Embed

Smart Card

Document Sample

Shared by: liamei12345

Tags

Stats

views:: 3
posted:: 10/21/2011
language:: Chinese
pages:: 60

Public Domain

Smart Card

李開振, 許家碩

Department of Computer Science

National Chiao Tung University

Outline 1/2

 Introductions

 History, Application area, Standardization

 Types of Cards

 Embossed cards, magnetic-stripe cards, Smart Card, Optical

Memory Card

 Physical and Electrical properties

 Smart Card Operation System

 Design, files management, sequential control, Open platform

 Smart Card Data Transmission

 Data transmission Protocols, message structure (APDU)

 Smart Card Commands

Outline 2/2

 Security Techniques

 Smart Card Terminals

 The Smart Card Life Cycle

 The five phases of the Smart Card life Cycle

 Smart Card in Payment Systems

 Payment transactions, Prepaid Memory Card, Electronic

Purses

 Smart Card in Telecommunications

 GSM, UMTS, Wireless Identification Module, Public Card

Phones

 Application Design

Introductions

Introductions - History

 1950s - The proliferation of plastic cards

started in the USA

 1970s - It possible to integrate data storage

and processing logic on a single silicon chip

 1974 - Roland Moreno registered his smart

card patents in France

 1984 - The French PTT (postal and

telecommunications services agency)

successfully carried out a field trial with

telephone cards

Application area

 Memory Card

Application area

 Microprocessor cards

Application area

 Contactless cards

Standardization

 ISO TC68/SC6

 ISO/IEC JTC1/SC17

 ISO/IEC 7816

 GSM 11.11

European Telecommunications Standards

Institute (ETSI)

Types of Cards

Types of Cards

 Embossed Card

 Magnetic-stripe cards

 Smart Card

Types of Cards - Embossed Card

Type of Cards - Magnetic-stripe cards

Type of Cards - Smart Card

 Smart Card Microcontrollers

 processor

 address and data buses

 three types of memory

(RAM, ROM and EEPROM)

 Input/Output

Smart Card - Memory

Smart Card - Microprocessor

Smart Card - Contactless smart card

Types of card - Optical Memory Card

 ISO/IEC 11 693 and 11 694

Physical and Electrical properties

Physical properties

 Physical properties - ID1:

 external rectangle: width: 85.72 mm,

height: 54.03 mm

 internal rectangle: width: 85.46 mm,

height: 53.92 mm

Physical properties

 ID000:

 external rectangle: width: 25.10 mm,

height: 15.10 mm

 internal rectangle: width: 24.90 mm,

height: 14.90 mm

Physical properties

 ID00:

 external rectangle: width: 66.10 mm,

height: 33.10 mm

 internal rectangle: width: 65.90 mm,

height: 32.90 mm

Smart Card Operation System

Smart Card Operation System

 The primary tasks of a smart card

operating system

 Transferring data to and from the smart

card

 Controlling the execution of commands

 Managing files

 Managing and executing cryptographic

algorithms

 Managing and executing program code.

Smart Card OS - I/O

 I/O manager

Protocol state machine

Send block Receive block

Send byte Receive byte

Send bit Receive bit

Hardware

Data flow

Smart Card OS – Commands processing

Smart Card OS - Filesystem

 Master File (MF)

 The root directory of the filesystem

 Dedicated File (DF)

 directory files

 Elementary File (EF)

 hold the actual user data

Smart Card OS - Filesystem

MF

EF

EF

DF ．．．

EF

．．．

DF

DF

．．． EF

．．．

Filesystem - EF file structure

 Transparent file structure

 Transparent file structure is often referred

to as a binary structure.

