Smart Cards TECHNOLOGY   by Tom Jamrozy

 

 

Overview

 

The name “smart card” is very broad and currently applies to many different types of cards that have one common feature – a computer chip built into them. For an overview of different types of cards please refer to the Definition page.

 

The design of a smart card must satisfy multiple, usually contradicting requirements, therefore the final product is a result of trade-offs between these different goals. Some of the goals are:

 

• Small size
• Low cost to manufacture
• Low power consumption
• Relatively large memory
• Advanced security features
• Processing power (required to implement advanced security)

Standards

 

The issue of interoperability is very important since there are a lot of smart cards vendors and typically smart card systems are highly distributed. International standards for smart cards have been developing since late 1970s. The basic contact smart card standard is the ISO 7816 series. The contactless cards are governed by the ISO 14443 standard. These standards are derived from the identification card standards and describe in details the physical structure of the card, electrical connections as well as application programming interface and the communication protocol between the reader and the card.

 

In addition to the ISO specification there are a lot of industry specific standards, some of which are listed below:

 

ISO 9992       Financial transaction cards, 

               messages between the integrated circuit 

               card and the card accepting device (2 parts)

ISO 10202      Security architecture of financial 

               transaction systems using IC cards. (8 parts)

EMV            Integrated Circuit Card Specifications for 

               Payment Systems developed by Europay 

               International S.A., MasterCard International Inc., 

               and Visa International Service Association (3 parts)

ETSI GSM 11.11 European Digital Cellular 

               Telecommunications System (Phase 2): 

               Specification of the Subscriber Identity 

               Module-Mobile Equipment (SIM-ME) Interface

 

Hardware

A smart card is essentially composed of credit-card size plastic card with a small printed circuit and an integrated circuit (IC) chip embedded on the card. In most cases the card is powered from the device it connects to.

The capability of a smart card is defined by its integrated circuit chip. Typically, an integrated circuit chip consists of a microprocessor, read only memory (ROM), nonstatic random access memory (RAM) and electrically erasable programmable read only memory (EEPROM) which will retain its state when the power is removed.

 

Figure 1 illustrates The physical structure of the card is shown on Fig 1.

 

Figure 1

 

Typically a smart card controller includes an 8-bit CPU, 128–780 bytes of RAM, 4–20 KB of ROM, 1–16 KB of EEPROM, and (optionally) an on-chip hardware encryption module. The most popular smart cards controllers today are Intel 8051 and Motorola 6805. The internal structure of the controller illustrates Fig 2.

 

Figure 2

Although it functions like a typical microprocessor, the smart-card controller is fundamentally different because it’s primarily designed for security. These differences include single memory mapped I/O, lack of memory-management unit (typically) and on-board hardware encryption module. 

 

Software

The software running on the smart card depends primarily on which category the card falls into. The most interesting case is a microprocessor card. All implementations of such cards include some version of the card operating system (COS). The operating system performs the following tasks:

 

• communication between on-card and off-card applications using APDU protocol as defined in spec ISO 8716-4.
• provides runtime environment for the local applications
• manages the security features of the card
• manages the local file system

 

Access to the valuable data stored on the card has to be done through the logical file structure on the card. This structure can be viewed as a hierarchical file system that is, in most implementations, similar to the MS-DOS or UNIX file system. Similar to MS-DOS, there is one master file (MF) which is similar to the root directory. Under the root, there may be different files which are called elementary files (EFs) and various subdirectories called dedicated files (DFs). Under each subdirectory will be elementary files again. The main difference between a smart card file structure and a MS-DOS file structure is that dedicated files can also contain data. Another difference comes from the requirement to provide greater level of security than the security typical operating system provides. To improve the overall security of the card, the attribute set of each file is extended by adding access conditions and file status fields to the file header. Moreover, a file lock is also provided to prevent the file being accessed. These security mechanisms and algorithms provide a logical protection of the smart card.

 

The high level architecture of COS presents Fig. 3.

 

 

Figure 3

 

 

An example of COS that is becoming very popular is Java Card – a stripped down Java Virtual Machine specially designed to run smart card applications. Thanks to its portability and security features Java Card is becoming a language of choice for many smart card vendors. The Java Card Application Environment can run in devices with memory as small as 24K of ROM, 16K of EEPROM, and 512 bytes of RAM.

 

An interesting feature of the Java Card technology is its ability to run applets retrieved from the network just like the real, full-featured Java Virtual Machine. Java Card provides the platform independent, flexible environment for implementing smart card solutions. It is also compatible with most of existing standards. Java Card technology provides several benefits, some of which cannot be provided by any other smart card operating system. These benefits include:

 

• Portability - The core API is the same for all Java Card-enabled smart cards, so generic applets written for one will run on any. Industry-specific class libraries may be added to the Java Card API, but the core behavior of Java Card devices is always the same.
• Reusability – Available memory is very limited, therefore the applications should be as small and compact as possible. Java technology's object-oriented architecture makes functional code reusable by a variety of applets.
• Multifunctionality – It is desired for a single card to support multiple applications. The "sandbox" model inherent in Java technology ensures that applets work well with others.
• Security – Java Card API provides advanced security features. The applet will be accepted by the card only if it is cryptographically signed by the card issuer.

 

So far, Java Card technology seems to be the most mature programming language and application environment for microprocessor controlled smart cards. The only drawback is the overhead involved in running JVM on the smart card chip but as the embedded controllers become more and more powerful, this overhead will not be an issue for smart cards in near future.