View
3
Download
0
Category
Preview:
Citation preview
Smart Cards Introduction
Part 3 :Part 3 :
Smart card Smart card operating systemsoperating systems
Smart Cards Introduction
Smart Card Operating System (COS)Smart Card Operating System (COS)
n Why a COS?uMain OS families
n ISO/IEC 7816ucommunication protocolsudata organization (file structure)ucommandsuExample: WG10-compliant IEP
n The trend towards Open OSn Contactless smart cards OS constraintsn Security
Smart Cards Introduction
An Operating System on a Chip An Operating System on a Chip What is a COS?What is a COS?
n A software specific to each smart card manufacturer
n Loaded and protected in the chip ROM by the chip manufacturerua MASK is created
n A mask contains general-purpose core routines which serve as an interface with a micro-controller
n Special-purpose application programs are stored in EEPROM. uThey are be built on top of
core routines using them as necessary
ROM RAM
CPU EEPROMSECURITY
OS
Chip Organization
EPROM
ØDesigned by GemplusØLoaded by chip manufacturers
Smart Cards Introduction
Card OS role Card OS role
Operating systems are the core of smart cards
n An operating system handles :u File managementu Security (managing and executing cryptographic
algorithms)u I/O (transferring data to and from the smart cards)u Controlling the execution of commands u Applications u API, …
Similar to the OS of PCs with less memory, more security, and no user (human) interface
Smart Cards Introduction
Command processing Command processing
n The smart card receives each command via the serial I/O interfaceu The I/O manager executes error detection mechanism
4 The I/O manager is fully independent of other, higher layers
n After a command has been completely received without error, the secure messaging manager must decrypt the message and test its integrity u If the integrity check is OK, the command interpreter decodes
the command. 4 If not possible, the return code manager is called. 4 If decoding is OK, the logical channel manager determines
which channel has been selected, switches over to its state and calls the state machine
Smart Cards Introduction
Command processing (cont)Command processing (cont)
n The state machines define instruction sequences. They become active when in first instruction of a sequence has been sent to a card.
n The state machine checks whether the command and accompanying parameters are actually permitted in the current state of a Smart Card. u If yes, the actual code of the application command that carries
out the processing of the received command is executed. u If the command is prohibited in a current state, or if its
parameters are not allowed, the terminal receives a message to this effect via the return code manager and I/O manager.
Smart Cards Introduction
Command processing (cont)Command processing (cont)
n If it is necessary to access a file while processing a command, the file manager is called.
4 It converts a logical address of the file into its physical address on a chip
4 It also monitors all addresses with regards to region boundaries
4 It tests the access conditions for the file in questionu The file manager itself utilizes a lower-level memory
manager which is responsible for the entire management of the EEPROM. 4Only the memory manager works with physical addresses,
which increases security and portability of OS.
Smart Cards Introduction
Command processing (cont)Command processing (cont)
n The return code manager is responsible for generating an answer code.u It produces a complete answer for the program segment
which was called and sends it back to the terminal via I/O manager.
uMay be different return code managers for different applications.
n Usually, there is a dedicated library of cryptographic functions which serves all other modules. It is separate from the rest of the system.
Smart Cards Introduction
To add new featuresTo add new features
n A FILTER adds new features to an existing COSuSoftware routine stored in the EEPROM uOnly accessible by the COS
n Transition to a new productn Applets are coming up
ROM RAM
CPU EEPROM
SECURITY
COS
Filter
Chip Organization
Smart Cards Introduction
Main COS FamiliesMain COS Families
n SIM (Subscriber ID module) cardsuGSM 11.11 (TE9), 11.14, OTA 03.48
n Debit/CredituEMV, VISA
n Electronic PurseuWG10, MPCOS, CEPS
n DataBaseu7816-7
n LoyaltyuSimple with counters & rules
n Public Key for ITn Access (GemSafe)
Smart Cards Introduction
Major standardsMajor standards
n ISO 7810 : plastic cards, dimensionsn ISO 7811 parts 1-6 : ID Cardsn ISO 7816 parts 1-8 : contact integrated circuit cardsn ISO 10536 parts 1-4 : close coupling cardsn ISO 14443 parts 1-4 : remote coupling cards
n US standards :u FIPS-46 : Data encryption standardsu FIPS-81 : DES modes of operationu FIPS-180-1 : secure hash standardsu FIPS-186 : Digital Signature Standards
n GSM (ETSI for 3G, EMV (Europay, Mastercard, VISA), PC/SC, CCITT...
