Tài liệu Sách hay về thẻ smartcards docx

The second section gets into some of the technical aspects of smart card internals, and offers suggestions on smart card development procedures as well as general ideas in programming sm

Contents Preface 3

1 Introduction 4

2 Smart Card Basic 8

2.1 What is smart card 8

2.2 History of smart card development 9

2.3 Different types of smart cards 9

2.3.1 Memory Cards 9

2.3.2 Contact CPU Cards 10

2.3.3 Contactless Cards 10

2.3.4 Combi-Card 11

2.4 Different standards of smart cards 12

3 Current Smart Card Applications 14

3.1 Electronic payment Applications 14

3.1.1 Electronic Purse 14

3.1.2 Stored Value Cards 15

3.2 Security and Authentication Applications 15

3.2.1 Cryptographic uses 15

3.2.2 Identity card 16

3.2.3 Access control card 16

3.2.4 Digital certificate 17

3.2.5 Computer login 17

3.3 Transportation uses 18

3.4 Telecommunication Applications 18

3.5 HealthCare Applications 19

3.6 Loyalty Applications 19

4 Technology Aspects of Smart Card 21

4.1 Overview of ISO 7816 Standards .21

4.2 Communication Protocol between Terminal and Smart Cards 22

4.3 Overview of File Systems 26

4.4 Overview of Naming Scheme 26

4.5 Overview of the Security Architecture 27

4.6 An Example of Smart Card Application : SmartFlow Internet Payment System 28

5 Java Card Programming 32

6 Building your own smart card application 36

6.1 Plan the smart card solution 36

6.2 Understand the need of smart card 38

6.3 Managing data storage on the card 39

6.4 Determine the required back end support 43

6.5 Choosing card-side and host-side environment 45

6.6 Miscellaneous Tools 46

7 Future trend of smart card 50

7.1 Unification of smart card host-side standards on PC 50

7.1.1 Personal Computer/Smart Card standard (PC/SC) 51

7.1.2 Alternative standard of smart card in PC and Mini-computer (OpenCard Framework) 55

7.2 Trends in smart card card-side standards 58

7.2.1 Java inside 58

7.2.2 Mondex MULTOS OS 61

7.2.3 Microsoft Windows in Smart card 62

7.2.4 Card OS future 64

7.3 Smart card in electronic commerce 64

7.3.1 Smart Card Payment Protocol 65

7.3.2 Smart card as prepaid and loyalty card 66

7.3.3 Smart card as electronic wallet 67

7.3.4 Electronic Payment over Mobile Telecommunications 67

7.4 Smart card in Internet security 68

7.4.1 Smart card as Digital ID 68

7.4.2 Smart card as Computer access logon key 74

7.4.3 Smart card in Intrusion detection System as user-profile holder 75

7.4.4 Biometric authentication 77

8 Summaries and Conclusions 78

Glossary 82

References 91

Appendix 97

A Price Comparison of different cards and readers 97

B Resources 101

Collections of Smart Card Books 101

Collections of General Smart Card Internet Resources 101

Collections of Java Card Technology on Internet 102

Collections of Smart Card Security Technology on Internet 102

Collections of Smart Card Payment Technology on Internet 103

Collections of Smart Card Vendors 103

This handbook aims to provide a comprehensive overview of the current state of the art in smart card software technology development, applications, and future trends The information would be useful to IT managers and executives wishing to explore the possibility of developing smart card applications

The handbook consists of three sections The basic concepts of smart cards and current applications are presented in the first section in layman's language The second section gets into some of the technical aspects of smart card internals, and offers suggestions on smart card development procedures as well as general ideas in programming smart cards, including the new Java Card This section is for programmers and IT managers who would like to go beyond the basic concepts and get an idea on what it takes to develop smart card applications Finally, the third section presents our views on future trends in smart card development framework, standards and possible applications A list of useful reference materials is also included

The growth of smart card adoption in Asia is increasing rapidly and we believe this technology will be an important one in the near future The Cyberspace Center is working to develop the security, biometric identification, micropayment and other aspects of smart card technology for use over the Internet The handbook summarizes some of our experience in this work

Many people have contributed to the handbook, especially Ricci Ieong, Andy Fung, Ivan Leung, Patrick Hung, James Pang and Ronald Chan Ricci, Ivan, Andy and Patrick in particular, wrote parts of the handbook

This document can be accessed online from the Cyberspace Center's home page

http://www.cyber.ust.hk Some chapters are actually better viewed on-line since they provide URLs directly to sources of additional information

Finally, I would like to acknowledge the Industry Department of the Hong Kong SAR for funding the Cyberspace Center Our objective is to help Hong Kong industries make more effective use of the Internet to enhance their competitiveness in the world markets This and our other handbooks are part of the effort in attaining this goal Please visit our web site to learn about some of our other activities

Samuel Chanson

Director

Cyberspace Center

1 INTRODUCTION

Smart card technology has been around for more than 20 years Since its first introduction into the market, its main application is for the payphone system As card manufacturing cost decreases, smart card usage has expanded Its use in Asia is expected to be growing at a much faster pace than in Europe According to a survey performed by Ovum Ltd [Microsoft1998a], the number of smart card units will reach 2.7 billion by 2003 The largest markets will be in prepayment applications, followed

by access control, and electronic cash applications According to a recent study by Dataquest [Microsoft1998c], the overall market for memory and microprocessor-based cards will grow from 544 million units in 1995 to 3.4 billion units by 2001 Of that figure, microprocessor-based smart cards, which accounted for only 84 million units in 1995 will grow to 1.2 billion units in 2001

Based on the report from Hong Kong SAR Government Industry Department on the Development and Manufacturing Technology of Smart Card [HKSAR1997], Hong Kong industries have the capability and should participate in development and manufacturing of smart card IC chips, readers and card operating systems To promote this, Hong Kong SAR government has decided to form a Hong Kong Smart Card Forum Under this active participation and encouragement from the Hong Kong SAR Government, smart card development and support will expand in Hong Kong.Although the Octopus card is relatively new to Hong Kong, smart cards have already been introduced in Hong Kong for at least two years These include Mondex

by Hong Kong bank and GSM cards in the mobile phone market However, using this powerful and highly secure card on Personal computer (PC) as well as the Internet is still not common Many international companies have identified the smart card as one

of the new directions in electronic money and personal identification and authentication tools

