28-12-2010, 02:23 PM
[attachment=7682]
Introduction
Simple plastic card, just at the size of a credit card, with a microprocessor and memory embedded inside is a smart card. Beside its tiny little structure it has many uses and wide variety of applications ranging from phone cards to digital identification of the individuals.These application could be; identity of the customer, library card, e−wallet, keys to various doors, etc... And only one card can be issued to an end−entity for all these applications. Smart cards hold these data within different files, and , as you will read, these data is only visible to its program depending on the operating system of the card. These data files are arranged in a file system much like a Linux directory structure. MF (Master File), can be seen as the root directory where the headers of elementary files and dedicated files are contained. Dedicated files are like the ordinary directories and elementary files are just data files. The PIN is also stored in an EF but only the card has access permission to this file. The attributes of the files on UNIX
environments are changed to access conditions. Many cards have access condition lists which must be fulfilled before accessing the data. With the file system, access conditions, a microcomputer, RAM, ROM, EEPROM a smart card is just a computer running its own operating system inside your wallet.
Classification of Smart Cards
Due to the communication with the reader and functionality of smart cards, they are classified differently.
Contact vs Contactless
Memory vs Microprocessor
Contact vs Contactless:
As smart cards have embedded microprocessors, they need energy to function and some mechanism to communicate, receiving and sending the data. Some smart cards have golden plates, contact pads, at one corner of the card. This type of smart cards are called Contact Smart Cards. The plates are used to supply the necessary energy and to communicate via direct electrical contact with the reader. When you insert the cardinto the reader, the contacts in the reader sit on the plates.
I/O : Input or Output for serial data to the integrated circuit inside the card.
Vpp : Programing voltage input (optional use by the card).
Gnd : Ground (reference voltage).
CLK : Clocking or timing signal (optional use by the card).
.RST : Either used itself (reset signal supplied from the interface device) or in combination with an
internal reset control circuit (optional use by the card). If internal reset is implemented, the voltagesupply on Vcc is mandatory.
Vcc : Power supply input (optional use by the card).
The readers for contact smart cards are generally a separate device plugged into serial or USB port. There are keyboards, PCs or PDAs which have built−in readers like GSM cell phones. They also have embedded readers for GSM style mini smart cards.Some smart cards do not have a contact pad on their surface.The connection between the reader and the card is done via radio frequency (RF). But they have small wire loop embedded inside the card. This wire loop is used as an inductor to supply the energy to the card and communicate with the reader. When you insert the card into the readers RF field, an induced current is created in the wire loop and used as an energy source.With the modulation of the RF field, the current in the inductor, the communication takes place. The readers of smart cards usually connected to the computer via USB or serial port. As the contactless cards are not needed to be inserted into the reader, usually they are only composed of a serial interface for the computer and an antenna to connect to the card. The readers for contactless smart cards may or may not have a slot. The reason is some smart cards can be read up to 1.5 meters away from the reader but some needs to be positioned a few millimeters from the reader to be read accurately.There is one another type of smart card, combo card. A combo card has a contact pad for the transaction oflarge data, like PKI credentials, and a wire loop for mutual authentication. Contact smart cards are mainlyused in electronic security whereas contactless cards are used in transportation and/or door locks.
Memory vs Microprocessor:
The most common and least expensive smart cards are memory cards. This type of smart cards, contains EEPROM(Electrically Erasable Programmable Read−Only Memory), non−volatile memory. Because it is non−volatile when you remove the card from the reader, power is cut off, card stores the data. You canthink of EEPROM, inside, just like a normal data storage device which has a file system and managed via a microcontroller (mostly 8 bit). This microcontroller is responsible for accessing the files and accepting the communication. The data can be locked with a PIN (Personal Identification Number), your password. PIN's are normally 3 to 8 digit numbers those are written to a special file on the card. Because this type is not capable of cryptography, memory cards are used in storing telephone credits, transportation tickets or electronic cash.
Microprocessor cards, are more like the computers we use on our desktops. They have RAM, ROM and EEPROM with a 8 or 16 bit microprocessor. In ROM there is an operating system to manage the file system in EEPROM and run desired functions in RAM. With the addition of a crypto module our smart card can now handle complex mathematical computations regarding to PKI. Because the internal clock rate of microcontrollers are 3 to 5 MHz, there is a need to add a component, accelerator for the cryptographic functions. The crypto−cards are more expensive than non−crypto smart cards and so do microprocessor card than memory cards.
Operating Systems used
New trend in smart card operating systems is Java Card Operating System. Java Card OS was developed by Sun Microsystems and than promoted to Java Card Forum. Java Card OS is popular because it gives independence to the programmers over architecture. And Java OS based applications could be used on any vendor of smart card that support Java Card OS.Most of the smart cards today use their own OS for underlying communication and functions. But to give true support for the applications smart cards operating systems go beyond the simple functions supplied by ISO7816 standards. As a result porting your application, developed on one vendor, to another vendor of smart card becomes very hard work.Another advantage of Java Card OS is, it allows the concept of post−issuance application loading. This allows you to upgrade the applications on smart card after delivering the card to the end−user. The importance is, when someone needs a smart card he/she is in need of a specific application to run. But later the demand can change and more applications could be necessary.
Another operating system for smart cards is MULTOS (Multi−application Operating System). As the name suggests MULTOS also supports multi−applications. But MULTOS was specifically designed for high−security needs. And in many countries MULTOS has achieved "ITSec E6 High" in many countries. And also Microsoft is on the smart card highway with Smart Card for Windows.In a point of view the above Operating Systems are Card−Side API's to develop cardlets or small programs that run on the card. Also there is Reader−Side API's like Open Card Framework and GlobalPlatform.
