You are on page 1of 31

What is

Smart Card ??
洪 崇 倍 / Otto Hung
ottohung@mxtran.com

全宏科技股份有限公司

MXTran Proprietary & Confidential


What is a smart card

• A credit card size plastic with a single IC chip on


board and conforms with ISO-7816 and ISO 14443
• comprises of 3 parts
– contact disc
– chip
– plastic body with cavity
MXTran Proprietary & Confidential 2
Application

Source: http://www.smartcard.bull.com/
MXTran Proprietary & Confidential 3
Categories of Smart Cards
• Memory Cards
– Containing a memory chip (several K bits) with
hardwired logic,
– mostly used as prepaid cards,
– low cost.
• Microprocessor Cards (our focus for this topic)
– like small portable computers (without keyboard
or monitor screen),
– increased security capabilities,
– can integrate several applications.

MXTran Proprietary & Confidential 4


Categories of Smart Cards (cont.)
• Contact Cards
– must be inserted into a card reader or terminal (Card
Acceptance Device),
– more commonly used
• Contact-less Cards
– Can function when placed close enough to the terminal,
– Ideal for fast transactions,
– not easily worn out,
– can be of different physical sizes,
– transmitted data can be intercepted
• Dual-Interface Cards

MXTran Proprietary & Confidential 5


Architecture of Memory Card

• Hard Wired Logic


POWER GROUND
(Vcc) (Vss) • EEPROM Only
RESET • Synchronous Prot.
CLOCK
• Non Standardized
I/O

Decode
EEPROM : EEPROM
100 ~ 4 KB Bits LOGIC
I/O

MXTran Proprietary & Confidential 6


Architecture of CPU Card
• Asynchronous card
– (slow data transfer)
POWER GROUND
(Vcc) (Vss) • 8 –32 bit µP
RFU • 4 – 20 Mhz Clock
RESET (Vpp) • High Security
CLOCK I/O • Medium large Size
– (10 to 32 mm²)

RAM : Hundreds Bytes µP


(Working Memory) EEPROM
ROM : 6 ~ 96 KB LOGIC
(Card Operating System)
EEPROM : 1 ~ 64 KB RAM ROM
(Application Memory)

MXTran Proprietary & Confidential 7


Hardware Block Diagram

CPU ROM RAM EEPROM WDT RNG

Bus Access Control

安全
串列 RF RSA DES
PLL 保護
界面 界面 加密器 加密器
線路

MXTran Proprietary & Confidential 8


Standards and Specifications
• Interface
– Contact, ISO 7816
– Contact-Less, ISO 14443
• (U) SIM card-related specifications
– ETSI GSM 11 series,
– 3GPP 03 Series
• Payment systems
– EMV 2000, etc..
• Card Acceptance Device
– PC/SC for interoperability between smart cards and PCs
– OpenCard Framework (OCF) similar to PC/SC,
implemented in Java

MXTran Proprietary & Confidential 9


CPU Card Security
Mechanism
• Authentication
– Passive with verify PIN/Password
– Active with Challenge/Response
– Data security
• with secured messaging
• with protecting access channel
• Encipher
– Symmetric
• DES, TDES, AES
– Asymmetric
• RSA,

MXTran Proprietary & Confidential 10


Smart Card
Communication Model
• Commands and Response messages are
contained in APDU Command,
Application Protocol Data Unit
(C_APDU and R_APDU).

Command APDU
Processing

Response APDU

MXTran Proprietary & Confidential 11


Classify of APDU Command
• Case 1, no command/no response data
Header sw
• Case 2, no command data
Header Le Data sw

• Case 3, no response data


Header Lc Data sw
• Case 4
Header Lc Data Le Data sw
MXTran Proprietary & Confidential 12
Transmit of OSI-Reference

APDU
Application Application

TPDU
Transport Transport
T=0, T=1 and T-CL

Data Link ISO 7816, Data Link


ISO 14443

Physical Contact Physical


Contact-Less
ICC CAD

MXTran Proprietary & Confidential 13


TPDU Format
• Data structure exchanged by using TPDU,
Transaction Protocol Data Unit
– T=0, byte oriented
CLA INS P1 P2 P3 Data

– T=1, Block oriented


Prologue Information Epilogue
NAD PCB LEN Information field EDC/CRC
1 1 1 0 ~ 254 1 or 2

– T=CL
Prologue Information Epilogue
PCB [CID] [NAD] Information field CRC
1 1 1 0 ~ 254 2

MXTran Proprietary & Confidential 14


T=0 TPDU Command
• ISO-IN

CLA INS P1 P2 Lin Data-


Data-In READER
PB sw1 sw2 CARD
• ISO-OUT

CLA INS P1 P2 Lin READER


PB Data-
Data-Out sw1 sw2 CARD

MXTran Proprietary & Confidential 15


T=1 TPDU Command
• Supervisor Block
• Ready Block
• Information Block
– ISO-IN
CLA INS P1 P2 Lc Data-
Data-In sw1 sw2

– ISO-OUT
CLA INS P1 P2 Le Data-
Data-Out sw1 sw2
– ISO-IN&OUT
CLA INS P1 P2 Lc Data-
Data-In Le Data-Out sw1 sw2
Data-