In May 1996, several companies including Microsoft, Hewlett-Packet and Schlumberger formed a PC/SC workgroup which aimed at integrating the smart card with personal computer (PC) This workgroup mainly concentrates on producing a common smart card and PC interface standards for the smart card and PC software producers Many of the interface standards and hierarchy have already been established Some of these prototype products are now available on the market.Moreover, Netscape and Microsoft have also announced that the smart card will

be their new direction in computer security and electronic commerce area Microsoft has even published some documents on its role in the smart card market Although it will not be a smart card manufacturing company, it has indicated that the smart card will be a key component in Microsoft Windows 98 and Windows NT 5.0 Together with

the latest smart card operating system announcement [Microsoft1998a], Microsoft will

be actively involved in the smart card market Furthermore, programming modules for smart cards using Visual C++, Visual J++ and Visual Basic have also been developed

The Cyberspace Center believes smart card technology will play a major role in Internet applications in the future Therefore, we decided to start evaluating the available Smart card development tools and study the use of Smart card in Internet security and electronic commerce With first-hand information and experience, we will

be able to provide advice and assistance to the Hong Kong Industry

The smart card is expected to be used in many applications and especially in personal security related applications such as access control, computer logon, secure email sending and retrieving services

The reason for this growth lies in the smart card’s portability and security characteristics In addition, as the recent growth of palmtop computers shows, people are looking for smaller and smaller devices for carrying their data with them Smart card provides a good solution for many applications

Applications are the driving force behind the new smart card market Many of these applications have already been implemented, such as prepayment for services, credit and debit card, loyalty card, and access control card The most commonly known example is the prepayment services cards, namely, prepaid phone cards, transportation cards and parking cards Based on the e-purse card, people could perform bank transaction from ATM machines at home or in the bank With the use of loyalty cards, companies could store discount information and shopping preferences

of their customers Using these shopping preferences, companies could design new strategies for the users Access control systems to buildings, computers or other secure areas will soon be handled by a single smart card

In this handbook, we shall briefly describe what smart card is and how it can be used in different applications The aim of this handbook is to provide a business and executive overview to companies that wish to join the smart card era This handbook

is divided into 8 chapters classified into 3 sections – Smart card Overview, Smart card in Details, and Smart card in the Future

In the first section, basic concepts of smart cards will be described In chapter 2,

we review the history of smart cards Then we outline the different types of smart cards and their standards Current applications and uses of smart cards are mentioned in chapter 3

In the second section, technical aspects of smart card internals as well as programming tips are briefly described in chapter 4 Because programming and design methodology for the Java card is different from traditional card programming,

in chapter 5, we describe the basics in Java Card programming In chapter 6, procedures of smart card development are given

In the last section of this handbook, the future of smart card development is presented Different ideas on future smart card applications are used in formulating a forecast in chapter 7.

Lastly, we conclude the handbook with a summary of different research, survey and reports on smart cards References and glossaries are provided at the end of this handbook

We hope that based on our handbook, company executives, technical managers and software developers would gain knowledge and insight into the emerging smart card technology and applications

Part I Smart card

Overview

2 SMART CARD BASIC

A smart card is a plastic card with a microprocessor chip embedded in it The card looks like a normal credit card except for its metal contact (in contact card only), but applications performed could be totally different Other than normal credit card and bankcard functions, a smart card could act as an electronic wallet where electronic cash is kept With the appropriate software, it could also be used as a secure access control token ranging from door access control to computer authentication

The term “smart card” has different meanings in different books [Guthery1998, Rankl1997] because smart cards have been used in different applications In this chapter, we provide our definition of “smart card” to put the subsequent chapters in context We also describe the development history of smart cards and depict the types of card available on market Finally, descriptions on different smart card standards, such as ISO and EMV are given at the end of this chapter

2.1 What is smart card

In the article “Smart cards: A primer” [DiGiorgio1997a], the smart card is defined

as a “credit card” with a “brain” on it, the brain being a small embedded computer

chip Because of this “embedded brain”, smart card is also known as chip or

integrated circuit (IC) card Some types of smart card may have a microprocessor

embedded, while others may only have a non-volatile memory content included In general, a plastic card with a chip embedded inside can be considered as a smart card

In either type of smart card, the storage capacity of its memory content is much larger than that in magnetic stripe cards The total storage capacity of a magnetic stripe card is 125 bytes while the typical storage capacity of a smart card ranges from 1K bytes to 64K bytes In other words, the memory content of a large capacity smart card can hold the data content of more than 500 magnetic stripe cards

Obviously, large storage capacity is one of the advantages in using smart card, but the single-most important feature of smart card consists of the fact that their stored data can be protected against unauthorized access and tampering Inside a smart card, access to the memory content is controlled by a secure logic circuit within the chip As access to data can only be performed via a serial interface supervised by the operating system and the secure logic system, confidential data written onto the card is prevented from unauthorized external access This secret data can only be processed internally by the microprocessor

Due to the high security level of smart cards and its off-line nature, it is extremely difficult to "hack" the value off a card, or otherwise put unauthorized information on

the card Because it is hard to get the data without authorization, and because it fits in one’s pocket, a smart card is uniquely appropriate for secure and convenient data storage Without permission of the card holder, data could not be captured or modified Therefore, smart card could further enhance the data privacy of user.

Therefore, smart card is not only a data store, but also a programmable, portable, tamper-resistant memory storage Microsoft considers smart card as an extension of

a personal computer and the key component of the public-key infrastructure in Microsoft Windows 98 and 2000 (previous known as Windows NT 5.0) [Microsoft1997a]

2.2 History of smart card

development

A card embedded with a microprocessor was first invented by 2 German engineers in 1967 It was not publicized until Roland Moreno, a French journalist, announced the Smart Card patent in France in 1974 [Rankl1997] With the advances

in microprocessor manufacturing technology, the development cost of the smart card has been greatly reduced In 1984, a breakthrough was achieved when French Postal and Telecommunications services (PTT) successfully carried out a field trial with telephone cards Since then, smart cards are no longer tied to the traditional bankcard market even though the phone card market is still the largest market of smart cards in 1997

Due to the establishment of the ISO-7816 specification in 1987 (a worldwide smart card interface standard), the smart card format is now standardized Nowadays, smart cards from different vendors could communicate with the host machine using a common set of language

2.3 Different types of smart cards

According to the definitions of “smart card” in the Smart card technology frequently asked questions list [Priisalu1995], the word smart card has three different meanings:

• IC card with ISO 7816 interface

• Processor IC card

• Personal identity token containing ICs

Basically, based on their physical characteristics, IC cards can be categorized into

4 main types, memory card, contact CPU card, contactless card and combi card.