Smart Cards Introduction
StandardsStandardsISO7816 for Contact Cards
7816-1 : Card Body
7816-2 : Electrical Module
7816-3 : Electrical Signals & Protocols
7816-4 : Inter-Industry Commands
7816-7 : Database
7816-8 : Security mechanisms
ISO14443 for contactless cards
14443-1 (Completed)Card Body
14443-2 (Approved CD)RF power & signal interface
14443-3 (1st CD)Initialization & AntiCollision
14443-4 (Proposals)Protocol
Smart Cards Introduction
The ISO 7816...The ISO 7816...
Smart Cards Introduction
…… Includes Transmission Includes Transmission ProtocolProtocol
n The ISO 7816-3 describes u The way the card and the reader communicate
n Two communication protocols are standardizedu T=0
4 asynchronous, half-duplex, byte oriented, inverse convention, parity bit is even
u T=14 asynchronous, half-duplex, block oriented, with enhanced
security
T=0
T=1Almost all currently available cards follow T=0
Smart Cards Introduction
...Includes File Architecture...Includes File Architecture
n The card is organized into files. uMF (Master File) : root of the structure. Seen as a main
directory. uDF (Dedicated File) : seen as a directory. Each DF behaves like
an independent card (contains files related to a single application).uEF (Elementary File) contains actual data
4Working EF (application data that must be read or written from the terminal, i.e., data for external world)
4 Internal EF (data for the operating system, secret keys or program code. Access to data is protected by the COS.)
MFMF
DFDF DFDF DFDF EF EF
EFEF EF EF EF
Smart Cards Introduction
File architecture (cont)File architecture (cont)
MF is present in all Smart Cards. uMF is implicitly selected after the Smart Card is reset.u It contains all other directories and files.
DF is a directory in which other files which logically belong together (DF and EF) are grouped.
EF contains data that are needed for applications. EF always have an internal structure.
MFMF
DFDF DFDF DFDF EF EF
EFEF EF EF EF
Smart Cards Introduction
...Includes Command sets...Includes Command sets
n File management commandsu read, write, update
4 read binary, update binary4 read record, update record, append record
u select filen Authentication commandsuexternal authenticate, internal authenticate, get
challenge...n Access condition managementu verify code
n Personalization commands...
Smart Cards Introduction
Transmission Transmission protocolsprotocols
First step : how to communicate with a smart card ?
Smart Cards Introduction
Communication ProtocolsCommunication Protocols
n Standards Overviewn Protocol application layern APDU (application protocol data unit) exchange
u A software data container that is used to package the data so that they can be exchanged between a Smart Card and a terminal.
n ATR (answer to reset)u A sequence of bytes sent by a Smart Card in response
to a hardware reset. u Includes various parameters relating to a transmission
protocol
Smart Cards Introduction
Contact Communication ProtocolsContact Communication Protocols
n T=0 (ISO7816-4)uByte protocoluMono channeluGet Response
requiredu> 95% of smart
cards
n T=1 (ISO7816-4)uBlock protocoluPartially capable of
multi-nodeuComplexuInteroperability
issue due to complexity (error cases)
Smart Cards Introduction
78167816--3 T=03 T=0
•T=0 is byte-oriented •The smallest unit processed by the protocol is a single byte.
•The structure of commands for T=0 is: •Header (always), DataPart (optional).
