Smart Card - Introduction to Smart Card Technology

Contents

Preface................................................................................................................31. Introduction....................................................................................................52. Smart Card Basic..........................................................................................9

2.1 What is smart card........................................................................................92.2 History of smart card development...........................................................102.3 Different types of smart cards...................................................................11

2.3.1 Memory Cards.....................................................................................112.3.2 Contact CPU Cards.............................................................................112.3.3 Contactless Cards...............................................................................122.3.4 CombiCard.........................................................................................13

2.4 Different standards of smart cards............................................................133. Current Smart Card Applications.................................................................16

3.1 Electronic payment Applications...............................................................163.1.1 Electronic Purse...................................................................................163.1.2 Stored Value Cards.............................................................................17

3.2 Security and Authentication Applications................................................173.2.1 Cryptographic uses..............................................................................183.2.2 Identity card.........................................................................................193.2.3 Access control card.............................................................................193.2.4 Digital certificate..................................................................................203.2.5 Computer login....................................................................................20

3.3 Transportation uses....................................................................................213.4 Telecommunication Applications..............................................................223.5 HealthCare Applications.............................................................................223.6 Loyalty Applications...................................................................................23

4. Technology Aspects of Smart Card.............................................................254.1 Overview of ISO 7816 Standards .............................................................254.2 Communication Protocol between Terminal and Smart Cards...............264.3 Overview of File Systems ..........................................................................314.4 Overview of Naming Scheme.....................................................................324.5 Overview of the Security Architecture......................................................324.6 An Example of Smart Card Application : SmartFlow Internet Payment System...............................................................................................................33

5. Java Card Programming..............................................................................386. Building your own smart card application....................................................43

6.1 Plan the smart card solution......................................................................436.2 Understand the need of smart card...........................................................46

Guide to Smart Card Technology Page 1

6.3 Managing data storage on the card...........................................................476.4 Determine the required back end support................................................546.5 Choosing cardside and hostside environment......................................566.6 Miscellaneous Tools...................................................................................58

7. Future trend of smart card...........................................................................637.1 Unification of smart card hostside standards on PC..............................64

7.1.1 Personal Computer/Smart Card standard (PC/SC)..............................647.1.2 Alternative standard of smart card in PC and Minicomputer (OpenCard Framework) .................................................................................................71

7.2 Trends in smart card cardside standards................................................747.2.1 Java inside...........................................................................................757.2.2 Mondex MULTOS OS..........................................................................777.2.3 Microsoft Windows in Smart card.........................................................797.2.4 Card OS future.....................................................................................81

7.3 Smart card in electronic commerce..........................................................827.3.1 Smart Card Payment Protocol.............................................................837.3.2 Smart card as prepaid and loyalty card................................................847.3.3 Smart card as electronic wallet............................................................857.3.4 Electronic Payment over Mobile Telecommunications.........................85

7.4 Smart card in Internet security..................................................................867.4.1 Smart card as Digital ID.......................................................................877.4.2 Smart card as Computer access logon key.........................................897.4.3 Smart card in Intrusion detection System as userprofile holder..........927.4.4 Biometric authentication.......................................................................94

8. Summaries and Conclusions.......................................................................95 Glossary........................................................................................................100 References....................................................................................................111 Appendix.......................................................................................................119

A. Price Comparison of different cards and readers...................................119 B. Resources.................................................................................................123

Collections of Smart Card Books...............................................................123 Collections of General Smart Card Internet Resources.............................123 Collections of Java Card Technology on Internet......................................124 Collections of Smart Card Security Technology on Internet.......................125 Collections of Smart Card Payment Technology on Internet.....................125 Collections of Smart Card Vendors............................................................126


PrefaceThis handbook aims to provide a comprehensive overview of the current state of

the art in smart card software technology development, applications, and future trends. The information would be useful to IT managers and executives wishing to explore the possibility of developing smart card applications.

The handbook consists of three sections. The basic concepts of smart cards and current applications are presented in the first section in layman's language. The second section gets into some of the technical aspects of smart card internals, and offers suggestions on smart card development procedures as well as general ideas in programming smart cards, including the new Java Card. This section is for programmers and IT managers who would like to go beyond the basic concepts and get an idea on what it takes to develop smart card applications. Finally, the third section presents our views on future trends in smart card development framework, standards and possible applications. A list of useful reference materials is also included.

The growth of smart card adoption in Asia is increasing rapidly and we believe this technology will be an important one in the near future. The Cyberspace Center is working to develop the security, biometric identification, micropayment and other aspects of smart card technology for use over the Internet. The handbook summarizes some of our experience in this work.

Many people have contributed to the handbook, especially Ricci Ieong, Andy Fung, Ivan Leung, Patrick Hung, James Pang and Ronald Chan. Ricci, Ivan, Andy and Patrick in particular, wrote parts of the handbook.

This document can be accessed online from the Cyberspace Center's home page http://www.cyber.ust.hk. Some chapters are actually better viewed online since they provide URLs directly to sources of additional information.

Finally, I would like to acknowledge the Industry Department of the Hong Kong SAR for funding the Cyberspace Center. Our objective is to help Hong Kong industries make more effective use of the Internet to enhance their competitiveness


http://www.cyber.ust.hk/

in the world markets. This and our other handbooks are part of the effort in attaining this goal. Please visit our web site to learn about some of our other activities.

Samuel ChansonDirectorCyberspace Center


1. INTRODUCTION

Smart card technology has been around for more than 20 years. Since its first introduction into the market, its main application is for the payphone system. As card manufacturing cost decreases, smart card usage has expanded. Its use in Asia is expected to be growing at a much faster pace than in Europe. According to a survey performed by Ovum Ltd. [Microsoft1998a], the number of smart card units will reach 2.7 billion by 2003. The largest markets will be in prepayment applications, followed by access control, and electronic cash applications. According to a recent study by Dataquest [Microsoft1998c], the overall market for memory and microprocessorbased cards will grow from 544 million units in 1995 to 3.4 billion units by 2001. Of that figure, microprocessorbased smart cards, which accounted for only 84 million units in 1995 will grow to 1.2 billion units in 2001.

Based on the report from Hong Kong SAR Government Industry Department on the Development and Manufacturing Technology of Smart Card [HKSAR1997], Hong Kong industries have the capability and should participate in development and manufacturing of smart card IC chips, readers and card operating systems. To promote this, Hong Kong SAR government has decided to form a Hong Kong Smart Card Forum. Under this active participation and encouragement from the Hong Kong SAR Government, smart card development and support will expand in Hong Kong.

Although the Octopus card is relatively new to Hong Kong, smart cards have already been introduced in Hong Kong for at least two years. These include Mondex by Hong Kong bank and GSM cards in the mobile phone market. However, using this powerful and highly secure card on Personal computer (PC) as well as the Internet is still not common. Many international companies have identified the smart card as one of the new directions in electronic money and personal identification and authentication tools.

In May 1996, several companies including Microsoft, HewlettPacket and Schlumberger formed a PC/SC workgroup which aimed at integrating the smart card with personal computer (PC). This workgroup mainly concentrates on producing a


common smart card and PC interface standards for the smart card and PC software producers. Many of the interface standards and hierarchy have already been established. Some of these prototype products are now available on the market.

Moreover, Netscape and Microsoft have also announced that the smart card will be their new direction in computer security and electronic commerce area. Microsoft has even published some documents on its role in the smart card market. Although it will not be a smart card manufacturing company, it has indicated that the smart card will be a key component in Microsoft Windows 98 and Windows NT 5.0. Together with the latest smart card operating system announcement [Microsoft1998a], Microsoft will be actively involved in the smart card market. Furthermore, programming modules for smart cards using Visual C++, Visual J++ and Visual Basic have also been developed.

The Cyberspace Center believes smart card technology will play a major role in Internet applications in the future. Therefore, we decided to start evaluating the available Smart card development tools and study the use of Smart card in Internet security and electronic commerce. With firsthand information and experience, we will be able to provide advice and assistance to the Hong Kong Industry.

The smart card is expected to be used in many applications and especially in personal security related applications such as access control, computer logon, secure email sending and retrieving services.

The reason for this growth lies in the smart card’s portability and security characteristics. In addition, as the recent growth of palmtop computers shows, people are looking for smaller and smaller devices for carrying their data with them. Smart card provides a good solution for many applications.

Applications are the driving force behind the new smart card market. Many of these applications have already been implemented, such as prepayment for services, credit and debit card, loyalty card, and access control card. The most commonly known example is the prepayment services cards, namely, prepaid phone cards, transportation cards and parking cards. Based on the epurse card, people could perform bank transaction from ATM machines at home or in the bank. With the use of loyalty cards, companies could store discount information and shopping preferences of their customers. Using these shopping preferences, companies could


design new strategies for the users. Access control systems to buildings, computers or other secure areas will soon be handled by a single smart card.

In this handbook, we shall briefly describe what smart card is and how it can be used in different applications. The aim of this handbook is to provide a business and executive overview to companies that wish to join the smart card era. This handbook is divided into 8 chapters classified into 3 sections – Smart card Overview, Smart card in Details, and Smart card in the Future.

In the first section, basic concepts of smart cards will be described. In chapter 2, we review the history of smart cards. Then we outline the different types of smart cards and their standards. Current applications and uses of smart cards are mentioned in chapter 3.

In the second section, technical aspects of smart card internals as well as programming tips are briefly described in chapter 4. Because programming and design methodology for the Java card is different from traditional card programming, in chapter 5, we describe the basics in Java Card programming. In chapter 6, procedures of smart card development are given.

In the last section of this handbook, the future of smart card development is presented. Different ideas on future smart card applications are used in formulating a forecast in chapter 7.

Lastly, we conclude the handbook with a summary of different research, survey and reports on smart cards. References and glossaries are provided at the end of this handbook.

We hope that based on our handbook, company executives, technical managers and software developers would gain knowledge and insight into the emerging smart card technology and applications.


Part I. Smart card Overview


2. SMART CARD BASICA smart card is a plastic card with a microprocessor chip embedded in it. The

card looks like a normal credit card except for its metal contact (in contact card only), but applications performed could be totally different. Other than normal credit card and bankcard functions, a smart card could act as an electronic wallet where electronic cash is kept. With the appropriate software, it could also be used as a secure access control token ranging from door access control to computer authentication.

The term “smart card” has different meanings in different books [Guthery1998, Rankl1997] because smart cards have been used in different applications. In this chapter, we provide our definition of “smart card” to put the subsequent chapters in context. We also describe the development history of smart cards and depict the types of card available on market. Finally, descriptions on different smart card standards, such as ISO and EMV are given at the end of this chapter.

2.1 What is smart cardIn the article “Smart cards: A primer” [DiGiorgio1997a], the smart card is defined

as a “credit card” with a “brain” on it, the brain being a small embedded computer chip. Because of this “embedded brain”, smart card is also known as chip or integrated circuit (IC) card. Some types of smart card may have a microprocessor embedded, while others may only have a nonvolatile memory content included. In general, a plastic card with a chip embedded inside can be considered as a smart card.

In either type of smart card, the storage capacity of its memory content is much larger than that in magnetic stripe cards. The total storage capacity of a magnetic stripe card is 125 bytes while the typical storage capacity of a smart card ranges from 1K bytes to 64K bytes. In other words, the memory content of a large capacity smart card can hold the data content of more than 500 magnetic stripe cards.

Obviously, large storage capacity is one of the advantages in using smart card, but the singlemost important feature of smart card consists of the fact that their


stored data can be protected against unauthorized access and tampering. Inside a smart card, access to the memory content is controlled by a secure logic circuit within the chip. As access to data can only be performed via a serial interface supervised by the operating system and the secure logic system, confidential data written onto the card is prevented from unauthorized external access. This secret data can only be processed internally by the microprocessor.

Due to the high security level of smart cards and its offline nature, it is extremely difficult to "hack" the value off a card, or otherwise put unauthorized information on the card. Because it is hard to get the data without authorization, and because it fits in one’s pocket, a smart card is uniquely appropriate for secure and convenient data storage. Without permission of the card holder, data could not be captured or modified. Therefore, smart card could further enhance the data privacy of user.

Therefore, smart card is not only a data store, but also a programmable, portable, tamperresistant memory storage. Microsoft considers smart card as an extension of a personal computer and the key component of the publickey infrastructure in Microsoft Windows 98 and 2000 (previous known as Windows NT 5.0) [Microsoft1997a].