2.3.1 Memory Cards

A memory card is a card with only memory and access logic onboard Similar to the magnetic stripe card, a memory card can only be used for data storage No data

processing capability should be expected Without the on-board CPU, memory cards use a synchronous communication mechanism between the reader and the card where the communication channel is always under the direct control of the card reader Data stored on the card can be retrieved with an appropriate command to the card

In traditional memory cards, no security control logic is included Therefore, unauthorized access to the memory content on the card could not be prevented While in current memory cards, with the security control logic programmed on the card, access to the protection zone is restricted to users with the proper password only

2.3.2 Contact CPU Cards

A more sophisticated version of smart card is the contact CPU card A microprocessor is embedded in the card With this real “brain”, program stored inside the chip can be executed Inside the same chip, there are four other functional blocks: the mask-ROM, Non-volatile memory, RAM and I/O port [HKSAR1997, Rankl1997] Except for the microprocessor unit, a memory card contains almost all components that are included in a contact CPU card Both of them consist of Non-volatile memory, RAM, ROM and I/O unit Based on ISO 7816 specifications, the external appearance of these contact smart cards is exactly the same The only difference is the existence of the CPU and the use of ROM In the CPU card, ROM is masked with the chip’s operating system which executes the commands issued by the terminal, and returns the corresponding results Data and application program codes are stored in the non-volatile memory, usually EEPROM, which could be modified after the card manufacturing stage

One of the main features of a CPU card is security In fact, contact CPU card has been mainly adopted for secure data transaction If a user could not successfully authenticate him/herself to the CPU, data kept on the card could not be retrieved Therefore, even when a smart card is lost, the data stored inside the card will not be exposed if the data is properly stored [Rankl1997] Also, as a secure portable computer, a CPU card can process any internal data securely and outputs the calculated result to the terminal

2.3.3 Contactless Cards

Even though contact CPU smart card is more secure than memory card, it may not be suitable for all kinds of applications, especially where massive transactions are involved, such as transportation uses Because in public transport uses, personal data must be captured by the reader within a short period of time, contact smart card which requires the user to insert the card to the reader before the data can be captured from the card would not be a suitable choice With the use of radio frequency, the contactless smart card can transmit user data from a fairly long

distance within a short activation period The card holder would not have to insert the card into the reader The whole transaction process could be performed without removing the card from the user’s wallet.

Contactless smart cards use a technology that enables card readers to provide power for transactions and communications without making physical contact with the cards Usually electromagnetic signal is used for communication between the card and the reader The power necessary to run the chip on the card could either be supplied by the battery embedded in the card or transmitted at microwave frequencies from the reader onto the card

Contactless card is highly suitable for large quantity of card access and data transaction However, contactless smart card has not been standardized There are about 16 different contactless card technologies and card types in the market [ADE] Each of these cards has its specific advantages, but they may not be compatible with each other Nevertheless, because of its high production cost and the technology is relatively new, this type of cards has not been widely adopted

2.3.4 Combi-Card

At the current stage, contact and contactless smart cards are using two different communication protocols and development processes Both cards have their advantages and disadvantages Contact smart cards have higher level of security and readily-available infrastructure, while contactless smart cards provide a more efficient and convenient transaction environment In order to provide customers with the advantages of these two cards, two methods could be employed The first method is

to build a hybrid card reader, which could understand the protocols of both types of cards The second method is to create a card that combines the contact functions with the contactless functions Because the manufacturing cost of the hybrid reader is very expensive, the later solution is usually chosen

Sometimes, the term “combi card” is being misused by manufacturers In general,

there are two types of combine contact-contactless smart cards, namely the hybrid

card and the combi card Both cards have contact and contactless parts embedded

together in the plastic card However, in the hybrid card, the contact IC chip and contactless chip are separate modules No electrical connections have been included for communications between the two chips These two modules can be considered as separate but co-existing chips on the same card While in the combi card, the contact and contactless chips could communicate between themselves, thus giving the combi card the capability to talk with external environment via either the contact or contactless method

As the combi card possess the advantages of both contact and contactless cards, the only reason that is hindering its acceptance is cost When the cost and technical obstacles are overcome, combi cards will become a popular smart card solution

2.4 Different standards of smart

Two other important standards in this area are EMV (Europay, Mastercard and Visa) and GSM (Global Standard for Mobile Communications) EMV standard is for

debit/credit cards where major international financial institutions Visa, Mastercard and Europay are involved It started in 1993 and was finalized in 1996 [HKSAR1997] This standard covers the electromechanical, protocol, data elements and instruction parts together with the transactions involving bank microprocessor smart cards The goal of the EMV specification is for payment systems to share a common Point of Sales (POS) Terminal, as they do for magnetic stripe applications Because the magnetic stripe-based banking card would soon be replaced by the smart card, this standard has to be established to ensure that the new smart card based banking card would be compatible with the bank transaction system Based on this specification, all bank-related smart card solutions would be compatible with one another as well as the previous magnetic stripe card solution Terminal manufacturers could develop and modify their own sets of API in EMV standard for their terminals, so these terminals could be used in different payment systems Credit, debit, electronic purse and loyalty functions could be processed on these EMV-compliant terminals With the flexibility provided by the EMV standard, banks are allowed to add their own options and special requirements in the smart card payment system

The GSM standard is one of the most important smart card and digital mobile telecommunication standards GSM specification started in 1982 under CEPT (Conference Europeenne des Postes et Telecommunications) and was later continued by ETSI (European Telecommunications Standards Institute) Originally, this specification is designated for the mobile phone network However, when the smart card is used in the mobile phone system as the Subscriber Identification Module (SIM), parts of the GSM specification becomes a smart card standard This part of the GSM specification started in January 1988 by the Subscriber Identification Module Expert Group (SIMEG)

Within a GSM network, all GSM subscribers would be issued a SIM card which can be viewed as the subscriber’s key into the network The size of a SIM card is fixed to be either the normal credit card or mini card size Because this card is used for handling the GSM network functions, a rather high performance microcontroller (a 16-bit microprocessor) is used and the EEPROM memory is dedicated for storing the application data, including the network parameters and subscriber data

The GSM specification is divided into two sections The first section describes the general functional characteristics, while the second section deals with the interface description and logical structures of a SIM card Details of this specification are given

in [Scourias]

Before the smart card could be widely adopted by the market, one or more standardized card development environment is needed Currently, four significant smart card standards have been recently established in the smart card industry, they are PC/SC, OpenCard Framework, JavaCard and MULTOS and all of them are compatible to the ISO smart card standard Details of these specifications are briefly mentioned in chapters 5 and 7 of this handbook while other specifications could be found in [CityU1997]

3 CURRENT SMART CARD

APPLICATIONS

With the rapid expansion of Internet technology and electronic commerce, smart cards are now more widely accepted in the commercial market as stored-value and secure storage cards Moreover, it has also been widely used as an identity card For instance, in City University of Hong Kong, the old student/staff cards have been replaced by the hybrid-card based identity cards This identity card can be used for normal access control as well as electronic payment