•Header = CLA, INS, P1, P2, P3 •(class byte, command, parameters). •P3 provides the length of either
•a command, or data, or response. •If error is detected, only one byte is retransmitted. •Asynchronous
Smart Cards Introduction
78167816--3 T=13 T=1
NAD(assigned)
PCB LEN DATA CRC-1 CRC-2
•Asynchronous Half-Duplex Block Transmission Protocol•Frame Format:
Parameters:•NAD (node address) contains blocks’ source and destination addresses•Timing: BGT (block guard time), BWT (block waiting time) , CWT (character waiting time),•Sizes: LEN (length) IFS(C/D)•EDC: LRC (longitudinal redundancy check), CRC (cyclic redundancy check) •PCB (protocol control byte): I-Block (information block), S-Block (system block) or R-Block (reception acknowledgement block)
Smart Cards Introduction
Protocol Application LayerProtocol Application LayerAPDU FormatAPDU Format
Header field Body fieldCLA INS P1 P2 Lc Data Field Le
1rst part (mandatory) 2nd part (optional)
Command:
Response:
CLA: Class of the CommandINS: Instruction CodeP1, P2: Command parameters
Data Field SW1 SW21rst part (optional) 2nd part (mandatory)
Lc: Length of subsequent data fieldLe: Expected length of data
to be returned
SW1: Status Word1 = Command Processing StatusSW2: Status Word2 = Command Processing Qualification
Smart Cards Introduction
APDU Exchange (1/2)APDU Exchange (1/2)
Case1: No input / No output
CLA INS P1 P2 ---- ---- ----
---- SW1 SW2
Case 2 : No input / Output of expected length
CLA INS P1 P2 ---- ---- Le
Data Field SW1 SW2
Case 3 : Input / No output
CLA INS P1 P2 Lc Data Field ----
---- SW1 SW2
Smart Cards Introduction
APDU Exchange (2/2)APDU Exchange (2/2)
Case 4 : Input / Output of expected length
CLA INS P1 P2 Lc Data Field Le
Data Field SW1 SW2
In this case, TPDU is different for T=0 or T=1. For T=0:command TPDU CLA INS P1 P2 P3=Lc Data Field
• if the command is not accepted, the response TPDU is the following (SW1=6Xh except 61h)
response TPDU (XX) SW1 SW2
if no XX and SW1-SW2 = 9000h, then PCD sends a GET_RESPONSE command (INS=C0h):
command TPDU CLA C0h P1 P2 P3=Le
response TPDU data (Le bytes) SW1 SW2
• if XX field is present and SW1 = 61XXh, then PCD issues a GET_RESPONSE with Le=XXh
command TPDU CLA C0h P1 P2 P3=Le
response TPDU Data Field SW1 SW2
Smart Cards Introduction
ATR ExampleATR Example
Character Value DescriptionTS 3Bh Direct conventionT0 6xh TB1 and TC1 present, x historical characters (default: x=8)
TB1 00h Vpp not requiredTC1 00h No extra guardtime required
T1-T8 Historical characters (8 bytes)
T1 80h Status information is contained in an optional TLV object
T2 66h Tag: 6 (Pre-issuing data), length: 6 bytesT3 xx OS family name (Gemplus proprietary coding)T4 xx Product name (Gemplus proprietary coding)T5 xx OS version (Gemplus proprietary coding)T6 xx Program version (Gemplus proprietary coding)T7 xx Chip reference (Gemplus proprietary coding)T8 xx Card life status byte (see below)
T9..T15 xx Optional historical characters in ATR file (see below)
Smart Cards Introduction
EEPROM Memory EEPROM Memory OrganizationOrganization
Smart Cards Introduction
How EEPROM is partitioned by a COSHow EEPROM is partitioned by a COS
Fabrication data Simiconductor manufacturer
Production facility CSN
16-32 bytes (WORM access)
OPERATING SYSTEM Contains tables and OS pointers which combine with ROM program to yied the complete COS Protected by EDC
APPLICATION PROGRAMS
Application-specific algoritms that are too large to be
in ROM or should not be in ROM
Protected by EDC
FILE REGION
Contains all of the file structures.
MF region DF1 region DF2 region
….
Has strong file-oriented protection.
FREE MEMORY
Free memory management in future
Smart Cards Introduction
ISO7816ISO7816--4 Data File Structures4 Data File Structures
n Root file : MF (Master File) n Application directory: DF (Dedicated File)
u EF (Elementary Files) of different types:4Working EF may have the following types:
4Transparent EF4Linear Fixed Record EF4Variable Record EF4Cyclic EF
4 System Files (Proprietary)4Response Files,4Key Files, Code Files (with ratification counter...)4Transaction Counter files....4These files are managed fully transparently by the COS
File File structuresstructures
Smart Cards Introduction
Transparent File Transparent File
Transparent files have no structure. u Often referred to as a binary or amorphous structureu The data contained in the file can be accessed by reading or
writing in bytes or in blocks, with the use of offset value.length1 2 3 … ….
|ß offset à |ß data àu The minimum size of a file is one byte, maximum is not specified.