2.2 History of smart card developmentA card embedded with a microprocessor was first invented by 2 German

engineers in 1967. It was not publicized until Roland Moreno, a French journalist, announced the Smart Card patent in France in 1974 [Rankl1997]. With the advances in microprocessor manufacturing technology, the development cost of the smart card has been greatly reduced. In 1984, a breakthrough was achieved when French Postal and Telecommunications services (PTT) successfully carried out a field trial with telephone cards. Since then, smart cards are no longer tied to the traditional bankcard market even though the phone card market is still the largest market of smart cards in 1997.

Due to the establishment of the ISO7816 specification in 1987 (a worldwide smart card interface standard), the smart card format is now standardized. Nowadays, smart cards from different vendors could communicate with the host machine using a common set of language.

Guide to Smart Card Technology Page 1 0

2.3 Different types of smart cardsAccording to the definitions of “smart card” in the Smart card technology

frequently asked questions list [Priisalu1995], the word smart card has three different meanings:

• IC card with ISO 7816 interface• Processor IC card• Personal identity token containing ICs

Basically, based on their physical characteristics, IC cards can be categorized into 4 main types, memory card, contact CPU card, contactless card and combi card.

2.3.1 Memory Cards

A memory card is a card with only memory and access logic onboard. Similar to the magnetic stripe card, a memory card can only be used for data storage. No data processing capability should be expected. Without the onboard CPU, memory cards use a synchronous communication mechanism between the reader and the card where the communication channel is always under the direct control of the card reader. Data stored on the card can be retrieved with an appropriate command to the card.

In traditional memory cards, no security control logic is included. Therefore, unauthorized access to the memory content on the card could not be prevented. While in current memory cards, with the security control logic programmed on the card, access to the protection zone is restricted to users with the proper password only.

2.3.2 Contact CPU Cards

A more sophisticated version of smart card is the contact CPU card. A microprocessor is embedded in the card. With this real “brain”, program stored inside the chip can be executed. Inside the same chip, there are four other functional blocks: the maskROM, Nonvolatile memory, RAM and I/O port [HKSAR1997, Rankl1997].

Except for the microprocessor unit, a memory card contains almost all components that are included in a contact CPU card. Both of them consist of Non


volatile memory, RAM, ROM and I/O unit. Based on ISO 7816 specifications, the external appearance of these contact smart cards is exactly the same. The only difference is the existence of the CPU and the use of ROM. In the CPU card, ROM is masked with the chip’s operating system which executes the commands issued by the terminal, and returns the corresponding results. Data and application program codes are stored in the nonvolatile memory, usually EEPROM, which could be modified after the card manufacturing stage.

One of the main features of a CPU card is security. In fact, contact CPU card has been mainly adopted for secure data transaction. If a user could not successfully authenticate him/herself to the CPU, data kept on the card could not be retrieved. Therefore, even when a smart card is lost, the data stored inside the card will not be exposed if the data is properly stored [Rankl1997]. Also, as a secure portable computer, a CPU card can process any internal data securely and outputs the calculated result to the terminal.

2.3.3 Contactless Cards

Even though contact CPU smart card is more secure than memory card, it may not be suitable for all kinds of applications, especially where massive transactions are involved, such as transportation uses. Because in public transport uses, personal data must be captured by the reader within a short period of time, contact smart card which requires the user to insert the card to the reader before the data can be captured from the card would not be a suitable choice. With the use of radio frequency, the contactless smart card can transmit user data from a fairly long distance within a short activation period. The card holder would not have to insert the card into the reader. The whole transaction process could be performed without removing the card from the user’s wallet.

Contactless smart cards use a technology that enables card readers to provide power for transactions and communications without making physical contact with the cards. Usually electromagnetic signal is used for communication between the card and the reader. The power necessary to run the chip on the card could either be supplied by the battery embedded in the card or transmitted at microwave frequencies from the reader onto the card.


Contactless card is highly suitable for large quantity of card access and data transaction. However, contactless smart card has not been standardized. There are about 16 different contactless card technologies and card types in the market [ADE]. Each of these cards has its specific advantages, but they may not be compatible with each other. Nevertheless, because of its high production cost and the technology is relatively new, this type of cards has not been widely adopted.

2.3.4 CombiCard

At the current stage, contact and contactless smart cards are using two different communication protocols and development processes. Both cards have their advantages and disadvantages. Contact smart cards have higher level of security and readilyavailable infrastructure, while contactless smart cards provide a more efficient and convenient transaction environment. In order to provide customers with the advantages of these two cards, two methods could be employed. The first method is to build a hybrid card reader, which could understand the protocols of both types of cards. The second method is to create a card that combines the contact functions with the contactless functions. Because the manufacturing cost of the hybrid reader is very expensive, the later solution is usually chosen.

Sometimes, the term “combi card” is being misused by manufacturers. In general, there are two types of combine contactcontactless smart cards, namely the hybrid card and the combi card. Both cards have contact and contactless parts embedded together in the plastic card. However, in the hybrid card, the contact IC chip and contactless chip are separate modules. No electrical connections have been included for communications between the two chips. These two modules can be considered as separate but coexisting chips on the same card. While in the combi card, the contact and contactless chips could communicate between themselves, thus giving the combi card the capability to talk with external environment via either the contact or contactless method.

As the combi card possess the advantages of both contact and contactless cards, the only reason that is hindering its acceptance is cost. When the cost and technical obstacles are overcome, combi cards will become a popular smart card solution.

2.4 Different standards of smart cards


Throughout the history of smart card development, various standards have been established for resolving the interoperability problem. The very first standard is the ISO 7816 smart card standard published by the International Organization for Standardization (ISO) in 1987. Before this, card vendors and manufacturers developed their own proprietary cards and readers which could not interoperate. With the ISO standard, smart cards could communicate using the same protocol. The physical appearance and dimensions of a card is also fixed. The meaning and location of the contacts, the protocols and contents of the high and low level messages exchanged with the IC card are all standardized. This ensures that card manufactured and issued by one company can be accepted by a device from other companies. Because this specification is important to card programming development, details of this standard is given in Chapter 4, “Technical Aspects of smart card”, of this handbook.

Two other important standards in this area are EMV (Europay, Mastercard and Visa) and GSM (Global Standard for Mobile Communications). EMV standard is for debit/credit cards where major international financial institutions Visa, Mastercard and Europay are involved. It started in 1993 and was finalized in 1996 [HKSAR1997]. This standard covers the electromechanical, protocol, data elements and instruction parts together with the transactions involving bank microprocessor smart cards. The goal of the EMV specification is for payment systems to share a common Point of Sales (POS) Terminal, as they do for magnetic stripe applications. Because the magnetic stripebased banking card would soon be replaced by the smart card, this standard has to be established to ensure that the new smart card based banking card would be compatible with the bank transaction system. Based on this specification, all bankrelated smart card solutions would be compatible with one another as well as the previous magnetic stripe card solution. Terminal manufacturers could develop and modify their own sets of API in EMV standard for their terminals, so these terminals could be used in different payment systems. Credit, debit, electronic purse and loyalty functions could be processed on these EMVcompliant terminals. With the flexibility provided by the EMV standard, banks are allowed to add their own options and special requirements in the smart card payment system.

The GSM standard is one of the most important smart card and digital mobile telecommunication standards. GSM specification started in 1982 under CEPT


(Conference Europeenne des Postes et Telecommunications) and was later continued by ETSI (European Telecommunications Standards Institute). Originally, this specification is designated for the mobile phone network. However, when the smart card is used in the mobile phone system as the Subscriber Identification Module (SIM), parts of the GSM specification becomes a smart card standard. This part of the GSM specification started in January 1988 by the Subscriber Identification Module Expert Group (SIMEG).

Within a GSM network, all GSM subscribers would be issued a SIM card which can be viewed as the subscriber’s key into the network. The size of a SIM card is fixed to be either the normal credit card or mini card size. Because this card is used for handling the GSM network functions, a rather high performance microcontroller (a 16bit microprocessor) is used and the EEPROM memory is dedicated for storing the application data, including the network parameters and subscriber data.

The GSM specification is divided into two sections. The first section describes the general functional characteristics, while the second section deals with the interface description and logical structures of a SIM card. Details of this specification are given in [Scourias].

Before the smart card could be widely adopted by the market, one or more standardized card development environment is needed. Currently, four significant smart card standards have been recently established in the smart card industry, they are PC/SC, OpenCard Framework, JavaCard and MULTOS and all of them are compatible to the ISO smart card standard. Details of these specifications are briefly mentioned in chapters 5 and 7 of this handbook while other specifications could be found in [CityU1997].


3.CURRENT SMART CARD APPLICATIONS

With the rapid expansion of Internet technology and electronic commerce, smart cards are now more widely accepted in the commercial market as storedvalue and secure storage cards. Moreover, it has also been widely used as an identity card. For instance, in City University of Hong Kong, the old student/staff cards have been replaced by the hybridcard based identity cards. This identity card can be used for normal access control as well as electronic payment.

The smart card has also been used in transportation such as the Octopus card which has been adopted by the MTRC and KCRC to replace of the old Magnetic stripe card. Medical record can also be stored in the smart card. This enables critical information of the patient to be retrieved whenever it is required. With the help of smart card technology, many secure data such as the computer login name and password can also be kept, so user need not remember a large number of passwords.

In this chapter, we shall briefly describe some current applications of smart cards. These applications can be classified into 6 main categories: Electronic Payment, Security and Authentication, Transportation, Telecommunications, Loyalty Program and Health Care Applications.

3.1 Electronic payment Applications

3.1.1 Electronic Purse

The Electronic Purse is also known as electronic cash. Funds can be loaded onto a card for use as cash. The electronic cash can be used for small purchases without necessarily requiring the authorization of a PIN. The card is credited from the cardholder’s bank account or some other ways. When it is used to purchase goods or services, electronic value is deducted from the card and transferred to the


retailer’s account. Similar to a real wallet, the cardholder could credit his/her card at the bank any time when required.

Electronic cash transactions do not usually require the use of a PIN. This speeds up the transactions but the electronic cash on the card is then vulnerable like conventional cash. The amounts involved, fortunately, are usually small, so loses will not be significant. Widespread adoption of electronic cash will reduce the costs to banks and retailers in handling large quantities of cash.

Since 1994, there has been significant development of Intersector electronic purse applications in Europe which has been extended to outside of Europe. Several global card projects have been developed for this purpose, such as Proton card by Banksys, VisaCash by Visa International and Mondex card by Mastercard [Bull1998]. These have all been adopted by shops from all over the world.

3.1.2 Stored Value Cards

Another use of smart cards in electronic commerce is Electronic token. It is an example of the storedvalue card. The principle is that some memory in the smart card is set aside to store electronic tokens or electronic tickets. A smart card can store tokens for different services and each of the tokens can be refilled, depending on the types of the memory card. This allows the cost to be distributed over a number of services and over a much longer life span.

For example, the card could be used to pay for gas and instead of putting coins in a parking meter. Consumers load up the card from a vending machine. The card can then be used to operate the meters. One advantage of this system is that collections of coins would no longer be necessary. This would reduce the operation overhead and eliminate theft. This would also benefit the consumer as tokens could be bought and stored in the card in advance so it is not necessary to carry many heavy coins around. It is also possible that the card could monitor patterns of use and return the information to the merchant as well as the consumer, so better shopping model could be derived [McCrindle1990].

3.2 Security and Authentication Applications


3.2.1 Cryptographic uses

From the pointofview of the supplier and system operator, the main requirement of almost all machinereadable card systems is to ensure that the card presented is valid and the cardholder is indeed the person entitled to use that particular card. To verify the cardholder’s identity, users are required to enter their PIN code (personal identification number). This PIN code is kept in the card rather than on the terminals or host machines.

Identification and authentication procedures take place at the card terminal. One of the problems is to ensure that the card furnishes some sort of machinereadable authenticity criterion. This can be solved by the use of encrypted communications between the card and terminal. It is well known that encryption can be used to ensure secrecy of messages sent and also to authenticate messages.

In order to perform the encryption procedure, the cryptographic smart cards must have the following properties:

• The cards must have sufficient computational power to run the cryptographic algorithms.

• The cryptographic algorithms must be theoretically secure. This means that it is not possible to derive the secret key from the corresponding texts.