The smart card has also been used in transportation such as the Octopus card which has been adopted by the MTRC and KCRC to replace of the old Magnetic stripe card Medical record can also be stored in the smart card This enables critical information of the patient to be retrieved whenever it is required With the help of smart card technology, many secure data such as the computer login name and password can also be kept, so user need not remember a large number of passwords

In this chapter, we shall briefly describe some current applications of smart cards These applications can be classified into 6 main categories: Electronic Payment, Security and Authentication, Transportation, Telecommunications, Loyalty Program and Health Care Applications

3.1 Electronic payment Applications

3.1.1 Electronic Purse

The Electronic Purse is also known as electronic cash Funds can be loaded onto

a card for use as cash The electronic cash can be used for small purchases without necessarily requiring the authorization of a PIN The card is credited from the cardholder’s bank account or some other ways When it is used to purchase goods or services, electronic value is deducted from the card and transferred to the retailer’s account Similar to a real wallet, the cardholder could credit his/her card at the bank any time when required

Electronic cash transactions do not usually require the use of a PIN This speeds

up the transactions but the electronic cash on the card is then vulnerable like conventional cash The amounts involved, fortunately, are usually small, so loses will not be significant Widespread adoption of electronic cash will reduce the costs to banks and retailers in handling large quantities of cash

Since 1994, there has been significant development of Intersector electronic purse applications in Europe which has been extended to outside of Europe Several global card projects have been developed for this purpose, such as Proton card by Banksys, VisaCash by Visa International and Mondex card by Mastercard [Bull1998] These have all been adopted by shops from all over the world.

3.1.2 Stored Value Cards

Another use of smart cards in electronic commerce is Electronic token It is an

example of the stored-value card The principle is that some memory in the smart card is set aside to store electronic tokens or electronic tickets A smart card can store tokens for different services and each of the tokens can be refilled, depending

on the types of the memory card This allows the cost to be distributed over a number

of services and over a much longer life span

For example, the card could be used to pay for gas and instead of putting coins in

a parking meter Consumers load up the card from a vending machine The card can then be used to operate the meters One advantage of this system is that collections

of coins would no longer be necessary This would reduce the operation overhead and eliminate theft This would also benefit the consumer as tokens could be bought and stored in the card in advance so it is not necessary to carry many heavy coins around It is also possible that the card could monitor patterns of use and return the information to the merchant as well as the consumer, so better shopping model could

be derived [McCrindle1990]

3.2 Security and Authentication

Applications

3.2.1 Cryptographic uses

From the point-of-view of the supplier and system operator, the main requirement

of almost all machine-readable card systems is to ensure that the card presented is valid and the cardholder is indeed the person entitled to use that particular card To verify the cardholder’s identity, users are required to enter their PIN code (personal identification number) This PIN code is kept in the card rather than on the terminals

or host machines

Identification and authentication procedures take place at the card terminal One

of the problems is to ensure that the card furnishes some sort of machine-readable authenticity criterion This can be solved by the use of encrypted communications between the card and terminal It is well known that encryption can be used to ensure secrecy of messages sent and also to authenticate messages

In order to perform the encryption procedure, the cryptographic smart cards must have the following properties:

• The cards must have sufficient computational power to run the cryptographic algorithms.

• The cryptographic algorithms must be theoretically secure This means that it

is not possible to derive the secret key from the corresponding texts

• The smart cards must be physically secure It should not be possible to extract the secret key from the card’s memory

Provided these conditions are met, and with advances in card microcontroller technology, the microprocessor-based smart card can be made to meet the required security level [Chaum1989]

For instance, Verisign and Schlumberger have developed the use of Cryptoflex smart card for carrying a Verisign Class 1 Digital ID [Verisign9701] Cryptoflex card is the first cryptographic smart card in the industry, which is designed based on the PC/SC specifications This enables the use of smart card for portable Internet access with Microsoft Internet Explorer 3.0 at all sites accepting Verisign Digital IDs

In Michigan University, the Cyberflex card has been used for storing Kerberos keys in a secure login project [Michgan9701]

3.2.2 Identity card

The identification of an individual is one of the most complex processes in the field

of Information Technology It requires both the individual to identify himself and for the system to recognize the incoming connection is generated by a legal user The system then accepts responsibility for allowing all subsequent actions, sage in the knowledge that the user has authorization to do whatever he is asking of the system

If a smart card is used, the information stored on the card can be verified locally against a ‘password’ or PIN before connection is made to the host This prevents the password from being eavesdropped by perpetrators on the Internet

Some of the smart cards will have personal data stored on the card For example, the cardholder’s name, ID number, and date of birth [Devargas1992]

3.2.3 Access control card

The most common devices used to control access to private areas where sensitive work is being carried out or where data is held, are keys, badges and magnetic cards These all have the same basic disadvantages: they can easily be duplicated and when stolen or passed on, they can allow entry by an unauthorized person The smart card overcomes these weaknesses by being very difficult to be reproduced and capable of storing digitized personal characteristics With suitable verification equipment, this data can be used at the point of entry to identify whether the user is the authorized cardholder The card can also be individually personalized

to allow access to limited facilities, depending on the holder’s security clearance A log of the holder’s movements, through a security system, can be stored on the card

as a security audit trail [McCrindle1990]

The card could contain information on the user’s privileges (i.e access to secure areas of the building, automatic vehicle identification at entrances to company car parks, etc.) and time restrictions All information are checked on the card itself Access to different areas of the building can be distinguished by different PINs Furthermore it can also track the user’s movement around the building [Devargas1992].

3.2.4 Digital certificate

The most important security measures we encounter in our daily business have nothing to do with locks and guards A combination of a signed message and the use

of public key cryptosystem, so called digital signature, are typically used

A digitally signed message containing a public key is called a certificate In addition to a public key, a certificate typically contains a name, address, and other information describing the holder of the corresponding secret key All of these carry the digital signature of a registry service that records public keys for all members of the community To become a member of this community, a subscriber must do two things:

• Provide the directory service with a public key and the associated identification information so that other people will be able to verify his/her signature

• Obtain the public key of the directory service so that he/she can verify other people’s signatures

Because certificates are extremely tamper resistant, the authenticity of a certificate is

a property of the certificate itself, rather than of the authenticity of the channel over which it was received This important property allows certificates to be employed in very much the same way as a passport The border police expect to see your passport and in most cases count on the passport’s tamper resistance to guarantee its authenticity Because of the fragility of paper credentials, however, there are circumstances in which this is not considered adequate In making a classified visit to

a military installation, for example, no badge or letter of introduction by itself is sufficient Prior arrangements must have been made using channels maintained for the purpose Because public key certificates are more secure than any paper document, they can be safely authenticated by direct signature checking and no trusted directory is needed

3.2.5 Computer login

Access to the Computer room and its services can be controlled by the smart card In terms of network access, smart card can authenticate the user to the host.Furthermore, depending on the environment being protected the network access card can also perform the following functions:

• Use of biometric techniques as an added security measure.

