what is smart card_2010!09!20
TRANSCRIPT
MXTran Proprietary & Confidential
全宏科技股份有限公司
What is Smart Card ??
洪崇倍 / Otto Hung
MXTran Proprietary & Confidential 2
What is a smart card
• A credit card size plastic with a single IC chip on board and conforms with ISO-7816 and ISO 14443
• comprises of 3 parts– contact disc
– chip
– plastic body with cavity
MXTran Proprietary & Confidential 3
Application
Source: http://www.smartcard.bull.com/
MXTran Proprietary & Confidential 4
Categories of Smart Cards
• Memory Cards
– Containing a memory chip (several K bits) with hardwired logic,
– mostly used as prepaid cards,
– low cost.
• Microprocessor Cards (our focus for this topic)
– like small portable computers (without keyboard or monitor screen),
– increased security capabilities,
– can integrate several applications.
MXTran Proprietary & Confidential 5
Categories of Smart Cards (cont.)
• Contact Cards– must be inserted into a card reader or terminal (Card Acceptance Device),
– more commonly used
• Contact-less Cards– Can function when placed close enough to the terminal,
– Ideal for fast transactions,
– not easily worn out,
– can be of different physical sizes,
– transmitted data can be intercepted
• Dual-Interface Cards
MXTran Proprietary & Confidential 6
EEPROM : EEPROM : 100 ~ 4 KB 100 ~ 4 KB BitsBits
Decode
LOGIC
I/O
EEPROM
POWERPOWER((VccVcc ))
CLOCKCLOCK
RESETRESET
GROUNDGROUND((VssVss ))
I/OI/O
Architecture of Memory Card
• Hard Wired Logic
• EEPROM Only
• Synchronous Prot.
• Non Standardized
MXTran Proprietary & Confidential 7
Architecture of CPU Card
• Asynchronous card– (slow data transfer)
• 8 –32 bit µP• 4 – 20 Mhz Clock• High Security• Medium large Size– (10 to 32 mm²)
RAM : Hundreds Bytes(Working Memory)
ROM : 6 ~ 96 KB(Card Operating System)
EEPROM : 1 ~ 64 KB(Application Memory)
µP
LOGIC
RAM
EEPROM
ROM
POWER(Vcc)
CLOCK
RESET
GROUND(Vss)
I/O
RFU (Vpp)
MXTran Proprietary & Confidential 8
CPU ROM EEPROM WDT RNG
串列界面
RF 界面
RSA加密器
DES加密器
安全保護線路
Bus Access Control
RAM
PLL
Hardware Block Diagram
MXTran Proprietary & Confidential 9
Standards and Specifications
• Interface– Contact, ISO 7816
– Contact-Less, ISO 14443
• (U) SIM card-related specifications– ETSI GSM 11 series,
– 3GPP 03 Series
• Payment systems– EMV 2000, etc..
• Card Acceptance Device – PC/SC for interoperability between smart cards and PCs
– OpenCard Framework (OCF) similar to PC/SC, implemented in Java
MXTran Proprietary & Confidential 10
CPU Card Security Mechanism
• Authentication– Passive with verify PIN/Password
– Active with Challenge/Response
– Data security•with secured messaging
• with protecting access channel
• Encipher– Symmetric • DES, TDES, AES
– Asymmetric• RSA,
MXTran Proprietary & Confidential 11
Smart Card Communication Model
• Commands and Response messages are contained in APDU Command, Application Protocol Data Unit (C_APDU and R_APDU).
Command APDU
Response APDU
Processing
MXTran Proprietary & Confidential 12
Classify of APDU Command
• Case 1, no command/no response data
• Case 2, no command data
• Case 3, no response data
• Case 4
Header sw
Header Le Data sw
Header Lc Data sw
Header Lc Data Le Data sw
MXTran Proprietary & Confidential 13
Transmit of OSI-Reference
Physical
Data Link
Transport
Application
Physical
Data Link
Transport
Application
ICC CAD
APDU
ISO 7816, ISO 14443
TPDU
T=0, T=1 and T-CL
Contact Contact-Less
MXTran Proprietary & Confidential 14
TPDU Format
• Data structure exchanged by using TPDU, Transaction Protocol Data Unit
– T=0, byte oriented
– T=1, Block oriented
– T=CL
P3 DataP2P1INSCLA
1 or 20 ~ 254111
EDC/CRCInformation fieldLENPCBNAD
EpilogueInformationPrologue
20 ~ 254111
CRCInformation field[NAD][CID]PCB
EpilogueInformationPrologue
MXTran Proprietary & Confidential 15
T=0 TPDU Command
CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LinLinLinLin
PBPBPBPB
DataDataDataData----InInInIn
sw1sw1sw1sw1 sw2sw2sw2sw2
READER
CARD
CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LinLinLinLin
PBPBPBPB DataDataDataData----OutOutOutOut sw1sw1sw1sw1 sw2sw2sw2sw2
READER
CARD
• ISO-IN
• ISO-OUT
MXTran Proprietary & Confidential 16
T=1 TPDU Command
• Supervisor Block
• Ready Block
• Information Block
– ISO-IN
– ISO-OUT
– ISO-IN&OUT
CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LeLeLeLe sw2sw2sw2sw2DataDataDataData----OutOutOutOut sw1sw1sw1sw1
CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LcLcLcLc DataDataDataData----InInInIn sw2sw2sw2sw2sw1sw1sw1sw1
CLACLACLACLA INSINSINSINS P1P1P1P1 P2P2P2P2 LcLcLcLc DataDataDataData----InInInIn LeLeLeLe sw2sw2sw2sw2sw1sw1sw1sw1DataDataDataData----OutOutOutOut
MXTran Proprietary & Confidential 17
About Smart Card Software
• Smart card systemHost (Terminal )system + Card system
– Smart card operating systems are typically file system-centric (based on ISO 7816-4)
– Most conventional card applications involve just file manipulations (select, deselect, read, write)
– Software development involves (1) operating system providers, (2) card terminal vendors, (3) application developers, and (4) card issuers
MXTran Proprietary & Confidential 18
Chip Card File System
• Most smart card operating systems are typically File System-Centric
– based on ISO 7816-4
MFLevel #0
DFLevel #1
DFLevel #1
DFLevel #2
DFLevel #2
EF
EFEF
EF
EFEF
MXTran Proprietary & Confidential 19
File Structures (1/3)
Header
System Information
Body
Application DataSequence Of Byte
Header
System Information
BodyRecord #1
Record #2
Record #3
Last Record #N
Rest of records
TRANSPARENT FILE LINEAR FIXED FILE
MXTran Proprietary & Confidential 20
File Structures (2/3)
LINEAR VARIABLE FILE
Header
System Information
Record #1 Record #2
Record #P
Record#3
Record
Last#N
Rest of the records
Body
Header
System Information
BodyRecord #1
Record #2
Record #3
Last Record #N
Rest of records
CYCLIC FILE
MXTran Proprietary & Confidential 21
File Structures (3/3)
BER-TLV FILE
Header
System Information
Data #1Data #1Body
Data #2Data #2
Data #3Data #3
Rest of data..Rest of data..
Data #NData #N
TagTag LengthLength ValueValue
MXTran Proprietary & Confidential 22
Card Operating Systems (COS)
• Traditional O.S.
– only one application or special application
• Open system O.S.
– for multi application or non-specificapplication
• Java Card Operating System
•MultiOS Card Operating System
•Smart Card for Windows
•Global Open Platform
MXTran Proprietary & Confidential 23
Multi-Application Cards
• New data and new command can be added!!
• Base on “Open OS”
Microprocessor
Virtual Machine
API
EEPROM
Data Code
Stored value applet
Data Code
loyal applet
MXTran Proprietary & Confidential 24
Source: http://www.smartcard.bull.com/
Realizing the Multiple-Application Vision
MXTran Proprietary & Confidential 25
Benefits of Open OS
• Interoperability
• Secure loading of applets into card, even after issuance
• An existing field application can be ported onto a multi-application card, without changing the terminal software
• Firewalls between applets � confidentiality of data
• Applet develop in high level language (java, C, …) � very quick time to market
MXTran Proprietary & Confidential 26
CPU + crypto
Operating SystemROM Operating System
ApplicationA
ApplicationB
filestructure
EEPROM
EEPROM
Filestructure
Java Interpreter
ROM
ROM
Java Card API
VirtualMachine
EEPROM
EEPROM
Hardwareindependant
Hardwaredependant
Java Card Operate System
MXTran Proprietary & Confidential 27
MULTOS Card Operate System
MXTran Proprietary & Confidential 28
UICC Card Application Platform
SIM
SIM Application Toolkit (SAT)
Banking Location BrowserSIM-WIM
• The UICC -the multi-application platform
– separation of layers and applications
– logical channels to run applications in parallel
• The SIM -a "mono-application" card
– SIM according to GSM 11.11
– applications based on SIM Application Toolkit
– WIM as exception(own command set and triggered by WAP browser)
UICC
Others
EMV
USIM SIM
ElectronicPurse
Phonebook
(U)SAT
GSM Purse
eHealth
MXTran Proprietary & Confidential 29
Global Open Platform Card Architecture
Java CardWfSC
VM & API
Proprietary Card VendorOS
WfSCO.S.
Open PlatformAPI
Open platformCard Manager
VisaCash
VisaSmartCredit
VisaSmartDebit
E-Comm Loyalty Loyalty
OR
Issuer Choice of Applications
MXTran Proprietary & Confidential 30
Definition of Card’s Life Cycle
• Blank Cards
• Pre-Personalized Cards
• Personalized Cards
• Dead Cards
Card
O.S.
FILE STRUCTURE
USER DATA
MXTran Proprietary & Confidential 31
IC卡之產業分工
系統發展
打線封裝
圖稿設計
版面印刷
壓合沖卡
挖孔植晶
電氣入碼
圖像顯示
防護處理
成卡運送
晶片設計
晶片生產
•系統發展技術•密碼軟體能力•硬體平台整合•量產製程能量•設備操作經驗
•品質保證機制•安全控管機制•發卡金鑰系統•資料庫管理系統•全壽期管理系統
•資料蒐整經驗•發卡運送機制•合約管理經驗•系統整合能力•系統加值服務
前端加值服務公司
IC卡生產工廠
•系統維護能量•客服中心維運•衍生應用發展•潛在商機發掘•全壽期管理營運
主要商機領域�身份識別應用�無線通訊商機�金融付費機制�消費娛樂市場�大眾運輸系統�軍事安全用途
多功能智慧卡應用衍生商機