• The smart cards must be physically secure. It should not be possible to extract the secret key from the card’s memory.

Provided these conditions are met, and with advances in card microcontroller technology, the microprocessorbased smart card can be made to meet the required security level [Chaum1989].

For instance, Verisign and Schlumberger have developed the use of Cryptoflex smart card for carrying a Verisign Class 1 Digital ID [Verisign9701]. Cryptoflex card is the first cryptographic smart card in the industry, which is designed based on the PC/SC specifications. This enables the use of smart card for portable Internet access with Microsoft Internet Explorer 3.0 at all sites accepting Verisign Digital IDs.

In Michigan University, the Cyberflex card has been used for storing Kerberos keys in a secure login project [Michgan9701].


3.2.2 Identity card

The identification of an individual is one of the most complex processes in the field of Information Technology. It requires both the individual to identify himself and for the system to recognize the incoming connection is generated by a legal user. The system then accepts responsibility for allowing all subsequent actions, sage in the knowledge that the user has authorization to do whatever he is asking of the system.

If a smart card is used, the information stored on the card can be verified locally against a ‘password’ or PIN before connection is made to the host. This prevents the password from being eavesdropped by perpetrators on the Internet.

Some of the smart cards will have personal data stored on the card. For example, the cardholder’s name, ID number, and date of birth [Devargas1992].

3.2.3 Access control card

The most common devices used to control access to private areas where sensitive work is being carried out or where data is held, are keys, badges and magnetic cards. These all have the same basic disadvantages: they can easily be duplicated and when stolen or passed on, they can allow entry by an unauthorized person. The smart card overcomes these weaknesses by being very difficult to be reproduced and capable of storing digitized personal characteristics. With suitable verification equipment, this data can be used at the point of entry to identify whether the user is the authorized cardholder. The card can also be individually personalized to allow access to limited facilities, depending on the holder’s security clearance. A log of the holder’s movements, through a security system, can be stored on the card as a security audit trail [McCrindle1990].

The card could contain information on the user’s privileges (i.e. access to secure areas of the building, automatic vehicle identification at entrances to company car parks, etc.) and time restrictions. All information are checked on the card itself. Access to different areas of the building can be distinguished by different PINs. Furthermore it can also track the user’s movement around the building [Devargas1992].


3.2.4 Digital certificate

The most important security measures we encounter in our daily business have nothing to do with locks and guards. A combination of a signed message and the use of public key cryptosystem, so called digital signature, are typically used.

A digitally signed message containing a public key is called a certificate. In addition to a public key, a certificate typically contains a name, address, and other information describing the holder of the corresponding secret key. All of these carry the digital signature of a registry service that records public keys for all members of the community. To become a member of this community, a subscriber must do two things:

• Provide the directory service with a public key and the associated identification information so that other people will be able to verify his/her signature.

• Obtain the public key of the directory service so that he/she can verify other people’s signatures.

Because certificates are extremely tamper resistant, the authenticity of a certificate is a property of the certificate itself, rather than of the authenticity of the channel over which it was received. This important property allows certificates to be employed in very much the same way as a passport. The border police expect to see your passport and in most cases count on the passport’s tamper resistance to guarantee its authenticity. Because of the fragility of paper credentials, however, there are circumstances in which this is not considered adequate. In making a classified visit to a military installation, for example, no badge or letter of introduction by itself is sufficient. Prior arrangements must have been made using channels maintained for the purpose. Because public key certificates are more secure than any paper document, they can be safely authenticated by direct signature checking and no trusted directory is needed.

3.2.5 Computer login

Access to the Computer room and its services can be controlled by the smart card. In terms of network access, smart card can authenticate the user to the host.


Furthermore, depending on the environment being protected the network access card can also perform the following functions:

• Manipulation of different authentication codes for different levels of security.• Use of biometric techniques as an added security measure.• Maintaining an audit trail of failures and attempted violations.

Meanwhile, in terms of access to the computer room itself, PIN checking can be done on the card without the need for hard wiring the access points to a central computer.

The identification of a user is usually done by means of a (Personal Identification Number) PIN. The PIN is verified by the microcomputer of the card with the PIN stored in its RAM. If the comparison is negative, the CPU will refuse to work. The chip also keeps tack of the number of consecutive wrong PIN entries. If this number reaches a preset threshold, the card blocks itself against any further use.

3.3 Transportation usesThe smart card can act as electronic money for car drivers who would need to

pay a fee before being able to use a road or tunnel. It would then contain a balance that can be increased at payment stations or in the prepaid process, and is decreased for each use.

If privacy is not an issue (i.e. the driver does not care if he is identified as using a particular stretch of motorway at a particular point in time), then the card could be linked to a bank debiting system as a debit card. Besides, the card could also act as a credit card.

Another example is the Octopus card. This service aims at reducing the amount of cash handled by the service provider and also increasing management information. This information would be invaluable in giving the customer the right service at the right time.

Each individual would possess a reloadable card that could either be paid directly (immediately) or as a credit payment based system where monthly settlement would be required. If the card has a positive balance, the card holder could use the card in any of the transport services by simply inserting the card into the cardreader which would be either on the bus or at the entrance to the MTR station.


If the travel charge is different for different zones, then the card would need to be used at the entrance of the bus or station and also at the exit. This process would then calculate the amount owed for a certain journey [Devargas1992].

3.4 Telecommunication ApplicationsTelecommunication is one of the largest markets for smart card applications. In

1997, payphone cards occupy the largest share of the smart card market. Over 70% of the smart cards are issued as payphone cards [CardTech1997] and this will continue be the largest market in at least the next 3 years.

Since 1988, smart card has become an essential component in cellular phone systems. Network data, subscriber’s information and all mobile network critical data are kept inside the card. With this card, subscribers could make calls from any portable telephone. Moreover, through the IC card, any calls through the mobile phone could be encrypted, and thus ensure privacy. In the future, more and more valueadded services, such as electronic banking, could be supported by using this microprocessor card. Examples can be found in chapter 7.

3.5 HealthCare ApplicationsDue to the level of security provided for data storage, IC cards offer a new

perspective for healthcare applications. Medical applications of smart cards can be used for storing information including personal data, insurance policy, emergency medical information, hospital admission data and recent medical records. Numerous national hospitals in France, Germany and even Hong Kong have already started to implement this kind of healthcare card.

With the microcontroller onboard, smart cards could be used for managing the levels of information authorized for different users similar to a workflow control system. Doctors would be able to access the medical record from the patient’s card, while chemists could make use of the prescription information stored on the card for preparing the medical treatment. Emergency data kept on the patient’s card, which includes the cardholder’s identity, persons to contact in case of accident and special illness details, can be used for saving the patient’s life. In some countries, medical insurance is required for hospital payment. With the insurance records stored in the patient’s card, the administrative procedures are simplified.


3.6 Loyalty ApplicationsLoyalty program is another important application of smart cards in the shopping

model. The preferred customer status together with detailed information on shopping habits is stored and processed on the smart card. With this information, merchants could derive better shopping model or tailormake personalized customer shopping profiles. In addition, this shopping habit profile is kept in the customer’s card; therefore, his/her shopping record could be kept confidential from unauthorized access.

As an extension to the loyalty application, stored value functions could be added. In current pay television systems, users’ preferences are kept together with the electronic payment scheme. Users would not have to set their preferences each time they use the television system. As this card will also be used as the key to the television, users would not be permitted to use the television box unless they have paid their television fee. So sufficient security and convenient television usage could be guaranteed.


Part II. Smart card in details


4.TECHNOLOGY ASPECTS OF SMART CARD

From the technical point of view, smart cards can be classified into two main types: programmable and nonprogrammable. A smart card application programmer can either put the application logic on the terminal, the card (if it is a programmable card) or both. We can view the nonprogrammable smart cards as external storage, just like a floppy disk, with security features. Therefore, we can design to store certain portable information on the smart card and the application logic is allocated on the terminal side. On the other hand, the programmable smart card, such as the Java card, allows the application logic (intelligence) to be partially built on the smart card. In this chapter, we are going to describe the overview concepts of smart card programming.

4.1 Overview of ISO 7816 Standards ISO 7816 is the interface standard for smart card. The following subparts are of

interest to the smart card application programmer:

ISO 78161: Physical characteristics of cardsDefines the dimensions of cards and the physical constraints.

ISO 78162: Dimensions and locations of the contactsDefines the dimensions, location and role of the electrical contacts (the power VCC, the ground GND, the clock CLK, the reset RST, the I/O port I/O, the programming power VPP and two additional reserved contacts for future use) on the microchip.

ISO 78163: Electronic signals and transmission protocolsDefines the characteristics of the electronic signals exchanged between the card and terminal and two communication protocols: T=0 (Asynchronous half duplex character transmission protocol) and T=1 (Asynchronous half duplex block transmission protocol)

ISO 78164: Interindustry commands for interchangeDefines a set of standard commands and a hierarchical file system structure.


ISO 78165: Numbering system and registration procedure for application identifiersDefines a unique card application name.

ISO 78167: Interindustry commands for Structured Card Query Language (SCQL)Defines a set of commands to access smart card content and relational database structure.

Other parts are not covered here since smart card application programmers do not need to know them and also some of them are still under preparation. We shall discuss ISO 78163, ISO 78164 and ISO 78165 below.

4.2 Communication Protocol between Terminal and Smart Cards

The communication protocols between the terminal and the smart card are described in ISO 78163 (Transport Protocol) and ISO 78164 (Application Protocol). These two protocols are briefly described in this section.

The terminal initializes a smart card by transmitting a signal to the reset (RST) contact of the card. The card will response by transmitting a string of bytes to the terminal called the ATR (AnswerToReset). This string of bytes consists of two parts: the protocol bytes provide information about the communication protocols supported by the card and the historical bytes provide information about the type of card. An example is given for the ATR of ACS ACOS1 smart card (which is a type of memory card of Advanced Card System company):

Protocol Bytes Historical Bytes

3B BE 11 00 00 41 01 10 04 00 12 00 00 00 00 00 02 90 00 (in hexidecimal)

The details of ATR are described in the ISO 78163 standard. We briefly describe the first three bytes in the protocol bytes here. The bytes “3B” stand for the method of bit transfer. “BE” means that there is additional information (14 historical bytes). The bytes “11” describe the information of clock speed and bit transfer rate.


The historical bytes give information about the references and versions of the card’s chip and operating system.

After the ATR was transmitted, the terminal can communicate with the smart card by sending commands. The commands are encapsulated in packets. These packets are called Transport Protocol Data Unit (TPDU). Each packet begins with the following five bytes (Header) followed by a number of bytes for the Data field if needed:

CLA INS P1 P2 P3

TPDU Header

The class byte (CLA): A class of instructions. The values of some class bytes can have a specific meaning pertaining to a certain class of commands. For example, the class byte of ACS ACOS1 smart card is 80H and Gemplus 32 bit Java Card is A8H.

The instruction byte (INS): A particular instruction. For example, the SUBMIT CODE instruction of ACS ACOS1 smart card is 20H.

The parameter bytes (P1 & P2): The parameters for the instruction. For example, the parameters of SUBMIT PIN command are P1 = 06H and P2 = 00H.

The parameter byte (P3): The number of data bytes which are transmitted with the command during the exchange. This byte may indicate the number of bytes that the terminal will send to the card (Lc) or the number of bytes that the terminal expects to receive from the card (Le). For example, the P3 in the SUBMIT PIN CODE instruction is 08H since the PIN (Personal Identification Number) code in ACS ACOS1 smart card is 8 bytes long.

After receiving the header, the terminal waits for a procedure byte from the smart card:

• An acknowledge byte: Based on the INS byte, it may indicate the terminal should send data or expect to receive data. Based on the acknowledge byte, the application level protocol APDU (Application Protocol Data Units) command is


formed with the TPDU header. There are four possible formats of the APDU command:

1. No data bytes exchange required.

CLA INS P1 P2

Format 1 of APDU command

2. Only terminal receive data bytes from smart card (Le).

CLA INS P1 P2 Le


3. Only terminal sends data bytes to smart card (Lc).

CLA INS P1 P2 Lc Data


4. Terminal sends data bytes to smart card (Lc) and also receives data bytes from smart card (Le).

CLA INS P1 P2 Lc Data Le


If Le = 0, then the number of bytes expected is unspecified and must be provided by the smart card (maximum 256 bytes). When the data bytes have been transmitted, the terminal expects a new procedure byte.

