFILE: To select a data file for subsequent READ RECORD and WRITE RECORD commands. CommandAPDU:
Page3 1
CLA 80 FileID
INS A4
P1 00
P2 00
P3 02
DATA FileID
Twobytesfileidentifier
ResponseAPDU: 4.3.1.1 SW1SW2 Status SpecificStatusCodes: SW1SW2 6A82 91xx Filedoesnotexist. Fileselected. xxisthenumberoftherecordintheUserFileManagementFile whichcontainstheFileDefinitionBlockoftheselectedfile. Meaning
4.4 OverviewofNamingScheme
The ISO 78165 standard defines a naming scheme for smart card applications. Eachapplicationisidentifiedbyanapplicationidentifier(AID).TheAIDisbetween1 to 16 bytes long. The smart card provider needs to get a registered application provideridentifier(RID)fromISO.TheAIDisconstructedasshownbelow:
RIDPIX ThefirstfivebytesaretheRID,andthelast11bytes(PIX)canbefreelyassignedby thesmartcardprovider.
4.5 OverviewoftheSecurityArchitecture
Therearetwomainsecuritymechanismsprovidedforsmartcardapplications: accesscontrolandcryptography. Foraccesscontrol,theapplicationorcardholder
Page3 2
may need to submit a PIN (Personal Identification Number) before any APDU command.IntheACSACOS1smartcard,theapplicationalsoneedstosubmitthe Issuer Code (IC) which is assigned by the smart card manufacturer in order to submitanyAPDUcommand.Furthermore,thereisasetofApplicationCodes(AC) whichcanbesetinordertoenhancetheaccesscontrolinthefilesystem.Eachfile isassignedasecurityattributeofReadandWrite. SecurityAttributes definethe security conditions that must be fulfilled to allow the respective operation. The communicationchannelbetweenthesmartcardandterminalcanbeprotectedby cryptography like DES (symmetric algorithm) and RSA (publickey algorithm). Moreover, theremay be otherdifferent specific security mechanisms provided by differentsmartcardmanufacturers.Forexample,thefollowingsecuritymechanisms areprovidedbytheACSACOS1smartcard: DESandMACcalculation: DESreferstotheDEAalgorithmfordataencryptionanddecryption.MACrefers tothealgorithmforthegenerationofcryptographicchecksum. MutualAuthenticationandSessionKeybasedonRandomNumbers: MutualAuthenticationisaprocessinwhichboththesmartcardandsmartcard readerverifyeachothersvalidity.TheSessionKeyisaresultofthesuccessful executionoftheMutualAuthenticationprocedure.Itisusedfordataencryption anddecryptionduringasession.Asessionisdefinedasthetimebetweenthe successful executionof aMutual Authenticationprocedure anda resetofthe cardortheexecutionofanotherSTARTSESSIONcommand. SecretCodes: SecretCodesandthePINcodeareusedtoselectivelyenableaccesstodata storedinthecardandtofeaturesandfunctionsprovidedbythesmartcard. SecureAccountTransactionProcessing: Account Transaction Processing provides a mechanism for the secure and auditablemanipulationofdataintheAccountDataStructure.
4.6 AnExampleofSmartCardApplication: SmartFlowInternetPaymentSystem

Electronic commerce on Internet is a popular research area, but the lack of securepaymenttransferprotocolisthemainbarriertopromotewebbasedbusiness
Page3 3
activities. Smart card technology offers a set of valuable features such as identification,securityandauthenticityformanydifferentapplications,especiallyfor payment transactions. The SmartFlow system, which is being developed by the Cyberspace Center, as shown in figure 42 integrates the existing technology of smartcard,Internetandworkflowtodemonstrateanewprototypeforsecureoffline micropaymenttransactionenvironment. Offlinemicropaymentissuitableforlow valuetransactionandprivacyprotection.
Figure42.ArchitectureofSmartFlowInternetPaymentSystem.
ThefirstversionoftheSmartFlowprototypesystemhasbeenimplementedandit isreadyfordemonstrationattheCyberspaceCenterinTheHongKongUniversityof ScienceandTechnology.TheSmartBankCardisimplementedbytheACSACSO1 smartcardasshowninfigure43.Thisisa1KbyteEEPROMmemorycardwhich holdsapplicationdata.TheACSACOS1smartcardisamemorycardwithsecurity control logic which iscompliant with ISO 78163, T=0 protocol (halfduplex), with DESandMACcapabilities.Italsocontainstheissuercodeandtheuserpassword whichcanbechangedbytheuser.Thesecuritycontrollogicprotectsthememoryto prevent illegal modification, but the data can be read when the issuer code and
Page3 4
passwordarecorrectlysubmitted.Also,differentmemorylocationscanbeprotected bydifferentsecuritycontrols.
Figure43.ACSACSO1SmartCardinCyberspaceCenter.
ThesystemisdevelopedontheWindowsPlatformusingActiveXwhichiswritten inVisualBasictobuildthesystemlogicandfrontend.Thebackendissupported bytheWindowsNTServerandalltherelateddataarestoredandmanagedbythe MS SQL Database Server. The system is supported by theInternet Information Server running on the Windows NT Server, and the communication channel is securedbySecureSocketLayer(SSL).WeareusingInternetExplorer4.0forthe browserbecausethesystemisdevelopedonActiveXwhichisonlysupportedby InternetExplorerasshowninfigure44.
Figure44.SmartFlowInternetPaymentSystem.
Page3 5
For illustration, here is the source code of the Select_File function in the SmartFlowInternetPaymentSystem. Thisfunctionisusedtoselectafileonthe smartcard.TheAPDUcommandofSELECTFILEwasdescribedearlier,theCLAis 80H,INSisA4H,P1is00H,P2is00HandP3(Lc)is02Hbecausethefileidentifieris twobyteslongandLeis00 H whichmeanstousethedefaultvaluewhichis256 byteslong.TheAPIfunctionAPDUExchangeFullstartsthecommunicationsession withthesmartcardandthentheAPDUcommand(SELECTFILE)issubmittedto the smart card. The APDU response (SW1 and SW2) and Data (ResponseTempOut),ifany,willbereturnedfromthesmartcardtotheapplication (terminal). PublicConstCONST_SELECT_FILE="80A400000200" DimTempCLAAsString DimTempINSAsString DimTempP1AsString DimTempP2AsString DimTempLcAsString DimTempLeAsString PublicSubSelect_File(ResponseTempOutAsString,FileIdentifierAsString, SW1OutAsString,SW2OutAsString) DimDummyDataOutAsString
Page3 6
TempCLA=LTrim(Mid(CONST_SELECT_FILE,1,2)) TempINS=LTrim(Mid(CONST_SELECT_FILE,3,2)) TempP1=LTrim(Mid(CONST_SELECT_FILE,5,2)) TempP2=LTrim(Mid(CONST_SELECT_FILE,7,2)) TempLc=LTrim(Mid(CONST_SELECT_FILE,9,2)) TempLe=LTrim(Mid(CONST_SELECT_FILE,11,2)) CallAPDUExchangeFull(TempCLA,TempINS,TempP1,TempP2, TempLc,TempLe,SW1Out,SW2Out,FileIdentifier,ResponseTempOut, DummyDataOut) EndSub
Page3 7
5.JAVACARDPROGRAMMING
Javacardprogrammingbringsaneweratosmartcardapplicationdevelopment. ThecardsupportsaJavaVirtualMachine(JVM).Javaprogramscanbestoredand executedonthecard.JavacardprogrammingisbasedonJavaCard2.0(thelatest version is 2.0) specification (http://java.sun.com/products/javacard) which is maintainedbySun.HerearethemainfeaturesofJVMonJavacard: ArestrictedversionoftheJavaVirtualMachinesupportsasubsetoftheJava languagethatcanbeusedinJavaCardapplets. AnAPIdedicatedtosmartcardappletdevelopmentbasedonthelowlevelISO 7816standardsisavailabletosupportdevelopmentoflegacyapplications. Anabstractruntimeenvironmentisincludedwhichsupportsappletmanagement functionsliketheappletselectionmechanism. Thisenvironmentiscalledthe JCRE(JavacardRuntimeEnvironment).
Duetotechnicalconstraintsonthecardprocessorandsincesomefeatureslike multithreading is clearly not a necessity for Java card only a subset of the Java languageissupported.Therearealsonewclasses(likejavacard.framework.APDU) whicharerelatedtotheISO7816standardsortocryptographyintheJavaCard2.0 specification. TheimplementationofaJVM ismadeupofabytecodeverifier, a classloaderandabytecodeinterpreter.Theverifierisusedtoverifythataclassfile isavalidJavaclassfile.Theclassloaderisusedtoloadclassesintothesystem. Thebytecodeinterpreterisusedtoactuallyexecutetheapplication. Abytecodeverifierisacomplexandlargepieceofsoftwarewhichcannotfitonto asmartcard.Therefore,theimplementationofaJVMforasmartcardissplitinto twopartsasshowninfigure51: The Offcard part manages the verification of classes and ensures that all necessaryclassesareavailable.
Page3 8
TheOncardpartisprimarilyresponsibleforexecutingthebytecode. TheJVMisapersistentmachine,sothatthestateofprogramsandobjectsare
preserved even when the card is powered off. The related data are stored in EEPROM. AnotherconsequenceoftheJVMisthatclassesareonlyloadedand initializedonceintheJVM,wheretheyremainactiveuntildisposedof.
Figure51.ArchitectureofBytecodeVerifieronJavaCard.
BesidethestandardAPDUcommand/responsemethodology,theotherstandard waytointeractaprogramontheJavacardistouseRemoteMethodInvocation (RMI). RMI, a distributed object technology, is an architecture that enforces the principlethataserviceprovidedonaserver(Javacard)mustbedescribedthrough aninterface.Theinterfaceprovidesalistofmethodspubliclyavailableforagiven object. Aninterfacelikethisisakindofcontractthatbindsaservertoitsclients (terminals).Theserverguaranteesthatitwillrespondtothemethodsdefinedinits interface.Ontheotherhand,theprotocollinkstheservertoitsclients.Theprotocol defines the way in which the server and clients communicate. Since the implementation of protocols is often quite complex, the implementation of these protocols is often automatically generated for a given object in JCRE. This
Page3 9
automaticallygeneratedprogram,whichimplementstheclientsideoftheprotocolis oftencalledaproxyasshowninfigure52. Besidescontainingthecodeforthe functions,italsocontainsthecoderequiredtoaccessthesefunctionsonaremote server. AJavacardcanbeconsideredas aserver andprovides services toits clients(terminals)toaccessormanagetheinformationstoredonthesmartcard. Furthermore,thevariousprotocolsdefinedbyISO78163and4definethesmart cardasaslaveinamaster/slaveconfiguration: ThefunctionalityprovidedbyaJavaprogram(applet)ontheJavacardisgiven intheJavainterface,whichdefinesthelistofavailablemethods. A highlevel protocol is clearly defined between the applet and its clients (terminals). A proxy generator is available to support the design and development of the clientsoftware.
Figure52.TheProxybetweenApplicationandApplet.
Page4 0
Therearethreemainrulesforcontrollingthesecurityandvisibilityofappletsinthe JavaCard: Thevisibilityofapackageisplatformdependent. Within a visible package, only the public classes are visible from the outside. Ifanappletisabletogetareferencetoanobject,thentheappletisallowed tousetheobject. Actually, these three rules are the same as the standard Java rules. Furthermore, most of the Java card manufacturers include an additional security feature firewall between applets. This feature is global to the card, and the purposeistoisolateeveryobjectinitsownsandboxinordertoreducetheriskof illegalaccess. AfteraJavacardapplethasbeencreatedandloadedontheterminal,thefirst stepistoinstallandregisterittotheJavacard.Sincethismethodisstatic,itisin chargeofallocatinganewinstanceoftheappletandregisteringitwiththeJCRE throughtheregistermethodasshowninfigure53(step1). Oncetheapplethas beensuccessfullyregistered,itisthenreadytobeselectedandactivatedasshown infigure53(step2). Onlyoneappletcanbeselectedandactivatedatanyone time. If applet selection is successfully, it is then ready to process incoming commandsasshowninfigure53(step3). Aslongasanappletisselected,any commandsenttothecardisembeddedinanAPDUobjectandsenttotheapplets processmethod.Thiscontinuesuntiltheappletisdeselectedasshowninfigure53 (step4).Thedeselectmethodofthecurrentappletshouldbedeselectedbeforea newoneisselected.
Page4 1
Figure53.ThelifecycleofanAppletonJavaCard.
Page4 2
6.BUILDINGYOUROWNSMART CARDAPPLICATION
In the previous chapter, we outlined the basic information for smart card programming.Weshallnowbrieflydescribetheproceduresfordevelopingasmart cardapplication. Developingasmartcardsolutionissimilartodevelopingadistributedsystem. Thefollowingstepslistedbelowcanbeusedastheguidelinesforbuildingasmart cardapplication: 1. Determinetheobjectiveofthesolution 2. Definetheappropriatealgorithm 3. Identifytherequirementsandselecttheappropriatesmartcard 4. Specify the system security level, key distribution and key usage algorithms 5. Settheprivacyandsecuritylevelsoftheusers 6. Setthesecuritybookkeepinglevel 7. Specifythedirectoryandfilestructureofthesmartcard 8. Selecttheapplicationcommands/instructionsneeded Inthefollowingsection,weshalldescribeeachdevelopmentstepindetail.We hope that this information would be useful in helping the technical managers in developingsmartcardapplications.
6.1 Planthesmartcardsolution
Whendesigningasmartcardsolution,wehavetounderstandtheaimofthis solutionfirst.Smartcardasmentionedinthepreviouschaptersismainlyusedfor identification,security,andelectronicmoneyrelatedaspects. If the solution is mainly based on standard existing smart card solutions (for instancedooraccesscontrolsystem,electronicpurse,secureidentificationcardand Digital Certificate card) an offtheshelf card could be chosen. However, if the problem has not been implemented before, or is different from the common
Page4 3
solutions,thesystemintegratorwouldhavetobuildthewholesystemfromscratch ormodifytheofftheshelfcardsolution. Before designing the algorithm to solve the problem, the technical manager shouldestimatethetimespanofthedevelopmentrequired.Aruleofthumbfortime from concept, programming and testing phases to completion of new system is around nine months. Individual developer will require about 4~6 months for programming.Iftheexistingmicroprocessorcarddoesnotmeettherequirementsof the user, the card would have to be redesigned. The time required for microprocessorscardproductionisaround12weeks[Rankl1997].
Figure61.Flowchartofsmartcarddevelopment..
Inotherwords,iftheproblemcouldbesolvedbasedonanexistingsolution,off theshelfcardsshouldbeused.Therequiredworkwouldbebasically consistsof systemintegrationofthesmartcardsystemtotheexistingenvironment.Around4to
Page4 4
6weekstimewouldbeneededforthisdevelopment.However,ifnoexistingsolution canmeettherequirementsoftheuser,developmentofthesolutionwouldhaveto startfromthedesignofthechipcardmicroprocessor.Asaresult,around9months timewouldberequired. Thecorepartofthesolutionistodefinethealgorithmforthesmartcardsolution. Developersneedtochooseanappropriatealgorithm.Theyalsohavetounderstand theflowofthesystemandidentifytheappropriateroleofthesmartcard. Inaddition,developershavetounderstandtherestrictionofdifferentsmartcards. This information is used together with the requirements on the smart card for selectingthemostappropriatecardtype.Thefirstrestrictionofasmartcardisthe lifetimeofthecard. Thelifeexpectancyofasmartcardbasicallydependsontheapplicationofthe card.Forinstance,GSMcardscanstayinthephonepermanentlywhileidentification cardsandcanteencardswouldhavetoberenewedafter23years[Rankl1997]. Thenumberofinsertionwillalsoaffectthelifeexpectancyofthecard.Thegold plated contact could survive about 10,000,000 insertions. While the data storage (EEPROM)usuallyfailsafter20,000to40,000read/writecycles.Afirstsignoffailing performanceiswhenthefirstwriteattemptdoesnotsetthedesiredvalueinthe EEPROM, or the written data no longer stay in memory after a few hours [Rankl1997]. Eventhoughthesmartcardcouldholdthestoreddatasecurely,itshouldnotbe considered as a permanent safe for confidential data. EEPROM is based on electricalcharges.Thereforeduetocurrentleakage,storeddatacouldbelost.This effectisexacerbatedbyhightemperatures. Normally thedatacontentinasmart cardisguaranteedfor10years. Thesecondlimitationisthememoryspaceonthecard.Becausesmartcardis anembeddedsystem,thememorysizeofthecardcouldnotbeincreasedafterthe manufacturingstage.Thecurrentlargestavailablememoryspaceandthelargest possiblememoryspaceinan8bitCPUsmartcardare32Kbytesand64Kbytes respectively.However,developmentcostisaffectedbythecostofthecardwhichis heavilydependentonthesizeofthememory.Forexample,changingfroma1Kbyte
Page4 5
card to 8Kbyte card raises the production cost 4 times. Therefore a balance betweencosteffectivenessandcardmemorysizehastobestruck.
6.2 Understandtheneedofsmartcard
Afterunderstandingtherestrictionsandlimitationsofsmartcards,wewouldbe abletoselecttheappropriatecardfortheproblemaccordingtotherequirements. Though technical characteristics of smart card is hardwarespecific, most of the propertiesofsmartcardchipsareidentical.Therefore,designspecificationscanbe thesame. Traditionally,therearetwomaincriteriaforselectingasmartcard.Theseinclude thespeedofinstructionexecutionandthesecuritylevelrequirementofthesystem. Thespeedofinstructionexecutiondependsontheprocessorchipandthespeed ofdatatransmission.Theinternalspeedforexecutinginstructionsalsoaffectsthe data transmission rate. The current clock rate of the CPU is in the range from 3.5MHzto4.9MHz.Thefastertheinternalinstructionexecutionspeed,thefasterthe datatransmissionrate.Althoughthemaximum possible datatransmission rateof contactsmartcardis115200bitspersecond(bps),thecurrentnormaltransmission rateis9600bps[Guthery1998]. Otherthanthedatatransmissionrate,theexecutionspeedalsodependsonthe Read/Write speed of the EEPROM and the card activation time. The Read/Write timeofEEPROMisaround3.5mswhileFerroElectricalRAM(FERAM)isaround 200ns[Klaus1998].Whenthesametypeofnonvolatilememoryisused,thetime differenceswillbemainlyonthecardactivationtime.Theexecutiontimerequiredin normalsetofinstructionsisaround13seconds,whilethetimerequiredforcard insertion and ejection is around 2 3 seconds. Therefore, for massive public transportation system, contactless card is preferred, because using contactless cardscouldreducethetotalprocessingtimebyhalfcomparedwithusingcontact cards. Generally speaking, different applications may require different execution speed. Besidesmemorysizeandprocessingspeed,securityandaddonfeaturesofthe cardareveryimportantconsiderations.Ifthecardisusedasapersonalsecurity relatedcard,specialcryptographicenginemayhavetobeaddedonthecard.When financialprocessingisrequired,thecardshouldhavetheelectronicpursefeature.
Page4 6
6.3 Managingdatastorageonthecard
Havingselectedthesmartcard,developershavetodesignthedatastructuresto beusedonthecard.Becauseofthelimitedmemoryspace,notalldatacouldbe kept.Whendesigningasmartcardsolution,oneshouldrealizethatthesolutionisa distributedsolution.Incommoncentralizedmainframesolutions,allinformationisin one location. For smart card applications, the card is considered as a kind of documentstore.Withthisdecentralizeddatastorage,users'datacouldbeprotected fromexternalattacked.Similartodistributedsystems,onlythenecessarydata,i.e. themissioncriticaldata,shouldbekeptonboardthecard.Thisdataincludesthe identification number of the card, unique personal data of the user and the data required when the system is offline. Any data that is not mission critical or not requiredinofflineprocessingshouldbekeptonthecentralizeddatabaseratherthan thecard. When determining what should be kept in the smart card and planning the amountofmemoryneeded,thememoryspacerequirementshavetobethoroughly analyzed.Thesizeshouldincludeboththeuserdataandadministrativedata.While forJavacard,thesizeoftheapplicationsfileshouldalsobetakenintoconsideration. Indesigningthestructureofthedatafile,theoverheadgeneratedbythedatafile isusuallybetween1632bytes.Therefore,itispreferablenottosetupanindividual recordforeachdataelementinthecard;otherwisetoomuchmemoryiswastedfor administrationpurposes. Immediatelyafterfixingthefileanddatastructureofthecard,developersshould work on understanding the level of security and privacy required in the system. Becauseacardcannotbeconsideredasasecurestorageofdataunlessproper securityrulesareimposed,thesecuritylevelofthecardmustbesetproperly.Ina smartcard, thePersonalIdentificationNumber (PIN) andauthentication keys are basic security measures. They could be applied in different combinations and generatedifferentsecurityprotectionpatterns.
Page4 7
Page4 8
Page4 9
Page5 0
Figure62.Smartcardfileanddirectorystructure.
For instance, in an electronicpurse card, Key 1 may be used for mutual authenticationoftheterminalandthecardinthepaymentprocess,whileKey2may be used for mutual authentication of the terminal and the card for downloading money.Whentheuserpresentsthecardtothemerchantsterminal,Key1wouldbe selectedandcheckedifthemerchantsterminalisavalidterminal.Iftheterminalis valid, the user can then enter his PIN and permit the transaction to proceed. However,evenifthemerchantsterminalhasgotthevalidKey1,thecardcannotbe creditedifKey2isincorrect.Inotherwords,withtheuseofdifferentcombinationsof keyassignments,permissionsandprivilegesoftheusersandterminalscanbeset properly. Intheconceptanddevelopmentstagesofanapplication,keyassignmentand administration of application data are fundamental principles in data exchange. Variousapplicationsmayhavedifferentrequirementsonprivacyandsecuritylevel, so developers must understand their needs and select the appropriate security model.Becauseallcryptographicalgorithmsrelyonthesecurekeymanagement,if a secret key is revealed, all security mechanisms based on it will fail to work properly.Inaproperlydesignedsmartcardsystem,onlycardspecifickeysshould
Page5 1
be held in the card. Keys should be grouped together based on their functions [Rankl1997]. Userprivacyisalsoveryimportanttothecarduser.Therefore,whendesigninga smart card system, access to private user information should be controlled. This couldbeconsideredasacomponentinkeydistributionandmanagementprocedure. Althoughprivacyisimportanttousers,securitybookkeepingisrequired.Asmart cardapplicationisusuallyrelatedtosecurityandfinancialapplications.Auserwhois accessing thesystemcould either beanormaluser or anintruder. Therefore, in order to enhance traceability, application developers should set the appropriate securitybookkeepinglevel. Inthespecificationprocedureofthesmartcardapplication,themostimportant stepistospecifythedatarequiredtobekeptinthecardanddefinethedirectoryand filestructuresforit.Thisspecificationmustbedefinedbeforeimplementation.When definingthefileanddirectorystructuresofthecardsystem,boththeuserdataand the administrative data should be considered. For Java and MULTOS cards, the applicationprogramfilesmustbeconsideredaswell. The structures of the file and directory in the card are directly related to the security of the data stored. For example, in a hierarchical directory structure in SchlumbergersMultiflexcard,filesareprotectedfirstbythecryptographickeysin the directory. A set of cryptographic keys and PIN are located in each directory. Elementaryfilesinthesamedirectoryareprotectedbysamesetofkeys.Inother words,ifafileislocatedinthesecondlevelofhierarchyinthesmartcard,users would have to present at least two sets of cryptographic keys if authentication procedureisenabled.
Page5 2
Page5 3
Other than the security aspects, developers should determine the number of directoryandelementaryfilesrequired.Theyshouldgatherallthefilesthatrequire thesamelevelofsecurityinonegroup.Filesthatdonotneedtobeprotectedby passwordshouldbeplacedatthetoplevelofthedirectorystructure.Asmentioned inthepreviouschapter,otherthanlinearfixedfile,therearelinearvariable,cyclic, transparent, purse and SIM files [Guthery1998]. They are used for different purposes.Forexample,pursefilesareusedtostoreelectroniccashandtransparent filesareusedforstoringpictures.Thereforeindesigningasmartcarddatastorage structure,developershavetoanalyzethedatathatneedtobestoredanddetermine thesecuritylevelandmemoryrequirementoftheselecteddata.Thenthedataand filestructuresshouldbedesignedliketheexampleshowninthefollowingtable.
FileType MasterFile DF EF1
FileID 3F00 0001
Memory
Structure
Description RootDirectory StudentName
30bytes
Linearfixed
EF2 0002 8bytes Linearfixed StudentIDNumber Table61.ExamplefiletreeforcampusIDcard.
6.4 Determinetherequiredbackendsupport
Backendsupportofasmartcardapplicationincludesthehostsidehardware and software development. This includes the determination of data exchange stabilityandrobustness.Developershavetoensurethatthecommunicationlinksare stable.Ifhighlysecurecommunicationsisneeded,theauthenticationkeyshouldnot passthroughthemaincomputer.Theusualauthenticationmethod,whichusesthe keypadonthemaincomputer,shouldnotbeusedbecausetheuserpasswordcould becapturedintheserialport.Theauthenticationkeyshouldbeprocesseddirectlyby thesmartcard. Ifencryptionanddecryptionareneeded, aproperschemeshouldbechosen. BecausetheprocessingpoweroftheonboardCPUinthecardismuchlowerthan the CPU in the PC, a strong but complicated encryption scheme would not be appropriate.Onesolutionistouseasimplerencryptionscheme.Anotheralternative istoinsertahardwarecryptographicengineinsidethecard. Eventhoughthecommunicationchannelissetup,theconnectionalsodepends onthelinklevelprotocolused.Thedatastructuresexchangedbythereaderandthe
cardinthiscommandandresponseprotocolarereferredtoastransmissionprotocol dataunits(TPDUs). Thereare15TPDUs defined, andthemostcommonly used TPDUs are T=0 and T=1 protocols. The structures of these protocols are quite different. T=0protocolisabyteorientedprotocol.Errordetectionisdonebylookingatthe even parity bit on each byte transferred across the readertocard interface. It provides very poor layer separation between the linklevel protocol and the applicationlevelprotocol.Ontheotherhand,duetothisfuzzydistinctionbetween theapplicationlevelprotocolandthelinklevelprotocol,itisrelativelyoptimizedfor movingcommandsandresponsesbetweencardsandreaders. Ifbetterlayerseparationbetweenthelinklevelprotocolandtheapplicationlevel protocolisneeded,T=1protocolshouldbeselected.Itisablockorientedprotocol. APDUcommandsareembeddedwithintheblockstructure.Errordetectionisdone byusingeitherlongitudinalaredundancycharacteroracyclicredundancycheck character[Guthery1998].DetailsoftheCRCalgorithm couldbefoundintheISO 3309 standard. Because of strict layer separation, the smart card/terminal communicationscanbefurtherextendedtotheonebetweencomputerandsmart cardterminal. Indesigninganapplication,unlessbetterlayerseparationisneeded,thebest currentchoiceofTPDUisT=0protocol.However,inthefuture,whensmartcards needtocommunicatewiththecomputer,T=1protocolshouldbeselected. Smartcardreadersaretheinterfacesbetweensmartcardsandcomputers.They canbeconnectedthroughaserialport,aparallelport,aPCMCIAport,akeyboard port or even the floppy disk slot on the computer. A smart card reader provides power and clock to the smart card and opens up the communication channel betweenapplicationsoftwareonthecomputerandthecardoperatingsystem. In order to write on a smart card, a card writer is required. Fortunately, developerscouldsimplychooseanysmartcardreaders,becausealmostallsmart cardreadershavereadingandwritingcapability. Even though smart card readers use a standard communication protocol betweenthereaderandcard,theinterfacesbetweenthereaderandthecomputer are not standardized. Some card readers just pass along to the cards the byte
Page5 5
sequencesthatareprovidedbythehostapplication,whileotherssupporttheirown readercommandset.Thereforeapplicationdevelopersneedtounderstandthecard computer interfacesofthecardreader they selected. Someinformationonthese interfacescanbefoundin[Guthery1998]. Hopefully,whensmartcardsareintegratedintooperatingsystems,cardreader interfaceswillgoaway.Applicationprogramwillnotneedtoknoworcareaboutthe manufacturerofthesmartcardreader. After predefining all the necessary components in smart card development, someaidsfordevelopmentcouldbeusedforverifyingthedesignofthesmartcard solution.Oneoftheseaidsisthesmartcardsimulator[Rankl1997].Withthesetools, developerscouldsimulatethecard,communicationlinkandthecardterminal,and wouldnothavetobuildthecompletesystemasatestbed.
6.5 Choosingcardsideandhostside environment

