What is Smart Card?
In this article I’m going to present you with a quick overview of the Smart Cards and then move on to exploring the ways they can be integrated to existing services in order to provide value added services or a new range of secure application.
"It’s a small world." It’s no more just a saying -- it is a reality today. The ways people communicate and transact business have changed drastically from what it used to be. The advancements in the digital communication and the embedded industry have a great impact on this. The way business is done has also evolved from the pay-n-take transaction model to the online transaction model where one can complete a sale or any similar transaction just a few mouse clicks.
In such a world enterprises can provide value-added services and enhance their customer base as most banking and retail chains have done by giving out free services such as online banking, the option to buy and sell stocks online, etc. This applies to large corporations and small businesses like a coffee shop that provides its customers Wi-Fi access to the Internet while they enjoy their coffee. The success of such transactions and the business using them relies on the level of security and service competence offered by the vendor.
Smart Cards have been here for quite sometime now. Although the development initiated 35 years ago in 1968, it was ten years later that they were made available to mass use. Apart from the security features and ease of use, Smart Cards also provide the user with a safe and effective way to conduct e-business and enjoy the luxury of the value-added services provided by vendors. This has enabled Smart Cards to make their way into millions of lives.
Use and Types of Smart Cards
Is a "smart card" the same plastic card that I use at the ATM? No, probably not. The ATM cards are just plastic cards with a magnetic stripe bearing some information. A Smart Card is really smart. You might ask why?
The old ATM cards and other proprietary magnetic stripe cards do not provide security and do not have any embedded hardware in them. They’re more like an audio tape which can be tampered with! Smart cards are really a Smart Solution to provide security bundled with ease of use. Most Smart cards, if not all, incorporate an integrated circuit chip (ICC) on the plastic card. This ICC is usually a micro-controller with limited computational power and I/O support. ISO uses the term, Integrated Circuit Card (ICC) to identify all those devices where an integrated circuit is contained within an ISO ID1 identification card piece of plastic. The card is 85.6mm x 53.98mm x 0.76mm and is the same as any other standard magnetic stripe card.
Types of Smart Cards
These Integrated Circuit Cards come in two forms when we categorize them based on the way we use tem, contact and contact-less. The former is easily identified due to its characteristic gold connector plate.
Originally the ISO Standard (7816-2) defined eight contacts, but only 6 are actually used to communicate with the outside world and rest two are marked as RFU (Reserved for future use). The contact-less cards optionally may contain its own power source, however mostly the operating power is provided to the contact-less card by means of an inductive loop that uses low frequency electronic magnetic radiation. The signals needed for communication with the reader devices may be transmitted in a similar way or can use capacitive coupling or even an optical connection (IR).
The Contact card is the most widely used ICC to date largely because of its use as telephone prepayment card. Yes! The SIM card that we you use in our cell phones is just a Smart card without the plastic base. Most contact cards contain only a simple integrated circuit although some also use two chips; the other one is used to perform complex cryptographic computations (which I’ll explain shortly). The chip itself varies considerably between vendors and each takes it own way of programming application for it, but the Java Card™ initiative by Sun has made it a breeze to write Smart Card applications that can be downloaded onto the memory of these cards and can execute on any type of chip which supports the Java Card runtime environment. I’ll come to programming the Smart cards in next article of this series.
Let us now consider the use of the 6 contacts used by the ICC:
Vcc is the supply voltage that drives the chips and is generally 3 to 5 volts with 10% deviation allowed. It used to be in 5-volt range prior to the recent move towards low power devices to make these cards.
Vss/GND pin is used to provide the substrate or ground reference voltage against which the Vcc potential is measured. It is usually 0 volts.
Reset is the signal line that is used to send the signal to the integrated circuit in order to reset it. This is a complex process that we shall describe later in more detail. There are two ways a card is reset:
- Warm Reset: When a Signal is sent through this pin to reset the ICC.
- Cold Reset: When the supply voltage is turned off and on again. Ejecting the card out and inserting again will have the same effect.
Clock pin is used to drive the logic of the embedded IC and is also used as the reference for the serial communications synchronization. This pin is provided because the ICC doesn’t have any clock generator onboard and needs this as external input. The card reader device provides this clock. The clock frequency is 5MHz generally but many high end ICCs use frequency multipliers to operate at higher frequencies up to 40 MHz.