• A NUL byte (value 0x60) : The smart card requests more processing time. The terminal needs to reset its card timeout timer and wait for another procedure byte.

• A status word (SW1 and SW2) : The status word ends the command. It is standard in ISO78164. Here is a subset of common status words:

SW1 SW2 4.2.1.1.1 Meaning


90 00 O.K. 67 00 Wrong P3 69 66 Command not available 6A 86 P1P2 incorrect 6D 00 Unknown INS 6E 00 Invalid CLA

Based on SW1 and SW2, an APDU will be returned in the following format. The Data part is optional, because some APDU commands do not require any data from the smart card as in cases 1 and 3 above.

Data SW1 SW2

Format of response APDU

The communication between the terminal and smart card (as shown in figure 41) includes a command APDU which is sent by the terminal to the smart card and a response APDU by the smart card to the terminal based on the result of the command APDU. These exchanges are all encoded in transport protocol level TPDUs. A command/response exchange at the application protocol level APDU may require more than one TPDU exchange.


Figure 41. Communication protocol between terminal and smart card.

Here is an example of command/response APDU between the ACS ACOS1 smart card and a terminal. The command is used by the smart card to submit the PIN code for authentication to the terminal.

SUBMIT PIN:

To submit a secret code (PIN) to the smart catd.

Command APDU:

CLA INS P1 P2 P3 DATA80 20 6 00 08 PIN Code or DES(PIN Code,#Ks)

PIN Code Eight bytes PIN CodeDES(Code,#Ks) Eight bytes PIN Code encrypted with Session Key (Ks)

Response APDU:

4.2.1.2 SW1 SW2Status

Specific Status Codes:

SW1 SW2 Meaning 63 Cn Wrong Code; n = remaining number of retries


69 83 The specified Code is locked 69 85 Mutual Authentication not successfully completed prior to

the SUBMIT PIN CODE command

In the SUBMIT PIN procedure, the terminal can either submit the PIN code in plain text format (without encryption) or in DES encrypted format if the corresponding option bit DES in the Security Option Register is set.

4.3 Overview of File Systems The file system in the ISO78164 is one of the important components in the

smart card for data storage. The file system is a hierarchical file system like MSDOS:

• A file system has a root, which is called the master file (MF).• Directories which are called dedicated files are used to organize (DF).• Normal files are called elementary files (EF).

Files are referenced by a file identifier (FID) which is two bytes long. There are several kinds of elementary files:

• Transparent files, which are seen as a sequence of bytes.• Linear fixed files, which are seen as a sequence of fixedlength records.• Linear variable files, which are seen as a sequence of variablelength

records.• Cyclic files, which are seen as an endless sequence of fixedsize records.

In the ACS ACOS1 smart card, the files are defined and constructed in the personalization stage. The application program running on the terminal can then access the files using APDU commands if it is authenticated. Here is an example of SELECT FILE command which is used to select a data file for subsequent READ RECORD and WRITE RECORD commands.

SELECT FILE:

To select a data file for subsequent READ RECORD and WRITE RECORD commands.

Command APDU:


CLA INS P1 P2 P3 DATA80 A4 00 00 02 File ID

File ID Two bytes file identifier

Response APDU:

4.3.1.1 SW1 SW2Status

Specific Status Codes:

SW1 SW2 Meaning 6A 82 File does not exist. 91 xx File selected.

xx is the number of the record in the User File Management File which contains the File Definition Block of the selected file.

4.4 Overview of Naming SchemeThe ISO 78165 standard defines a naming scheme for smart card applications. Each application is identified by an application identifier (AID). The AID is between 1 to 16 bytes long. The smart card provider needs to get a registered application provider identifier (RID) from ISO. The AID is constructed as shown below:

RID PIX

The first five bytes are the RID, and the last 11 bytes (PIX) can be freely assigned by the smart card provider.

4.5 Overview of the Security ArchitectureThere are two main security mechanisms provided for smart card applications:

access control and cryptography. For access control, the application or cardholder


may need to submit a PIN (Personal Identification Number) before any APDU command. In the ACS ACOS1 smart card, the application also needs to submit the Issuer Code (IC) which is assigned by the smart card manufacturer in order to submit any APDU command. Furthermore, there is a set of Application Codes (AC) which can be set in order to enhance the access control in the file system. Each file is assigned a security attribute of Read and Write. Security Attributes define the security conditions that must be fulfilled to allow the respective operation. The communication channel between the smart card and terminal can be protected by cryptography like DES (symmetric algorithm) and RSA (publickey algorithm). Moreover, there may be other different specific security mechanisms provided by different smart card manufacturers. For example, the following security mechanisms are provided by the ACS ACOS1 smart card:

• DES and MAC calculation:DES refers to the DEA algorithm for data encryption and decryption. MAC refers to the algorithm for the generation of cryptographic checksum.

• Mutual Authentication and Session Key based on Random Numbers:Mutual Authentication is a process in which both the smart card and smart card reader verify each other’s validity. The Session Key is a result of the successful execution of the Mutual Authentication procedure. It is used for data encryption and decryption during a session. A session is defined as the time between the successful execution of a Mutual Authentication procedure and a reset of the card or the execution of another START SESSION command.

• Secret Codes:Secret Codes and the PIN code are used to selectively enable access to data stored in the card and to features and functions provided by the smart card.

• Secure Account Transaction Processing:Account Transaction Processing provides a mechanism for the secure and auditable manipulation of data in the Account Data Structure.

4.6 An Example of Smart Card Application : SmartFlow Internet Payment System

Electronic commerce on Internet is a popular research area, but the lack of secure payment transfer protocol is the main barrier to promote webbased business


activities. Smart card technology offers a set of valuable features such as identification, security and authenticity for many different applications, especially for payment transactions. The SmartFlow system, which is being developed by the Cyberspace Center, as shown in figure 42 integrates the existing technology of smart card, Internet and workflow to demonstrate a new prototype for secure offline micropayment transaction environment. Offline micropayment is suitable for low value transaction and privacy protection.

Figure 42. Architecture of SmartFlow Internet Payment System.

The first version of the SmartFlow prototype system has been implemented and it is ready for demonstration at the Cyberspace Center in The Hong Kong University of Science and Technology. The Smart Bank Card is implemented by the ACS ACSO1 smart card as shown in figure 43. This is a 1Kbyte EEPROM memory card which holds application data. The ACS ACOS1 smart card is a memory card with security control logic which is compliant with ISO 78163, T=0 protocol (halfduplex), with DES and MAC capabilities. It also contains the issuer code and the user password which can be changed by the user. The security control logic protects the memory to prevent illegal modification, but the data can be read when the issuer code and


password are correctly submitted. Also, different memory locations can be protected by different security controls.

Figure 43. ACS ACSO1 Smart Card in Cyberspace Center.

The system is developed on the Windows Platform using ActiveX which is written in Visual Basic to build the system logic and frontend. The backend is supported by the Windows NT Server and all the related data are stored and managed by the MS SQL Database Server. The system is supported by the Internet Information Server running on the Windows NT Server, and the communication channel is secured by Secure Socket Layer (SSL). We are using Internet Explorer 4.0 for the browser because the system is developed on Active X which is only supported by Internet Explorer as shown in figure 44.

Figure 44. SmartFlow Internet Payment System.


For illustration, here is the source code of the Select_File function in the SmartFlow Internet Payment System. This function is used to select a file on the smart card. The APDU command of SELECT FILE was described earlier, the CLA is 80H, INS is A4H, P1 is 00H, P2 is 00H and P3 (Lc) is 02H because the file identifier is two bytes long and Le is 00 H which means to use the default value which is 256 bytes long. The API function APDUExchangeFull starts the communication session with the smart card and then the APDU command (SELECT FILE) is submitted to the smart card. The APDU response (SW1 and SW2) and Data (ResponseTempOut), if any, will be returned from the smart card to the application (terminal).

Public Const CONST_SELECT_FILE = "80A400000200"Dim TempCLA As StringDim TempINS As StringDim TempP1 As StringDim TempP2 As StringDim TempLc As StringDim TempLe As String

Public Sub Select_File( ResponseTempOut As String, FileIdentifier As String, SW1Out As String, SW2Out As String) Dim DummyDataOut As String


TempCLA = LTrim(Mid(CONST_SELECT_FILE, 1, 2)) TempINS = LTrim(Mid(CONST_SELECT_FILE, 3, 2)) TempP1 = LTrim(Mid(CONST_SELECT_FILE, 5, 2)) TempP2 = LTrim(Mid(CONST_SELECT_FILE, 7, 2)) TempLc = LTrim(Mid(CONST_SELECT_FILE, 9, 2)) TempLe = LTrim(Mid(CONST_SELECT_FILE, 11, 2)) Call APDUExchangeFull(TempCLA, TempINS, TempP1, TempP2, TempLc, TempLe, SW1Out, SW2Out, FileIdentifier, ResponseTempOut, DummyDataOut)End Sub


5.JAVA CARD PROGRAMMING

Java card programming brings a new era to smart card application development. The card supports a Java Virtual Machine (JVM). Java programs can be stored and executed on the card. Java card programming is based on Java Card 2.0 (the latest version is 2.0) specification (http://java.sun.com/products/javacard) which is maintained by Sun. Here are the main features of JVM on Java card:

• A restricted version of the Java Virtual Machine supports a subset of the Java language that can be used in Java Card applets.

• An API dedicated to smart card applet development based on the lowlevel ISO 7816 standards is available to support development of legacy applications.

• An abstract runtime environment is included which supports applet management functions like the applet selection mechanism. This environment is called the JCRE (Java card Runtime Environment).

Due to technical constraints on the card processor and since some features like multithreading is clearly not a necessity for Java card only a subset of the Java language is supported. There are also new classes (like javacard.framework.APDU) which are related to the ISO 7816 standards or to cryptography in the Java Card 2.0 specification. The implementation of a JVM is made up of a bytecode verifier, a class loader and a bytecode interpreter. The verifier is used to verify that a class file is a valid Java class file. The class loader is used to load classes into the system. The bytecode interpreter is used to actually execute the application.

A bytecode verifier is a complex and large piece of software which cannot fit onto a smart card. Therefore, the implementation of a JVM for a smart card is split into two parts as shown in figure 51:

• The Offcard part manages the verification of classes and ensures that all necessary classes are available.


• The Oncard part is primarily responsible for executing the bytecode.

The JVM is a persistent machine, so that the state of programs and objects are preserved even when the card is powered off. The related data are stored in EEPROM. Another consequence of the JVM is that classes are only loaded and initialized once in the JVM, where they remain active until disposed of.

Figure 51. Architecture of Bytecode Verifier on Java Card.

Beside the standard APDU command/response methodology, the other standard way to interact a program on the Java card is to use Remote Method Invocation (RMI). RMI, a distributed object technology, is an architecture that enforces the principle that a service provided on a server (Java card) must be described through an interface. The interface provides a list of methods publicly available for a given object. An interface like this is a kind of contract that binds a server to its clients (terminals). The server guarantees that it will respond to the methods defined in its interface. On the other hand, the protocol links the server to its clients. The protocol defines the way in which the server and clients communicate. Since the implementation of protocols is often quite complex, the implementation of these protocols is often automatically generated for a given object in JCRE. This


automatically generated program, which implements the clientside of the protocol is often called a proxy as shown in figure 52. Besides containing the code for the functions, it also contains the code required to access these functions on a remote server. A Java card can be considered as a server and provides services to its clients (terminals) to access or manage the information stored on the smart card. Furthermore, the various protocols defined by ISO 78163 and 4 define the smart card as a slave in a master/slave configuration:

• The functionality provided by a Java program (applet) on the Java card is given in the Java interface, which defines the list of available methods.

• A highlevel protocol is clearly defined between the applet and its clients (terminals).

• A proxy generator is available to support the design and development of the client software.

Figure 52. The Proxy between Application and Applet.


There are three main rules for controlling the security and visibility of applets in the Java Card:

• The visibility of a package is platformdependent.

• Within a visible package, only the public classes are visible from the outside.

• If an applet is able to get a reference to an object, then the applet is allowed to use the object.