4 The maximum number of bytes that can be read in a short format is 255; in long format 65,536. The maximum offset value is 32,767.
u Therefore, the maximum length is 65,795 bytes or 98,303 bytesu Commands: READ BINARY, WRITE BINARY, UPDATE BINARY
Smart Cards Introduction
Linear Fixed Record File Structure Linear Fixed Record File Structure
Linear Fixed Record EF is based on linking fixed-length records. u A record consists of a series of individual bytes. Individual record within
this data structure can be freely accessed. u The smallest unit of access is record. u Commands: READ RECORD, WRITE RECORD, UPDATE RECORDu The length of a single record is determined by the access commands, it
can range from 1 to 254 bytes. But all records have the same length!Byte number
Record numberThe first is always
1Up to ‘FE’ or 254
m1
Smart Cards Introduction
Linear Variable File Structure Linear Variable File Structure
Linear Variable File structure is used to save memory when the records have highly variable lengths and is based on linking variable-length records. u A record consists of a series of individual bytes. Individual record
within this data structure can be freely accessed. u The smallest unit of access is record. u Commands: READ RECORD, WRITE RECORD, UPDATE
RECORDu The length of a single record is determined by the access
commands, it can range from 1 to 254 bytes. u Records have variable length!
Smart Cards Introduction
Cyclic File StructureCyclic File Structure
Cyclic File structure is based on the linear fixed-length file structure. u All records have the same length!u A record consists of a series of individual bytes. The number and
size are analogous to the linear fixed-length file structure. u In addition, the EF contains a pointer that always indicates the
record that was last written. This record is always numbered 1.u If the pointer reaches the last record in EF, it is automatically set by
OS to point to the first record when the next access occurs.
u This structure is typically used for log files within the Smart card in which the oldest entry is always overwritten by a new entry.
Smart Cards Introduction
The MultiThe Multi--Application ConceptApplication Concept
n security and datamanagement specific to each application
Root
E-Purse
Data File
Data File
Data File
. . .
Loyalty
. . .
Example
Smart Cards Introduction
Data FilesData Files
n There are different file structures adapted to different needsuSecurity files : for secret codes and keysuPurse file : for electronic moneyuLoyalty counteru ...
Purse File Identity File
Key File Secret CodeFile
Purseapplication
Loyaltyapplication
Root
Smart Cards Introduction
Access ConditionsAccess Conditions
n Access conditions define rights that must be granted before actions can be performed on files
n All files have information that regulates access to them encoded in the file header
n Access conditions are defined when the file is created; they depend on the type of the fileuFor the MF and DF’s the access conditions are related to
creation of new filesuFor the EF’s the access conditions are related to data access
(read or write privileges).
Smart Cards Introduction
Access Conditions (cont)Access Conditions (cont)n Command-oriented access conditions define allowed command
for the access in questionuFor DF’s: specify the conditions under which specific commands
can be executed within the given directory 4Create, Delete Files, Register ...
uFor EF’s: regulate all possible types of access to ES’s. 4The number of access commands varies, and may include
APPEND, DELETE FILE; INVALIDATE, READ/SEAK, LOCK,…
ReadWriteUpdate
EF#1
EF#2
EF#3
Dedicated File Create EFs
Smart Cards Introduction
Access Condition Example 1/2Access Condition Example 1/2
EFIdentity File
Access ConditionsRead : FreeUpdate : SC#2
Read
OK
Access conditions are specific to each fileAccess conditions are specific to each file
Smart Cards Introduction
Access Condition Example 2/2Access Condition Example 2/2
EFIdentity File
Access ConditionsRead : FreeUpdate : SC#2
Update
!!NOT OK!!AC not fulfilled
SC#2
UpdateOK!!
Access conditions are checked by the OSAccess conditions are checked by the OS
OK!!