Vpp pin is now optional and used only in old cards. Previously it was used for the high voltage signal that is necessary to program the EPROM memory. It was provided with two voltage levels. The lower one (or the idle state) is held down by the Card Reader device, until the higher level (or the active state) is required.
I/O pin is the serial input/output (SIO) connector. This is the signal line by which the underlying circuit receives commands and interchanges data with the outside world. This process will be explained in more detail when we talk about programming applications that receive these commands.
The ICC and Harvard Architecture
The ICC itself
The ICC cards usually employ a low power micro-controller like Intel® 8051 or AVRs from ATMEL® as the core CPU with the clock frequency up to 5 MHz or so. These micro-controllers are available in 8, 16 or 32 bit flavors. Basically the decision is governed by the requirements of the applications the card needs to support.
The architecture of these CPUs varies as I mentioned above. The Intel uses the Von Neumann architecture where as the AVRs from ATMEL use the Harvard architecture.
Figure 3: The Harvard Architecture
Also some ICCs also use two CPUs just to enhance their capabilities. For providing advanced security features such as using RSA for cryptography much more processing power is required so this is provided the help of these special purpose co-processors. The ICCs with these chips are expensive as compared to single chip ICCs.
Memory in Smart Cards
So the chip contains CPU but it’ll need to have some memory if at all it wants to process something and do some computations. Well, the primary use of the IC card had been for the portable storage and retrieval of data but now they provide very advanced security features like storing private keys and certificates for authenticating users to some external system, for example a secure website. Hence another fundamental component of the IC is a memory module. The following list represents the most commonly used memory types:
- ROM Read only memory (mask ROM)
- EEPROM Electrically erasable PROM
- RAM Random access memory
A particular chip may have any combination of these memory types. Each of these memory types possesses particular characteristics that determine their usability in a particular ICC.
The ROM: These types of memories, some times also referred to as persistent non-mutable, are fixed and can’t be changed once manufactured by the semiconductor company. This is a low cost memory, because it occupies minimum space on the silicon substrate and the manufacturing is also less complex.
The EEPROM: This memory is electrically erasable and programmable by the user and can be rewritten many times (about a million times).
All of these memories described above are non-volatile. That is they retain their contents when the power is removed.
The random access memory (RAM): This is the most common one because every single desktop on the planet uses them. This memory is volatile memory and the data content is lost as soon as the power is removed.
The requirement of the memory and its type varies in accordion with the requirement and the place where the smart card is to be employed for example one card utilize a little EEPROM memory (128 - 512 bytes) and a simple memory control logic for a telephone card and in case of ATM transaction or for provision of higher security the smart card may employ CPU, additional coprocessor and RAM, ROM or EEPROM, FLASH ROM with a greater storage capability. Additional co processor is required for encryption process or for carrying out additional calculations. The smart term is associated with these cards because of their capability to perform the calculation with the help of CPU embedded in the chip inside the card during the manufacturing process.
The control logic provides protection system in the card so that it can be used by a fake person in addition with the task of carrying out communication protocols. The ICC has security intrinsically built in and it does provide a tamper resistant domain that is tricky to match with the somewhat larger security boxes that handle cryptographic processes. Different types of ICC can be differentiated on the basis of their content such as given below:
- Memory only ICC
- Memory with security logic
- Memory with CPU
Smart card employs some form of access code for accessing memory through the security logic. The access code size, which is used for the authorized access of the memory may be quite large i.e. 64 bits or more. The use of EEPROM memory is not considered safe for the cards, which are to be used for making the financial transactions as fraudsters can obtain a financial advantage by unauthorized use. The smart card that employs CPU or additional processor for the cryptographic purpose have the associated benefit in regard of security features and can be safely used for the use of transaction or other security concerns safely.
The term application that is widely associated with the Smart Card, implies the software or programs that the IC implements. The program may be in the form of a file manager for organizing the storage and retrieval of data or for carrying out complex calculations. These applications are fully implemented in the logic of the chip. Smart cards employs the communications logic for carrying out the communication with the host, through this logic, chip accepts commands from the card acceptance device (CAD) and receives and transmits the application data. Since the CPU is capable of carrying out complex calculations, the ICC which contains a CPU can handle more sophisticated applications and even multi applications.