Actually, these three rules are the same as the standard Java rules. Furthermore, most of the Java card manufacturers include an additional security feature – firewall – between applets. This feature is global to the card, and the purpose is to isolate every object in its own sandbox in order to reduce the risk of illegal access.

After a Java card applet has been created and loaded on the terminal, the first step is to install and register it to the Java card. Since this method is static, it is in charge of allocating a new instance of the applet and registering it with the JCRE through the register method as shown in figure 53 (step 1). Once the applet has been successfully registered, it is then ready to be selected and activated as shown in figure 53 (step 2). Only one applet can be selected and activated at any one time. If applet selection is successfully, it is then ready to process incoming commands as shown in figure 53 (step 3). As long as an applet is selected, any command sent to the card is embedded in an APDU object and sent to the applet’s process method. This continues until the applet is deselected as shown in figure 53 (step 4). The deselect method of the current applet should be deselected before a new one is selected.


Figure 53. The life cycle of an Applet on Java Card.


6.BUILDING YOUR OWN SMART CARD APPLICATION

In the previous chapter, we outlined the basic information for smart card programming. We shall now briefly describe the procedures for developing a smart card application.

Developing a smart card solution is similar to developing a distributed system. The following steps listed below can be used as the guidelines for building a smart card application:

1. Determine the objective of the solution2. Define the appropriate algorithm3. Identify the requirements and select the appropriate smart card4. Specify the system security level, key distribution and key usage

algorithms5. Set the privacy and security levels of the users6. Set the security bookkeeping level7. Specify the directory and file structure of the smart card8. Select the application commands/instructions needed

In the following section, we shall describe each development step in detail. We hope that this information would be useful in helping the technical managers in developing smart card applications.

6.1 Plan the smart card solutionWhen designing a smart card solution, we have to understand the aim of this

solution first. Smart card as mentioned in the previous chapters is mainly used for identification, security, and electronic money related aspects.

If the solution is mainly based on standard existing smart card solutions (for instance door access control system, electronic purse, secure identification card and Digital Certificate card) an offtheshelf card could be chosen. However, if the problem has not been implemented before, or is different from the common


solutions, the system integrator would have to build the whole system from scratch or modify the offtheshelf card solution.

Before designing the algorithm to solve the problem, the technical manager should estimate the time span of the development required. A rule of thumb for time from concept, programming and testing phases to completion of new system is around nine months. Individual developer will require about 4~6 months for programming. If the existing microprocessor card does not meet the requirements of the user, the card would have to be redesigned. The time required for microprocessors card production is around 12 weeks [Rankl1997].

Figure 61. Flowchart of smart card development..

In other words, if the problem could be solved based on an existing solution, offtheshelf cards should be used. The required work would be basically consists of system integration of the smart card system to the existing environment. Around 4 to


6 week’s time would be needed for this development. However, if no existing solution can meet the requirements of the user, development of the solution would have to start from the design of the chip card microprocessor. As a result, around 9 month’s time would be required.

The core part of the solution is to define the algorithm for the smart card solution. Developers need to choose an appropriate algorithm. They also have to understand the flow of the system and identify the appropriate role of the smart card.

In addition, developers have to understand the restriction of different smart cards. This information is used together with the requirements on the smart card for selecting the most appropriate card type. The first restriction of a smart card is the lifetime of the card.

The life expectancy of a smart card basically depends on the application of the card. For instance, GSM cards can stay in the phone permanently while identification cards and canteen cards would have to be renewed after 23 years [Rankl1997].

The number of insertion will also affect the life expectancy of the card. The goldplated contact could survive about 10,000,000 insertions. While the data storage (EEPROM) usually fails after 20,000 to 40,000 read/write cycles. A first sign of failing performance is when the first write attempt does not set the desired value in the EEPROM, or the written data no longer stay in memory after a few hours [Rankl1997].

Even though the smart card could hold the stored data securely, it should not be considered as a permanent safe for confidential data. EEPROM is based on electrical charges. Therefore due to current leakage, stored data could be lost. This effect is exacerbated by high temperatures. Normally the data content in a smart card is guaranteed for 10 years.

The second limitation is the memory space on the card. Because smart card is an embedded system, the memory size of the card could not be increased after the manufacturing stage. The current largest available memory space and the largest possible memory space in an 8bit CPU smart card are 32K bytes and 64K bytes respectively. However, development cost is affected by the cost of the card which is heavily dependent on the size of the memory. For example, changing from a 1Kbyte


card to 8Kbyte card raises the production cost 4 times. Therefore a balance between costeffectiveness and card memorysize has to be struck.

6.2 Understand the need of smart cardAfter understanding the restrictions and limitations of smart cards, we would be

able to select the appropriate card for the problem according to the requirements. Though technical characteristics of smart card is hardwarespecific, most of the properties of smart card chips are identical. Therefore, design specifications can be the same.

Traditionally, there are two main criteria for selecting a smart card. These include the speed of instruction execution and the security level requirement of the system.

The speed of instruction execution depends on the processor chip and the speed of data transmission. The internal speed for executing instructions also affects the data transmission rate. The current clock rate of the CPU is in the range from 3.5MHz to 4.9MHz. The faster the internal instruction execution speed, the faster the data transmission rate. Although the maximum possible data transmission rate of contact smart card is 115200 bits per second (bps), the current normal transmission rate is 9600 bps [Guthery1998].

Other than the data transmission rate, the execution speed also depends on the Read/Write speed of the EEPROM and the card activation time. The Read/Write time of EEPROM is around 3.5ms while Ferro Electrical RAM (FERAM) is around 200ns [Klaus1998]. When the same type of nonvolatile memory is used, the time differences will be mainly on the card activation time. The execution time required in normal set of instructions is around 1 – 3 seconds, while the time required for card insertion and ejection is around 2 – 3 seconds. Therefore, for massive public transportation system, contactless card is preferred, because using contactless cards could reduce the total processing time by half compared with using contact cards. Generally speaking, different applications may require different execution speed.

Besides memory size and processing speed, security and addon features of the card are very important considerations. If the card is used as a personal security related card, special cryptographic engine may have to be added on the card. When financial processing is required, the card should have the electronic purse feature.


6.3 Managing data storage on the cardHaving selected the smart card, developers have to design the data structures to

be used on the card. Because of the limited memory space, not all data could be kept. When designing a smart card solution, one should realize that the solution is a distributed solution. In common centralized mainframe solutions, all information is in one location. For smart card applications, the card is considered as a kind of document store. With this decentralized data storage, users' data could be protected from external attacked. Similar to distributed systems, only the necessary data, i.e. the mission critical data, should be kept onboard the card. This data includes the identification number of the card, unique personal data of the user and the data required when the system is offline. Any data that is not mission critical or not required in offline processing should be kept on the centralized database rather than the card.

When determining what should be kept in the smart card and planning the amount of memory needed, the memory space requirements have to be thoroughly analyzed. The size should include both the user data and administrative data. While for Java card, the size of the applications file should also be taken into consideration.

In designing the structure of the data file, the overhead generated by the data file is usually between 1632 bytes. Therefore, it is preferable not to setup an individual record for each data element in the card; otherwise too much memory is wasted for administration purposes.

Immediately after fixing the file and data structure of the card, developers should work on understanding the level of security and privacy required in the system. Because a card cannot be considered as a secure storage of data unless proper security rules are imposed, the security level of the card must be set properly. In a smart card, the Personal Identification Number (PIN) and authentication keys are basic security measures. They could be applied in different combinations and generate different security protection patterns.





Figure 62. Smart card file and directory structure.

For instance, in an electronicpurse card, Key 1 may be used for mutual authentication of the terminal and the card in the payment process, while Key 2 may be used for mutual authentication of the terminal and the card for downloading money. When the user presents the card to the merchant’s terminal, Key 1 would be selected and checked if the merchant’s terminal is a valid terminal. If the terminal is valid, the user can then enter his PIN and permit the transaction to proceed. However, even if the merchant’s terminal has got the valid Key 1, the card cannot be credited if Key 2 is incorrect. In other words, with the use of different combinations of key assignments, permissions and privileges of the users and terminals can be set properly.

In the concept and development stages of an application, key assignment and administration of application data are fundamental principles in data exchange. Various applications may have different requirements on privacy and security level, so developers must understand their needs and select the appropriate security model. Because all cryptographic algorithms rely on the secure key management, if a secret key is revealed, all security mechanisms based on it will fail to work properly. In a properly designed smart card system, only cardspecific keys should


be held in the card. Keys should be grouped together based on their functions [Rankl1997].

User privacy is also very important to the card user. Therefore, when designing a smart card system, access to private user information should be controlled. This could be considered as a component in key distribution and management procedure.

Although privacy is important to users, security bookkeeping is required. A smart card application is usually related to security and financial applications. A user who is accessing the system could either be a normal user or an intruder. Therefore, in order to enhance traceability, application developers should set the appropriate security bookkeeping level.

In the specification procedure of the smart card application, the most important step is to specify the data required to be kept in the card and define the directory and file structures for it. This specification must be defined before implementation. When defining the file and directory structures of the card system, both the user data and the administrative data should be considered. For Java and MULTOS cards, the application program files must be considered as well.

The structures of the file and directory in the card are directly related to the security of the data stored. For example, in a hierarchical directory structure in Schlumberger’s Multiflex card, files are protected first by the cryptographic keys in the directory. A set of cryptographic keys and PIN are located in each directory. Elementary files in the same directory are protected by same set of keys. In other words, if a file is located in the second level of hierarchy in the smart card, users would have to present at least two sets of cryptographic keys if authentication procedure is enabled.



Other than the security aspects, developers should determine the number of directory and elementary files required. They should gather all the files that require the same level of security in one group. Files that do not need to be protected by password should be placed at the top level of the directory structure. As mentioned in the previous chapter, other than linear fixed file, there are linear variable, cyclic, transparent, purse and SIM files [Guthery1998]. They are used for different purposes. For example, purse files are used to store electronic cash and transparent files are used for storing pictures. Therefore in designing a smart card data storage structure, developers have to analyze the data that need to be stored and determine the security level and memory requirement of the selected data. Then the data and file structures should be designed like the example shown in the following table.

File Type File ID Memory Structure DescriptionMaster File 3F00 Root Directory

DF EF1 0001 30 bytes Linear fixed Student NameEF2 0002 8 bytes Linear fixed Student ID Number

Table 61. Example file tree for campus ID card.

6.4 Determine the required back end supportBack end support of a smart card application includes the hostside hardware

and software development. This includes the determination of data exchange stability and robustness. Developers have to ensure that the communication links are stable. If highly secure communications is needed, the authentication key should not pass through the main computer. The usual authentication method, which uses the keypad on the main computer, should not be used because the user password could be captured in the serial port. The authentication key should be processed directly by the smart card.

If encryption and decryption are needed, a proper scheme should be chosen. Because the processing power of the onboard CPU in the card is much lower than the CPU in the PC, a strong but complicated encryption scheme would not be appropriate. One solution is to use a simpler encryption scheme. Another alternative is to insert a hardware cryptographic engine inside the card.

Even though the communication channel is setup, the connection also depends on the linklevel protocol used. The data structures exchanged by the reader and the


card in this commandandresponse protocol are referred to as transmission protocol data units (TPDUs). There are 15 TPDUs defined, and the most commonly used TPDUs are T=0 and T=1 protocols. The structures of these protocols are quite different.

T=0 protocol is a byteoriented protocol. Error detection is done by looking at the even parity bit on each byte transferred across the readertocard interface. It provides very poor layer separation between the linklevel protocol and the applicationlevel protocol. On the other hand, due to this fuzzy distinction between the applicationlevel protocol and the linklevel protocol, it is relatively optimized for moving commands and responses between cards and readers.

If better layer separation between the linklevel protocol and the applicationlevel protocol is needed, T=1 protocol should be selected. It is a blockoriented protocol. APDU commands are embedded within the block structure. Error detection is done by using either longitudinal a redundancy character or a cyclic redundancy check character [Guthery1998]. Details of the CRC algorithm could be found in the ISO 3309 standard. Because of strict layer separation, the smart card/terminal communications can be further extended to the one between computer and smart card terminal.

In designing an application, unless better layer separation is needed, the best current choice of TPDU is T=0 protocol. However, in the future, when smart cards need to communicate with the computer, T=1 protocol should be selected.