• Maintaining an audit trail of failures and attempted violations

Meanwhile, in terms of access to the computer room itself, PIN checking can be done on the card without the need for hard wiring the access points to a central computer

The identification of a user is usually done by means of a (Personal Identification Number) PIN The PIN is verified by the microcomputer of the card with the PIN stored in its RAM If the comparison is negative, the CPU will refuse to work The chip also keeps tack of the number of consecutive wrong PIN entries If this number reaches a pre-set threshold, the card blocks itself against any further use

3.3 Transportation uses

The smart card can act as electronic money for car drivers who would need to pay a fee before being able to use a road or tunnel It would then contain a balance that can be increased at payment stations or in the pre-paid process, and is decreased for each use

If privacy is not an issue (i.e the driver does not care if he is identified as using a particular stretch of motorway at a particular point in time), then the card could be linked to a bank debiting system as a debit card Besides, the card could also act as a credit card

Another example is the Octopus card This service aims at reducing the amount of cash handled by the service provider and also increasing management information This information would be invaluable in giving the customer the right service at the right time

Each individual would possess a reloadable card that could either be paid directly (immediately) or as a credit payment based system where monthly settlement would

be required If the card has a positive balance, the card holder could use the card in any of the transport services by simply inserting the card into the card-reader which would be either on the bus or at the entrance to the MTR station

If the travel charge is different for different zones, then the card would need to be used at the entrance of the bus or station and also at the exit This process would then calculate the amount owed for a certain journey [Devargas1992]

3.4 Telecommunication Applications

Telecommunication is one of the largest markets for smart card applications In

1997, payphone cards occupy the largest share of the smart card market Over 70%

of the smart cards are issued as payphone cards [CardTech1997] and this will continue be the largest market in at least the next 3 years

Since 1988, smart card has become an essential component in cellular phone systems Network data, subscriber’s information and all mobile network critical data are kept inside the card With this card, subscribers could make calls from any portable telephone Moreover, through the IC card, any calls through the mobile phone could be encrypted, and thus ensure privacy In the future, more and more value-added services, such as electronic banking, could be supported by using this microprocessor card Examples can be found in chapter 7.

3.5 HealthCare Applications

Due to the level of security provided for data storage, IC cards offer a new perspective for healthcare applications Medical applications of smart cards can be used for storing information including personal data, insurance policy, emergency medical information, hospital admission data and recent medical records Numerous national hospitals in France, Germany and even Hong Kong have already started to implement this kind of healthcare card

With the microcontroller on-board, smart cards could be used for managing the levels of information authorized for different users similar to a workflow control system Doctors would be able to access the medical record from the patient’s card, while chemists could make use of the prescription information stored on the card for preparing the medical treatment Emergency data kept on the patient’s card, which includes the cardholder’s identity, persons to contact in case of accident and special illness details, can be used for saving the patient’s life In some countries, medical insurance is required for hospital payment With the insurance records stored in the patient’s card, the administrative procedures are simplified

3.6 Loyalty Applications

Loyalty program is another important application of smart cards in the shopping model The preferred customer status together with detailed information on shopping habits is stored and processed on the smart card With this information, merchants could derive better shopping model or tailor-make personalized customer shopping profiles In addition, this shopping habit profile is kept in the customer’s card; therefore, his/her shopping record could be kept confidential from unauthorized access

As an extension to the loyalty application, stored value functions could be added

In current pay television systems, users’ preferences are kept together with the electronic payment scheme Users would not have to set their preferences each time they use the television system As this card will also be used as the key to the television, users would not be permitted to use the television box unless they have paid their television fee So sufficient security and convenient television usage could

be guaranteed

Part II Smart card

in details

4 TECHNOLOGY ASPECTS

OF SMART CARD

From the technical point of view, smart cards can be classified into two main types: programmable and non-programmable A smart card application programmer can either put the application logic on the terminal, the card (if it is a programmable card) or both We can view the non-programmable smart cards as external storage, just like a floppy disk, with security features Therefore, we can design to store certain portable information on the smart card and the application logic is allocated on the terminal side On the other hand, the programmable smart card, such as the Java card, allows the application logic (intelligence) to be partially built on the smart card

In this chapter, we are going to describe the overview concepts of smart card programming

4.1 Overview of ISO 7816 Standards

ISO 7816 is the interface standard for smart card The following sub-parts are of interest to the smart card application programmer:

ISO 7816-1: Physical characteristics of cards

Defines the dimensions of cards and the physical constraints

ISO 7816-2: Dimensions and locations of the contacts

Defines the dimensions, location and role of the electrical contacts (the power VCC, the ground GND, the clock CLK, the reset RST, the I/O port I/O, the programming power VPP and two additional reserved contacts for future use) on the microchip

ISO 7816-3: Electronic signals and transmission protocols

Defines the characteristics of the electronic signals exchanged between the card and terminal and two communication protocols: T=0 (Asynchronous half duplex character transmission protocol) and T=1 (Asynchronous half duplex block transmission protocol)

ISO 7816-4: Inter-industry commands for interchange

Defines a set of standard commands and a hierarchical file system structure

ISO 7816-5: Numbering system and registration procedure for application

identifiers

Defines a unique card application name

ISO 7816-7: Inter-industry commands for Structured Card Query Language

(SCQL)

Defines a set of commands to access smart card content and relational database structure

Other parts are not covered here since smart card application programmers do not need to know them and also some of them are still under preparation We shall discuss ISO 7816-3, ISO 7816-4 and ISO 7816-5 below.

The terminal initializes a smart card by transmitting a signal to the reset (RST) contact of the card The card will response by transmitting a string of bytes to the terminal called the ATR (Answer-To-Reset) This string of bytes consists of two parts: the protocol bytes provide information about the communication protocols supported

by the card and the historical bytes provide information about the type of card An

example is given for the ATR of ACS ACOS1 smart card (which is a type of memory

card of Advanced Card System company):

Protocol Bytes Historical Bytes

3B BE 11 00 00 41 01 10 04 00 12 00 00 00 00 00 02 90 00 (in hexidecimal)

The details of ATR are described in the ISO 7816-3 standard We briefly describe the first three bytes in the protocol bytes here The bytes “3B” stand for the method of bit transfer “BE” means that there is additional information (14 historical bytes) The bytes “11” describe the information of clock speed and bit transfer rate The historical bytes give information about the references and versions of the card’s chip and operating system

After the ATR was transmitted, the terminal can communicate with the smart card

by sending commands The commands are encapsulated in packets These packets are called Transport Protocol Data Unit (TPDU) Each packet begins with the following five bytes (Header) followed by a number of bytes for the Data field if needed:

TPDU Header

The class byte (CLA): A class of instructions The values of some class bytes can

have a specific meaning pertaining to a certain class of commands For example, the

class byte of ACS ACOS1 smart card is 80H and Gemplus 32 bit Java Card is A8H

The instruction byte (INS): A particular instruction For example, the SUBMIT CODE

instruction of ACS ACOS1 smart card is 20H

The parameter bytes (P1 & P2): The parameters for the instruction For example, the

parameters of SUBMIT PIN command are P1 = 06H and P2 = 00H

The parameter byte (P3): The number of data bytes which are transmitted with the

command during the exchange This byte may indicate the number of bytes that the terminal will send to the card (Lc) or the number of bytes that the terminal expects to receive from the card (Le) For example, the P3 in the SUBMIT PIN CODE instruction

is 08H since the PIN (Personal Identification Number) code in ACS ACOS1 smart card

1 No data bytes exchange required

Format 1 of APDU command

2 Only terminal receive data bytes from smart card (Le)

Format 2 of APDU command

3 Only terminal sends data bytes to smart card (Lc)

Format 3 of APDU command

4 Terminal sends data bytes to smart card (Lc) and also receives data bytes from smart card (Le)

Format 4 of APDU command

If Le = 0, then the number of bytes expected is unspecified and must be provided by the smart card (maximum 256 bytes) When the data bytes have been transmitted, the terminal expects a new procedure byte.

• A NUL byte (value 0x60) : The smart card requests more processing time The terminal needs to reset its card time-out timer and wait for another procedure byte

• A status word (SW1 and SW2) : The status word ends the command It is standard in ISO-7816-4 Here is a subset of common status words:

Format of response APDU

The communication between the terminal and smart card (as shown in figure 4-1) includes a command APDU which is sent by the terminal to the smart card and a response APDU by the smart card to the terminal based on the result of the command APDU These exchanges are all encoded in transport protocol level TPDUs A command/response exchange at the application protocol level APDU may require more than one TPDU exchange

Figure 4-1 Communication protocol between terminal and smart card.

Here is an example of command/response APDU between the ACS ACOS1 smart

card and a terminal The command is used by the smart card to submit the PIN code for authentication to the terminal

SUBMIT PIN:

To submit a secret code (PIN) to the smart catd.

Command APDU:

PIN Code Eight bytes PIN Code

DES(Code,#Ks) Eight bytes PIN Code encrypted with Session Key (Ks)

Response APDU:

4.2.1.2 SW1 SW2

Status Specific Status Codes:

63 Cn Wrong Code; n = remaining number of re-tries

69 83 The specified Code is locked

69 85 Mutual Authentication not successfully completed prior to

the SUBMIT PIN CODE command

In the SUBMIT PIN procedure, the terminal can either submit the PIN code in plain text format (without encryption) or in DES encrypted format if the corresponding option bit DES in the Security Option Register is set

4.3 Overview of File Systems

The file system in the ISO-7816-4 is one of the important components in the smart card for data storage The file system is a hierarchical file system like MS-DOS:

• A file system has a root, which is called the master file (MF).

• Directories which are called dedicated files are used to organize (DF).

• Normal files are called elementary files (EF)

Files are referenced by a file identifier (FID) which is two bytes long There are

several kinds of elementary files:

• Transparent files, which are seen as a sequence of bytes

• Linear fixed files, which are seen as a sequence of fixed-length records

• Linear variable files, which are seen as a sequence of variable-length records

• Cyclic files, which are seen as an endless sequence of fixed-size records

In the ACS ACOS1 smart card, the files are defined and constructed in the

personalization stage The application program running on the terminal can then access the files using APDU commands if it is authenticated Here is an example of SELECT FILE command which is used to select a data file for subsequent READ RECORD and WRITE RECORD commands

The ISO 7816-5 standard defines a naming scheme for smart card applications Each application is identified by an application identifier (AID) The AID is between 1 to 16 bytes long The smart card provider needs to get a registered application provider identifier (RID) from ISO The AID is constructed as shown below:

command In the ACS ACOS1 smart card, the application also needs to submit the

Issuer Code (IC) which is assigned by the smart card manufacturer in order to submit any APDU command Furthermore, there is a set of Application Codes (AC) which can be set in order to enhance the access control in the file system Each file is assigned a security attribute of Read and Write Security Attributes define the security conditions that must be fulfilled to allow the respective operation The communication channel between the smart card and terminal can be protected by cryptography like DES (symmetric algorithm) and RSA (public-key algorithm) Moreover, there may be other different specific security mechanisms provided by different smart card manufacturers For example, the following security mechanisms

are provided by the ACS ACOS1 smart card:

• DES and MAC calculation:

DES refers to the DEA algorithm for data encryption and decryption MAC refers

to the algorithm for the generation of cryptographic checksum

• Mutual Authentication and Session Key based on Random Numbers:

Mutual Authentication is a process in which both the smart card and smart card reader verify each other’s validity The Session Key is a result of the successful execution of the Mutual Authentication procedure It is used for data encryption and decryption during a session A session is defined as the time between the successful execution of a Mutual Authentication procedure and a reset of the card

or the execution of another START SESSION command

• Secret Codes:

Secret Codes and the PIN code are used to selectively enable access to data stored in the card and to features and functions provided by the smart card

• Secure Account Transaction Processing:

Account Transaction Processing provides a mechanism for the secure and auditable manipulation of data in the Account Data Structure

4.6 An Example of Smart Card

Application : SmartFlow Internet Payment System

Electronic commerce on Internet is a popular research area, but the lack of secure payment transfer protocol is the main barrier to promote web-based business activities Smart card technology offers a set of valuable features such as identification, security and authenticity for many different applications, especially for payment transactions The SmartFlow system, which is being developed by the Cyberspace Center, as shown in figure 4-2 integrates the existing technology of smart card, Internet and workflow to demonstrate a new prototype for secure off-line micro-payment transaction environment Off-line micro-payment is suitable for low value transaction and privacy protection

Figure 4-2 Architecture of SmartFlow Internet Payment System

The first version of the SmartFlow prototype system has been implemented and it

is ready for demonstration at the Cyberspace Center in The Hong Kong University of