Aftertestingthesolutionwiththesimulator,developerscouldstartbuildingthe realsystem.Inanactualsystem,programsareseparatedintotwocategories,the hostside software and the cardside software. Hostside software means the programthatiswrittenontheterminalsideforcommunicatingwiththecommands andresponsesofthecard.Differentsmartcardreadervendorsmayhavedifferent driversandcardvendorsmayhavedifferentsetsofcommandseventhoughtheyare all following the ISO 7816 standard. This complicates the hostside development procedure. So developers have to choose which hostside model they are going to use. Currently,otherthancardvendorspecificproprietarystandards,therearealsosome newlydefinedhostsidestandardssuchasPersonalComputerSmartCard(PC/SC) architecture, MULTOS model, and OpenCard Framework (OCF). Some of these standardshavebeenmentionedinthepreviouschapter,andotherswillbebriefly describedinthefollowingchapter.
SupportHost Hostside Development architecture Language sideCross platform development SupportMultiple ReaderType CardType typesofcard Internet Support Portability andre usability
Levelof difficulties
Page5 6
Barely supported. Traditional Dependingon Dependingon hostside application thetools provided proprietary products Proprietary type Dependingon Limitedby proprietary products proprietary Using ActiveX Microsoft technology Barely Basic,C++, PC/SC architecture Javawith Win32 programming capability PC/SCbased Anysmart card PC/SC SSP supported. Using ActiveX Good/Good controland Microsoft technology AllJava AllJavaCards OCF architecture Javalanguage PC/SCbased andsome [DiGiorgio1998a] orOCFbased proprietarycards cardsand some proprietary cards 998a] Well supported. UsingJava technology Medium/ High Good/Good (Notenough documentati ons) Low/ Medium Poor/Poor Low/ Medium
products controland
[DiGiorgio1
Table62.Comparisonsofdifferentdevelopmentarchitecturesandplatforms
Ifaninhouseproprietarystandardisused,futureexpandabilitywillbelimited; however,thedevelopmentcanbeshorterasthevendorisfamiliarwiththestandard and it is usually optimized for some specific applications. On the other hand, if PC/SC,OCForMULTOSstandardischosen,thedevelopermayhavetolearnthe systemfromscratchsincethestandardhasnotbeenwidelyimplemented. Ifthesmartcardsolutionisastandardsolution,offtheshelfcardissuitablefor theproblem.However,iftheproblemisamultifunctionalproblemoranewproblem, programmingwillberequiredonthecard.Cardsideprogrammingisthesoftware developmentprocedureonthesmartcard.Thiscodeisdefinedforgeneratingthe cardresponsesaccordingtothereceivedcommands.Traditionally,thesecodesare writteninassemblylanguageandrequiredtobemaskedonthecard.Theycouldbe storedontheEEPROMorROM.HardmaskmeanshardwiringthecodeinROM, whilesoftmaskmeansloadingthecodeintotheEEPROMofthecard.Thoughsoft masks do not require modification of the chip, it has to be done by the card manufacturer. In the code development step, the software developer not only need to understandtheproprietaryoperatingsystemofthecard,alongerperiodofmasking
Page5 7
thannormalsoftwaredevelopmentisalsoexpected. Besides,modificationofthe maskedcodeisalsoverydifficult.Thoughmoreandmoreflexiblecardoperating systemssuchasSchlumbergersCustomerOrientedSystem(SCOS)areavailable whichallowsoftwaredeveloperstowritetheirownpieceofcodeonthecardwithout masking,theprogrammingprocedureisstillverycomplicated. AnewsolutionistousethenewprogrammablesmartcardMULTOSandJava card. These cards have a code interpreter over their card operating system. Developerscouldwritetheirpieceofcodesanddownloadthemtothecard.Afterthe codeisdownloadedtothecard,usercouldcalltheseinstructionsusingtheircode identification. Development of these codes is simpler than deriving them in the traditional smart cards. They could use Java and C language for Java card and MULTOScarddevelopmentrespectively.Thoughthesecodesmustberecognized bythecardcodeinterpreterandrestrictedtomeetthereadercommunicationand behavior, the development procedure is still much easier than that for traditional smartcards. Inselectingasmartcard,offtheshelfcardshouldbeconsideredfirst.Itisnota goodpracticetodevelopyourownJavaorCcodeforthesmartcardifexistingsmart cardcouldsolvetheproblem.Unlessprogrammingisnecessaryormultifunctional applicationsarerequired,traditionalsmartcardswouldbethemostsuitablesolution.
6.6 MiscellaneousTools
To reduce the effort in smart card software development, some software developershaveintroducedsomeusefultoolstosupportthiseffort.Theseinclude smartcardsimulators,debuggers,editors,emulatorsandtesters.Detaildescriptions ofthesetoolscanbefoundin[Guthery1998].
Page5 8
Categoriesof cards ContactMemory Card Traditional ContactCPU Card Contactless MemoryCard
Oncard Contact Contactless micro controller
Cryptographic capability
Cardside Language
Multiple capability
Card level VeryLow/ Low
Programming Application Security
$
Assembly
language, soft/hardmask required
Low/ Medium
$
Assembly
VeryLow/ Low
Contactless CPUCard
language, soft/hardmask required Assembly
$
(notin level)
Low/ Medium
Combicard
language, required Assembly
Low/
soft/hardmask programming Medium
(notin level) VeryHigh
Cryptographic card
? ? ?
planning
language, required Assembly
soft/hardmask programming
EMVcompliant card
language, soft/hardmask required Assembly
Medium/ High
MondexCard
language, soft/hardmask required
High/Very High
MultosCard
MEL,C language Planning Javalanguage
High/Very High Medium/ High Medium/ High Low/ Medium
JavaCard KeyCorp OSSCAcard Microsoft Windowsfor smartcard
? ? ?
? ?
Forth
VisualBasic, VisualC++
Page5 9
ZeitControl's BasicCard
planning
Planning
BasicLanguage
Medium/ High
Table63.Comparisonofdifferentcards.
Page6 0
Oneofthemostusefultoolsisthesmartcardeditor.Mostbasiceditorsletthe usersendAPDU commandstothecardanddisplay theresponsecodeforeach command.Eventhoughtheirfunctionalitiesseemprimitive,theyallowthedeveloper toexplorethecardsbehaviorreadily. Moreelaborateeditorsprovidetextdescriptionsofcommandandresponsesets. Sodeveloperscouldchoosetheappropriatecommandsbasedontheirdescriptions listed. Someoftheseeditorsmayevenhavethecapability tointerpret stateand transaction information returned by the card. As a result, users can view the intermediateresultsofthecard. Mostimportantly,someeditorssupportmacroprogramminglanguagesforcard applicationdevelopment.Userscouldselecttherequiredsequenceofactionsand theeditorswillgeneratetherelevantcodeforthehostside.Althoughthiscodeis usuallycardvendorspecific,itsimplifiesthecarddevelopmentprocess. Unfortunately,thecurrentstateoftheartistheseeditorscouldonlybeusedfor simplecardapplicationdevelopment.Moresophisticatedsystemswouldhavetobe programmedthroughthestepsmentionedearlier. Inconclusion,indevelopingasmartcardsolution,consideritasadistributed system with limited distributed memory storage on the card. Only personal informationshouldbekeptonboardthecard.Otherinformationshouldbekepton thecentralizeddatabase.Becausethispersonalstorageisusedasasecuredata store,thesecuritylevelofthesmartcardshouldbeconsideredandspecifiedinthe card.Beforelaunchingarealapplication,developersshouldtesttheirsystemusinga card simulator. This could reduce the time for system development. The time required inthisdevelopment varies from1 month to9months dependingonthe complexityofthesystem.
Page6 1
PartIII.Smartcardin theFuture
Page6 2
7. FUTURETRENDOFSMART CARD
AccordingtotheSJBServicesreportpublishedinBusinessWireinSeptember 24,1998,thetotalsmartcardmarketwillincreaseto3.8billioncardsbyyear2000 [NewsEdge1998d]; an average annual increase of 52 percent is forecasted. Moreover,thedemandforcontactless cards willincreaseto100millioncardsby 2000. AlthoughEuroperemainstheheartlandofsmartCard,Asiaisalsoexperiencing rapidgrowth,from10percentin1996toaprojected30percentoftheworldmarket byyear 2000. Thisgrowthisfueled bytheactiveencouragement ofmany Asian governments. Fortherestoftheworld,smartcardsofferanopportunitytoovercomepoorly developed telecommunications, burdensome means of payment and paperheavy publicrecords.Inaddition,accordingtoSJBServices,themarketforSmartCard technologyinthosecountrieshasbarelybeentouched. Withthisbrightfutureonsmartcarddevelopment,itisimportanttobeawareof thefuturedirectionsandpotentialapplicationsofthesmartcard.Inthischapter,we willdescribethefuturetrendofsmartcardbasedonthecurrentdevelopmentand customers'needs. Thesetrendscouldroughlybeclassifiedinto4categories,namely: 1. Computer/smartcarddevelopmentplatform 2. Smartcardoperatingsystem 3. Smartcardinelectroniccommerce 4. Smartcardincomputer/internetsecurity Inthenearfuture,thesmartcardwillbecomeastandardcomponentinpersonal computers. PC related card applications would become one of the main driving forces in smart card development. In the view of Microsoft, smart cards are considered as a key component of the publickey infrastructure that is to be
Page6 3
integratedintotheWindowsOSplatform[Microsoft1997a].Theothertrendinsmart card development is in telecommunications related applications, such as phone cardsandmobilephoneservices.Howeverthiswillnotbediscussedindetailinthis handbook.Weshallstartourdiscussionswithstandardizationofsmartcardhost sideenvironment.
7.1 Unificationofsmartcardhostsidestandards onPC