Smart card readers are the interfaces between smart cards and computers. They can be connected through a serial port, a parallel port, a PCMCIA port, a keyboard port or even the floppy disk slot on the computer. A smart card reader provides power and clock to the smart card and opens up the communication channel between application software on the computer and the card operating system.

In order to write on a smart card, a card writer is required. Fortunately, developers could simply choose any smart card readers, because almost all smart card readers have reading and writing capability.

Even though smart card readers use a standard communication protocol between the reader and card, the interfaces between the reader and the computer are not standardized. Some card readers just pass along to the cards the byte


sequences that are provided by the host application, while others support their own reader command set. Therefore application developers need to understand the cardcomputer interfaces of the card reader they selected. Some information on these interfaces can be found in [Guthery1998].

Hopefully, when smart cards are integrated into operating systems, card reader interfaces will go away. Application program will not need to know or care about the manufacturer of the smart card reader.

After predefining all the necessary components in smart card development, some aids for development could be used for verifying the design of the smart card solution. One of these aids is the smart card simulator [Rankl1997]. With these tools, developers could simulate the card, communication link and the card terminal, and would not have to build the complete system as a testbed.

6.5 Choosing cardside and hostside environment

After testing the solution with the simulator, developers could start building the real system. In an actual system, programs are separated into two categories, the hostside software and the cardside software. Hostside software means the program that is written on the terminal side for communicating with the commands and responses of the card. Different smart card reader vendors may have different drivers and card vendors may have different sets of commands even though they are all following the ISO 7816 standard. This complicates the hostside development procedure.

So developers have to choose which hostside model they are going to use. Currently, other than card vendor specific proprietary standards, there are also some newly defined hostside standards such as Personal Computer Smart Card (PC/SC) architecture, MULTOS model, and Open Card Framework (OCF). Some of these standards have been mentioned in the previous chapter, and others will be briefly described in the following chapter.

Hostside architecture

Development Language

Support Hostside Cross

platform development

Reader TypeSupport Multiple

types of cardCard Type

Internet Support

Portability and re

usability

Level of difficulties


Traditional hostside

application

Depending on the tools provided

Depending on proprietary products

Proprietary type

Depending on proprietary products

Limited by proprietary products

Barely supported.

Using ActiveX

control and Microsoft

technology

Poor/ PoorLow/

Medium

PC/SC architecture

Basic, C++, Java with

Win32 programming

capability

✔ PC/SC based ✔

Any smart card

PC/SC SSP

Barely supported.

Using ActiveX

control and Microsoft

technology

Good/ GoodLow/

Medium

OCF architecture

Java language ✔PC/SC based or OCF based

All Java Cards and some

proprietary cards [DiGiorgio1998a]

All Java cards and

some proprietary

cards [DiGiorgio1

998a]

Well supported. Using Java technology

Good/ Good

Medium/ High

(Not enough documentati

ons)

Table 62. Comparisons of different development architectures and platforms

If an inhouse proprietary standard is used, future expandability will be limited; however, the development can be shorter as the vendor is familiar with the standard and it is usually optimized for some specific applications. On the other hand, if PC/SC, OCF or MULTOS standard is chosen, the developer may have to learn the system from scratch since the standard has not been widely implemented.

If the smart card solution is a standard solution, offtheshelf card is suitable for the problem. However, if the problem is a multifunctional problem or a new problem, programming will be required on the card. Cardside programming is the software development procedure on the smart card. This code is defined for generating the card responses according to the received commands. Traditionally, these codes are written in assembly language and required to be masked on the card. They could be stored on the EEPROM or ROM. Hard mask means hard wiring the code in ROM, while soft mask means loading the code into the EEPROM of the card. Though soft masks do not require modification of the chip, it has to be done by the card manufacturer.

In the code development step, the software developer not only need to understand the proprietary operating system of the card, a longer period of masking


than normal software development is also expected. Besides, modification of the masked code is also very difficult. Though more and more flexible card operating systems such as Schlumberger’s CustomerOriented System (SCOS) are available which allow software developers to write their own piece of code on the card without masking, the programming procedure is still very complicated.

A new solution is to use the new programmable smart card – MULTOS and Java card. These cards have a code interpreter over their card operating system. Developers could write their piece of codes and download them to the card. After the code is downloaded to the card, user could call these instructions using their code identification. Development of these codes is simpler than deriving them in the traditional smart cards. They could use Java and C language for Java card and MULTOS card development respectively. Though these codes must be recognized by the card code interpreter and restricted to meet the reader communication and behavior, the development procedure is still much easier than that for traditional smart cards.

In selecting a smart card, offtheshelf card should be considered first. It is not a good practice to develop your own Java or C code for the smart card if existing smart card could solve the problem. Unless programming is necessary or multifunctional applications are required, traditional smart cards would be the most suitable solution.

6.6 Miscellaneous ToolsTo reduce the effort in smart card software development, some software

developers have introduced some useful tools to support this effort. These include smart card simulators, debuggers, editors, emulators and testers. Detail descriptions of these tools can be found in [Guthery1998].


Categories of cards

Contact ContactlessOncard micro

controller

Cryptographic capability

Cardside Programming

Language

Multiple Application capability

Card Security

level

Contact Memory Card

✔ ✘ ✘ ✘ ✘ ✘Very Low/

Low

Traditional Contact CPU

Card✔ ✘ ✔ ✘

Assembly language,

soft/hard mask required

✘Low/

Medium

Contactless Memory Card

✘ ✔ ✘ ✘ ✘ ✘Very Low/

Low

Contactless CPU Card

✘ ✔ ✔ ✘

Assembly language,


✘Low/

Medium

Combi card ✔ ✔ ✔ ✘

Assembly language,


✔ (not in

programming level)

Low/ Medium

Cryptographic card

✔ ? ✔ ✔

Assembly language,


✔ (not in

programming level)

Very High

EMV compliant card

✔ ? ✔ ✔

Assembly language,


? Medium/ High

Mondex Card ✔ ? ✔ ✔

Assembly language,


✘High/ Very

High

Multos Card ✔ planning ✔ ✔MEL, C

language✔✔

High/ Very High

Java Card ✔ ? ✔ Planning Java language ✔✔Medium/

High

KeyCorp OSSCA card

✔ ? ✔ ? Forth ✔✔Medium/

High

Microsoft Windows for smart card

✔ ? ✔ ? Visual Basic, Visual C++

✔✔Low/

Medium


ZeitControl's BasicCard

✔ planning ✔ Planning Basic Language ✔✔Medium/

High

Table 63. Comparison of different cards.


One of the most useful tools is the smart card editor. Most basic editors let the user send APDU commands to the card and display the response code for each command. Even though their functionalities seem primitive, they allow the developer to explore the cards’ behavior readily.

More elaborate editors provide text descriptions of command and response sets. So developers could choose the appropriate commands based on their descriptions listed. Some of these editors may even have the capability to interpret state and transaction information returned by the card. As a result, users can view the intermediate results of the card.

Most importantly, some editors support macroprogramming languages for card application development. Users could select the required sequence of actions and the editors will generate the relevant code for the hostside. Although this code is usually card vendor specific, it simplifies the card development process.

Unfortunately, the current state of the art is these editors could only be used for simple card application development. More sophisticated systems would have to be programmed through the steps mentioned earlier.

In conclusion, in developing a smart card solution, consider it as a distributed system with limited distributed memory storage on the card. Only personal information should be kept onboard the card. Other information should be kept on the centralized database. Because this personal storage is used as a secure data store, the security level of the smart card should be considered and specified in the card. Before launching a real application, developers should test their system using a card simulator. This could reduce the time for system development. The time required in this development varies from 1 month to 9 months depending on the complexity of the system.


Part III. Smart card in the Future


7. FUTURE TREND OF SMART CARD

According to the SJB Services report published in Business Wire in September 24, 1998, the total smart card market will increase to 3.8 billion cards by year 2000 [NewsEdge1998d]; an average annual increase of 52 percent is forecasted. Moreover, the demand for contactless cards will increase to 100 million cards by 2000.

Although Europe remains the heartland of smart Card, Asia is also experiencing rapid growth, from 10 percent in 1996 to a projected 30 percent of the world market by year 2000. This growth is fueled by the active encouragement of many Asian governments.

For the rest of the world, smart cards offer an opportunity to overcome poorly developed telecommunications, burdensome means of payment and paperheavy public records. In addition, according to SJB Services, the market for Smart Card technology in those countries has barely been touched.

With this bright future on smart card development, it is important to be aware of the future directions and potential applications of the smart card. In this chapter, we will describe the future trend of smart card based on the current development and customers' needs.

These trends could roughly be classified into 4 categories, namely:

1. Computer/smart card development platform2. Smart card operating system3. Smart card in electronic commerce4. Smart card in computer/internet security

In the near future, the smart card will become a standard component in personal computers. PC related card applications would become one of the main driving forces in smart card development. In the view of Microsoft, smart cards are considered as a key component of the publickey infrastructure that is to be


integrated into the Windows OS platform [Microsoft1997a]. The other trend in smart card development is in telecommunications related applications, such as phone cards and mobile phone services. However this will not be discussed in detail in this handbook. We shall start our discussions with standardization of smart card hostside environment.

7.1 Unification of smart card hostside standards on PC

Until recently, there was no common standard in the hostside environment for smart card applications development. Different card manufacturers have developed different smart card operating systems. Different applications using smart cards from different vendors needs to be programmed differently. The smart card industry has been plagued by incompatibility among applications, cards and readers, and a poor developer tool chain based on proprietary APIs and protocols. Devicedependent APIs for application development and resource sharing across multiple applications have slowed down smart card solution deployment. In general, applications would have to be rebuilt for different smart cards and readers.

Unless there are unified standards for smart cards, developed applications and program codes could not be used on different cards and card readers.

To solve this problem, two different approaches could be used – horizontal card standards, and common card operating system development. In this section we focus on the issue of horizontal card standard while common card operating system development will be discussed in the following section.

Currently, there are two different horizontal standards established to overcome the interoperability problem.

7.1.1 Personal Computer/Smart Card standard (PC/SC)

Led by Microsoft and a number of smart card manufacturers, the Personal Computer Smart Card Workgroup (PC/SC Workgroup) was formed in December 1996. The goal is to facilitate the development of smartcardbased applications for the PC by developing open specifications that ensure interoperability among smart cards, card readers and computers made by different manufacturers. As a result of


this effort, application programmers can build smart card applications that are not tied to particular readers or cards, and the system builders can mix and match readers and cards freely.

The PC/SC Workgroup was formed in May1996 in partnership with major PC and smart card companies including Groupe Bull, HewlettPackard, Microsoft, Schlumberger and Siemens Nixdorf. Later on Gemplus, IBM, Sun Microsystems, Toshiba and Verifone have also joined the Workgroup.

In December 1996, the first version of PC/SC specifications was published. It was based on the ISO 7816 standards and is compatible with both the EMV and GSM industryspecifications. Detailed specifications can be found in http://www.smartcardsys.com.

7.1.1.1 Basic architecture of PC/SC standard

In Microsoft’s approach, PC/SC standards consist of the following [Microsoft1997a]:

• Standard model for interfacing smart card readers and cards with PCs• Deviceindependent APIs for enabling smart card aware applications• Familiar tools for software development• Integration with Windows and Windows NT platform

Win32 platform software development kit (SDK) and device driver kit (DDK) has already been developed for PCcompatible smart card products. In fact, smart card support has been incorporated into the NetPC, Windows NT 5.0 and PC98 design specifications.

To implement this specification, components in PC/SC architecture have been defined. They consist of three individual components namely:

• Interface Devices (IFD) Handler for specific device from IFD vendors• Service Provider provided by Integrated Circuit Cards (ICCs) vendors


http://www.smartcardsys.com/


• ICC Resource Manager provided by OS vendors

Figure 71. PC/SC architecture.

With this standard, smart card applications could be derived from deviceindependent APIs for enabling smart card aware applications. The meaning of each box in Figure 71 is given below.

Smart Card (SC) – a credit card size plastic case with an embedded microprocessor chip.

Smart Card Reader (IFD) – the physical interface device through which a smart card communicates with a PC.

Interface Device Handler (IFH) – the PC/SC driver for a particular reader. This is a lowlevel software within the PC that supports the specific I/O channel used to connect the reader to the PC and provides access to the reader’s functions.

Resource Manager – provides system level service. It manages the smart card and reader resources, controls shared access to these devices, and supports transaction management primitives.

