what is smart card_2010!09!20

MXTran Proprietary & Confidential

全宏科技股份有限公司

What is Smart Card ??

洪崇倍 / Otto Hung

[email protected]

MXTran Proprietary & Confidential 2

What is a smart card

• A credit card size plastic with a single IC chip on board and conforms with ISO-7816 and ISO 14443

• comprises of 3 parts– contact disc

– chip

– plastic body with cavity


Application

Source: http://www.smartcard.bull.com/


Categories of Smart Cards

• Memory Cards

– Containing a memory chip (several K bits) with hardwired logic,

– mostly used as prepaid cards,

– low cost.

• Microprocessor Cards (our focus for this topic)

– like small portable computers (without keyboard or monitor screen),

– increased security capabilities,

– can integrate several applications.


Categories of Smart Cards (cont.)

• Contact Cards– must be inserted into a card reader or terminal (Card Acceptance Device),

– more commonly used

• Contact-less Cards– Can function when placed close enough to the terminal,

– Ideal for fast transactions,

– not easily worn out,

– can be of different physical sizes,

– transmitted data can be intercepted

• Dual-Interface Cards


EEPROM : EEPROM : 100 ~ 4 KB 100 ~ 4 KB BitsBits

Decode

LOGIC

I/O

EEPROM

POWERPOWER((VccVcc ))

CLOCKCLOCK

RESETRESET

GROUNDGROUND((VssVss ))

I/OI/O

Architecture of Memory Card

• Hard Wired Logic

• EEPROM Only

• Synchronous Prot.

• Non Standardized


Architecture of CPU Card

• Asynchronous card– (slow data transfer)

• 8 –32 bit µP• 4 – 20 Mhz Clock• High Security• Medium large Size– (10 to 32 mm²)

RAM : Hundreds Bytes(Working Memory)

ROM : 6 ~ 96 KB(Card Operating System)

EEPROM : 1 ~ 64 KB(Application Memory)

µP

LOGIC

RAM

EEPROM

ROM

POWER(Vcc)

CLOCK

RESET

GROUND(Vss)

I/O

RFU (Vpp)


CPU ROM EEPROM WDT RNG

串列界面

RF 界面

RSA加密器

DES加密器

安全保護線路

Bus Access Control

RAM

PLL

Hardware Block Diagram


Standards and Specifications

• Interface– Contact, ISO 7816

– Contact-Less, ISO 14443

• (U) SIM card-related specifications– ETSI GSM 11 series,

– 3GPP 03 Series

• Payment systems– EMV 2000, etc..

• Card Acceptance Device – PC/SC for interoperability between smart cards and PCs

– OpenCard Framework (OCF) similar to PC/SC, implemented in Java


CPU Card Security Mechanism

• Authentication– Passive with verify PIN/Password

– Active with Challenge/Response

– Data security•with secured messaging

• with protecting access channel

• Encipher– Symmetric • DES, TDES, AES

– Asymmetric• RSA,


Smart Card Communication Model

• Commands and Response messages are contained in APDU Command, Application Protocol Data Unit (C_APDU and R_APDU).

Command APDU

Response APDU

Processing


Classify of APDU Command

• Case 1, no command/no response data

• Case 2, no command data

• Case 3, no response data

• Case 4

Header sw

Header Le Data sw

Header Lc Data sw

Header Lc Data Le Data sw


Transmit of OSI-Reference

Physical

Data Link

Transport

Application

Physical

Data Link

Transport

Application

ICC CAD

APDU

ISO 7816, ISO 14443

TPDU

T=0, T=1 and T-CL

Contact Contact-Less


TPDU Format

• Data structure exchanged by using TPDU, Transaction Protocol Data Unit

– T=0, byte oriented

– T=1, Block oriented

– T=CL

P3 DataP2P1INSCLA

1 or 20 ~ 254111

EDC/CRCInformation fieldLENPCBNAD

EpilogueInformationPrologue

20 ~ 254111

CRCInformation field[NAD][CID]PCB

EpilogueInformationPrologue


T=0 TPDU Command

CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LinLinLinLin

PBPBPBPB

DataDataDataData----InInInIn

sw1sw1sw1sw1 sw2sw2sw2sw2

READER

CARD

CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LinLinLinLin

PBPBPBPB DataDataDataData----OutOutOutOut sw1sw1sw1sw1 sw2sw2sw2sw2

READER

CARD

• ISO-IN

• ISO-OUT


T=1 TPDU Command

• Supervisor Block

• Ready Block

• Information Block

– ISO-IN

– ISO-OUT

– ISO-IN&OUT

CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LeLeLeLe sw2sw2sw2sw2DataDataDataData----OutOutOutOut sw1sw1sw1sw1

CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LcLcLcLc DataDataDataData----InInInIn sw2sw2sw2sw2sw1sw1sw1sw1

CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LcLcLcLc DataDataDataData----InInInIn LeLeLeLe sw2sw2sw2sw2sw1sw1sw1sw1DataDataDataData----OutOutOutOut


About Smart Card Software

• Smart card systemHost (Terminal )system + Card system

– Smart card operating systems are typically file system-centric (based on ISO 7816-4)

– Most conventional card applications involve just file manipulations (select, deselect, read, write)

– Software development involves (1) operating system providers, (2) card terminal vendors, (3) application developers, and (4) card issuers


Chip Card File System

• Most smart card operating systems are typically File System-Centric

– based on ISO 7816-4

MFLevel #0

DFLevel #1

DFLevel #1

DFLevel #2

DFLevel #2

EF

EFEF

EF

EFEF


File Structures (1/3)

Header

System Information

Body

Application DataSequence Of Byte

Header

System Information

BodyRecord #1

Record #2

Record #3

Last Record #N

Rest of records

TRANSPARENT FILE LINEAR FIXED FILE



LINEAR VARIABLE FILE

Header

System Information

Record #1 Record #2

Record #P

Record#3

Record

Last#N

Rest of the records

Body

Header

System Information

BodyRecord #1

Record #2

Record #3

Last Record #N

Rest of records

CYCLIC FILE



BER-TLV FILE

Header

System Information

Data #1Data #1Body

Data #2Data #2

Data #3Data #3

Rest of data..Rest of data..

Data #NData #N

TagTag LengthLength ValueValue


Card Operating Systems (COS)

• Traditional O.S.

– only one application or special application

• Open system O.S.

– for multi application or non-specificapplication

• Java Card Operating System

•MultiOS Card Operating System

•Smart Card for Windows

•Global Open Platform


Multi-Application Cards

• New data and new command can be added!!

• Base on “Open OS”

Microprocessor

Virtual Machine

API

EEPROM

Data Code

Stored value applet

Data Code

loyal applet


Source: http://www.smartcard.bull.com/

Realizing the Multiple-Application Vision


Benefits of Open OS

• Interoperability

• Secure loading of applets into card, even after issuance

• An existing field application can be ported onto a multi-application card, without changing the terminal software

• Firewalls between applets � confidentiality of data

• Applet develop in high level language (java, C, …) � very quick time to market


CPU + crypto

Operating SystemROM Operating System

ApplicationA

ApplicationB

filestructure

EEPROM

EEPROM

Filestructure

Java Interpreter

ROM

ROM

Java Card API

VirtualMachine

EEPROM

EEPROM

Hardwareindependant

Hardwaredependant

Java Card Operate System


MULTOS Card Operate System


UICC Card Application Platform

SIM

SIM Application Toolkit (SAT)

Banking Location BrowserSIM-WIM

• The UICC -the multi-application platform

– separation of layers and applications

– logical channels to run applications in parallel

• The SIM -a "mono-application" card

– SIM according to GSM 11.11

– applications based on SIM Application Toolkit

– WIM as exception(own command set and triggered by WAP browser)

UICC

Others

EMV

USIM SIM

ElectronicPurse

Phonebook

(U)SAT

GSM Purse

eHealth


Global Open Platform Card Architecture

Java CardWfSC

VM & API

Proprietary Card VendorOS

WfSCO.S.

Open PlatformAPI

Open platformCard Manager

VisaCash

VisaSmartCredit

VisaSmartDebit

E-Comm Loyalty Loyalty

OR

Issuer Choice of Applications


Definition of Card’s Life Cycle

• Blank Cards

• Pre-Personalized Cards

• Personalized Cards

• Dead Cards

Card

O.S.

FILE STRUCTURE

USER DATA


IC卡之產業分工

系統發展

打線封裝

圖稿設計

版面印刷

壓合沖卡

挖孔植晶

電氣入碼

圖像顯示

防護處理

成卡運送

晶片設計

晶片生產

•系統發展技術•密碼軟體能力•硬體平台整合•量產製程能量•設備操作經驗

•品質保證機制•安全控管機制•發卡金鑰系統•資料庫管理系統•全壽期管理系統

•資料蒐整經驗•發卡運送機制•合約管理經驗•系統整合能力•系統加值服務

前端加值服務公司

IC卡生產工廠

•系統維護能量•客服中心維運•衍生應用發展•潛在商機發掘•全壽期管理營運

主要商機領域�身份識別應用�無線通訊商機�金融付費機制�消費娛樂市場�大眾運輸系統�軍事安全用途

多功能智慧卡應用衍生商機

what is smart card_2010!09!20

Documents