Untilrecently,therewasnocommonstandardinthehostsideenvironmentfor smartcardapplicationsdevelopment.Differentcardmanufacturershavedeveloped differentsmartcardoperatingsystems.Differentapplicationsusingsmartcardsfrom differentvendorsneedstobeprogrammeddifferently.Thesmartcardindustryhas beenplaguedbyincompatibilityamongapplications,cardsandreaders,andapoor developer tool chain based on proprietary APIs and protocols. Devicedependent APIsforapplicationdevelopmentandresourcesharingacrossmultipleapplications havesloweddownsmartcardsolutiondeployment. In general, applications would havetoberebuiltfordifferentsmartcardsandreaders. Unlessthereareunifiedstandardsforsmartcards,developedapplicationsand programcodescouldnotbeusedondifferentcardsandcardreaders. Tosolvethisproblem,twodifferentapproachescouldbeusedhorizontalcard standards, and common card operating system development. In this section we focusontheissueofhorizontalcardstandardwhilecommoncardoperatingsystem developmentwillbediscussedinthefollowingsection. Currently,therearetwodifferenthorizontalstandardsestablishedtoovercome theinteroperabilityproblem.
7.1.1 PersonalComputer/SmartCardstandard(PC/SC)
Led by Microsoft and a number of smart card manufacturers, the Personal Computer Smart Card Workgroup (PC/SC Workgroup) was formed in December 1996.Thegoalistofacilitatethedevelopmentofsmartcardbasedapplicationsfor thePCbydevelopingopenspecificationsthatensureinteroperabilityamongsmart cards,cardreadersandcomputersmadebydifferentmanufacturers.Asaresultof
Page6 4
thiseffort,applicationprogrammerscanbuildsmartcardapplicationsthatarenot tied to particular readers or cards, and the system builders can mix and match readersandcardsfreely. ThePC/SCWorkgroupwasformedinMay1996inpartnershipwithmajorPCand smart card companies including Groupe Bull, HewlettPackard, Microsoft, Schlumberger and Siemens Nixdorf. Later on Gemplus, IBM, Sun Microsystems, ToshibaandVerifonehavealsojoinedtheWorkgroup. InDecember 1996,thefirstversionofPC/SCspecifications was published. It wasbasedontheISO7816standardsandiscompatiblewithboththeEMVand GSM industryspecifications. Detailed specifications can be found in http://www.smartcardsys.com. 7.1.1.1 BasicarchitectureofPC/SCstandard In Microsofts approach, PC/SC standards consist of the following [Microsoft1997a]: StandardmodelforinterfacingsmartcardreadersandcardswithPCs DeviceindependentAPIsforenablingsmartcardawareapplications Familiartoolsforsoftwaredevelopment IntegrationwithWindowsandWindowsNTplatform
Win32platformsoftwaredevelopmentkit(SDK)anddevicedriverkit(DDK)has alreadybeendevelopedforPCcompatiblesmartcardproducts.Infact,smartcard supporthasbeenincorporatedintotheNetPC,WindowsNT5.0andPC98design specifications. Toimplementthisspecification,componentsinPC/SCarchitecturehavebeen defined.Theyconsistofthreeindividualcomponentsnamely: InterfaceDevices(IFD)HandlerforspecificdevicefromIFDvendors ServiceProviderprovidedbyIntegratedCircuitCards(ICCs)vendors
Page6 5
Page6 6
ICCResourceManagerprovidedbyOSvendors
Figure71.PC/SCarchitecture.
With this standard, smart card applications could be derived from device independentAPIsforenablingsmartcardawareapplications.Themeaningofeach boxinFigure71isgivenbelow. Smart Card (SC) a credit card size plastic case with an embedded microprocessorchip. SmartCardReader(IFD)thephysicalinterfacedevicethroughwhichasmart cardcommunicateswithaPC. InterfaceDeviceHandler(IFH)thePC/SCdriverforaparticularreader.Thisis alowlevelsoftwarewithinthePCthatsupports thespecific I/Ochannelused to connectthereadertothePCandprovidesaccesstothereadersfunctions. ResourceManagerprovidessystemlevelservice.Itmanagesthesmartcard and reader resources, controls shared access to these devices, and supports transactionmanagementprimitives. SmartcardServiceProvider(SSP)responsibleforencapsulatingfunctionality exposedbythesmartcardandmakingitaccessiblethroughhighlevelprogramming interfaces.
Page6 7
ApplicationProgramswritteninhighlevellanguagebyusingtheApplication ProgrammingInterface(API)providedbytheSmartcardServiceProvider(SSP). InPC/SCsmartcardapplicationdevelopment,actualapplicationprogramming interfaceisprovidedbythesmartcardserviceproviderSSPwhichcanbevendor specificorcompletelygeneralpurpose. Two common SSPs are provided by the Operating System (currently only availableinMicrosoftWin32platform),theCryptographicServiceProviders(CSPs) andtheSmartcardserviceproviders(SSPs) CryptographicServiceProviders (CSPs) canbeasoftwarecomponentonthe WindowsplatformorcanbeacryptographicengineresidingonasmartcardorPC as a hardware component. CSP supports key generation, management, random numbergenerationandothercryptographicfunctions. Smartcardserviceproviders(SSPs) arethenoncryptographicservices ofa smartcardexposedtoanapplicationthroughinterfaces.Thiscontainsasetofpre defined interfaces. However, the predefined commands may not cover all the instructionsinthecard.ThereforeinsteadoforinadditiontothecommonSSPs, vendorscouldaddtheirownsetofSSPsinordertoenablemorefunctionsinthe card. These cardspecific PC/SC SSPs are usually written by smart card manufacturers. With these SSPs, commands supported by the card could be exposed. In addition, card vendors could also provide some higherlevel functionalitiesthroughSSPsbybuildingtheirownsetsofcommandsoverthebasic commandswhichfurtherreducethecomplexityindevelopingsmartcardprograms. From theapplication developer's perspective, there arethreemechanisms for accessingtheservicessupportedbyasmartcard,namely,Win32,CryptoAPI,and SCard COM. They are the underlying mechanisms for communication between SSPsandtheResourceManager. Win32isthelowestlevelAPIforaccessingsmartcards.SSPsaredeveloped basedonbasicWin32programmingmethods. SCardCOMisalowlevelnoncryptographicinterfaceimplementationprovided by Microsoft for accessing basic smart card services. It is a set of base COM interfaceobjectsthatcanbeusedtobuildhigherlevelinterfacesand/orapplications.
Page6 8
Withthisinterface,developerdoesnothavetoknowthedetailsofhowparticular smartcardorreaderfunctions. CryptoAPIisthecryptographicAPIforwritingCryptographicServiceProviders (CSP) and requires a separate development kit available from Microsoft that is import/exportcontrolled[Microsoft1997a]. ResourceManageristhetrustedserviceinasingleprocess.Itmaybemigrated into the Windows kernel. It is introduced for solving three basic problems in managingaccesstomultiplereadersandcards: 1. identificationandtrackingofresources 2. controlling the allocation of readers and resources across multiple applications 3. supporting transaction primitives for accessing services available on a givencard. Mostimportantly,itmapsspecificICCtoitsassociatedSSPorinterfacesaswell ashandlingconflictsbykeepingtrackoftheICCATRstring. With the use of specific Interface Device drivers for specific readers, the functionsofthatreaderismappedtothenativeservicesprovidedbyWindowsand thesmartcardstack[Microsoft1997a].ThemappingishandledbytheIFDdriver which is connected to the Resource Manager. In other words, the card reader manufacturerswouldhavetoprovidetheirownIFDdriver;whilesoftwaredevelopers coulduseanyreaderthatisPC/SCcompliance. 7.1.1.2 RequirementsofPC/SCcompliance TobePC/SCcompliance,thecardsanddevicesmustbebasedonISO78161, 2,3specifications.DataLinkprotocolshouldbeofT=0,T=1,orT=14standard. PC/SCbasedsmartcardreaderscanbeattachedtoanystandardPCperipheral interfaces such as RS232, PS/2, PCMCIA and USB. Readers are considered standard Windows devices, and as such carry a security descriptor. The reader wouldbePlugandplayenabledandmultipledevicesareallowedtocoexistonthe samemachine. Forthecardvendors,theircardswouldbePC/SCcomplianceaslongasthey arebasedonthestandardcommandsintheISO78164specifications.Whencard
Page6 9
specificSSPsareprovided,extracardspecificcommandscouldbeused.However, becausetheIntegratedCircuitcardisabletoperformmoresophisticatedoperations includingauthentication,signingandkeyexchange,onlytheICCcardisadopted intoPC/SCstandardatthistime. 7.1.1.3 AdvantagesofPC/SCstandard ThemainbenefitofPC/SCsystemisthereductioninhardwareandmaintenance costs.First,theinteroperabilityofthePC/SCsystemprovidesuswithmoretypesof smartcardsandreaderstochoosefrom.Whenanapplicationisdevelopedusing one card vendors product, one does not have to worry about future changes in cardsorreaders.Norewriteormodificationoftheapplicationprogramisnecessary. Itwillalsosavedevelopmentandmaintenancecostsasdiscussedbelow. With this established standard model for interfacing smart card readers and cards with PC, libraries for smart card programs could be shared and multiple peripheraldevicescouldbeusedinthesystem.Morethanonecardreadersfrom differentvendorscouldbesupportedinthesamesystem. AsSDKandDDKforsmartcardswillbeintegratedwiththestandardoperating systemplatform,highlevellanguagetoolssuchasC++,JavaandVisualBasiccould beused for smart cardapplication development. Therefore, thelearning curve in carddevelopmentcouldbereducedandafasterdevelopmentcycleisexpected. As Windows 98 and Windows NT 5.0 are both PC/SC compliant operating systems, when smart card is integrated with the Windows and Windows NT platforms, readers would become Plugandplay devices. This will eliminate modificationtotheapplicationsaswellasthesystemstructureofthecarddueto changeofdevices[Microsoft1997a]. In future application developments, secure logon mechanisms and secure enhanced solutions aimed at thegrowing internet and intranet markets, including internetgames,financialservices,remoteaccessandnetworkadministrationcould besupportedbetterbytheuseofPC/SCstandards[Microsoft1997a].
Page7 0
7.1.2 AlternativestandardofsmartcardinPCandMinicomputer (OpenCardFramework)