Science and Technology The Smart Bank Card is implemented by the ACS ACSO1

smart card as shown in figure 4-3 This is a 1-Kbyte EEPROM memory card which

holds application data The ACS ACOS1 smart card is a memory card with security

control logic which is compliant with ISO 7816-3, T=0 protocol (half-duplex), with DES and MAC capabilities It also contains the issuer code and the user password which can be changed by the user The security control logic protects the memory to prevent illegal modification, but the data can be read when the issuer code and password are correctly submitted Also, different memory locations can be protected

by different security controls

Figure 4-3 ACS ACSO1 Smart Card in Cyberspace Center

The system is developed on the Windows Platform using ActiveX which is written

in Visual Basic to build the system logic and front-end The back-end is supported by the Windows NT Server and all the related data are stored and managed by the MS SQL Database Server The system is supported by the Internet Information Server running on the Windows NT Server, and the communication channel is secured by Secure Socket Layer (SSL) We are using Internet Explorer 4.0 for the browser because the system is developed on Active X which is only supported by Internet Explorer as shown in figure 4-4

Figure 4-4 SmartFlow Internet Payment System

For illustration, here is the source code of the Select_File function in the

SmartFlow Internet Payment System This function is used to select a file on the smart card The APDU command of SELECT FILE was described earlier, the CLA is

80H, INS is A4H, P1 is 00H, P2 is 00H and P3 (Lc) is 02H because the file identifier is two bytes long and Le is 00 H which means to use the default value which is 256 bytes long The API function APDUExchangeFull starts the communication session with the smart card and then the APDU command (SELECT FILE) is submitted to the smart card The APDU response (SW1 and SW2) and Data (ResponseTempOut), if any, will be returned from the smart card to the application (terminal)

Public Const CONST_SELECT_FILE = "80A400000200"

Dim TempCLA As String

Dim TempINS As String

Dim TempP1 As String

Dim TempP2 As String

Dim TempLc As String

Dim TempLe As String

Public Sub Select_File( ResponseTempOut As String, FileIdentifier As String, SW1Out As String, SW2Out As String)

Call APDUExchangeFull(TempCLA, TempINS, TempP1, TempP2,

TempLc, TempLe, SW1Out, SW2Out, FileIdentifier, ResponseTempOut,

DummyDataOut)

End Sub

5 JAVA CARD PROGRAMMING

Java card programming brings a new era to smart card application development The card supports a Java Virtual Machine (JVM) Java programs can be stored and executed on the card Java card programming is based on Java Card 2.0 (the latest version is 2.0) specification (http://java.sun.com/products/javacard) which is maintained by Sun Here are the main features of JVM on Java card:

• A restricted version of the Java Virtual Machine supports a subset of the Java language that can be used in Java Card applets

• An API dedicated to smart card applet development based on the low-level ISO

7816 standards is available to support development of legacy applications

• An abstract run-time environment is included which supports applet management functions like the applet selection mechanism This environment is called the JCRE (Java card Runtime Environment)

Due to technical constraints on the card processor and since some features like multithreading is clearly not a necessity for Java card only a subset of the Java language is supported There are also new classes (like javacard.framework.APDU) which are related to the ISO 7816 standards or to cryptography in the Java Card 2.0 specification The implementation of a JVM is made up of a bytecode verifier, a class loader and a bytecode interpreter The verifier is used to verify that a class file is a valid Java class file The class loader is used to load classes into the system The bytecode interpreter is used to actually execute the application

A bytecode verifier is a complex and large piece of software which cannot fit onto

a smart card Therefore, the implementation of a JVM for a smart card is split into two parts as shown in figure 5-1:

• The Off-card part manages the verification of classes and ensures that all

necessary classes are available

• The On-card part is primarily responsible for executing the bytecode.

The JVM is a persistent machine, so that the state of programs and objects are preserved even when the card is powered off The related data are stored in EEPROM Another consequence of the JVM is that classes are only loaded and initialized once in the JVM, where they remain active until disposed of

Figure 5-1 Architecture of Bytecode Verifier on Java Card.

Beside the standard APDU command/response methodology, the other standard way to interact a program on the Java card is to use Remote Method Invocation (RMI) RMI, a distributed object technology, is an architecture that enforces the principle that a service provided on a server (Java card) must be described through

an interface The interface provides a list of methods publicly available for a given object An interface like this is a kind of contract that binds a server to its clients (terminals) The server guarantees that it will respond to the methods defined in its interface On the other hand, the protocol links the server to its clients The protocol defines the way in which the server and clients communicate Since the implementation of protocols is often quite complex, the implementation of these protocols is often automatically generated for a given object in JCRE This automatically generated program, which implements the client-side of the protocol is often called a proxy as shown in figure 5-2 Besides containing the code for the functions, it also contains the code required to access these functions on a remote server A Java card can be considered as a server and provides services to its clients (terminals) to access or manage the information stored on the smart card Furthermore, the various protocols defined by ISO 7816-3 and 4 define the smart card

as a slave in a master/slave configuration:

• The functionality provided by a Java program (applet) on the Java card is given in the Java interface, which defines the list of available methods

• A high-level protocol is clearly defined between the applet and its clients (terminals)

• A proxy generator is available to support the design and development of the client software

Figure 5-2 The Proxy between Application and Applet.

There are three main rules for controlling the security and visibility of applets in the Java Card:

• The visibility of a package is platform-dependent.

• Within a visible package, only the public classes are visible from the outside.

• If an applet is able to get a reference to an object, then the applet is allowed

to use the object.

Actually, these three rules are the same as the standard Java rules Furthermore,

most of the Java card manufacturers include an additional security feature – firewall –

between applets This feature is global to the card, and the purpose is to isolate every object in its own sandbox in order to reduce the risk of illegal access

After a Java card applet has been created and loaded on the terminal, the first step is to install and register it to the Java card Since this method is static, it is in charge of allocating a new instance of the applet and registering it with the JCRE through the register method as shown in figure 5-3 (step 1) Once the applet has been successfully registered, it is then ready to be selected and activated as shown in

figure 5-3 (step 2) Only one applet can be selected and activated at any one time If applet selection is successfully, it is then ready to process incoming commands as shown in figure 5-3 (step 3) As long as an applet is selected, any command sent to the card is embedded in an APDU object and sent to the applet’s process method This continues until the applet is deselected as shown in figure 5-3 (step 4) The deselect method of the current applet should be deselected before a new one is selected.