Smart card Service Provider (SSP) – responsible for encapsulating functionality exposed by the smart card and making it accessible through high level programming interfaces.


Application – Programs written in high level language by using the Application Programming Interface (API) provided by the Smart card Service Provider (SSP).

In PC/SC smart card application development, actual application programming interface is provided by the smart card service provider SSP which can be vendor specific or completely general purpose.

Two common SSPs are provided by the Operating System (currently only available in Microsoft Win32 platform), the Cryptographic Service Providers (CSPs) and the Smart card service providers (SSPs)

Cryptographic Service Providers (CSPs) can be a software component on the Windows platform or can be a cryptographic engine residing on a smart card or PC as a hardware component. CSP supports key generation, management, random number generation and other cryptographic functions.

Smart card service providers (SSPs) are the noncryptographic services of a smart card exposed to an application through interfaces. This contains a set of predefined interfaces. However, the predefined commands may not cover all the instructions in the card. Therefore instead of or in addition to the common SSPs, vendors could add their own set of SSPs in order to enable more functions in the card. These cardspecific PC/SC SSPs are usually written by smart card manufacturers. With these SSPs, commands supported by the card could be exposed. In addition, card vendors could also provide some higherlevel functionalities through SSPs by building their own sets of commands over the basic commands which further reduce the complexity in developing smart card programs.

From the application developer's perspective, there are three mechanisms for accessing the services supported by a smart card, namely, Win32, CryptoAPI, and SCard COM. They are the underlying mechanisms for communication between SSPs and the Resource Manager.

Win32 is the lowest level API for accessing smart cards. SSPs are developed based on basic Win32 programming methods.

SCard COM is a lowlevel noncryptographic interface implementation provided by Microsoft for accessing basic smart card services. It is a set of base COM interface objects that can be used to build higherlevel interfaces and/or applications.


With this interface, developer does not have to know the details of how particular smart card or reader functions.

CryptoAPI is the cryptographic API for writing Cryptographic Service Providers (CSP) and requires a separate development kit available from Microsoft that is import/export controlled [Microsoft1997a].

Resource Manager is the trusted service in a single process. It may be migrated into the Windows kernel. It is introduced for solving three basic problems in managing access to multiple readers and cards:

1. identification and tracking of resources2. controlling the allocation of readers and resources across multiple

applications3. supporting transaction primitives for accessing services available on a

given card.

Most importantly, it maps specific ICC to its associated SSP or interfaces as well as handling conflicts by keeping track of the ICC ATR string.

With the use of specific Interface Device drivers for specific readers, the functions of that reader is mapped to the native services provided by Windows and the smart card stack [Microsoft1997a]. The mapping is handled by the IFD driver which is connected to the Resource Manager. In other words, the card reader manufacturers would have to provide their own IFD driver; while software developers could use any reader that is PC/SC compliance.

7.1.1.2 Requirements of PC/SC compliance

To be PC/SC compliance, the cards and devices must be based on ISO 78161, 2, 3 specifications. Data Link protocol should be of T=0, T=1, or T=14 standard.

PC/SC based smart card readers can be attached to any standard PC peripheral interfaces such as RS232, PS/2, PCMCIA and USB. Readers are considered standard Windows devices, and as such carry a security descriptor. The reader would be Plugandplay enabled and multiple devices are allowed to coexist on the same machine.

For the card vendors, their cards would be PC/SC compliance as long as they are based on the standard commands in the ISO 78164 specifications. When card


specific SSPs are provided, extra cardspecific commands could be used. However, because the Integrated Circuit card is able to perform more sophisticated operations including authentication, signing and key exchange, only the ICC card is adopted into PC/SC standard at this time.

7.1.1.3 Advantages of PC/SC standard

The main benefit of PC/SC system is the reduction in hardware and maintenance costs. First, the interoperability of the PC/SC system provides us with more types of smart cards and readers to choose from. When an application is developed using one card vendor’s product, one does not have to worry about future changes in cards or readers. No rewrite or modification of the application program is necessary. It will also save development and maintenance costs as discussed below.

With this established standard model for interfacing smart card readers and cards with PC, libraries for smart card programs could be shared and multiple peripheral devices could be used in the system. More than one card readers from different vendors could be supported in the same system.

As SDK and DDK for smart cards will be integrated with the standard operating system platform, highlevel language tools such as C++, Java and Visual Basic could be used for smart card application development. Therefore, the learning curve in card development could be reduced and a faster development cycle is expected.

As Windows 98 and Windows NT 5.0 are both PC/SC compliant operating systems, when smart card is integrated with the Windows and Windows NT platforms, readers would become Plugandplay devices. This will eliminate modification to the applications as well as the system structure of the card due to change of devices [Microsoft1997a].

In future application developments, secure logon mechanisms and secure enhanced solutions aimed at the growing internet and intranet markets, including internet games, financial services, remote access and network administration could be supported better by the use of PC/SC standards [Microsoft1997a].


7.1.2 Alternative standard of smart card in PC and Minicomputer

(OpenCard Framework)

Besides the Microsoft initiated smart card hostside standards, there is another hostside standard called the OpenCard Framework (OCF) which was produced by IBM in conjunction with Netscape, NCI and Sun Microsystems around the same time as the PC/SC architecture. It could be considered as a bigger set of hostside architecture. Both PC/SC and OpenCard are designed as the interfaces between the hostside machine and the smart card [DiGiorgio1998a].

7.1.2.1 What is OCF?

OpenCard is an open standard that provides interoperability of smart card applications across Network Computers (NCs), PointofSales (POS), desktops, laptops, set tops and so on. From the architectural point of view, it is similar to the PC/SC architecture. Both of them accept ISO 7816compliant devices and are aimed at providing device independent development environment. However, their approaches are different.

The aim of OCF standards is to support 100% pure Java smart card applications. As OCF implementation was created for JavaOSbased network computers, their architecture is more complex than PC/SC. Within this architecture the whole system is developed in Java language [DiGiorgio1998a, Guthery1998a].

OCF is especially developed for horizontal standard over existing devices. Existing proprietary smart cards and Java Card could be used [DiGiorgio1998a].

With the 100% Java smart card application in mind, cards, readers and support codes are all considered as objects. Even though there are very few smart card readers available for this system at this time, using the interface between the OpenCard and PC/SC standard, applications can be built on Win32 platform. In other words, all the PC/SC based readers could be used in the OCF platform [DiGiorgio1998a].


7.1.2.2 Basic architecture of OCF

Similar to the PC/SC standards, OCF provides API for registering cards, determining card readers, look for cards in readers, and optionally start up Java agents when cards are inserted. The architecture of OpenCard Framework is shown in Figure 72.

Figure 72. OpenCard Framework architecture.

The architecture of OCF is made up of 4 main components: CardTerminal, CardAgent, Agents and/or applications. Packages for providing highlevel API for use by the application developer are given. These packages are written in Java. The card terminal drivers are also written in Java which will call the C language APIs via the Java native calls.

Card Terminal manufacturers would have to provide their own sets of CardTerminal classes in order to make their terminals usable by OpenCard applications. The CardTerminalFactory must also be provided. It is used for keeping track of all card terminals to the OpenCard Framework and will be used by the Framework to create CardTerminal instances.

Software application developers must also provide their card services for the smart card applications together with a "factory", the CardServiceFactory, whose role is analogous to that of the CardTerminalFactory.

CardChannel objects are used by Card services to communicate with a smart card in a card terminal. Because the application could be written using multiple threads, concurrent access of card services is possible. These concurrent accesses to the card are scheduled by the CardServiceScheduler via a card channel (See Figure 73).


Figure 73. Communications between Card Objects in OCF.

Card applet proxies are used for representing the applets on the card. They are card appletspecific, that is, each card applet class belongs to a particular Java Card applet. They act as middlemen between the card and the application and their function are similar to SSP in the PC/SC standards.

With the use of the CardServiceScheduler, several card applet proxies can be used concurrently. When one of these proxies is selected, the rest will be deselected. Different applications on the Java card could be selected, processed and managed by a centralized processing unit. In other words, the applications on the Java card would be connected to the appropriate Card applet proxies and controlled by the CardServiceScheduler.

7.1.2.3 OCF compliance

Similar to the PC/SC standards, the OCF architecture accepts Java Card and all ISO 7816 compliant standard devices. Any ICC card can be used in the OCF architecture.

Even though currently there are very few smart card readers developed for the OCF architecture, with the interface to PC/SC standards provided by developers for use by existing devices on Win 32 platforms, all PC/SC based smart card readers can be used. In addition, because OCF is written in Java, all development tools for Java programming can be used. Furthermore, all components in OCF can be


considered as objects in the program, therefore the underlying mechanism does not need to be modified.

7.1.2.4 Advantages and Disadvantages in using OCF

OCF shares the same advantages of the PC/SC architecture. The use of OCF allows the software development platform to be independent of the type of smart card reader or card. Existing programming tools, smart cards, and readers can be used, Java can be used in the development.

Because the software would be written in Java, it can run on many different platforms. Rather than restricted to a single PC, applications could be written in cooperation with the Java Native Interface (JNI) and work on the Internet through various browsers. Therefore, it can be run on a much bigger platform – the Internet.

However, it is not without disadvantages. First of all, because JavaOSbased NC is not developed as fast as forecasted, OCF, which is originally designed for Network Computer, is not growing as fast as the PC/SC architecture.

Because its architecture is much more complex than the PC/SC architecture, development is more difficult. As all code is written in Java, existing card application code would have to be rewritten in Java. C++ or Visual Basic can not be used for hostside applications development.

Whichever horizontal carddevelopment model will dominate in the future, smart card application development will become card and reader independent, and common software development tools will be used in future application developments.

7.2 Trends in smart card cardside standardsAnother method to solve the diversified smart card development environments is

to use a common card operating system.

Similar to the early PC market, the smart card companies have been developing their own applications using several proprietary systems. Therefore, applications are usually not interoperable. Until the emergence of the Java card [Guthery1998a], cardside development cannot be done (not easily anyway) after the card has been manufactured.


Mondex has also introduced their multiapplications operating system, MULTOS, [Guthery1998a]. Lately, Microsoft has also joined the embedded OS environment [Microsoft1998a]. There may be other more powerful card OS in the market, but we would concentrate on these three card OSs because their alliance support are much stronger than the others.

7.2.1 Java inside

The Java language was first presented by Sun Microsystems in 1995. It was originally intended for linking settopboxes, copiers and other electronic consumer goods with the microprocessors [Klaus1998]. In the Java programming environment, the byte code produced by the Java compiler is interpreted by a virtual machine called the Java virtual machine (JVM). Because of this programming concept, Java offers a perfect solution to both the development environment and security matters for the smart card operating system.

After the standardization of the Java byte code, the JVM and the Java Card API for smart card have been worked on by Sun and several smart card manufacturers.

The Java card was first demonstrated by Schlumberger on 2nd April, 1997 [SLB9704]. The demonstration version of the Java card used the Motorola M68HC0%SC49 chip which is an 8bit microprocessor with 4K bytes of EEPROM memory. Based on the Java card 1.0 specification, the Java Interpreter on Cyberflex occupies 3K bytes of ROM and 1K bytes of EEPROM.

Since then, many other card manufacturers have joined the race and produced their own Java cards. Currently, Bull CP8 Transac and Gemplus have already got their Java cards ready for application developers. Gemplus’ GemXpresso Java card uses a 32bit RISC processor as the card CPU [Gemplus1998b].

With the use of Java Card, users could develop their own smart card programs (known as Java cardlets) in Java and download them on the card. In other words, software developers and users can now develop their own applications and have them run on the card when special permission is obtained.


7.2.1.1 Basic knowledge of Java Card

Rather than single applications, the Java card was originally designed to support multiple applications. It not only accommodates multiple applications, but also ensures each application is protected in the card from the other applications. So data and variables in one application are not accessible by other applications on the same card.

Many application developers have already started to use Java cards in their development. The Java card aims to be a fast, objectoriented, easytoprogram smart card with more programming function, cryptographic library, and may have one or more coprocessors.

Another very important application of the Java card is telecommunications. Javabased SIM cards can enhance the range of services provided to the users. Valueadded functions such as remote banking could be performed with this type of SIM card. Some of these electronic commerce functions will be discussed later in this chapter.