BesidestheMicrosoftinitiatedsmartcardhostsidestandards,thereisanother hostsidestandardcalledtheOpenCardFramework(OCF)whichwasproducedby IBMinconjunctionwithNetscape,NCIandSunMicrosystemsaroundthesametime as the PC/SC architecture. It could be considered as a bigger set of hostside architecture.BothPC/SCandOpenCardaredesignedastheinterfacesbetweenthe hostsidemachineandthesmartcard[DiGiorgio1998a]. 7.1.2.1 WhatisOCF? OpenCard is an open standard that provides interoperability of smart card applications across Network Computers (NCs), PointofSales (POS), desktops, laptops,settopsandsoon.Fromthearchitecturalpointofview,itissimilartothe PC/SCarchitecture.BothofthemacceptISO7816compliantdevicesandareaimed at providing device independent development environment. However, their approachesaredifferent. TheaimofOCFstandardsistosupport100%pureJavasmartcardapplications. As OCF implementation was created for JavaOSbased network computers, their architectureismorecomplexthanPC/SC.Withinthisarchitecturethewholesystem isdevelopedinJavalanguage[DiGiorgio1998a,Guthery1998a]. OCF is especially developed for horizontal standard over existing devices. ExistingproprietarysmartcardsandJavaCardcouldbeused[DiGiorgio1998a]. Withthe100%Javasmartcardapplicationinmind,cards,readersandsupport codes areall considered as objects. Even though there are very few smart card readers available for this system at this time, using the interface between the OpenCard and PC/SC standard, applications can be built on Win32 platform. In other words, all the PC/SC based readers could be used in the OCF platform [DiGiorgio1998a].
Page7 1
7.1.2.2 BasicarchitectureofOCF Similar to the PC/SC standards, OCF provides API for registering cards, determining card readers, look for cards in readers, and optionally start up Java agentswhencardsareinserted.ThearchitectureofOpenCardFrameworkisshown inFigure72.
Figure72.OpenCardFrameworkarchitecture.
The architecture of OCF is made up of 4 main components: CardTerminal, CardAgent, Agents and/or applications. Packages for providing highlevel API for usebytheapplicationdeveloperaregiven.ThesepackagesarewritteninJava.The cardterminaldriversarealsowritteninJavawhichwillcalltheClanguageAPIsvia theJavanativecalls. Card Terminal manufacturers would have to provide their own sets of CardTerminal classes in order to make their terminals usable by OpenCard applications.TheCardTerminalFactorymustalsobeprovided.Itisusedforkeeping track of all card terminals to the OpenCard Framework and will be used by the FrameworktocreateCardTerminalinstances. Softwareapplicationdevelopersmustalsoprovidetheircardservicesforthe smartcardapplicationstogetherwitha"factory",theCardServiceFactory,whoserole isanalogoustothatoftheCardTerminalFactory. CardChannelobjectsareusedbyCardservicestocommunicatewithasmart card in a card terminal. Because the application could be written using multiple threads,concurrentaccessofcardservicesispossible.Theseconcurrentaccesses tothecardare scheduled bytheCardServiceScheduler viaacard channel(See Figure73).
Page7 2
Figure73.CommunicationsbetweenCardObjectsinOCF.
Cardappletproxiesareusedforrepresentingtheappletsonthecard.Theyare cardappletspecific,thatis,eachcardappletclassbelongstoaparticularJavaCard applet. They act as middlemen between the card and the application and their functionaresimilartoSSPinthePC/SCstandards. WiththeuseoftheCardServiceScheduler,severalcardappletproxiescanbe used concurrently. When one of these proxies is selected, the rest will be deselected.DifferentapplicationsontheJavacardcouldbeselected,processedand managedbyacentralizedprocessingunit.Inotherwords,theapplicationsonthe JavacardwouldbeconnectedtotheappropriateCardappletproxiesandcontrolled bytheCardServiceScheduler. 7.1.2.3 OCFcompliance SimilartothePC/SCstandards,theOCFarchitectureacceptsJavaCardandall ISO 7816 compliant standard devices. Any ICC card can be used in the OCF architecture. Eventhoughcurrentlythereareveryfewsmartcardreadersdevelopedforthe OCFarchitecture,withtheinterfacetoPC/SCstandardsprovidedbydevelopersfor usebyexistingdevicesonWin32platforms,allPC/SCbasedsmartcardreaders canbeused.Inaddition,becauseOCFiswritteninJava,alldevelopmenttoolsfor Java programming can be used. Furthermore, all components in OCF can be
Page7 3
consideredasobjectsintheprogram,thereforetheunderlyingmechanismdoesnot needtobemodified. 7.1.2.4 AdvantagesandDisadvantagesinusingOCF OCFsharesthesameadvantagesofthePC/SCarchitecture.TheuseofOCF allowsthesoftwaredevelopment platformtobeindependent ofthetypeofsmart cardreaderorcard.Existingprogrammingtools,smartcards,andreaderscanbe used,Javacanbeusedinthedevelopment. Because the software would be written in Java, it can run on many different platforms. Rather than restricted to a single PC, applications could be written in cooperationwiththeJavaNativeInterface(JNI)andworkontheInternetthrough variousbrowsers.Therefore,itcanberunonamuchbiggerplatformtheInternet. However,itisnotwithoutdisadvantages.Firstofall,becauseJavaOSbasedNC isnotdevelopedasfastasforecasted,OCF,whichisoriginallydesignedforNetwork Computer,isnotgrowingasfastasthePC/SCarchitecture. Because its architecture is much more complex than the PC/SC architecture, developmentismoredifficult.AsallcodeiswritteninJava,existingcardapplication codewouldhavetoberewritteninJava.C++orVisualBasiccannotbeusedfor hostsideapplicationsdevelopment. Whicheverhorizontalcarddevelopmentmodelwilldominateinthefuture,smart card application development will become card and reader independent, and commonsoftwaredevelopmenttoolswillbeusedinfutureapplicationdevelopments.
7.2 Trendsinsmartcardcardsidestandards
Anothermethodtosolvethediversifiedsmartcarddevelopmentenvironmentsis touseacommoncardoperatingsystem. SimilartotheearlyPCmarket,thesmartcardcompanieshavebeendeveloping theirownapplicationsusingseveralproprietarysystems.Therefore,applicationsare usually not interoperable. Until the emergence of the Java card [Guthery1998a], cardsidedevelopmentcannotbedone(noteasilyanyway)afterthecardhasbeen manufactured.
Page7 4
Mondexhasalsointroducedtheirmultiapplicationsoperatingsystem,MULTOS, [Guthery1998a]. Lately, Microsoft has also joined theembedded OS environment [Microsoft1998a].TheremaybeothermorepowerfulcardOSinthemarket,butwe wouldconcentrateonthesethreecardOSsbecausetheiralliancesupportaremuch strongerthantheothers.
7.2.1 Javainside
The Java language was first presented by Sun Microsystems in1995. Itwas originallyintendedforlinkingsettopboxes,copiersandotherelectronicconsumer goodswiththemicroprocessors[Klaus1998].IntheJavaprogrammingenvironment, thebytecode produced by theJava compiler is interpreted by avirtual machine calledtheJavavirtualmachine(JVM).Becauseofthisprogrammingconcept,Java offersaperfectsolutiontoboththedevelopmentenvironmentandsecuritymatters forthesmartcardoperatingsystem. AfterthestandardizationoftheJavabytecode,theJVMandtheJavaCardAPI forsmartcardhavebeenworkedonbySunandseveralsmartcardmanufacturers. The Java card was first demonstrated by Schlumberger on 2nd April, 1997 [SLB9704]. The demonstration version of the Java card used the Motorola M68HC0%SC49chipwhichisan8bitmicroprocessorwith4KbytesofEEPROM memory.BasedontheJavacard1.0specification,theJavaInterpreteronCyberflex occupies3KbytesofROMand1KbytesofEEPROM. Sincethen,manyothercardmanufacturershavejoinedtheraceandproduced theirownJavacards.Currently,BullCP8TransacandGemplushavealreadygot theirJavacardsreadyforapplicationdevelopers.GemplusGemXpressoJavacard usesa32bitRISCprocessorasthecardCPU[Gemplus1998b]. WiththeuseofJavaCard,userscoulddeveloptheirownsmartcardprograms (knownas Javacardlets)inJavaanddownloadthemonthecard.Inotherwords, softwaredevelopersanduserscannowdeveloptheirownapplications andhave themrunonthecardwhenspecialpermissionisobtained.
Page7 5
7.2.1.1 BasicknowledgeofJavaCard Ratherthansingleapplications,theJavacardwasoriginallydesignedtosupport multiple applications. It not only accommodates multiple applications, but also ensureseachapplicationisprotectedinthecardfromtheotherapplications.Sodata andvariablesinoneapplicationarenotaccessiblebyotherapplicationsonthesame card. Many application developers have already started to use Java cards in their development. The Java card aims to be a fast, objectoriented, easytoprogram smart cardwith moreprogramming function, cryptographic library, and may have oneormorecoprocessors. AnotherveryimportantapplicationoftheJavacardistelecommunications.Java basedSIMcardscanenhancetherangeofservicesprovidedtotheusers.Value addedfunctionssuchasremotebankingcouldbeperformedwiththistypeofSIM card.Someoftheseelectroniccommercefunctions willbediscussedlaterinthis chapter.
Figure74.JavaCardinternalstructure.
7.2.1.2 AdvantagesofJavaCard TheJavacardprojectstartedwithinSchlumbergerattheendof1995.Theaimof that project was to develop a standard secure smart card operating system that supports multiple applications [DuCastel98]. Even though the Java card only supportsasubsetoftheJavalanguageandUnicode,andmultidimensionalarrays arenotsupported,Javacardprogrammingallowscardsideprogramdevelopment and the cardside logic circuit is no longer restricted to assembly language.
Page7 6
ThousandsofJavaprogrammers cannowenterintothesmartcarddevelopment market[DuCastel98].Asaconsequence,cardsidedevelopmentwillpickupspeed. UsingtheJavabytecodecompiledinanyJavadevelopmentenvironment,any JavaprogramcanbeloadedintotheCyberflexcardwhenrequired[SLB9704].On theotherhand,wheneverthecodeisnotneeded,itcouldberemovedfromthecard tofreeupmemoryspace.Thisallowsthesmartcardprogramtobedeployedalmost anywhere[DuCastel98]. AsJavasecurityisbasedonthesandbox theory,appletsinthecardarenot allowed to communicate with the other applets. Therefore, Java fits the security needsforsmartcardsperfectly[DuCastel98].ThelatestJavacarddevelopmentmay nowsupportsecureinterappletcommunications[Hickman9801]. ImplementedintheOpenCardFramework,Javacardsareabletoaccessthe Internetthroughnetworkcomputersinhotelsandairports,accessmedicalrecords andcustomerloyaltyprograms,automateairlineticketing,trackfrequentflyermiles andimprovetelephonesecurity[Hickman9801]. MULTOS,acardOSmainlyforfinancialapplicationswillsupportJavacardletsin the MULTOS card when the technology of Java over smart card is ready [Hickman9801].Therefore,webelievethatdevelopmentofJavaappletswillsoonbe themainstreamofsmartcarddevelopment.
7.2.2 MondexMULTOSOS
BesidestheJavaCard,Mondexhasderivedasimilarsmartcardarchitecturefor multifunctionpurposescalledtheMULTiapplication Operating System(MULTOS). TheMULTOS is another new interpreterbased operating system. Itis developed andsupportedbyMasterCardandMONDEX. 7.2.2.1 YetanotherCardOS Similar to the Java card, the core of the MULTOS operating system is an interpreter that allows the applications to be developed independently of the underlyingcardhardware.WiththeMULTOSAPI(cardsideapplicationinterfaceon theMULTOScard),applicationswrittenwithMULTOSAPIwouldbewriteoncerun anywhereoveranyMULTOSplatform[Guthery1998a].
Page7 7
UsingtheITSECE6certifiedfirewalls,MULTOSisabletoprovideapplication segregation.ITSECE6isthehighestsecurityinITSECcertification.Therefore,with thissetting,MULTOScouldbeconsideredasanextremelysecureCardOSwhich mayevenbemoresecurethantheJavaCard. TheinternalcardstructureofMULTOSissimilartotheJavaCard,asdepictedin Figure75.However,implementationofthecardinternalistotallydifferent.
Figure75.MULTOSCardinternalstructure.
7.2.2.2 Programmingenvironmentused MULTOSusesadedicatedprogramminglanguagecalledMULTOSExecutable Language(MEL)whichisasimplevirtualprocessorlanguage[Multos].Application developerscouldwritethecodeinthehighlevellanguageCandthentranslatethe codewiththehelpofatoolintotheinterpreterlanguageMEL.Thecodecanthenbe downloadedontothecard. To get familiar with MULTOS application development, one can obtain the specificationanddescriptionsofMULTOSAPI,astheyareavailableforlicensefrom MAOSCO LTD. With the specification, developers could program their own card applications. 7.2.2.3 AdvantagesofMULTOS TheMULTOSsmartcardOSisalsodevelopedasamultiapplicationOS.Same astheJavaCard,itcouldacceptoneormoreapplicationcodeswritteninahigh levellanguage.However,becauseitwasinitiallydevelopedbyfinancialinstitutesas an electronic purse, the security of the card OS was an important design issue. Besides, as it was designed for unaudited stored value schemes, many financial
Page7 8
institutes and banks would likely opt to use the MULTOS card in their financial relatedapplications. AfteranagreementismadebyMondexandSunMicrosystems,Javacardlets willbeacceptedonbothtypesofsmartcardsystem.Forthisreason,Javacardlets willlikelybecomethefuturesmartcardprogrammingstandard. Itshighsecurityliesinitshighlysecuredesignwheredifferentapplicationsonthe samesmartcardare protectedbyapplicationfirewalls.Therefore,theintegrityand securityofapplicationspecificcodeanddataareensured. With the cryptocoprocessor installed on the card, execution of cryptographic capabilities such as DES and RSA encryption/decryption would be much faster [Multos]. For the Java Card, the Java Card API is a proprietary standard controlled exclusivelybySunMicrosystems[Guthery1998a].MULTOSspecification,insome sensemoreopened,iscontrolledbyaconsortiumorganizedbyagroupofsmart cardmanufacturers,developersandfinancialcompaniesincludingDNP,Gemplus, Hitachi,Keycorp,MasterCard,Mondex,MotorolaandSiemens.
7.2.3 MicrosoftWindowsinSmartcard
TheideaofMicrosoftSmartcardOSissimilartotheOSmentionedabove.The mainobjectiveistoprovideanewsmartcarddevelopmentenvironmentthataccepts multiapplications using languages familiar to the software developer rather than assemblylanguages. Based on the 8bit processor, Microsoft announced their Smart Card for Windows OS in October 1998 in Cartes 98 [Microsoft1998a]. It is an 8bit multi application operating system for smart cards with 8K of ROM [Microsoft1998a, Microsoft1998b].Microsoftssmartcarddevelopmentplanaimstomeetthefourkey criterialistedbelow: ToenablesmartcardstobeasecureextensiontothePCenvironment,in termsofdevelopmenttoolsandconnectivity Toworkwithsoftwaredevelopmenttoolsthathaveabroadbaseofdeveloper familiarityandsupport Tooffercardissuerstheabilitytochoosethecomponentstheywantfroma varietyofsuppliers
Page7 9
Todeliversmartcardsatamoreattractiveprice,thereforeencouragingnew applicationsanduses.
EventhoughMicrosoftSmartcardOSsharesthesamecriteriaasMULTOSand Javacard,MicrosoftCorporationbelievesthatthereisanichefortheircardOS.One ofthemainhindrancesfortheMULTOSandJavaplatformstobewidelyacceptedis cost. Accordingto[Microsoft1998a],atypicalMULTOSorJavacardcosts$15each. Thiscostisnotagreatproblemifthecardisdeliveredasaresultofagovernment mandate.However,itwouldbedifficulttoswallowcomparedtothe25centsitcosts abanktoissueatypicalmagneticstripecreditcard. Forthisreason,MicrosoftCorporationaimedatdeliveringsmartcardsatamore attractivepriceanywherefrom$24forsimplercards,and$68forcardswithmore extensivesecurityfeatures. 7.2.3.1 ProgrammingArchitectureofMicrosoftSmartCardOS Because Microsoftssmart cardstandardhas just been announced, thebasic structureofthecardhasnotbeenconfirmed.Itisbelievedthattheoperatingsystem wouldbeavariationofWindowsCE.ItshouldbecompliantwithISO78164,EMV andtheSETstandard[Microsoft1998b]. WiththeSmartcardforWindowstoolkit,thecardcouldbeusedasacomponent withCryptoServiceProviderintheinfrastructureofthePC/SCarchitecture.Because thecardcouldbeextendedtosupportPCprogramming,PC/SCprogramscouldbe usedonit. Inaddition,thisSmartCardforWindowsOSplatformisdevelopednotonlyasa lowcost card solution, but also an easytoprogram environment. The card most likelycanbeprogrammedusingVisualC++andVisualBasic. 7.2.3.2 AdvantagesofusingMicrosoftSmartcardOS Development of a smart card platform strategy by Microsoft will help to acceleratetheacceptanceofsmartcards.WiththisnewsmartcardOS,Microsoft gets into the smart card operating system business. With the support from its partnersaswellaskeyplayersinsmartcardindustryGemplusandSchlumberger
Electronic Transactions, Microsoft will become an important player in the market [NewsEdge1998b]. AnadvantageofthiscardOSisthiswillbealowcostsmartcardaspromisedby Microsoft.Thecardsareexpectedtocostbetween$2and$4eachcomparedto around$15forJavaandMULTOScard[NewsEdge1998b]. Moreimportantly,thiscardwillbecomeanextensionofthePCenvironment,in terms of both development tools and connectivity. Therefore, development and usageofthecardandhostsideapplicationwouldbemorecloselylinked. ThesoftwaredevelopmenttoolsforthecardOSisbasedoncommonly used development tools including Visual Basic and Visual C++, so a large number of softwaredeveloperscouldputtheirtechnicalskillsofPCapplicationsdevelopment tosmartcarddevelopment[Microsoft1998a].
7.2.4 CardOSfuture
Therearenowthreemultifunctionsmartcardoperatingsystemsinadditiontoa numberofproprietaryandlesscommonlyknownsmartcardoperatingsystems.Itis notlikelytherewillemergeanysinglewinnerinashortperiodoftime.Thethreecard operating systems would probably occupy different segments of the smart card market. ThesimpleMicrosoftsmartcardOSwouldprobablybedominatingthelowcost homecardmarket.Itcouldbeusedinfutureforquickandsimplecardapplications. WhiletheMULTOScardshouldbemorewidelyacceptedinfinancialandelectronic purse related applications. Because of its highly secure internal structure, the MULTOScardwouldalsobeselectedforsecurityrelatedapplications. IntheMULTOScardmodel,theVirtualMachinesandOperatingsystemwould allbebasedonMULTOSwhileintheJavaCardmodel,onlyaJavaCardJVMwould have to be implemented on the proprietary card OS. In other words, a card manufacturercanproduceitsownJavacardbybuildingtheirJavaVirtualMachine orlicensingaJVMfromSunMicrosystemsdirectly.However,cardvendorswould not be able to produce a MULTOS card unless they are given the MULTOS specification.ThereforeitislikelythattheJavaCardwouldbemuchmorewidely accepted.Generallyspeaking,theJavaCardwouldbethecardOSofchoicefor
Page8 1
more sophisticated and secure applications compared with Microsoft Smart Card OS. Inconclusion,thenewcardsidestandardswillcreateanewindustryforsmart cardapplicationdevelopmentoutsideofthecardvendorsector.Thisisbecauseitis nowpossibletoloadprogramsforexecutionafterthecardhasbeenmanufactured.
7.3 Smartcardinelectroniccommerce
Another driving force behind the growth of smart cards is the increase in computer networks and the emergence of the Internet as the means of both electroniccommunicationandcommerce.Together,theyhavecreatedaneedfor secureaccesstodatathatisincreasinglybeingstoredonthenetwork.Becausea smartcardcanincludeverypreciseaccessinformationtoprotectprivacyanddata security,smartcardswillbecomeanincreasinglyattractivealternativeforPCand Internetaccesscomparedtotraditionalmethods.Theseapplicationsmakethesmart cardadirect,secureextensionofthePCnetwork.Inthelaterhalfofthischapter,we shall concentrate on the future trend of two main applications security and electroniccommercerelatedapplications. RecentfiguresbyPriceWaterhousegiveninInformationStrategy,June1998, show businesstobusiness online trading is doubling every 34 months and consumeronlinepurchasesaresettogrow1,800%from1997to2002[Birch1998]. Manypeopleclaimthatsecurityistheonlyroadblocktoelectroniccommerce.Infact, securityisnottheonlyroadblocktoelectroniccommerce,potentialbarriersinclude access to infrastructure, consumer and business trust, regulatory uncertainty, taxationandcopyrightissues. Most consumers are worried about theft of their credit card information and privacyoftheirpersonaldata.Ontheotherhand,businessesareconcernedthat theirinternalsystemsandnetworks willbehackedinto.However,accordingtoa reportinBusinessWeekon19th June1998,onlinepurchasingissteadilyclimbing evenintheabsenceofacomprehensivesecurityinfrastructure. Inmostelectroniccommercesystems,softwarealonecannotdeliverthelevelof securityrequiredtosupportecommerce.Someformof"hard"securityisneeded, andinthemassmarket,smartcardscandelivertamperresistance,portabilityand familiarity.