Figure 5-3 The life cycle of an Applet on Java Card

6 BUILDING YOUR OWN

SMART CARD APPLICATION

In the previous chapter, we outlined the basic information for smart card programming We shall now briefly describe the procedures for developing a smart card application

Developing a smart card solution is similar to developing a distributed system The following steps listed below can be used as the guidelines for building a smart card application:

1 Determine the objective of the solution

2 Define the appropriate algorithm

3 Identify the requirements and select the appropriate smart card

4 Specify the system security level, key distribution and key usage algorithms

5 Set the privacy and security levels of the users

6 Set the security bookkeeping level

7 Specify the directory and file structure of the smart card

8 Select the application commands/instructions needed

In the following section, we shall describe each development step in detail We hope that this information would be useful in helping the technical managers in developing smart card applications

6.1 Plan the smart card solution

When designing a smart card solution, we have to understand the aim of this solution first Smart card as mentioned in the previous chapters is mainly used for identification, security, and electronic money related aspects

If the solution is mainly based on standard existing smart card solutions (for

instance door access control system, electronic purse, secure identification card and

Digital Certificate card) an off-the-shelf card could be chosen However, if the problem

has not been implemented before, or is different from the common solutions, the system integrator would have to build the whole system from scratch or modify the off-the-shelf card solution

Before designing the algorithm to solve the problem, the technical manager should estimate the time span of the development required A rule of thumb for time from concept, programming and testing phases to completion of new system is around

nine months Individual developer will require about 4~6 months for programming If the existing microprocessor card does not meet the requirements of the user, the card would have to be redesigned The time required for microprocessors card production is around 12 weeks [Rankl1997]

Figure 6-1 Flowchart of smart card development

In other words, if the problem could be solved based on an existing solution, the-shelf cards should be used The required work would be basically consists of system integration of the smart card system to the existing environment Around 4 to

off-6 week’s time would be needed for this development However, if no existing solution can meet the requirements of the user, development of the solution would have to start from the design of the chip card microprocessor As a result, around 9 month’s time would be required

The core part of the solution is to define the algorithm for the smart card solution Developers need to choose an appropriate algorithm They also have to understand the flow of the system and identify the appropriate role of the smart card

In addition, developers have to understand the restriction of different smart cards This information is used together with the requirements on the smart card for selecting the most appropriate card type The first restriction of a smart card is the lifetime of the card

The life expectancy of a smart card basically depends on the application of the card For instance, GSM cards can stay in the phone permanently while identification cards and canteen cards would have to be renewed after 2-3 years [Rankl1997].The number of insertion will also affect the life expectancy of the card The gold-plated contact could survive about 10,000,000 insertions While the data storage (EEPROM) usually fails after 20,000 to 40,000 read/write cycles A first sign of failing performance is when the first write attempt does not set the desired value in the EEPROM, or the written data no longer stay in memory after a few hours [Rankl1997] Even though the smart card could hold the stored data securely, it should not be considered as a permanent safe for confidential data EEPROM is based on electrical charges Therefore due to current leakage, stored data could be lost This effect is exacerbated by high temperatures Normally the data content in a smart card is guaranteed for 10 years

The second limitation is the memory space on the card Because smart card is an embedded system, the memory size of the card could not be increased after the manufacturing stage The current largest available memory space and the largest possible memory space in an 8-bit CPU smart card are 32K bytes and 64K bytes respectively However, development cost is affected by the cost of the card which is heavily dependent on the size of the memory For example, changing from a 1K-byte card to 8K-byte card raises the production cost 4 times Therefore a balance between cost-effectiveness and card memory-size has to be struck

6.2 Understand the need of smart

card

After understanding the restrictions and limitations of smart cards, we would be able to select the appropriate card for the problem according to the requirements Though technical characteristics of smart card is hardware-specific, most of the properties of smart card chips are identical Therefore, design specifications can be the same

Traditionally, there are two main criteria for selecting a smart card These include the speed of instruction execution and the security level requirement of the system The speed of instruction execution depends on the processor chip and the speed

of data transmission The internal speed for executing instructions also affects the data transmission rate The current clock rate of the CPU is in the range from 3.5MHz to 4.9MHz The faster the internal instruction execution speed, the faster the data transmission rate Although the maximum possible data transmission rate of

contact smart card is 115200 bits per second (bps), the current normal transmission rate is 9600 bps [Guthery1998].

Other than the data transmission rate, the execution speed also depends on the Read/Write speed of the EEPROM and the card activation time The Read/Write time

of EEPROM is around 3.5ms while Ferro Electrical RAM (FERAM) is around 200ns [Klaus1998] When the same type of non-volatile memory is used, the time differences will be mainly on the card activation time The execution time required in normal set of instructions is around 1 – 3 seconds, while the time required for card insertion and ejection is around 2 – 3 seconds Therefore, for massive public transportation system, contactless card is preferred, because using contactless cards could reduce the total processing time by half compared with using contact cards Generally speaking, different applications may require different execution speed

Besides memory size and processing speed, security and add-on features of the card are very important considerations If the card is used as a personal security related card, special cryptographic engine may have to be added on the card When financial processing is required, the card should have the electronic purse feature

6.3 Managing data storage on the

card

Having selected the smart card, developers have to design the data structures to

be used on the card Because of the limited memory space, not all data could be kept When designing a smart card solution, one should realize that the solution is a distributed solution In common centralized mainframe solutions, all information is in one location For smart card applications, the card is considered as a kind of document store With this decentralized data storage, users' data could be protected from external attacked Similar to distributed systems, only the necessary data, i.e the mission critical data, should be kept onboard the card This data includes the identification number of the card, unique personal data of the user and the data required when the system is offline Any data that is not mission critical or not required in offline processing should be kept on the centralized database rather than the card

When determining what should be kept in the smart card and planning the amount

of memory needed, the memory space requirements have to be thoroughly analyzed The size should include both the user data and administrative data While for Java card, the size of the applications file should also be taken into consideration

In designing the structure of the data file, the overhead generated by the data file

is usually between 16-32 bytes Therefore, it is preferable not to setup an individual record for each data element in the card; otherwise too much memory is wasted for administration purposes

Immediately after fixing the file and data structure of the card, developers should work on understanding the level of security and privacy required in the system

Because a card cannot be considered as a secure storage of data unless proper security rules are imposed, the security level of the card must be set properly In a smart card, the Personal Identification Number (PIN) and authentication keys are basic security measures They could be applied in different combinations and generate different security protection patterns

Figure 6-2 Smart card file and directory structure

For instance, in an electronic-purse card, Key 1 may be used for mutual authentication of the terminal and the card in the payment process, while Key 2 may

be used for mutual authentication of the terminal and the card for downloading money When the user presents the card to the merchant’s terminal, Key 1 would be selected and checked if the merchant’s terminal is a valid terminal If the terminal is valid, the user can then enter his PIN and permit the transaction to proceed However, even if the merchant’s terminal has got the valid Key 1, the card cannot be credited if Key 2 is incorrect In other words, with the use of different combinations of key assignments, permissions and privileges of the users and terminals can be set properly

In the concept and development stages of an application, key assignment and administration of application data are fundamental principles in data exchange Various applications may have different requirements on privacy and security level, so developers must understand their needs and select the appropriate security model Because all cryptographic algorithms rely on the secure key management, if a secret key is revealed, all security mechanisms based on it will fail to work properly In a