Communicating with the Outside World
The smart card communicates with outside world with the help of a reader and terminal. The reader is a card accepting device, which consist of a slot into which card may be placed. The reader provides power and establishes a path through which it can communicate with the terminal or host computer. Different kinds of readers are available in the market they may or may not have the intelligence to process data, error detection and correction capabilities if there is some problem or the transmitted data do not compliant with the underlying transport protocol.
Terminals are generally referred to the computers and reader is also one of its components. Some of the commonly seen terminals are that are employed in the stores for the payment and other that are utilized for the transactions at ATM. The terminals may or may not have a reader in built into it as in ATM. The terminals have an added functionality of carrying out complex information processing and the storage capabilities.
The Communication Model
Smart card employs Application Protocol Data Unit (APDUs) for carrying out the communication with the terminals as the computer uses TCP/IP protocol for communicating between two or more than two interconnected computers. The communication is half-duplex, which means the information is sent from the card or terminal one at a time.
An APDU contains either a command or a response message, the smart card waits for a command APDU from the host and then executes and responds to the host computer command message, and this exchange process of information takes place alternatively. The smart card in this communication model acts as passive slave (smart card employs master slave model for communication).
The APDU is an application level protocol as specified in the ISO 7816-4, which takes place between a smart card and a host application for the communication purpose.
APDU consist of two structures, as defined below:
- Command APDU (C-APDU: this command is used by the host application to send command to the card.
- Header: it consist of 4 bytes:-
- Class of instruction (CLA)
- Instruction code (INS)
- Parameters: P1 and 2
- Optional body: varies in length.
- Lc = specifies the length of the optional body or the data field (Bytes).
- Le = specifies the length of the data or the number of bytes that the host is expecting in response to the command sent.
- Data field contains the data that are sent to the card for executing the instruction specified in the header.
- Response APDU (R-APDU): this command is used by the card in order to respond to the command send by the host application.
- Optional body: it consist of data field whose length is specified by the Le
- Trailer: it consist of two words SW1 and SW2 called as status word, which denotes the processing state in the card after the execution of the command APDU.
Structure of the APDU is given below:
1. Command APDU
2. Response APDU
- A command is always paired with response APDU
- The data field is optional in both command APDU and response APDU.
The second case further divides the command and response APDU in four categories.
- There is no transfer of data to or from the card
- C- APDU: contains header only.
- R- APDU: contains only the trailer status word.
- There is no transfer of data to the card but data are returned from the card
- C- APDU: contains Le only, which specifies the number of data bytes in the corresponding response APDU.
- There is transfer of data to the card but no data is returned from the card
- C- APDU: contains Lc and data field, Lc which specifies the length of the data field.
- R-APDU: contains the trailer status word SW1 and SW2.
- There is transfer of data to the card and data is returned from the card
- C- APDU: contains Lc and data field and Le.
- R-APDU: contains both the optional body and the trailer status word SW1 and SW2.
TPDU and ATR
Transmission Protocol Data Units (TPDUs): these protocols are used for the transmission of APDUs and the data structure that is exchanged by the host and a card suing the transport protocol are called as TPDUs.
Mainly two types of protocols are in common use for this purpose:
- T = 0: the smallest unit processed and transmitted by the protocol is single byte, in other words it is byte oriented.
- T = 1: this consists of sequence of bytes, in other words it is block oriented.
ATR is used for conveying parameters that are required by the card to establish a data communication pathway. This message is conveyed as soon as the power in the smart card is set to on and stands for answer to reset (ATR).
It is usually up to 33 bytes, contains the transmission parameters such as T = 0 and T = 1, which are supported by the card. It also carries all the necessary information that is required to be known by the host such as:
- Data transmission rate
- Card hardware parameters
- Chip serial number
- Mask version number
Operating System and File System
A New Breed of Operating Systems
The commonly used smart card operating system supports a file system as specified in ISO 7816-4. Although the may pose a little resemblance to the commonly employed operating systems such as windows, UNIX etc.
APDUs, which are specified under ISO 7816-4 are generally file system oriented commands. It contains a user application that mainly compromise of data file that are used for storing application specific information. Operating system is used implement semantics and instruction for accessing the data file.
Since, the old system does not have a well defined separation between the operating system and the application. So, newer operating system, which support a better system layer and downloading of custom application code are now in wider use.