Page8 2
Transition from proprietary smart card operating systems and applications to openmultiapplicationsmartcardplatformssuchasMULTOSandJavaCardshould hastentheintegrationofsmartcardsinInternetcommerce. Whensmartcardsareusedinelectronicpayment,securityprotectioncouldbe enhancedbyextendingtheprotectionfromserversidecardverificationtoclientside authentication.Thesmartcardtogetherwithautomaticbankloggingoftransactions can prevent errors and lost and stolen card transactions. In addition, by implementing a proper payment protocol, both banks and retailers could be protectedfromfraudulentcardusage.Withonlinevalidationfromsupportingbanks, stolenorlostcardscouldbeidentified.
7.3.1 SmartCardPaymentProtocol
Themostimportantfactorinsecurityisonthepaymentprotocolused.Payment insmartcardsharesthesameprincipleasotheronlinepaymentschemes,except thatsmartcardpaymentshouldhaveofflinetransactioncapabilityalso,otherwise thebenefitofusingsmartcardcouldnotbefullyrealized. Anumberofpaymentprotocolshavebeendevelopedforsmartcardpayments, forinstance,Mondex,VisaCash,CSETandOpenTradingProtocol(OTP).Mostof theseprotocolsarederivedfrombankingorexistingpaymentmodels.However,they all assume the transaction is done in the local site or require a secure communication channel. The assumption may be true when the transaction is restricted to online transaction through the banks channels. For Internet online payment,theprotocolusedwillgreatlyaffectthesecurityofsmartcardtransactions. Thereforesomecompanieshavestartedtolookintothisissueanddevelopedtheir ownsecurepaymentprotocols. Protocolsinsmartcardpaymentaremainlyconcernedwithprivacy,securityand recovery issues. If the smart card is to replace physical cash, the privacy and security issues would be very important. To ensure privacy and security, new paymentprotocolshavetobederived.Becauseconnectionscouldbebrokenatany time,ifnorecoveryschemeisusedforpreventingthelossorduplicationofthese electronic cash, chaos would result. These issues have been raised and our proposedsolutionispublishedin[Chan1998].Furtherdiscussiononthistopiccould
Page8 3
be found in our companion Electronic Payment Systems handbook. As this is a growingproblem,bettersolutionswouldbeneeded.
7.3.2 Smartcardasprepaidandloyaltycard
Thesmartcardhasbeenusedinelectroniccommerceasprepaid,debitcardfor aperiodoftime.Wellknownexamplesincludepayphonecards,MondexandVisa Cash.Thischangestheeconomicmodelofpayment.Becausemoneynowexistsin bothelectronicandphysicalforms,thetraditionalpaymentmethodwouldhavetobe modified. From the security point of view, smart card is more secure than the normal wallet.Passwordscouldbeusedtopreventlossofmoneywhenthecardisstolen. Withthepropersecuritysetting,invalidpasswordattemptscouldleadtodeactivation ofthesmartcard. Anotherattractivefeatureofthedebitsmartcardisitsusability.Thedebitsmart card is an intermediate solution between cash and credit card. As the card is basically used as a replacement of coins (i.e. cash), loss of some coins will not inducelossinthebankaccount. Many successful Epurse schemes have been implemented in "close communities" including college campuses and massive transportation services. It couldbeappliedtofastfoodoutlets,laundromats,photocopymachines,faxservices andvendingmachines.Generallyspeaking,debitandprepaidcardsforsmallvalue paymentswillsoonbecommonwhenmoremerchantsacceptthispaymentscheme. Thefutureofsmartcardinelectroniccommerceisnotjustinpaymentcards,but also loyalty cards, airline tickets and other valueadded cards. Customers preferences, bonus and other information could be kept in the card. Companies couldthenobtaintheircustomerspreferencesandshoppinghistoriesforplanning morecustomerorientedmarketingstrategies. morecompetitiveinattractingcustomers. Thecardcouldalsobepersonalized toholdthecardholder'sprofile[Gemplus9801].Inthisway,companiescouldbecome
Page8 4
7.3.3 Smartcardaselectronicwallet
Inthefuture, thesmartcard would beused for payment in different aspects. They could be used for both bankcard and prepaid debit card functions. Furthermore,becausethesmartcardiseasilyportable[Gemplus9801],itcouldbe usedforbothonlineandofflinepayment. Intheareaofelectronic commerce, smartcards canbeused forstoringand protectinganumberofkeys[Gemplus9801].Withtheuseofsmartcardforpayment overtheInternet,securityriskcouldbereducedaseachtransactionisconsideredan individualevent. Furthermore, even ifaparticular smartcardis hacked, the user accountwillstillbesafe. Togetherwiththeuseofthedigitalcertificate,bankaccountscouldbeprevented fromunauthorizedaccessandusersprivacyandsecuritycouldbeachieved. Althoughmanyvendorshavedevelopedelectronicwalletfunctionintheirsmart cards,itissafertostoreeachdownloadedelectroniccashvalueasatokeninthe card.Aseachtokenhasaserialnumberwhichisgeneratedbythebank,evenifthe smartcardpaymentprotocolishacked,theserialnumberoftheelectronictokencan becapturedandfalsetransactioncanbeeasilyidentified[Chan1998].Furthermore, withtheelectronictokenscheme,userscanshopprivatelyonthenetworkwithout exposingtheiridentity. Whenelectronicpayment iswidelyacceptedindaily uses,transactionswould becomemoreefficient.Asinglecardcouldbeusedfordifferentapplications.
7.3.4 ElectronicPaymentoverMobileTelecommunications
Thetwomaindrivingforces(applications)forsmartcardindustryareelectronic commerceandtelecommunications.Whenamultifunctionalsmartcardisusedfor telecommunication purposes, it can also be used to cover electronic commerce related applications. This extends the usefulness of the card beyond the simple phonecard. InFinland,thePTThasalreadybegunapilotservicewherebyconsumerscan payatunattendedPOSlocationsusingtheirGSMphones.Thechargesaresimply addedtotheirmobilephonebillattheendofthemonth[Birch1998].
Page8 5
Hyperion'seLabhasbeeninvolvedinprototypingsomeelementsoftheabove scheme[Birch1998].Consumersusingtheservicecandepositandwithdrawcash fromtheirbankaccounts,andbuygoodsandservicesonline.Devicescurrentlyused intheschemeincludetheNokiaGSMCommunicator,theNewtonMessagePadand WindowsPC,eachfittedwithstandardsmartcardreaders.Theschemecurrently usestheProtonandMondexelectronicpurses.Inthisprotocol,whichissimilarto theOpenTradingProtocol(OTP),thepaymenttakesplacebetweentheconsumer's electronicpurseandapaymentserver.Aftertheserverhasreceivedtheamountof payment,itgeneratesareceiptforthemerchant.Therefore,themerchantneednot change its current software. It only has to process the receipt in the bank communicationchannel. When multifunctional electronic wallet is successfully developed on the SIM card,electronicpaymentusingmobilecommunicationchannelwillbecomethefuture transaction mechanism. Visa International also plans to adopt electronic payment systemviatelecommunicationchannelsinitsVisaOpenplatform.Thereforewhen the Javabased Visa card becomes an integrated component in the SIM card, electronicpaymentcouldbeperformedviathemobiletelecommunicationchannel [NewsEdge1998a].
7.4 SmartcardinInternetsecurity
Because a smart card can include very precise access information to protect privacy and data security, smart cards will become an increasingly attractive alternative for PC and Internet access. This application makes the smart card a directandsecureextensionofaPCnetwork. Inthesystemsecurityarea,smartcardscanbeemployedforholdingpersonal datasuchastheusersloginpasswordandotheruserspecificinformation.Withthe useofasmartcard,theuserdoesnothavetorememberpasswordsfordifferent machines because all the passwords can be stored on a single card. With an appropriatePINforthesmartcard,theusercouldloginintoanycomputersystem. In the Windows NT 5.0 platform, users can use smart cards to login to their PersonalComputer.ThisensuresoneusercouldonlyaccessonePCatatime.If the users profile information is stored on the smart card, he/she can even login anywhere on the network with his/her unique user profile. In addition, access to
Page8 6
secure database and Internet server can be protected by the use of smart card. Intrusiondetectionprocedurescanbemadeeasier. Thereareanumberofapplicationsforsmartcardsinthesecurityrelatedarea. WeshallfocusonthefollowingfourtopicsDigitalID,ComputerLogon,Intrusion detectionsystems,andbiometricauthentications.
7.4.1 SmartcardasDigitalID
Identification and trust is a vital component in electronic commerce. To do businessonline,peopleneedtobeabletoestablishtrustwiththeircounterparts.In thefuturebankingmodel,inadditiontosecuretransactionchannels,softwaredigital IDsandsecurepaymentsoftwarearealsorequired.Accordingtoareportgivenby NewsbytesNewsNetworkinNovember1997,Internetfraudhasincreasedby300% overthelastyear.Oneofthemainreasonsforthisincreaseisusersareunableto positively identify their counterparts identities. If consumers can be sure of the identity of their counterparts and have a quick and simple way of checking their credentialsthenthiskindoffraudscouldbecurtailed. Digital certificates have been introduced for solving this problem. Digital certificate is a data file that contains an individuals public key along with other identificationinformation,includingtheownersname,thecertificatesserialnumber and expiration data, and possibly other usersupplied information. In addition, a digital certificate also contains the name and digital signature of the certification authority(CA)thatissuedthecertificate.Thecertificationauthorityisatrustedthird party,suchasabank,governmentagencyoremployerthatverifiestheidentityof thecertificateownerbeforeissuingthecertificate[Gemplus1998f]. In practice, the public key is made readily available while the private key is securedandaccessibleonlybytherightfulowner.Thesepublicandprivatekeysare usuallygeneratedinpairs.Inotherwords,adigitalcertificateholderwillbegivena privateandapublickey.Withadigitalcertificate,anyonewithaccesstotheprivate keyisassumedtohaverightfulownershipofthecertificate.Astheprivatekeyisthe mostimportantcomponentofthedigitalcertificate,protectionoftheprivatekeyisthe singlemostimportantaspectofusingdigitalcertificates.Whenevertheprivatekeyis exposedorlost,thedigitalcertificatewouldhavetobeinvalidatedandanewone issued.
Page8 7
Current Digital ID is produced by a Certification Authority such as Verisign throughtheInternet.Thiscertificateisusuallystoredonthecomputeroftheuser. However,becausethecertificateiskeptonthecomputer,theuserwillhavedifficulty in using the same identification at different physical locations. In addition, as the certificateisthepersonalidentificationoftheuser,itshouldnotbeaccessibleby otherusers.Moreandmorecomputersaredesignedtosupportmultipleusers,and moreandmorecomputersarepermanentlyconnectedtotheInternet.Thereforethe certificate kept on a computer could be accessed by other users. Even with the hardesttoguesspassword,thecertificatecouldbeobtainedbycopyingitdirectlyout oftheharddisk.
Figure76.AgeneralpictureonDigitalIDapplications.
To protect this digital certificate, users could use the smart card to hold this digitalID[DigiCash1994,DigiCash1996].Smartcardsarewidelyadoptedasthekey component in electronic commerce because they provide secure, portable and personalmeanstotransportandusethecryptographic keysinthemassmarket. Usually, cryptographic smart cards such as Schlumbergers Cryptoflex card and GemplusGemSafecardareused. Pilot tests were carried out by Verisign and Schlumberger in January 1998. Verisignsclass1DigitalIDscanbeissuedanddownloadedtoCryptoflexcards.It canalsobeusedforInternetaccesswithMicrosoftIEandtheNetscapebrowser.
Page8 8
Aselectroniccommercerequiresdigitalcertificateforauthentication,smartcards canbeissuedforthisapplication.PromotedbyMicrosoft,IBM/LotusandNetscape, S/MIME,whichusesdigitalIDsforauthentication,hasbeenadoptedasoneofthe choicesforsecuremessaging.Withtheuseofthedigitalcertificateonasmartcard, theusercanusestandardwebbrowsertodigitallysignHTMLformsoremail. Digital certificate on a smart card is not only a card for authentication on cyberspace.Withthedigitalcertificateskeptinthesmartcard,peoplecouldaccess variousmanagementinformationsystemsviaanysuitablyequippedInternetterminal [Birch1998, DigiCash1994, DigiCash1996]. Digital Certificate on a smart card is believedtobewidelyusedinthefuture. Identification on the Internet is very important. Digital certificates enable organizations and individuals to communicate securely (using encryption) over untrustednetworksandauthenticatetheirremotecounterparts.Therefore,withthe expectedwidespreadadoptionofelectroniccommerceinthefuture,digitalIDswill become the personal identity information and smartcards will become thedigital identitycards.
7.4.2 SmartcardasComputeraccesslogonkey
InMarch1997,HewlettPackard,InformixSoftwareandGemplusdemonstrated ajointlydevelopedcorporateIntranetandInternetsecuritybusinesscard.Thiscard isusedforwebsecurityandInternetaccesssecurity. InMicrosoftsPC/SCplan,oneofsmartcardsfunctionsisasasecurestorage fordigitalcertificates.Moreover,Microsofthasalsointroducedsmartcardsintotheir Graphical Identification aNd Authentication (GINA) system. With this logon mechanism, the smart card is used as the key to computer logon authentication procedure. Accesscontrollistsandpermissioninformation ofparticular users are retrievedfromthecardandtheKerberosserver.
Page8 9
Page9 0
Figure77.GraphicaldescriptionofWindowsNTLogonsystem.
With this Microsoft Windows logon authentication system, the users identity, whichisbasedonthedigitalcertificate,iskeptinsidethecard.Usingthecertification authorityinMicrosoftWindowsNT5.0,adigitalIDwillbeissuedandsenttothe smartcard.Toenablethismechanism,MicrosoftWindowsNT5.0machinesmustbe configuredtobeawareoftheinstalledsmartcardreader.Completedocumentation isavailablein"SmartCardCertificateEnrollment"[Microsoft1998d].Atpresenttime, only Microsoft Windows NT 5.0 and Windows 98 have this builtin smart card authenticationscheme. BydevelopingaGINADLLthatissmartcardaware, asmartcardcontaining publickeycertificatestakesonthefunctionalityofacredentialcachethatcanbe usedtologauserontomultipledomains. Furtherextendingthisidea,smartcardscouldbeinvolvedinclientauthentication overasecureprotocolsuchasSecureSocketsLayer(SSL)3.0.Aftertheintegration oftheauthenticationsmartcardcomponentsintothebrowser,asmartcardcanbe usedtoenhancetheauthenticationprocessasasecurestorefortheprivatekeyor evenasacryptographicengineinassociationwiththebrowser. Inourview,thesmartcardwillbecomethekeytosinglesignonmechanism.In thefuture,userswouldbeabletologontomultipleserverswithsinglesmartcard.
Page9 1
7.4.3 SmartcardinIntrusiondetectionSystemasuserprofileholder
More and more companies are using Intranets and Extranets as their secure transactionmedia.Thisraisesthecompetitivenessofacompanyontheonehand butattractsmisfeasors,masqueradersandclandestineusersontheotherhand. Studiesonintrusiondetection[Pipkin1997,ISS,ISS1998,Sun]haveshownthat mostintrudersandhackersonInternetsitesorenterprisenetworksareinsidersof thosesites.Tofightagainstthoseintruders,userprofilebasedstatisticalanomaly detection would be amore suitable method than the misuse detection approach, especially within an enterprise network. However, where userprofiles should be storedisoneofthemainproblems.Thisproblemwillbecomemoreprominentwhen aworldwideenterprisenetworkisinvolved.Iftheseprofilesarestoredonlyonone localized domain profile server, whenever a user needs to access the company networkonbusinesstrips,onewillhavetoeitheraskthenetworkadministratorto transfer one's profile to another site or to carry it to other sites by the users themselves.Thebestmethodistoallowtheuserstocarrytheirprofileswiththem. As userprofiles contain sensitive data, they should be stored in a highly secure storage media, keeping intruders from accessing them. A most often suggested solutionistoemploythesmartcardasthesecurestoragemedia[Gemplus1998c, Gemplus1998d,Gemplus1998e,SLB1998a]. Withtheuseofsmartcardtechnology,datakeptonthesmartcardcouldonlybe accessed or modified by the authorized users or system. Besides, with the computationalpower ofthechip card, encryption and other secureauthentication procedurescouldbeperformedentirelyonthecard,makingthestoreddatamore secure. Also, with the implementation of the PC/SC smart card standards, smart card will become a standard device on personal computers as well as Unix workstations.Furthermore,thecomputerlogonauthenticationschemewillsoonbe implementedandusedonWindowsNTsystems,souseofsmartcardinuserprofile basedintrusiondetectionsystemisareasonableprojection.
Page9 2
Figure78.AsimplediagramofSmartKIDS.
In an article presented in RAID 98 [Ieong1998b], we proposed a smart card basedintrusiondetectionsystemcalledSmartKIDS(forenterprisenetworksecurity protection).Whenanauthorizeduserwithavalidcardaccessanymachineonthis enterprise network, the intrusion detection scheme starts automatically after authenticationlogonsucceeded.Togetherwiththeauthenticationrelatedpersonal informationandenterpriserelateduserprivilegeskeptinthecard,systemsecurity can be enforced. Additionally, with the user specific preferences stored, user preferencesandsystemconfigurationcouldberestoredafterthelogonprocedure. Whenauserlogontoanenterprisenetworkmachineusingthisauthentication scheme, all he/she needs to do is to insert his/her Smart KIDS card. The authenticationprocesswillbeperformedautomaticallyandtheagentresidingonthat machinewillassignaroutingtablefromthatmachinetothedestinedmachinesand gatewaydynamicallyaccordingtothenetworkinformationobtainedfromtheSmart KIDScardandtheauthenticationserver.Thiscontrolstheaccessibilityoftheuser basedonhis/heridentityandrights.User'sbehaviorsarecapturedandtogetherwith theuserprofileontheSmartKIDScard,auser'sbehavior"signature"isgenerated. This signature is generated by the statistical anomaly detection system that summarizestheuserloginandaccesstimes,mostfrequentlogonlocationandfiles, andkeystrokespeed.Also,theagentwillmonitorandgeneratealertsiftheuser's
Page9 3
actionsexceedtheprivileges/heisentitledto.Incaseofaseverecompromise,the machinewillbedisconnectedfromthenetworkbydisablingtheroutingtable. Basedonthistypeofintrusiondetectionsystem,thesmartcardisusednotonly asanauthenticationmechanism,butalsoasakeycomponentforhackerdetection.
7.4.4 Biometricauthentication
Usually, inasmartcardapplication, user authentication isbased onthePIN. However,authenticationbasedonPINisnotaveryconvenientmethodespecially whentheuserhasanumberofPINsandpasswordstoremember.Theusermay forgethisPINandcausethecardtobedisabledaftermultiplefalseattempts.Users areknowntohaveintentionallydisabledthePINauthenticationfunction.Asaresult, thesecurityofasmartcardwouldbelost. Asbiometricidentificationtechniquessuchasfingerprint,voice,signatureandiris patternbecomemoremature,morenaturalanduniqueidentificationtechniquescan beusedinthesmartcardauthenticationprocedure.Accordingtoareportinearly 1998 by CardTech [CardTech1997], around 64% of the respondents agreed that biometricstechnologycouldhelpinfightingagainstfinancialfraudwithin5years. Manycompanieshavestartedtousethistechniqueinsecurityrelatedcommercial marketssuchasATMmachines.Siemenshasdevelopedafingerprintrecognition systemforusewiththesmartcard.Inthenearfuture,biometricidentificationwillbe integratedinthesmartcardoperatingsystems,souserscoulduseacombinedPIN and biometric authentication scheme. By using algorithms designed in the applicationdevelopmentstage,moresophisticatedauthenticationmethodscouldbe used. Webelievethatinthenearfuture,biometricidentificationonsmartcardswill soon replace thetraditional authentication methods due totheir ease of use and equallyhighaccuracy.
Page9 4
8.SUMMARIESANDCONCLUSIONS
