smart card 李開振, 許家碩 department of computer science national chiao tung university

Smart Card

李開振 , 許家碩Department of Computer Science

National Chiao Tung University

Outline 1/2 Introductions

History, Application area, Standardization Types of Cards

Embossed cards, magnetic-stripe cards, Smart Card, Optical Memory Card

Physical and Electrical properties Smart Card Operation System

Design, files management, sequential control, Open platform

Smart Card Data Transmission Data transmission Protocols, message structure (APDU)

Smart Card Commands

Outline 2/2 Security Techniques Smart Card Terminals The Smart Card Life Cycle

The five phases of the Smart Card life Cycle Smart Card in Payment Systems

Payment transactions, Prepaid Memory Card, Electronic Purses

Smart Card in Telecommunications GSM, UMTS, Wireless Identification Module, Public

Card Phones Application Design

Introductions

Introductions - History 1950s - The proliferation of plastic cards st

arted in the USA 1970s - It possible to integrate data storag

e and processing logic on a single silicon chip

1974 - Roland Moreno registered his smart card patents in France

1984 - The French PTT (postal and telecommunications services agency) successfully carried out a field trial with telephone cards

Application area

Memory Card

Application area

Microprocessor cards

Application area

Contactless cards

Standardization

ISO TC68/SC6 ISO/IEC JTC1/SC17 ISO/IEC 7816 GSM 11.11

European Telecommunications Standards Institute (ETSI)

Types of Cards

Types of Cards

Embossed Card Magnetic-stripe cards Smart Card

Types of Cards - Embossed Card

Type of Cards - Magnetic-stripe

cards

Type of Cards - Smart Card

Smart Card Microcontrollers processor address and data buses three types of memory

(RAM, ROM and EEPROM) Input/Output

Smart Card - Memory

Smart Card - Microprocessor

Smart Card - Contactless smart card

Types of card - Optical Memory

Card

ISO/IEC 11 693 and 11 694

Physical and Electrical properties

Physical properties Physical properties - ID1:

external rectangle: width: 85.72 mm, height: 54.03 mm

internal rectangle: width: 85.46 mm, height: 53.92 mm

Physical properties

ID000: external rectangle: width: 25.10 mm,

height: 15.10 mm internal rectangle: width: 24.90 mm,

height: 14.90 mm

Physical properties ID00:

external rectangle: width: 66.10 mm, height: 33.10 mm

internal rectangle: width: 65.90 mm, height: 32.90 mm

Smart Card Operation System

Smart Card Operation System The primary tasks of a smart card

operating system Transferring data to and from the smart

card Controlling the execution of commands Managing files Managing and executing cryptographic

algorithms Managing and executing program code.

Smart Card OS - I/O

I/O manager

Protocol state machine

Send block

Send byte

Send bit Receive bit

Receive byte

Receive block

HardwareData flow

Smart Card OS – Commands processing

Smart Card OS - Filesystem Master File (MF)

The root directory of the filesystem Dedicated File (DF)

directory files Elementary File (EF)

hold the actual user data

Smart Card OS - FilesystemMF

EF

EF

DF

DF

DF

EF

EF

．．．

．．．

．．．．．．

Filesystem - EF file structure Transparent file structure

Transparent file structure is often referred to as a binary structure.

Byte number0 1 2 3 4 5 …………………………. n

OffsetData

Filesystem - EF file structure

Linear Fixed file structure data structure is based on chaining fixed-length

records Byte number0 1 2 3 4 5 n

RecordNumber

1234

m

Filesystem - EF file structure

Linear variable file structure each record can have an individually defined

lengthByte number0 1 2 3 4 5 n

RecordNumber

1234

m

Smart Card Data Transmission

Smart Card Data Transmission

Answer to Reset (ATR)

Data transmission Structure of a character for data transmissi

on

31 2 4 5 6 7 8

Start bit Parity bit

high

lowt

Data transmission conventions

31 2 4 5 6 7 8

Logic 1

Logic 1

31 2 4 5 6 7 8

Logic 0

Logic 1

high

high

low

low

(a)

(b)

t

t

(a) direct convention, (b) inverse convention

Data transmission Protocols

Protocol Meaning

T=0 Asynchronous, half-duplex, byte oriented [ISO-7816-3]

T=1 Asynchronous, half-duplex, block oriented [ISO-7816-3]

T=2 Asynchronous, full-duplex, block oriented [ISO-10536]

T=3 Full duplex; not yet specified

T=4 Asynchronous, half-duplex, byte oriented, extension of T=0, not yet specified

T=5…T=13

Reserved for future use, not yet specified

T=14 For national use, not standardized by ISO

T=15 Reserved for future use, not yet specified

Message structure (APDU)

Structure of the command APDU

Message structure (APDU)

Structure of the response APDU

Class Application

0X Standard commands compliant with ISO/IEC 7816-4/7/8

80 Electronic purses compliant with EN 1546-3

8X Application-specific and company-specific commands (private use)

8X Credit cards with chips, compliant with EMV

A0 GSM mobile telecommunication system compliant with GSM 11.11

Smart Card Commands

Smart Card Commands

Case Command data Expected response data

1 No data No data

2 No data Data

3 Data No data

4 Data Data

Smart Card Commands File selection Command Read and Write Command Search Command File Manipulation Commands Identification Commands Authentication Commands File management Commands

Security Techniques

Security Techniques User Identification

Symmetric unilateral Authentication Asymmetric unilateral Authentication Symmetric mutual Authentication

Smart Security Attacks at the social level Attacks at the physical level Attacks at the logical level

User Identification 1/3

User Identification 2/3

User Identification 3/3

Attack on smart cards 1/2 Attacks at the social level

attacks that are primarily directed against people that work with smart cards

can only partially be countered by technical measures

Attacks at the physical level it is necessary to obtain physical access to

the smart card microcontroller hardware can be static or dynamic

Attack on smart cards 2/2 Attacks at the logical level

most known successful attacks on smart cards

arise from pure mental reflection or computation

classical cryptanalysis , known faults in smart card operating systems and Trojan horses in the smart card application.

The Smart Card Life Cycle

The Smart Card Life Cycle 1/3 Phase 1: Production of the chip and th

e smart card Designing the chip Generating the smart card operating syst

em Fabricating the chips and modules Producing the card body Embedding the module in the card body

The Smart Card Life Cycle 2/3 Phase 2: Card preparation

Completing the smart operating system Phase 3: Application preparation

Initializing the applications(s) Personalizing the applications(s), both vi

sually and electrically

The Smart Card Life Cycle 3/3 Phase 4: Card usage

Activating the applications Deactivating the applications

Phase 5: Termination of card usage Deactivating the applications Deactivating the card

Smart Card in Telecommunications

The GSM System

The subscriber identity module (SIM) Security

Subscriber identification SIM authentication Data encryption

The GSM System Data storage

Dialing numbers Short messages Mobile telephone settings Subscriber information SIM characterization

Managing services and supplementary applications

Subscriber administration

SIM in the GSM System

File system in SIM 1/2

File system in SIM 2/2