Smart Cards Introduction
File OrganizationFile Organizationn Each file is made of
u File descriptor (header)4 Contains all information for file & security management
4file name (e.g., FID = ‘0001’)4File type (e.g., FF)4File structure (e.g., linear fixed) and size (e.g., 3 records of 5 bytes)4Access conditions (e.g., READ = after PIN code was entered)4Link to the file tree (e.g., directly under MF)
File header can contain special attributes, such as high update activity, WORM or EDCprotection, file manager support
u File body4 Contains the data stored in the EF
Descriptor
Body
ACAC
Smart Cards Introduction
File IdentifierFile Identifiern The OS enables data access by file identifier (logical name)
instead of physical memory addressuEvery file has 2-byte FID which is used to select the file.uFile creation order has no importance to the application
File ID
EEPROMMF 3F 00
DF 01 00
DF 02 00
EF 01 01
Smart Cards Introduction
Example :Example :
WG10 EWG10 E--purse filespurse files
Smart Cards Introduction
Example: WG10 IEP Files (1/5)Example: WG10 IEP Files (1/5)
File ID 0011hFile type TransparentFile size ≥22 bytes
Bytes Description Data element Length (bytes)1 - 3 Purse Provider Identifier PPIEP 3
4 - 8 IEP Identifier IEP 59 - 11 Expiry date DEXPIEP 3
12 - 14 Activation date DACTIEP 3
15 - 17 Deactivation date DDEAIEP 318 Authentication mode AMIEP 1
19 - 20 Application Profile APIEP 2
21-22 IEP option bytes(*) OPTIEP 2
23... Discretionary Data (ignored by the OS) DD var
IEP Information EF:
IEP : Inter-sector Electronic Purse
Smart Cards Introduction
Example: WG10 IEP Files (2/5)Example: WG10 IEP Files (2/5)
File ID 0012hFile type Linear fixedRecord Length ≥2 bytes
Bytes Description Data element Length (bytes)1 Algorithm Identifier ALGIEP 12 Key version VKIEP 1
3... Discretionary Data (ignored by the OS) DD var
IEP Key Information EF:
File ID 0013hFile type TransparentFile size ≥11 bytes
Bytes Description Data element Length (bytes)1 - 4 IEP Balance BALIEP 45 - 7 Currency Code CURRIEP 3
8 - 11 Maximum Balance BALmaxIEP 412... Discretionary Data (ignored by the OS) DD var
IEP Balance EF:
Smart Cards Introduction
Example: WG10 IEP Files (3/5)Example: WG10 IEP Files (3/5)
File ID 0014hFile type CyclicRecord length ≥15 bytes
Bytes Description Data element Length (bytes)1 Transaction type TRT 1
2 - 3 Transaction number NTIEP 24 - 7 IEP balance BALIEP 4
8 - 11 Amount received from LDA MLDA 412 - 15 PPSAM identifier PPSAM 4
16... Discretionary Data (optional) DD up to 8
Load Log EF (LLOG):
Smart Cards Introduction
Example: WG10 IEP Files (4/5)Example: WG10 IEP Files (4/5)
File ID 0015hFile type CyclicRecord length ≥22 bytes
Bytes Description Data element Length (bytes)1 Transaction type TRT 1
2 - 3 IEP transaction number NTIEP 24 - 7 Total amount of the transaction MTOTIEP 48 - 11 IEP balance BALIEP 412 - 14 Currency code CURRIEP 315 - 18 PSAM identifier PSAM 419 - 22 PSAM transaction number or Discretionary
Data (mandatory)NTPSAM or
DD4
23... Discretionary Data (optional) DD up to 4
Purchase Log EF (PLOG):
Smart Cards Introduction
Example: WG10 IEP Files (5/5)Example: WG10 IEP Files (5/5)
Currency Conversion Log EF (CCLOG):
File ID '0017'File type CyclicRecord length ≥21 bytes
Bytes Description Data element Length (bytes)1 Transaction type TRT 1
2 - 3 IEP transaction number NTIEP 24 - 7 Balance of the IEP (old value) BALIEP (old) 48 - 10 Currency Code (old value) CURRIEP (old) 311 - 14 Balance of the IEP (new value) BALIEP (new) 415 - 17 Currency Code (new value) CURRIEP (new) 318 - 21 PPSAM Identifier PPSAM 4
22... Discretionary Data (optional) DD up to 8
Smart Cards Introduction
Smart Cards Introduction
ISO7816ISO7816--4 Command Set4 Command Setn Read Binaryn Read Recordn Write Binaryn Write Recordn Update Binaryn Update Recordn Erase Binaryn Log Recordn Get Datan Put Data (TLV)n Select Filen Verify
n Internal Authenticaten External Authenticaten Manage Channeln Get Responsen ATR
n APDU command format
Smart Cards Introduction
Commands: Example (1/3)Commands: Example (1/3)
Command CLA INS P1 P2 Lc LeSelect File 00h A4h 00h
Child EF, using File Identifier 02h 02h 0ChDF or MF, using DF Name 04h var var