Based on the report from Dataquest Inc., a unit of the Gartner Group, the worldwidechipcardmarketreached$1.4billionin1997.Drivenbythestrongsales inEurope,themarketisforecasttocontinuetoshowstronggrowthwithrevenue reaching$6.8billionin2002.EuropewasstilltheNo.1regionforchipcardrevenue. Around 76.8 percent of the worldwide market in 1997 was generated in the Europeanmarket. Regionalchipcardmarketsareundergoingchanges.By2002,Europe'sshareof theworldwidechipcardrevenuewilldeclineto47.8percent,whileAsia/Pacificwill be the No. 2 region with 30.1 percent of worldwide sales. The Americas (not includingtheUnitedStates)willaccountfor8.6percentofsalesin2002,andthe United States will have 7.8 percent of chip card revenue [NewsEdge1998c]. ThereforetheacceptancerateofsmartcardbyAsiamarketismuchhigherthanin the American market. In SJB Services report, the average annual growth of the smartcardmarketisexpectedtobemorethan50%.Althoughmostofthecardsare payphonecardsandtwothirdofthecardssoldarenotmicroprocessorcards,this trendwill change. Itisexpectedmorecardapplications wouldbedeveloped and mostofthemwillrequiretheuseofmicroprocessorcards. Twodecadesago,thesmartcardwasfirstintroducedintothecardmarketat almost the same time as magnetic stripe cards. However, because of high manufacturing cost and lack of applications, the smart card has not been widely accepted until the 1990s. Nowadays, smart card technology is becoming more mature. Many major chip manufacturers such as Motorola, Hitachi and Siemens haveproduceddifferentcardchipsfordifferentcardsandfordifferentpurposes.The smartcardisnolongertiedtocreditcardinsizeandappearance.Itisnowavailable inminiaturecardsize(inmobilephone)oreveninsidewatches.Highlysecurechip card manufacturing technology has also been developed for financial transaction relateduses[Slb1998c].Withthistechnology,smartcardscouldbeprotectedfrom hackingbymechanicalorebeamprobingattacks.
Page9 5
Many card application developers had complained that the smart card developmentenvironmentwasnotstandardizedsothatdevelopmenteffortcouldnot be reused. By the combined effort of smart card manufacturers, software and hardware vendors as well as operating system designers, the smart card developmentenvironmenthaschanged.AftertheestablishmentofPC/SCandOCF architectures, software developers would not have to worry about the underlying devicetheyareusing.Applicationsbuiltcouldbeusedondifferentcardreadersand evendifferentcards(providedthatthecardshavethesamesizeofmemory,file structureandusethesamecommands)sharingthesamestandards.Whenthese standards are widely adopted, smart card usage would be as simple as using a floppy drive. Hostside standards will become objectoriented and device independent. The cardside standards are also undergoing a radical change. Before the announcementofJavaCard,smartcardoperatingsystemsareproprietaryproducts. Traditional cardside software designs are usually confined to a particular card operatingsystem.AnapplicationwrittenforcardtypeAwillnotrunoncardtypeB. Furthermore,thesecardscouldonlysupportonesingleapplication.Theemergence oftheJavaCardhaschangedallthat.Smartcardsbecomethecontainerforboth dataandprograminsteadofonlydata.Ratherthanactingasasingleapplication card,smartcardbecomesamultiplepurposecardandcannowhandlemorethan oneapplications. WhenMondexandMicrosoftenteredthecardOSmarketwiththeirMULTOS andSmartCardOS,thetrendincardsidestandardsbecomesmuchclearer.Smart cardOSwillbeconvergingtowardsmultiapplicationsOS.Abrandnewcardindustry cardapplicationdeveloperswilljointhesmartcardmarket. In the future, card applications would be downloadable onto any card. Even thoughinthecurrentstage,therewillbemorethanonedevelopmentlanguageto useforcardapplicationdevelopment(forinstance,ClanguageforMULTOScard, VisualC++andVisualBasicforfutureMicrosoftsmartcard,andJavaforJavacard), is likely that Java would be the common language for all future cards. This is because Sun Microsystems has already signed an agreement with Mondex for importingJavacardletstotheMULTOScard.Thereforeitisreasonabletoassume that Java will become one of the main development languages for cardside applications.
Smartcardshavealreadybeenusedinmanyapplications.Usesofsmartcards range from door access control to computer access logon, payphone to mobile phone,storedvaluecardtoelectronicwallet,andcampusidentitycardtonational identificationcard.Withthedevelopmentofmultifunctionalcards,thefunctionalityof cards could become much richer. Electronic wallet would be combined into the mobiletelecommunicationcard.Infact,multiplepurposesmartcardshavealready beendeployedinHongKongsuniversitiesastheircampusidentificationcards. Barely a decade ago, smart cards could only be thought of as a standalone applicationoncomputersystems.Today,smartcardsarenolongerboundedtoa standalone PC application. It is now a network application that could be further extended to be an enterprise network solution. With the use of the Open Card Framework and PC/SC technology, the smart card platform has migrated from a standalonemachineplatformtotheInternet.ByusingJavatogetherwiththeirJava NativeInterface,Javabasedsmartcardscouldbeconnectedtoabrowserasan object with ease. In the future, smart cards would be used for accessing other devicesovertheInternet. InaMORIreport,16%oftheUKpopulation(andmorethan1/3ofallUKInternet users) have bought something online Bulletin in Internet Works, no 9 p1213 (August1998)[Birch1998].InarecentpollconductedfortheInformationTechnology Association of America, it was found that 15% of Americans have purchased somethingonline.Thelackofacreditcardwas5timesmorefrequentlycitedthan thelackofacomputerasabarriertoonlineshopping.Surferswerefarmoreworried about onlinemerchantsmisusing their personalinformation thanthey wereabout cyberspacethievesstealingtheircreditcardinformation(28thJune1998). Withtheuseofsmartcard,onlineshoppingcustomerswillsoonincrease.Using a smart card as the digital certificate store, digital ID would become a portable personal identification document. Customers would be able to authenticate themselves when shopping on the Internet. Together with the use of electronic money, suchasMondex orVisa Cash, electronic money anddigital identification cardwill soon become theonly cards intheusers wallets. Unfortunately, before electronicmoneybecomeswidelyacceptedbythemarket,anumberofproblems need tobesolved. Themost difficult problem tosolve istheeconomic model of electroniccashinthetraditionalcurrencymarket[Rankl1997].
Page9 7
Thesmartcardisnotthemainconcernintheonlineelectronicpaymentsystem; thepaymentprotocolis.Inouropinion,smartcardswouldbeusedeverywherefor paymentinthefuture,bothonlineandoffline.However,transactionsbasedonsmart cardsshouldberestrictedtosmallamounts,atleastforthepresent,becausethe underlyingpaymentprotocolisnotdevelopedtobeassecureastheyneedtobe.In addition,privacyofthesmartcarduserandbidirectionalpaymentprotocolarenot yetavailableincurrentpaymentprotocols[Hung1998a].Infact,smartcardsfitwell intothemodelforhighprivacyelectronictransactions.Protocolsforthismodelhave beendescribedinourcompanionElectronicPaymentSystemsHandbook. Afewyearsago,cryptographyandsecurityonsmartcardswerethegreatest problems to be solved. Nowadays, cryptography on smart cards is quite mature. DESandRSAalgorithmshavealreadybeenimplementedonsmartcards.Hardware cryptographicmoduleshavebeenimportedtosmartcards.Asaresult,encryption anddecryptionproceduresarenowmuchfasteronthesmartcard.Newerandfaster cryptographicalgorithms,forinstance,EllipticCurveCryptography[Boogaerts1998], havebeenintroducedforthesmartcard.Eventhoughmodificationandoptimization oftheseciphersarerequired,cryptographicissueisnolongerthegreatestproblem tomovesmartcardforward. With the advance in biometric authentication technology, different biometric authenticationschemeshavealready beenusedinvarious applications. Because thisauthenticationneedsthecooperationoftheinformationownertobeused,no onewouldbeabletousethisinformationwithouttheusersapproval.Furthermore, because a user may forget a PIN number but not his finger, so the biometric authenticationschemeismuchmoreconvenienttouseandisanaturalmovein smart card authentication. In the near future, biometric authentication technology wouldbeintegratedinthesmartcard. Moreandmoreapplicationswillmakeuseoftheauthenticationfeatureofsmart cards. For instance, smart cards could be used in workflow control system as a controlling device. Based on this device, manufacturing procedures in the textile industry and financial institutes workflow or even normal office environment will benefit. Otherthanworkflowsystemsinthetraditionalofficeenvironment,thesmartcard canbecomethedrivingforceforthesmallofficeandthehomeofficeas wellas
Page9 8
electronic commerce. In the networked environment, network configuration and remote access services could be performed using the smart card to provide preference,authenticationandconfigurationinformation. The smart card currently is considered as a highly secure container. But its usefulness is not restricted to this function. It will soon become an extension of personalcomputers.Manynewapplicationswillemergewhenthesmartcardand relatedtechnologiessuchasnetworktechnologyadvance.Withnewandinnovative ideas,thesmartcardwouldbecomeanessentialcomponentinourdailylife.
Page9 9
GLOSSARY
APDU(ApplicationProtocolDataUnit) APDU is the basic command unit for a smart card. An APDU contains either a commandmessageoraresponsemessage,sentfromtheinterfacedevicetothe smart card or from the card to the device. See ISO 78163 standard for more information. ATM AutomaticTellerMachine.Adevicethatallowsabankaccountholdertocarryout certaintransactionsusinghisbankcard. ATR(AnswerToReset) A message that is returned by a smart card when it is powered up. The ATR indicatesthecardtype,communicationprotocolandotherbasicinformationthatis usedtodeterminetheparametersforthecommunicationbetweenthecardandthe interfacedevice.Thisdataisreturnedbythesmartcardwhenitisphysicallyreset. Authentication Proceduretocheckthatacardorasystemiswhatitclaimstobeviaacryptographic process. Biometrics Techniqueusingphysicalcharacteristicssuchasfingerprints,handgeometry,voice or signature characteristics, eye patterns, etc., of a person for identification purposes. CA(CertificationAuthority) Theentitytocertifytheidentityofoneormorepartiestoanexchangeortransaction. Cardholder
Page1 0 0
Generallythepersontowhomanominativecardisissued.Forfinancialtransaction cards,thecardholderisusuallythecustomerassociatedwiththeprimaryaccount numberrecordedonthecard. Cardissuer Anentitywhichissuesuserswithcards. Cardmanufacturer Anentitywhichproducestheactualcardsandincorporatesmodulesinthem. COS(CardOperatingSystem) ThemicrocodecontainedinthesmartcardROMthatisusedforcommunicatingwith thesmartcard,managingsecurity,andmanagingdatainthesmartcardfiles. Cardowner Ownerofthecard,usuallyalsotheuser. Cardreader Largelymechanicaldevice,whichreceivesdatafromanintegratedcircuit(s)cardvia galvanizedcontacts Chip Alsoknownasintegratedcircuit.Apieceofsiliconetchedwithelectroniccircuits. CombiCard Acardwhichusesbothcontactandcontactlesstechnology. Contact Apointofelectricalconnectionbetweenanintegratedcircuitcardanditsexternal interface device. ISOstandard ICcards have eight contacts (thecontact plate is commonlycalledamodule). ContactSmartCard Asmartcardthatoperatesbyphysicalcontactbetweenthereaderandthesmart card'sdifferentcontacts.
Page1 0 1
ContactlessSmartCard Asmartcardthatcommunicateswithanantennabymeans ofaradiofrequency signal.Thereisnoneedofphysicalcontactbetweenthecardandareader. DEA(DataEncryptionAlgorithm) SameasDataEncryptionStandardAlgorithm. DF(DedicatedFile) Adedicatedfileisthememoryorganizationformicroprocessorcards.Itisalogical entitythatholdsanumberofelementaryfiles(EF)orotherdedicatedfilesthatispart ofasmartcardsfilesystem.Inmultipurposecards(e.g.,MPCOS)eachDFwill normallycorrespondtoadistinctapplication. DES(DataEncryptionStandard) SameasDataEncryptionAlgorithm.Themostwidelyusedmethodfor"symmetric" encryption(i.e.usingthesamekeyforencryptionanddecryption).Themainsource isANSIX3.92. DigitalCash This term is applied to various schemes which represent money using electronic means. Inthesmartcardworld,valueisusually storedonacardknownas an electronicpurse. Digitalcash,however,normallyconsistsofsoftware"certificates" or tokens which can be stored on computer, or transferred to another party as payment. DigitalSignature An encrypted field, normally encrypted using the senders private key, which is attachedtoamessagetoproveitssourceandintegrity. EEPROM,E2PROM(ElectricallyErasableProgrammableReadOnlyMemory) Chipcard memory which keeps its data without power supply. Memory whose contentscanbeloadedaftermanufacture.Contentscanbeerasedandnewdata canbereloaded EF(ElementaryFile)
Page1 0 2
Anelementaryfileisthesmallestlogicalentitythatcanbesecuredintheoperating system.Thismemoryorganizationispartofthesmartcardfilesystemthatcontains applicationdata. ElectronicBanking Banking operation conducted by electronic means, especially electronic funds transfer. Epurse(ElectronicPurse) Asmallportabledevicewhichcontains electronic money.Smartcardistheideal devicetoimplementanelectronicpurse.Itissometimescalledtheelectronicwallet orthestoredvaluecard. EMV AcooperationofEuropay,MastercardandVisatocreateglobalspecificationsfor financialrelatedsmartcards Encryption Manipulating data to make it unreadable to anyone who does not possess the decryptionkey. ExternalAuthentication Access to the protected data will only be granted if a successful cryptographic authentication of the external world (e.g. a terminal or card reader) occurred previously. FERAM(FerroElectricRAM) Randomaccessmemorycoveredwithanadditionallayerinapatentedprocessto makeitnonvolatile(i.e.itdoesnotloseitsmemorywhenpoweredoff).FERAMis much faster and uses less space than EEPROM, but the FERAM process is proprietary. GSM(GlobalSystemforMobileCommunications)
Page1 0 3
Itisaspecificationforaninternational,terrestrialmobiletelephonesystem.Originally intendedtocoverafewcountriesincentralEurope,itisincreasinglydevelopinginto aninternationalstandardformobiletelephones HybridCard Hybrid cards are a combination of conventional smart cards with contacts and contactlesscards.Here,thechipandtheantennaareintegratedinthesameplastic card. IC(IntegratedCircuit) Anelectroniccircuitinwhichmanyactiveorpassiveelementsarefabricatedand connectedtogetheronacontinuoussubstrate. ICC(IntegratedCircuitCard) ICCardisequivalenttoSmartCard.AcardintowhichoneormoreICshavebeen incorporated. IFD(InterfaceDevice) SameasCardAcceptingDeviceorReadWriteUnit.Itisequivalenttocardreader. Initialization Firststageofthecardissuingprocess.Thepurposeofthisprocessistoloadthe basic data and all the data common to one application into the smart card's EEPROM InternalAuthentication Computeauthenticationdatausingchallengedatasentfromthehostsystemanda relevantsecret(e.g.akey)storedinthecard. Interoperability Theabilityofproductsmanufacturedbydifferentcompaniestooperatecorrectlywith oneanother. I/O(Input/Output)
Page1 0 4
TheprocessordevicesthatmoveinformationbetweentheCentralProcessingUnit andperipherals. ISO(InternationalStandardsOrganization) TheinternationalstandardISO7816definesthecharacteristicsandinterfacesofa smart card. To ensure that semiconductor companies, software developers and smartcardmakerscomplywiththesamespecifications,anumberofinternational standardshavebeendrawnup.Theseinclude: ISO78161 Identification Cards, Integrated Circuit(s) Cards with Contacts Part 1: Physical CharacteristicsofICcards ISO78162 IdentificationCards,IntegratedCircuit(s)CardswithContactsPart2:Positionof moduleandcontactsonICcards ISO78163 Identification Cards, Integrated Circuit(s) Cards with Contacts Part 3: Electronic signalandtransmissionprotocolwithICcards(i.e.,communicationbetweenreaders andcards) ISO78164 IdentificationCards,IntegratedCircuit(s)CardswithContactsPart4:Commandset formicroprocessorcards ISO78165 IdentificationCards,IntegratedCircuit(s)CardswithContactsPart5:Numbering systemandregistrationproceduresforapplicationIdentifiers ISO78166 IdentificationCards,IntegratedCircuit(s)CardswithContactsPart6:Interindustry dataelements(DraftInternationalStandard) ISO78167
Page1 0 5
Identification Cards, Integrated Circuit(s) Cards withContacts Part 7:Enhanced interindustrycommands ISO78168 Identification Cards, Integrated Circuit(s) Cards withContacts Part 8:Enhanced identificationcards,integratedcircuit(s)cardswithcontacts JavaCard SchlumbergerandGemplushavedevelopedspecificationsforrunningasubsetof the Java language on a smart card. Java is an open, machineindependent languagewhichoffersahighlevelofprotectionbetweenapplications;itisthuswell suitedtoamultiapplicationsmartcard,althoughitimposesahigheroverheadthan conventionalsmartcardoperatingsystems. Keys Inamodernencryptionsystem,thealgorithmisgenerallyassumedtobeknown,and whatiskeptsecretisthekey.Therearemanydifferentformsofkey,eachofwhich canberegardedasastringofmeaninglessbitsuntilitisusedtoencodeordecodea message. MAC(MessageAuthenticationCode) A cryptographic checksum used to detect whether data is authentic and has not beenmodified. MagneticStripecard Cardwithamagneticstripeservingasadatacarrier MaskedFunction Afunctionthatismanufacturedintotheoriginalchip(seealsoFilteredFunction). Memory Generaltermforcomputerhardwarethatstoresinformationinelectricalormagnetic form. MemoryCard
Page1 0 6
Aplasticcardwithasimplememorychipwithreadandwritecapability. MF(MasterFile) Themasterfileofasmartcard'sfilesystemisaspecialdedicatedfilethatrepresents therootofthefilesystem.Thisfileisuniqueandobligatory.Ithasitsownsecurity attributesandmaycontainDFsand/orEFs.Afteraresetorpowerup,thisfileis automaticallyselectedbytheoperatingsystem.ThemasterfileonanISO7816 compliantsmartcardhasthefileidentifier3F0016. MFC(MultiFunctionCard) Asmartcardthatcouldhandlemorethanoneapplication. Microprocessor AchipthatservesastheCentralProcessingUnitcontrollingacomputer.Itprovides programmableintelligence. Mondex AsmartcardoperatingsystemdevelopedbyNatWestintheUKandalsoanecash smartcardthatsupportsdirecttransferofvaluefromonecardtoanother. OCF(OpenCardFramework) The OpenCard Framework is an architecture for cards and terminals intended to standardisethedevelopmentofsmartcardandterminalapplications.Itispromoted by Apple, IBM, Netscape, NCI, and Sun, and is strongly linked with Java developmentsinthesamearea. PC/SC(PersonalComputer/SmartCard)Workgroup Agroupofleadingpersonalcomputerandsmartcardcompanies,foundedtowork onopenspecificationstointegratesmartcardswithpersonalcomputers. Personalization The process during which individual data are loaded into the chip. Typically performed together with the printing of personal data (name, IDnumber, picture, etc.)andacardnumberontotheplasticcard.Insomecasesamagneticstripeis also encoded at the same time. There are usually two sorts of personalization:
Page1 0 7
graphicalandelectrical.Graphicalpersonalizationmodifiesthevisualaspectofthe card(holder'sname,photograph)electricalpersonalizationmodifiestheinformation heldinelectronicform. PIN(PersonalIdentificationNumber) APINisapersonalidentificationnumberusedtolockandunlockcards. PKA(PublicKeyAlgorithm) Acryptographicalgorithminwhichencryptionanddecryptionareperformedusing twodifferentkeys,oneofwhichisreferredtoasthepublickeyandoneofwhichis referredtoastheprivatekey.Thepublickeyispublishedandavailabletoanyone wishingtosendanencryptedmessagetotheholderoftheprivatekey.Receiverof themessagecouldalsousethepublickeytoverifytheidentityofthesender. POS(PointofSale) POS terminals (in comparison to central terminal) are the locations at which a transactioniscontracted. PrePaidCard A card paid for at the point of sale, and permitting the holder to buy goods or servicesusuallyofaparticulartypeuptotheprepaidvalue.Notallsuchcardsare ISO standard identification cards because some do not show the identity of the bearer(e.g.,phonecards,transportationcards). PrivateKey Akeyonlyknowntotheowner.Acryptographickeyknownonlytotheowner.Or,the secretcomponentofanasymmetriccryptographickey. Protocol Asetofrulesandproceduresgoverninginterchangeofinformationbetweenasmart cardandareader.TheISOdefinesseveralprotocols,includingT=0,T=1andT=14 PublicKey The publicly available and distributed component of an asymmetric cryptographic key.