A File System Too
File system used for the smart card have a hierarchical file system and supports three types of file:
- Master file (MF): this single file is the root of the file system and contains dedicated file and elementary files.
- Dedicated file (DF): it is the directory of the smart card and holds all files like dedicated and elementary files.
- Elementary file (EF): it is a file which contains other files. It can be further categorized into:
- Transparent file: this file consists of structured sequence of data bytes.
- Other’s : these files consist of sequence of individually identifiable records
- Linear fixed file: it contains records of fixed size.
- Variable: It contains records of variable size.
- Cyclic file: it consists of files organized as ring structure.
An operation on any file is done after opening it; some of the cards in use open the master file as soon as the powered is on. Access condition allows the access to file system, and it can be easily specified distinctive for distinct read and write operation.
Standards Governing Smart Cards
In the last two decades a number of Smartcard standards and specifications have been defined to cohesion between cards, IFDs and card applications by different vendors. The most significant ones are:
ISO 7816 standards: ISO 7816 "Identification cards—Integrated circuit cards with contacts," published by the International Organization for Standardization (ISO), is the most important standard defining the characteristics of chip cards that have electrical contacts. ISO 7816 covers various aspects of smart cards:
- Part 1—physical characteristics
- Part 2—dimensions and location of the contacts
- Part 3—electronic signals and transmission protocols
- Part 4—inter-industry commands for interchange
- Part 5—application identifiers
- Part 6—inter-industry data elements
- Part 7—inter-industry commands for SCQL
GSM: The European Telecommunications Standards Institute (ETSI) has published a set of standards that cover smart cards for use in public and cellular telephone systems. The Global System for Mobile Communications (GSM) defined by ETSI is a specification for an international terrestrial mobile telephone system. Originally intended to cover a few countries in central Europe, it is increasingly developing into an international standard for mobile telephones. There are several GSM standards, in particular:
||Specification of the SIM-mobile equipment interface.
||Specification of the SIM application toolkit for the SIM-mobile equipment interface.
||security mechanisms for the SIM application toolkit
||SIM API (Application Programming Interface) for the Java Card platform. This standard, based on GSM 11.11 and GSM 11.14, defines Java API for developing GSM applications that run on the Java Card platform. The API is an extension to the Java Card 2.1 API.
EMV: The EMV specification, defined by Euro pay, MasterCard, and Visa, is based on the ISO 7816 series of standards with additional proprietary features to meet the specific needs of the financial industry. The latest version of the specifications, EMV 96 version 3.1.1, was published in May 1998 and comes in three parts:
- EMV '96 Integrated Circuit Card Specification
- EMV '96 Integrated Circuit Card Terminal Specification
- EMV '96 Integrated Circuit Card Application Specification
OCF: The OpenCard Framework (OCF) was initially produced by IBM and is currently owned and developed by the OpenCard consortium, which includes major players in the smart card industry. OCF is the host-side application framework providing a standard interface for interacting with card readers and applications in the card. The architecture of OCF is a structured model that divides functions among card terminal vendors, card operating system providers, and card issuers. The goal is to reduce dependence on each of these parties as well as dependence on the platform providers.
OCF is designed with the use of a smart card in a network computer in mind, and thus is implemented in the Java programming language.
PC/SC: PC/SC specifications (Interoperability Specification for ICCs and Personal Computer Systems) are owned and defined by the PC/SC Workgroup, an industry consortium with major players in the smart card industry. PC/SC defines a general-purpose architecture for using smart cards on personal computer systems.
In the PC/SC architecture, host-side smart card applications are built on top of one or more service providers and a resource manager. A service provider encapsulates functionality exposed by a specific smart card and makes it accessible through high-level programming interfaces. A resource manager manages the smart card-relevant resources within the system for accessing to card acceptance devices and, through them, individual smart cards.
PC/SC and OCF have many similar concepts. When running on a Windows platform, OCF can access card acceptance devices through the installed PC/SC resource manager.
In this article we have seen a brief overview of the technology of Smart cards. We have looked at the basic components and constructs that make up the Smart Card and have explored the elements of the chip which are at the centre of this technology.
The introduction of Smart cards has been so slow because of the lack of standards but now we have them in place and true interoperability between cards, vendors and applications is becoming a truth. We have also enumerated the various Smart card related standards.