Byte number

0 1 2 3 4 5 …………………………. n

Offset

Data

Filesystem - EF file structure

 Linear Fixed file structure

 data structure is based on chaining fixed-length records

Byte number

0 1 2 3 4 5 n

Record 1

Number 2

3

4

m

Filesystem - EF file structure

 Linear variable file structure

 each record can have an individually defined length

Byte number

0 1 2 3 4 5 n

1

Record

2

Number

3

4

m

Smart Card Data Transmission

Smart Card Data Transmission

 Answer to Reset (ATR)

Data transmission

 Structure of a character for data transmission

high

1 2 3 4 5 6 7 8

low

t

Start bit Parity

bit

Data transmission conventions

 (a) direct convention, (b) inverse convention

(a) Logic 1

high

1 2 3 4 5 6 7 8

low

t

Logic 1

(b) Logic 0

high

1 2 3 4 5 6 7 8

low

t

Logic 1

Data transmission Protocols

Protocol Meaning

T=0 Asynchronous, half-duplex, byte oriented [ISO-7816-3]

T=1 Asynchronous, half-duplex, block oriented [ISO-7816-3]

T=2 Asynchronous, full-duplex, block oriented [ISO-10536]

T=3 Full duplex; not yet specified

T=4 Asynchronous, half-duplex, byte oriented, extension of T=0,

not yet specified

T=5…T= Reserved for future use, not yet specified

13

T=14 For national use, not standardized by ISO

T=15 Reserved for future use, not yet specified

Message structure (APDU)

 Structure of the command APDU

Message structure (APDU)

 Structure of the response APDU

Class Application

0X Standard commands compliant with ISO/IEC 7816-

4/7/8

80 Electronic purses compliant with EN 1546-3

8X Application-specific and company-specific commands

(private use)

8X Credit cards with chips, compliant with EMV

A0 GSM mobile telecommunication system compliant

with GSM 11.11

Smart Card Commands

Smart Card Commands

Case Command data Expected response data

1 No data No data

2 No data Data

3 Data No data

4 Data Data

Smart Card Commands

 File selection Command

 Read and Write Command

 Search Command

 File Manipulation Commands

 Identification Commands

 Authentication Commands

 File management Commands

Security Techniques

Security Techniques

 User Identification

 Symmetric unilateral Authentication

 Asymmetric unilateral Authentication

 Symmetric mutual Authentication

 Smart Security

 Attacks at the social level

 Attacks at the physical level

 Attacks at the logical level

User Identification 1/3

User Identification 2/3

User Identification 3/3

Attack on smart cards 1/2

 Attacks at the social level

 attacks that are primarily directed against

people that work with smart cards

 can only partially be countered by technical

measures

 Attacks at the physical level

 it is necessary to obtain physical access to

the smart card microcontroller hardware

 can be static or dynamic

Attack on smart cards 2/2

 Attacks at the logical level

 most known successful attacks on smart

cards

 arise from pure mental reflection or

computation

 classical cryptanalysis , known faults in

smart card operating systems and Trojan

horses in the smart card application.

The Smart Card Life Cycle

The Smart Card Life Cycle 1/3

 Phase 1: Production of the chip and the

smart card

 Designing the chip

 Generating the smart card operating

system

 Fabricating the chips and modules

 Producing the card body

 Embedding the module in the card body

The Smart Card Life Cycle 2/3

 Phase 2: Card preparation

 Completing the smart operating system

 Phase 3: Application preparation

 Initializing the applications(s)

 Personalizing the applications(s), both

visually and electrically

The Smart Card Life Cycle 3/3

 Phase 4: Card usage

 Activating the applications

 Deactivating the applications

 Phase 5: Termination of card usage

 Deactivating the applications

 Deactivating the card

Smart Card in Telecommunications

The GSM System

 The subscriber identity module (SIM)

 Security

 Subscriber identification

 SIM authentication

 Data encryption

The GSM System

 Data storage

 Dialing numbers

 Short messages

 Mobile telephone settings

 Subscriber information

 SIM characterization

 Managing services and supplementary

applications

 Subscriber administration

SIM in the GSM System

File system in SIM 1/2

File system in SIM 2/2