Read Binary 00h B0h ofs varDirect Selection ofsImplicit Selection sfi
Update Binary (Standard) 00h D6h ofs varDirect Selection ofsImplicit Selection sfi
Read Record 00h B2h rec varDirect Selection 04hImplicit Selection sfi
Smart Cards Introduction
Commands: Example (2/3)Commands: Example (2/3)
Create File (Standard) 80h E0h 00h 00h varVerify Secret Code 00h 20h 00h 00h
Present a Secret Code 08hRead the number of Retries
Internal Authenticate 00h 88h 00h 08h 0AhGlobal level key/transaction number 00hLocal level key/transaction number 80h
Set Access Conditions (Standard) 80h 16h ACCurrent EF, AC1 (Update) 00hCurrent EF, AC2 (Read) 01hCurrent DF, AC1 (Update) 02hCurrent DF, AC2 (Tamperproof) 03h
Smart Cards Introduction
Commands: Example (3/3)Commands: Example (3/3)
Secure Messaging Command CLA INS P1 P2 Lc LeUpdate Binary (Secure Messaging) 04h D6h ofs var 03h
Direct Selection ofsImplicit Selection sfi
Update Record (Secure Messaging) 04h DCh rec var 03hDirect Selection 04hImplicit Selection sfi
Append Record (Secure Messaging) 04h E2h rec var 03hDirect Selection 00hImplicit Selection sfi
Create File (Secure Messaging) 84h E0h 00h 00h var 03hSet Access Conditions (Secure Messaging) 84h 16h ac 03h 03h
Current EF, AC1 (Update) 00hCurrent EF, AC2 (Read) 01hCurrent DF, AC1 (Update) 02hCurrent DF, AC2 (Tamperproof) 03h
Smart Cards Introduction
ISO7816ISO7816--4: Card Responses4: Card Responses
SW1 - SW2
Process Completed Process Aborted
Warnings Normal ExecutionChecking
'90 00''61 00'
'62 XX' '63 XX' '64 XX' '65 XX''67 XX -''6F XX'
Smart Cards Introduction
Today's MultiToday's Multi--application Card application Card ExampleExample
PSE
ADF 1 ADF 2 ADF3DIR EF
AEF AEF AEF AEF AEF AEFAEF
LoyaltyLoyalty
Access ControlAccess Control
n Dedicated Payment Function in OS
n Dedicated Data File
n ISO 7816-4 Data Filesn Generic Access functions in
read, Update and Writen Cryptographic security
n ISO 7816-4 Data Files
n Access in read only
Smart Cards Introduction
Evolution of the Evolution of the Smart Card Smart Card TechnologyTechnology
Smart Cards Introduction
MultiMulti--application COS application COS
n Multi-applications are reality
uone exe code + multiple file systems
EXECUTABLE
ISO 7816-4FILE SYSTEM
PSE
ADF 1 ADF 2 ADF3DIR EF
AEF AEF AEF AEF AEF AEFAEF
Chip Resources
Operating S.
App
licat
ion
Dat
a 1
App
licat
ion
Dat
a 2
App
licat
ion
Dat
a 3
Smart Cards Introduction
Evolution of the Smart Card Evolution of the Smart Card TechnologyTechnology
Mono-application cards
Dedicated OS
n All the benefits of smart cards
n Optimized chip size/ cost effective cards
u Hard business case
u limited marketing tool
u very limited flexibility for scheme evolutions
Multi-application cards
Multi-use OS
n facilitate the business case
n new valuable services to customers
u Scheme finalized before issuance
u limited flexibility for evolutions
Multi-application platforms
Open OS
n very flexible platforms
n can support new applications after issuance of the card
n No infrastructure upgrade
u not available as of today for operation
yesterdayyesterday todaytoday tomorrowtomorrow
Smart Cards Introduction
MultiMulti--application application in the future: in the future:
OpenOpen Operating SystemsOperating Systems
Smart Cards Introduction
Requirements for anRequirements for anOpen Operating SystemOpen Operating System
n To Add new functionalities during life of the card
n To Keep or improve traditional level of security in each application
n Reduce the development cycle for applications by offering Standard Application Programming Interface and toolboxes
n Authorize third parties to develop applications
n Use a large-base of developers and provide them access to easy to use language and tools
Smart Cards Introduction
Requirements for anRequirements for anOpen Operating SystemOpen Operating System
n Provide chip independence among multiple hardware targets (chips)
n Provide isolation and separation between Multiple Applications and System
WriteSiemensThomsonMotorolaHitachi
Smart Cards Introduction
Chip Resources
What is an Open Operating System?What is an Open Operating System?