Page1 0 8
RAM(RandomAccessMemory) Avolatile memorythat isused as a scratchpad by the microprocessor incertain smartcards. ROM(ReadOnlyMemory) A memory in which the information can be read but not written. Chip operating systemsarenormallymaskedintotheROM,whichisalsoreferredtoasfirmware. RSA ApublickeyalgorithmnamedaccordingtoitsinventorsRivest,Shamir,Adleman. SAM(SecurityAccessModule) Adedicatedmicroprocessorunitthatenablesactiveauthenticationwithappropriate memoryormicroprocessorcard. Session Periodoftimebetweentwocardresets,orbetweenpowerupandapowerdown. Sessionkey Arandomnumbergeneratedtoserverasakeyforaspecifictransactionorsetof transactions. SET(SecureElectronicTransaction) A technology developed by a group of companies including IBM and Visa for customertobusinesstypeecommerce.Thevehiclefortransactionusedaremainly creditcards. SIM(SubscriberIdentificationModule) AspecifictypeofsmartcardforGSMsystemsholdingthesubscriber'sIDnumber, thusallowinghimtocallfromanyGSMdevice. SmartCard Asmartcardorchipcardisaplasticcardwithanembeddedmicrochip. StoredValueCard
Page1 0 9
A card which is used to store value such as loyalty points or credit for canteen meals.InEurope,thetermisusedtodenoteacardwhichisissuedandredeemed withinaclosedcircuit,incontrastwithanelectronicpurse,whichcanbeusedtobuy goodsandservicesintheopenmarket.IntheUSA,theterm"storedvaluecard"is usedmorewidely,andcandenoteanelectronicpurse. TPDU(TransmissionProtocolDataUnit) Ablockofdatasentfromthesmartcardtothehostapplication. T=0,T=1,T=14 TheasynchronouscharacterandblockprotocolsrespectivelydefinedbyISO7816 part3. VolatileMemory Amemorydevicethatdoesnotretainstoredinformationwhenpowerisinterrupted (e.g.,RAM).
Page1 1 0
REFERENCES
[ADE]ADE,WhatisaCombiCard?,ADE, http://www.combicard.com/What%20is %20a%20CombiCard.htm [Bull1998] Bull Groupe, Smart Cards World Applications, CP8 Transac, Bull Groupe,1998,http://www.cp8.bull.net/scworld/applica.htm [Birch1998] Dave Birch, Smartcards & ECommerce: ECommerce Security in Context,Scandicards1998,http://www.hyperion.co.uk [Boogaerts1998] Therese Boogaerts, Implementation of elliptic curves cryptosystemsforsmartcards,CARDIS98,1998 [CardTech1997] CardTech/SecurTech, CTST Attendee Survey Shows Pragmatic Optimism,CardTech/SecurTech,1998,http://www.ctst.com/survey.htm [CardTech1998a]Faulkner &Gray,Inc.,SmartCardSales ataGlance:Industry Ranking,http://cardtech.faulknergray.com/ranking.htm [Chan1998] PuiNang Chan, Samuel T. Chanson, Ricci Ieong, and James Pang, "SmartCardPaymentoverInternetwithPrivacyProtection",CARDIS'98,1998 [Chaum1989] David Chaum, International Smart Card 2000 Conference, Smart Card2000Conference,Amsterdam,October1989 [Chen1998]ZhiqunChenandRinaldoDiGiorgio,UnderstandingJavaCard2.0, March1998,http://www.javaworld.com/javaworld/jw021998/jw03javadev.html [CityU1997] Technical Team, CSC, Technology Information Series: Smartcard, RFID and Related Information, City University of Hong Kong, 1997, http://cctpwww.cityu.edu.hk/computer/c3smartcard.htm [Clemons1997] Eric K. Clemons, David C. Croson, and Bruce W. Weber, ReengineeringMoney:TheMondexStoredValueCardandBeyond,International JournalofElectronicCommerce,Winter199697,Vol.1,No.2,pp.531
Page1 1 1
[Crosbie] M. Crosbie and K. Price, Intrusion Detection Systems, http://www.cs.purdue.edu/coast/intrusiondetection/ids.html [Devargas1992] M. Devargas, Smart cards and memory cards, NCC Blackwell, Manchester,1992. [DigiCash1994]DavidChaum,PrepaidSmartCardTechniques:ABriefIntroduction and Comparison, DigiCash, 1994, http://www.digicash.com/news/archive/cardcom.html [DigiCash1996] DigiCash, Digital Signatures and Smart Cards, 3rd International Smart Card Conference, Amsterdam, March 1996, http://www.digicash.com/news/archive/digbig.html [DiGiorgio1997a]RinaldoDiGiorgio,Smartcards:Aprimer,JavaWorld,December 1997,http://www.javaworld.com/jw121997/jw12javadev.html [DiGiorgio1997b] Rinaldo Di Giorgio, Interview: Smart card guru answers questions, JavaWorld, December 1997, http://www.javaworld.com/jw121997/jw12javadev.interview.html [DiGiorgio1998a]RinaldoDiGiorgio,SmartcardsandtheOpenCardFramework, JavaWorld,January1998,http://www.javaworld.com/jw011998/jw01javadev.html [DuCastel98]CyberFlexLive!,winter1998,p6 [Ferranti1997]MarcFerranti,NetscapeEmbracesSmartCardStandard,August7, 1997,IDGNewsService [Fung&Leung1998] Andy O. T. Fung and Ivan K. K. Leung, Final Year Project 9899,AContactSmartCardDevelopmentSystemReport,September1998 [Gemplus9801] Gemplus and Electronic Commerce,
http://www.gemplus.com/applications/electronic_commerce.htm [Gemplus1998a]GemplusS.C.A.,GemplusPreviews WindowsNT5.0Secure Logon With Smart Cards At CardTech/SecurTech98, April 1998, http://www.gemplus.com/presse/1998/windows_nt5.htm [Gemplus1998b]GemplusS.C.A.,FrequentlyAskedQuestionsJavaCardand GemXpresso RAD, March 1998,
Page1 1 2
https://store.gemplus.com/WebObjects/Gemplus.woa/Resources/Cache/GemXpress o_Whitepaper.htm [Gemplus1998c] Gemplus S. C. A., Smart Cards and the Internet, http://www.gemplus.com/welcome/internet.htm [Gemplus1998d] Gemplus S. C. A., Smart Card Applications, http://www.gemplus.com/application.htm [Gemplus1998e] Gemplus S. C. A., What is a Smart Card?, http://www.gemplus.com/welcome/what_is.htm [Gemplus1998f] Gemplus S. C. A. Information Technology: Network Security, http://www.gemplus.com/app/it/netsecurity.htm [Gemplus 1998g] Gemplus S. C. A. Smart Card Terms, http://www.gemplus.fr/basics/terms.htm [GIE1997]GroupementdesCartesBancaires,ChipSecureElectronicTransaction (CSET)SecurityArchitecture,29January1997 [Gorman1997]TrishaGorman,SmartcardscometotheWebareyouready?, March 1997, NetscapeWorld, http://www.netscapeworld.com/netscapeworld/nw031997/nw03smartcard.html [Guthery1998] Scott B. Guthery and Timothy M. Jurgensen, Smart Card Developers Kit, Macmillian Technical Publishing, Indianapolis, Indiana, 1998, http://www.scdk.com/ [Hickman9801] PC Magazine Online Trends: Smart cards go Java http://www.zdnet.com/pcmag/news/trends/t980116a.htm [HKSAR1997]TheHongKongElectronicIndustriesAssociationLtd.,Studyonthe impactoftheDevelopmentandManufacturingTechnologyofSmartCardproducts totheHongKongelectronicindustry,October1997,HongKongSARGovernment IndustryDepartment [Hung1998]Hung,C.K.Patrick,andIeong,S.C.Ricci,"SecurityandPrivacyissues onSmartCardPaymentonWeb",CSCWID'98,July1997
Page1 1 3
[IBM0597]
IBM
&
Siemens
in
Smart
card
partnership,
http://www.chipcard.ibm.com/siemens.html [IBM1998a] IBM ChipCard, IBM Smart Card Solution Elements Technical Overview,IBM,1998,http://www.chipcard.ibm.com/overview/sc_2.htm [IBM1998b] IBM ChipCard, IBM Smart Card Solution Elements Technical OverviewGlossary,IBM,1998,http://www.chipcard.ibm.com/overview/sc_6.htm [Ieong1998b]RicciIeong,JamesPang,Enhancednetworkintrusiondetectionina smart enterprise, RAID98, 1998, http://www.zurich.ibm.com/~dac/Prog_RAID98/Talks.html#Ieong_25 [ISS] Internet Security System Inc., Understanding the Risk, http://www.iss.net/prod/utr.html [ISS1998]InternetSecuritySystemInc.,AdaptiveSecurityModel,AModelSolution A Solution Model, June 1998, http://www.iss.net/prod/asm2_wp/asm2_wp3002.html [JavaSun1] Smart Card Overview,
http://java.sun.com/products/javacard/smartcards.html [Klaus1998] Klaus Vedder and Franz Weikmann, Smart Cards: Requirements, Properties and Applications, Giesecke& Devrient GmbH, http://www.gdm.de/products/card/pay+mm/vortrag/vortrag.htm [Lavare] Bo Lavare, Smartcard security information page, October 13, 1998, http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm [McCrindle1990] John A. McCrindle, Smart cards, SpringerVerlag, Kempston, 1990. [Michigan9701] Ubiquitous Smartcards at the University of Michigan http://www.citi.umich.edu/projects/sinciti/smartcard/smartcardvision.htm [Microsoft1997a] Microsoft TechNet, Smart Cards (Windows NT 4.0 and 5.0, Windows95and98)WhitePaper,NTServerTechnicalNotes,MicrosoftTechNet, September1997
Page1 1 4
[Microsoft1998a]MicrosoftCorporation,Microsoftentersthesmartcardmarketwith lowcost, easytouse approach, Microsoft Corporation, http://www.microsoft.com/presspass/features/1027smartcard.htm [Microsoft1998b]Microsoft,SmartCardforWindows:Backgrounder,October1998, http://microsoft.com/windowsce/smartcard/datasheet.asp [Microsoft1998c]Microsoft,SmartCardforWindows:Backgrounder,theSmartCard Market Opportunity, October 1998, http://www.microsoft.com/presspass/features/smartcardbg.htm [Microsoft1998d] Microsoft, Windows NT 5.0: Smart Card Certificate Enrollment, 1998,http://ntbeta.microsoft.com/Documentation/Doc.asp [Microsoft1998e]Microsoft,WindowsNT5.0:SmartCardLogOntoWindowsNT 5.0,1998,http://ntbeta.microsoft.com/Documentation/Doc.asp [MPACT9707] MPACT Immedia takes aim at Internet Smartcard purchasing, http://www.mpactimmedia.com/pr/1997/canarie.htm [Multos]MaoscoLtd.,Multossmartcard,http://www.multos.com [NCWorld9706] newsbriefs.htm [NewsEdge1998a] NewsEdge, Visa International Expands Reach of Visa Open Platform Into Telecommunications Industry Joint Development with ETSI of StandardsforSIMCards,NewsPage,October27,1998 [NewsEdge1998b]NewsEdge,Frost&SullivanAnalyzesMicrosoftsUnveilingofits SmartCard Operating System, NewsPage, October 28, 1998, http://www.newspage.com/cgibin/NA.GetStory? story=p1027154.301&date=19981028&Query=smart+cards [NewsEdge1998c]NewsEdge,WorldwideChipCardMarketForecasttoReach$6.8 Billion by 2002, According to GartnerGroup`s Dataquest; New Report Provides Detailed FiveYear Forecast for the Industry, NewsPage, November 3, 1998, http://www.newspage.com/cgibin/NA.GetStory? story=b1102082.101&date=19981103&Query=smart+cards http://www.ncworldmag.com/ncworld/ncw061997/ncw06
Page1 1 5
[NewsEdge1998d] NewsEdge, SmartCardMarkettoReach 3.8Billion Cards by Year2000;AverageAnnualIncreaseof52Percent,NewsPage,September1998, http://www.newspage.com/cgibin/NA.GetStory? story=b0923112.901&date=19980924&Query=smart+cards [Priisalu1995] Jaan Priisalu, A Frequently Asked Questions list (FAQ) for alt.technology.smartcards,1995,http://www.ioc.ee/atsc/faq.html [PCSC1996] PC/SC Workgroup, PC/SC Workgroup, Integrating PC's and Smart Cards,http://www.smartcardsys.com/ [Pipkin1997]DonaldL.Pipkin,"HaltingtheHacker,apracticalGuidetoComputer Security",PrenticeHallPTR,UpperSaddleRiver,NewJersey,1997 [Rankl1997]W.RanklandW.Effing,SmartCardHandbook,JohnWiley&Sons Ltd.,Chichester,1997 [Sarlin1996a] Philippe Sarlin, PC/SC Technical Overview, PC/SC Workgroup, http://www.smartcardsys.com/doc/CTST2doc.zip,December1996 [Schaeck1998a]ThomasSchaeckandRinaldoDiGiorgio,HowtowriteOpenCard card services for Java Card applets, JavaWorld, Oct 1998, http://www.javaworld.com/javaworld/jw101998/jw10javadev.html [Scourias] John Scourias, Overview of the Global System for Mobile Communications,http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html [Slb9704] FirstEver JavaBased Smart card Demonstrated by Schlumberger, http://222.slb.com/ir/news/etjava0497.html [Slb9710]World'sFirst'JavaSIMcard'releasedforTrialsHeraldingUpgradeto OpenMultiApplicationEnvironmentforMobileComms [Slb1998a] Schlumberger Limited, Smart Card Technology,
http://www.slb.com/smartcards/technology.html [Slb1998b] Schlumberger Limited, Cyberflex 2.0 Multi 8K, http://www.cyberflex.austin.et.slb.com/cyberflex/cyberhome3.htm
Page1 1 6
[Slb1998c]Schlumberger,WorldFirst:SmartCardSecurityBreakthroughPrepares IndustryforFutureApplications,October27,1998, http://www.slb.com/ir/news/sct sishell1098.htm [Taschler1997] Scott Taschler, Technical Introduction to SignaSURE CIP White Paper, September 30, 1997, http://ww.datakey.com/White_Papers/cip_whitepaper.htm [Verisign9701] Verisign Announces First online issurance of digital IDs on Smart card.http://www.verisign.com/pr/pr_smartcard.html [Visa1998] Visa, The Open Platform Technology: Overview, http://www.visa.com/cgibin/vee/nt/suppliers/open/tech.html
Page1 1 7
PartIV.Appendices
Page1 1 8
APPENDIX
A. PriceComparisonofdifferentcardsand readers
ThepriceandfeaturecomparisonshownbelowisobtainedfromtheInternetand thesalesdepartmentofthreesmartcardcompaniesinHongKong(AdvancedCard Systems, Gemplus and Schlumberger). The price may not be reflecting the true sellingprice.Itisjustforreference.Formoredetailpricesofthesecards,please contactthemdirectly. SmartCards
Categoriesof Cards
MagneticStripe Card
Companyand Cardname
Description
PriceoftheCard
US$0.200.751
Page1 1 9
US$1$20 MemoryCard GeneralInformation (1KCardUS$1.02.5) US$1US$20 GeneralInformation (8KCardUS$715)* Schlumberger/ CyberflexOpen16K JavaCard,16K EEPROM,8bit processor Multipurpose,3K Schlumberger/Multiflex EEPROM,8bit processor Multipurpose,8K Schlumberger/Multiflex EEPROM,8bit processor Multipurpose,1K Schlumberger/Payflex EEPROM,8bit processorwith electronicpursefunction Multipurpose,4K Schlumberger/Payflex EEPROM,8bit processorwith electronicpursefunction Multipurpose,4K Schlumberger/ Cryptoflex EEPROM,onboard RSA1024,DES,Triple DESsignatureandkey Multipurpose,8K Schlumberger/ Cryptoflex EEPROM,onboard RSA1024,DES,Triple DESsignatureandkey Schlumberger/SIMflex Multipurpose,3K EEPROM Multipurpose,8K EEPROM Multipurpose,16K EEPROM Multipurpose,1K ACS/ACOS1 EEPROM,8bit processor,with electronicpursefunction JavaCard2.0,4K Gemplus/GemXpresso EEPROM,32bit US$130 US$3.5(Samplequantity) US$3.71 US$14.52 US$12.95 US$5.63(withoutany printing,andquantities below1000) US$8.73(withoutany printing,andquantities below1000) US$3.68(withoutany printing,andquantities below1000) US$18.67
US$5.82(withoutany printing,andquantities below1000)
SmartCard
ContactCPUCard
Schlumberger/SIMflex
US$4.46
Schlumberger/SIMflex
US$7.07
Page1 2 0
CardReaders
Categoriesof cards
MagneticStripeCard MemoryCard Reader
CompanyandCard name
Generalinformation Generalinformation Generalinformation Schlumberger/Reflex60 Schlumberger/Reflex72 ContactCPUCard ACS/ACR10 ACS/ACR20
Description
Priceof Reader
US$7501 US$500 US$500
ISO7816compatible ISO7816compatible,PC/SC supported Supportallmemorycardsonly ISO7816compatible,PC/SC supported ISO7816compatible,PC/SC supported
US$74 US$100 HK$500 HK$600
SmartCard
Reader
Gemplus/Gem410X ContactlessCard Reader
US$100
Generalinformation
US$1000
Page1 2 1
SmartCardApplicationDevelopmentKit
Categoriesofcards
CyberflexOpen16KDevelopmentKit
Companyname
Schlumberger
Description
2CyberflexOpen16K Cards,1Reader,1 ToolkitDocumentation ACR20reader/writer, ACR20reader/writer UserGuide,16bitand 32bitlibrariesand driversfor development,PC/SC compatibleIFD handler 2GemXpressoApplet PrototypingCards,1 GemXpressoSupport Cardforonline supportaccess,1 standalonereader
PriceofReader
US$499
TheACOS1EvaluationKit
AdvancedCardSystems
US$120
GemXpressoRAD1.0
Gemplus
US$799
Page1 2 2
B.Resources
Most recent information about smart card technology can be found on the Internet.Thefollowingsitesandbooksmaybeusefulforpeopletolearnmoreabout smartcard.
CollectionsofSmartCardBooks
Catherine A. Allen, William J. Barr, Ron Schultz, Smart cards :seizing strategic businessopportunities,IrwinProfessionalPub.,Chicago,1997 Scott B. Guthery and Timothy M. Jurgensen, Smart Card Developers Kit, MacmillianTechnicalPublishing,Indianapolis,Indiana,1998,http://www.scdk.com/ TheHongKongElectronicIndustriesAssociationLtd.,Studyontheimpactofthe DevelopmentandManufacturingTechnology ofSmartCardproducts totheHong Kong electronic industry, October 1997, Hong Kong SAR Government Industry Department Hendry, Michael, Smart card security and applications, Artech House, Boston, Mass,1997 MicrosoftTechNet,SmartCards(WindowsNT4.0and5.0,Windows95and98) WhitePaper,NTServerTechnicalNotes,MicrosoftTechNet,September1997 W. Rankl and W. Effing, Smart Card Handbook, John Wiley & Sons Ltd., Chichester,1997
CollectionsofGeneralSmartCardInternetResources
David B Everett, Smart Card Technology: Introduction To Smart Cards, http://www.smartcard.co.uk/tech1.html Trisha Gorman, Smartcards come tothe Webare youready?, March1997, NetscapeWorld, smartcard.html http://www.netscapeworld.com/netscapeworld/nw031997/nw03
Page1 2 3
IBMChipCard,IBMSmartCardSolutionElements TechnicalOverview, 1998, IBM,http://www.chipcard.ibm.com/overview/sc_2.htm JavaWorld,ACollectionofSmartCardurlsorganizedbytopic,SmartcardFAQ, http://www.javaworld.com/javaworld/jw121997/javadev/SmartCardList.html KlausVedder andFranzWeikmann,SmartCards:Requirements,Propertiesand Applications, Giesecke& Devrient GmbH, http://www.gdm.de/products/card/pay +mm/vortrag/vortrag.htm Jaan Priisalu, A Frequently Asked Questions list (FAQ) for alt.technology.smartcards,1995,http://www.ioc.ee/atsc/faq.html PC/SC Workgroup, PC/SC Workgroup, Integrating PC's and Smart Cards, http://www.smartcardsys.com/ Philippe Sarlin, PC/SC Technical Overview, PC/SC Workgroup, http://www.smartcardsys.com/doc/CTST2doc.zip,December1996 SmartCardSearchEngine,http://www.smartcardsearch.com/
CollectionsofJavaCardTechnologyonInternet
ZhiqunChenandRinaldoDiGiorgio,UnderstandingJavaCard2.0,March1998, http://www.javaworld.com/javaworld/jw021998/jw03javadev.html Rinaldo Di Giorgio, Smart cards and the OpenCard Framework, JavaWorld, January1998,http://www.javaworld.com/jw011998/jw01javadev.html Rinaldo Di Giorgio, Smart cards: A primer, JavaWorld, December 1997, http://www.javaworld.com/jw121997/jw12javadev.html Rinaldo Di Giorgio, Interview: Smart card guru answers questions, JavaWorld, December1997,http://www.javaworld.com/jw121997/jw12javadev.interview.html GemplusS.C.A.,FrequentlyAskedQuestionsJavaCardandGemXpressoRAD, March o_Whitepaper.htm SmartCardOverview,http://java.sun.com/products/javacard/smartcards.html 1998, https://store.gemplus.com/WebObjects/Gemplus.woa/Resources/Cache/GemXpress
Page1 2 4
ThomasSchaeckandRinaldoDiGiorgio,HowtowriteOpenCardcardservicesfor Java Card applets, JavaWorld, Oct 1998, http://www.javaworld.com/javaworld/jw101998/jw10javadev.html SchlumbergerLimited,CyberflexCard,http://www.cyberflex.slb.com
CollectionsofSmartCardSecurityTechnologyonInternet
David Chaum, Prepaid Smart Card Techniques: A Brief Introduction and Comparison,DigiCash,1994,http://www.digicash.com/news/archive/cardcom.html DigiCash, Digital Signatures and Smart Cards, 3rd International Smart Card Conference, Amsterdam, March 1996, http://www.digicash.com/news/archive/digbig.html GemplusS.C.A.,GemplusPreviewsWindowsNT5.0SecureLogonWithSmart Cards At CardTech/SecurTech98, April 1998, http://www.gemplus.com/presse/1998/windows_nt5.htm Bo Lavare, Smartcard security information page, October 13, 1998, http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm Microsoft, Windows NT 5.0: Smart Card Certificate Enrollment, 1998, http://ntbeta.microsoft.com/Documentation/Doc.asp Microsoft, Windows NT 5.0: Smart Card Log On to Windows NT 5.0, 1998, http://ntbeta.microsoft.com/Documentation/Doc.asp ScottTaschler,TechnicalIntroductiontoSignaSURECIPWhitePaper,September 30,1997,http://ww.datakey.com/White_Papers/cip_whitepaper.htm Verisign Announces First online issurance of digital IDs on Smart card. http://www.verisign.com/pr/pr_smartcard.html
CollectionsofSmartCardPaymentTechnologyonInternet
Electronic Trading Concept, Electronic Commerce Resources: Smart Cards, http://www.etc.com.au/smart_cards/
Page1 2 5
Gemplus
and
Electronic
Commerce,
http://www.gemplus.com/applications/electronic_commerce.htm MaoscoLtd.,Multossmartcard,http://www.multos.com Visa, The Open Platform Technology: Overview, http://www.visa.com/cgi bin/vee/nt/suppliers/open/tech.html
Page1 2 6