MXTran Proprietary & Confidential 16


About Smart Card Software
• Smart card system
Host (Terminal )system + Card system

– Smart card operating systems are typically file


system-centric (based on ISO 7816-4)
– Most conventional card applications involve just
file manipulations (select, deselect, read, write)
– Software development involves
(1) operating system providers,
(2) card terminal vendors,
(3) application developers, and
(4) card issuers

MXTran Proprietary & Confidential 17


Chip Card File System
• Most smart card operating systems are
typically File System-Centric
– based on ISO 7816-4
Level #0 EF
MF
Level #1 Level #1 EF
DF DF EF

EF Level #2 Level #2
DF DF

EF EF
MXTran Proprietary & Confidential 18
File Structures (1/3)
Header Header
System Information System Information

Body Body
Record #1

Record #2

Record #3
Sequence Of Byte
Application Data

Rest of records

Last Record #N

TRANSPARENT FILE LINEAR FIXED FILE


MXTran Proprietary & Confidential 19
File Structures (2/3)
Header
Header
System Information
System Information

Body
Record #1
Body
Record #1 Record #2
LR
Record #2 ae
sc
t o R
r e
Record #3 #d c
N o
r
d
Rest of records
#
3
Last Record #N Rest of the records Record #P

LINEAR VARIABLE FILE CYCLIC FILE


MXTran Proprietary & Confidential 20
File Structures (3/3)
Header

System Information

Body
Data
Data#1
#1

Data
Data#2
#2

Data
Data#3
#3

Rest
Restofofdata..
data..
Data
Data#N
#N
Tag
Tag Length
Length Value
Value

BER-TLV FILE
MXTran Proprietary & Confidential 21
Card Operating Systems (COS)
• Traditional O.S.
– only one application or special application
• Open system O.S.
– for multi application or non-specific
application
• Java Card Operating System
• MultiOS Card Operating System
• Smart Card for Windows
• Global Open Platform
MXTran Proprietary & Confidential 22
Multi-Application Cards
• New data and new command can be added!!
• Base on “Open OS”

EEPROM
loyal applet Stored value applet

Data Code Data Code

API
Virtual Machine

Microprocessor

MXTran Proprietary & Confidential 23


Realizing the Multiple-
Application Vision

Source: http://www.smartcard.bull.com/
MXTran Proprietary & Confidential 24
Benefits of Open OS
• Interoperability
• Secure loading of applets into card, even after
issuance
• An existing field application can be ported
onto a multi-application card, without
changing the terminal software
• Firewalls between applets  confidentiality
of data
• Applet develop in high level language (java,
C, …)  very quick time to market

MXTran Proprietary & Confidential 25


Java Card Operate System

EE File EE file
PROMstruc
ture PROM structure

EE Application EE Application
PROM PROM B
A
Hardware Java Card API
independant
ROM
R Java Interpreter
Hardware O Operating System Virtual
dependant m
M
ROM Operating Syste Machine
to
CPU + cryp

MXTran Proprietary & Confidential 26


MULTOS Card
Operate System

MXTran Proprietary & Confidential 27


UICC Card
Application Platform
• The SIM - • The UICC -
a "mono-application" card the multi-application platform
– separation of layers and
– SIM according to GSM 11.11 applications
– applications based on SIM – logical channels to run
applications in parallel
Application Toolkit Others
– WIM as exception EMV
(own command set and eHealth
triggered by WAP browser)
USIM SIM
Banking Location Browser Electronic
SIM- (U)SAT Purse
SIM Application Toolkit WIM
(SAT) Phonebook

SIM UICC
GSM Purse
MXTran Proprietary & Confidential 28
Global Open Platform Card
Architecture
Issuer Choice of Applications

Visa Visa
Visa Open platform
Smart Smart E-Comm Loyalty Loyalty
Cash Card Manager
Credit Debit
Open Platform WfSC
Java Card API
VM & API
Proprietary Card Vendor
OR WfSC
OS O.S.

MXTran Proprietary & Confidential 29


Definition of Card’s Life Cycle
• Blank Cards
• Pre-Personalized O.S.
Cards Card
FILE STRUCTURE
• Personalized Cards
• Dead Cards
USER DATA

MXTran Proprietary & Confidential 30


晶片
設計
晶片
生產
IC卡之產業分工 多功能智慧卡
應用衍生商機
IC卡生產工廠
主要商機領域
系統 打線 圖稿 版面 壓合
發展 封裝 設計 印刷 沖卡 身份識別應用
無線通訊商機
金融付費機制
成卡 防護 圖像 電氣 挖孔 消費娛樂市場
運送 處理 顯示 入碼 植晶 大眾運輸系統
•系統發展技術 •品質保證機制 軍事安全用途
•密碼軟體能力 •安全控管機制
•硬體平台整合 •發卡金鑰系統
•量產製程能量 •資料庫管理系統
•設備操作經驗 •全壽期管理系統

•資料蒐整經驗 •系統維護能量
•發卡運送機制 •客服中心維運
•合約管理經驗 •衍生應用發展
前端加值服務公司
•系統整合能力 •潛在商機發掘
•系統加值服務 •全壽期管理營運

MXTran Proprietary & Confidential 31