Operating System (OS)
Virtual MachineAPI
App
licat
ion
a
App
licat
ion
b
App
licat
ion
c
App
licat
ion
...Chip Resources
Operating S.
App
licat
ion
Dat
a 1
App
licat
ion
Dat
a 2
App
licat
ion
Dat
a 3
Traditional OS Open OS
Smart Cards Introduction
What is an Application in a Open What is an Application in a Open OS Card?OS Card?
App
licat
ion
a=EXECUTABLE
FILE SYSTEMPSE
ADF 1DIR EF
AEF AEF AEF
Smart Cards Introduction
Java Card Architecture Java Card Architecture --OnOn--Card componentsCard components
Native Functions &System Resources
Card Executive
Virtual Machine
APIs
GEMWG10
GEMWG10
MPCOS GSM
Hardware
Java Language
Assembler
1234 4567 8901
9/98
Smart Cards Introduction
OS developmentOS developmentHow does it work inside ?
Smart Cards Introduction
OS developmentOS developmentn Tools :uemulators, simulatorsuuser’s guide, technical support
n Detailed chip specificationsn OS design / developmentn Qualificationuunitary testsunormal executionu full qualificationuacceptance tests
Smart Cards Introduction
OS processingOS processingn Data logical accessn Data processingn Back-up managementusingle EEPROM updateumultiple EEPROM update (indivisibility)uanti-stressunested backup...
n Security checksuContext verificationsuSecurity sensors
n Protocol processingn I/O
Smart Cards Introduction
OS Command ProcessingOS Command ProcessingExamples of verifications
done before command processing:uCorrect TPDU formatuCorrect Le/Lc according to commanduCorrect P1/P2 according to commanduProper EF type for the commanduProper DF if specific (IEP DF,...)uCommand is allowed according to the current stateuData necessary for the command is not corrupted u IEP is active and not deactivateduThe file descriptor integrity uFile access conditionsu ...
Smart Cards Introduction
Laboratory 2 (1/2)Laboratory 2 (1/2)
n Describe microprocessor architecture. n Different applications have varying proportion of different
memory types. One can say that cards are divided into applications according to these ratios, as well as by the functions built into the mask. uGive characteristics of different memory types and what
they are used for. Volatile vs. non-volatile memory. u In what ratio (only in terms “large” or “small”) these
memories will be used for following: 4Cards storing health records4Cryptographic cards for public key cryptography4New generation of security modules for mobile
telephones (store subscriber profile, passwords, phone books, call history)
Smart Cards Introduction
Laboratory 2 (2/2)Laboratory 2 (2/2)n What is a card operating system? What is its role? n What is the difference between “COS” and “mask”?n What is the name of the root file ? What is the function of the root
file?n How the rest of the file system is organized? n Using the WG10 IEP (electronic purse) example, design a file
structure with brief characteristic of the EF for a student Id smart card used for:u Identification and access to a building and labsu Library access (keeping a record of currently borrowed books)u Pre-loaded electronic purse for on-campus canteens, vending
machines, copiersn What is an access control? Give an example. n What is the main difference between COS and open OS? What are
the potential problems with open OS for smart cards?
Smart Cards Introduction
Risk ManagementRisk Management
n Security is globaln Security does not last n Security is not freen Security requirements depends on applications
uPay TV
uCredit & Debit
uPre-Paid Telephone
uCellular Phone GSM/PCS
uNetwork Security
uLoyalty
Smart Cards Introduction
DECREMENTRATIFICATION
COUNTER
Weak software implementationWeak software implementationShould be prevented by Should be prevented by programming rules !programming rules !
EXAMPLE:
PIN CODERATIFICATION
PIN CODE
PIN CODECORRECT?
BACKUP &DECREMENT
RATIFICATIONCOUNTER
YES
NO
Recommended