Smart Card - Introduction To Smart Card Technology

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Smart Card - Introduction To Smart Card Technology

Uploaded by

Copyright:

Available Formats

Contents

6.3Managingdatastorageonthecard...........................................................47 6.4Determinetherequiredbackendsupport................................................54 6.5Choosingcardsideandhostsideenvironment......................................56

SamuelChanson Director CyberspaceCenter

Furthermore,dependingontheenvironmentbeingprotectedthenetworkaccess cardcanalsoperformthefollowingfunctions: Manipulationofdifferentauthenticationcodesfordifferentlevelsofsecurity. Useofbiometrictechniquesasanaddedsecuritymeasure. Maintaininganaudittrailoffailuresandattemptedviolations.

Ifthetravelchargeisdifferentfordifferentzones,thenthecardwouldneedtobe usedattheentranceofthebusorstationandalsoattheexit.Thisprocesswould thencalculatetheamountowedforacertainjourney[Devargas1992].

4.2 CommunicationProtocolbetweenTerminal andSmartCards

Format1ofAPDUcommand 2. Onlyterminalreceivedatabytesfromsmartcard(Le). CLA INS P1 P2 Le

Format2ofAPDUcommand 3. Onlyterminalsendsdatabytestosmartcard(Lc). CLA INS P1 P2 Lc Data

Format3ofAPDUcommand 4. Terminalsendsdatabytestosmartcard(Lc)andalsoreceivesdatabytesfrom smartcard(Le). CLA INS P1 P2 Lc Data Le

9000 6700 6966 6A86 6D00 6E00

O.K. WrongP3 Commandnotavailable P1P2incorrect UnknownINS InvalidCLA

BasedonSW1andSW2,anAPDUwillbereturnedinthefollowingformat.The Datapartisoptional,becausesomeAPDUcommandsdonotrequireanydatafrom thesmartcardasincases1and3above. Data SW1 SW2

PINCode EightbytesPINCode DES(Code,#Ks) EightbytesPINCodeencryptedwithSessionKey(Ks) ResponseAPDU: 4.2.1.2 SW1SW2 Status SpecificStatusCodes:

ThespecifiedCodeislocked MutualAuthenticationnotsuccessfullycompletedpriorto theSUBMITPINCODEcommand

IntheSUBMITPINprocedure,theterminalcaneithersubmitthePINcodein plaintextformat(withoutencryption)orinDESencryptedformatifthecorresponding optionbitDESintheSecurityOptionRegisterisset.

RIDPIX ThefirstfivebytesaretheRID,andthelast11bytes(PIX)canbefreelyassignedby thesmartcardprovider.

4.6 AnExampleofSmartCardApplication: SmartFlowInternetPaymentSystem

Inotherwords,iftheproblemcouldbesolvedbasedonanexistingsolution,off theshelfcardsshouldbeused.Therequiredworkwouldbebasically consistsof systemintegrationofthesmartcardsystemtotheexistingenvironment.Around4to

FileType MasterFile DF EF1

FileID 3F00 0001

Description RootDirectory StudentName

EF2 0002 8bytes Linearfixed StudentIDNumber Table61.ExamplefiletreeforcampusIDcard.

6.5 Choosingcardsideandhostside environment

Categoriesof cards ContactMemory Card Traditional ContactCPU Card Contactless MemoryCard

Oncard Contact Contactless micro controller

Card level VeryLow/ Low

Programming Application Security

language, soft/hardmask required

language, soft/hardmask required Assembly

language, required Assembly

soft/hardmask programming Medium

(notin level) VeryHigh

language, required Assembly

language, soft/hardmask required Assembly

language, soft/hardmask required

MEL,C language Planning Javalanguage

High/Very High Medium/ High Medium/ High Low/ Medium

JavaCard KeyCorp OSSCAcard Microsoft Windowsfor smartcard

7.1 Unificationofsmartcardhostsidestandards onPC

7.1.2 AlternativestandardofsmartcardinPCandMinicomputer (OpenCardFramework)

be found in our companion Electronic Payment Systems handbook. As this is a growingproblem,bettersolutionswouldbeneeded.

actionsexceedtheprivileges/heisentitledto.Incaseofaseverecompromise,the machinewillbedisconnectedfromthenetworkbydisablingtheroutingtable. Basedonthistypeofintrusiondetectionsystem,thesmartcardisusednotonly asanauthenticationmechanism,butalsoasakeycomponentforhackerdetection.

http://www.slb.com/smartcards/technology.html [Slb1998b] Schlumberger Limited, Cyberflex 2.0 Multi 8K, http://www.cyberflex.austin.et.slb.com/cyberflex/cyberhome3.htm

US$5.82(withoutany printing,andquantities below1000)

ISO7816compatible ISO7816compatible,PC/SC supported Supportallmemorycardsonly ISO7816compatible,PC/SC supported ISO7816compatible,PC/SC supported

US$74 US$100 HK$500 HK$600

Gemplus/Gem410X ContactlessCard Reader

ThomasSchaeckandRinaldoDiGiorgio,HowtowriteOpenCardcardservicesfor Java Card applets, JavaWorld, Oct 1998, http://www.javaworld.com/javaworld/jw101998/jw10javadev.html SchlumbergerLimited,CyberflexCard,http://www.cyberflex.slb.com

You might also like