Figure 74. Java Card internal structure.

7.2.1.2 Advantages of Java Card

The Java card project started within Schlumberger at the end of 1995. The aim of that project was to develop a standard secure smart card operating system that supports multiple applications [DuCastel98]. Even though the Java card only supports a subset of the Java language and Unicode, and multidimensional arrays are not supported, Java card programming allows cardside program development and the cardside logic circuit is no longer restricted to assembly language.


Thousands of Java programmers can now enter into the smart card development market [DuCastel98]. As a consequence, cardside development will pick up speed.

Using the Java byte code compiled in any Java development environment, any Java program can be loaded into the Cyberflex card when required [SLB9704]. On the other hand, whenever the code is not needed, it could be removed from the card to free up memory space. This allows the smart card program to be deployed almost anywhere [DuCastel98].

As Java security is based on the sandbox theory, applets in the card are not allowed to communicate with the other applets. Therefore, Java fits the security needs for smart cards perfectly [DuCastel98]. The latest Java card development may now support secure interapplet communications [Hickman9801].

Implemented in the OpenCard Framework, Java cards are able to access the Internet through network computers in hotels and airports, access medical records and customer loyalty programs, automate airline ticketing, track frequent flyer miles and improve telephone security [Hickman9801].

MULTOS, a card OS mainly for financial applications will support Java cardlets in the MULTOS card when the technology of Java over smart card is ready [Hickman9801]. Therefore, we believe that development of Java applets will soon be the main stream of smart card development.

7.2.2 Mondex MULTOS OS

Besides the Java Card, Mondex has derived a similar smart card architecture for multifunction purposes called the MULTiapplication Operating System (MULTOS). The MULTOS is another new interpreterbased operating system. It is developed and supported by MasterCard and MONDEX.

7.2.2.1 Yet another Card OS

Similar to the Java card, the core of the MULTOS operating system is an interpreter that allows the applications to be developed independently of the underlying card hardware. With the MULTOS API (cardside application interface on the MULTOS card), applications written with MULTOS API would be writeoncerunanywhere over any MULTOS platform [Guthery1998a].


Using the ITSEC E6 certified firewalls, MULTOS is able to provide application segregation. ITSEC E6 is the highest security in ITSEC certification. Therefore, with this setting, MULTOS could be considered as an extremely secure Card OS which may even be more secure than the Java Card.

The internal card structure of MULTOS is similar to the Java Card, as depicted in Figure 75. However, implementation of the card internal is totally different.

Figure 75. MULTOS Card internal structure.

7.2.2.2 Programming environment used

MULTOS uses a dedicated programming language called MULTOS Executable Language (MEL) which is a simple virtual processor language [Multos]. Application developers could write the code in the high level language C and then translate the code with the help of a tool into the interpreter language MEL. The code can then be downloaded onto the card.

To get familiar with MULTOS application development, one can obtain the specification and descriptions of MULTOS API, as they are available for license from MAOSCO LTD. With the specification, developers could program their own card applications.

7.2.2.3 Advantages of MULTOS

The MULTOS smart card OS is also developed as a multiapplication OS. Same as the Java Card, it could accept one or more application codes written in a highlevel language. However, because it was initially developed by financial institutes as an electronic purse, the security of the card OS was an important design issue. Besides, as it was designed for unaudited stored value schemes, many financial


institutes and banks would likely opt to use the MULTOS card in their financial related applications.

After an agreement is made by Mondex and Sun Microsystems, Java cardlets will be accepted on both types of smart card system. For this reason, Java cardlets will likely become the future smart card programming standard.

Its high security lies in its highly secure design where different applications on the same smart card are protected by application firewalls. Therefore, the integrity and security of applicationspecific code and data are ensured.

With the cryptocoprocessor installed on the card, execution of cryptographic capabilities such as DES and RSA encryption/decryption would be much faster [Multos].

For the Java Card, the Java Card API is a proprietary standard controlled exclusively by Sun Microsystems [Guthery1998a]. MULTOS specification, in some sense more opened, is controlled by a consortium organized by a group of smart card manufacturers, developers and financial companies including DNP, Gemplus, Hitachi, Keycorp, MasterCard, Mondex, Motorola and Siemens.

7.2.3 Microsoft Windows in Smart card

The idea of Microsoft Smart card OS is similar to the OS mentioned above. The main objective is to provide a new smart card development environment that accepts multiapplications using languages familiar to the software developer rather than assembly languages.

Based on the 8bit processor, Microsoft announced their Smart Card for Windows OS in October 1998 in Cartes 98 [Microsoft1998a]. It is an 8bit multiapplication operating system for smart cards with 8K of ROM [Microsoft1998a, Microsoft1998b]. Microsoft’s smart card development plan aims to meet the four key criteria listed below:

• To enable smart cards to be a secure extension to the PC environment, in terms of development tools and connectivity

• To work with software development tools that have a broad base of developer familiarity and support

• To offer card issuers the ability to choose the components they want from a variety of suppliers


• To deliver smart cards at a more attractive price, therefore encouraging new applications and uses.

Even though Microsoft Smart card OS shares the same criteria as MULTOS and Java card, Microsoft Corporation believes that there is a niche for their card OS. One of the main hindrances for the MULTOS and Java platforms to be widely accepted is cost.

According to [Microsoft1998a], a typical MULTOS or Java card costs $15 each. This cost is not a great problem if the card is delivered as a result of a government mandate. However, it would be difficult to swallow compared to the 25 cents it costs a bank to issue a typical magnetic stripe credit card.

For this reason, Microsoft Corporation aimed at delivering smart cards at a more attractive price – anywhere from $24 for simpler cards, and $68 for cards with more extensive security features.

7.2.3.1 Programming Architecture of Microsoft Smart Card OS

Because Microsoft’s smart card standard has just been announced, the basic structure of the card has not been confirmed. It is believed that the operating system would be a variation of Windows CE. It should be compliant with ISO 78164, EMV and the SET standard [Microsoft1998b].

With the Smart card for Windows toolkit, the card could be used as a component with Crypto Service Provider in the infrastructure of the PC/SC architecture. Because the card could be extended to support PC programming, PC/SC programs could be used on it.

In addition, this Smart Card for Windows OS platform is developed not only as a lowcost card solution, but also an easytoprogram environment. The card most likely can be programmed using Visual C++ and Visual Basic.

7.2.3.2 Advantages of using Microsoft Smart card OS

Development of a smart card platform strategy by Microsoft will help to accelerate the acceptance of smart cards. With this new smart card OS, Microsoft gets into the smart card operating system business. With the support from its partners as well as key players in smart card industry – Gemplus and Schlumberger


Electronic Transactions, Microsoft will become an important player in the market [NewsEdge1998b].

An advantage of this card OS is this will be a lowcost smart card as promised by Microsoft. The cards are expected to cost between $2 and $4 each compared to around $15 for Java and MULTOS card [NewsEdge1998b].

More importantly, this card will become an extension of the PC environment, in terms of both development tools and connectivity. Therefore, development and usage of the card and hostside application would be more closely linked.

The software development tools for the card OS is based on commonly used development tools including Visual Basic and Visual C++, so a large number of software developers could put their technical skills of PC applications development to smart card development [Microsoft1998a].

7.2.4 Card OS future

There are now three multifunction smart card operating systems in addition to a number of proprietary and less commonly known smart card operating systems. It is not likely there will emerge any single winner in a short period of time. The three card operating systems would probably occupy different segments of the smart card market.

The simple Microsoft smart card OS would probably be dominating the lowcost home card market. It could be used in future for quick and simple card applications. While the MULTOS card should be more widely accepted in financial and electronic purse related applications. Because of its highly secure internal structure, the MULTOS card would also be selected for security related applications.

In the MULTOS card model, the Virtual Machines and Operating system would all be based on MULTOS while in the Java Card model, only a Java Card JVM would have to be implemented on the proprietary card OS. In other words, a card manufacturer can produce its own Java card by building their Java Virtual Machine or licensing a JVM from Sun Microsystems directly. However, card vendors would not be able to produce a MULTOS card unless they are given the MULTOS specification. Therefore it is likely that the Java Card would be much more widely accepted. Generally speaking, the Java Card would be the card OS of choice for


more sophisticated and secure applications compared with Microsoft Smart Card OS.

In conclusion, the new cardside standards will create a new industry for smart card application development outside of the card vendor sector. This is because it is now possible to load programs for execution after the card has been manufactured.

7.3 Smart card in electronic commerceAnother driving force behind the growth of smart cards is the increase in

computer networks and the emergence of the Internet as the means of both electronic communication and commerce. Together, they have created a need for secure access to data that is increasingly being stored on the network. Because a smart card can include very precise access information to protect privacy and data security, smart cards will become an increasingly attractive alternative for PC and Internet access compared to traditional methods. These applications make the smart card a direct, secure extension of the PC network. In the later half of this chapter, we shall concentrate on the future trend of two main applications – security and electronic commerce related applications.

Recent figures by Price Waterhouse given in Information Strategy, June 1998, show businesstobusiness online trading is doubling every 34 months and consumer online purchases are set to grow 1,800% from 1997 to 2002 [Birch1998]. Many people claim that security is the only roadblock to electronic commerce. In fact, security is not the only roadblock to electronic commerce, potential barriers include access to infrastructure, consumer and business trust, regulatory uncertainty, taxation and copyright issues.

Most consumers are worried about theft of their credit card information and privacy of their personal data. On the other hand, businesses are concerned that their internal systems and networks will be hacked into. However, according to a report in Business Week on 19th June 1998, online purchasing is steadily climbing even in the absence of a comprehensive security infrastructure.

In most electronic commerce systems, software alone cannot deliver the level of security required to support ecommerce. Some form of "hard" security is needed, and in the mass market, smart cards can deliver tamperresistance, portability and familiarity.


Transition from proprietary smart card operating systems and applications to open multiapplication smart card platforms such as MULTOS and Java Card should hasten the integration of smart cards in Internet commerce.

When smart cards are used in electronic payment, security protection could be enhanced by extending the protection from server side card verification to client side authentication. The smart card together with automatic bank logging of transactions can prevent errors and lost and stolen card transactions. In addition, by implementing a proper payment protocol, both banks and retailers could be protected from fraudulent card usage. With online validation from supporting banks, stolen or lost cards could be identified.

7.3.1 Smart Card Payment Protocol

The most important factor in security is on the payment protocol used. Payment in smart card shares the same principle as other online payment schemes, except that smart card payment should have offline transaction capability also, otherwise the benefit of using smart card could not be fully realized.

A number of payment protocols have been developed for smart card payments, for instance, Mondex, Visa Cash, CSET and Open Trading Protocol (OTP). Most of these protocols are derived from banking or existing payment models. However, they all assume the transaction is done in the local site or require a secure communication channel. The assumption may be true when the transaction is restricted to online transaction through the bank’s channels. For Internet online payment, the protocol used will greatly affect the security of smart card transactions. Therefore some companies have started to look into this issue and developed their own secure payment protocols.

Protocols in smart card payment are mainly concerned with privacy, security and recovery issues. If the smart card is to replace physical cash, the privacy and security issues would be very important. To ensure privacy and security, new payment protocols have to be derived. Because connections could be broken at any time, if no recovery scheme is used for preventing the loss or duplication of these electronic cash, chaos would result. These issues have been raised and our proposed solution is published in [Chan1998]. Further discussion on this topic could


be found in our companion Electronic Payment Systems handbook. As this is a growing problem, better solutions would be needed.

7.3.2 Smart card as prepaid and loyalty card

The smart card has been used in electronic commerce as prepaid, debit card for a period of time. Wellknown examples include payphone cards, Mondex and Visa Cash. This changes the economic model of payment. Because money now exists in both electronic and physical forms, the traditional payment method would have to be modified.

From the security point of view, smart card is more secure than the normal wallet. Passwords could be used to prevent loss of money when the card is stolen. With the proper security setting, invalid password attempts could lead to deactivation of the smart card.

Another attractive feature of the debit smart card is its usability. The debit smart card is an intermediate solution between cash and credit card. As the card is basically used as a replacement of coins (i.e. cash), loss of some coins will not induce loss in the bank account.

Many successful Epurse schemes have been implemented in "close communities" including college campuses and massive transportation services. It could be applied to fast food outlets, laundromats, photocopy machines, fax services and vending machines. Generally speaking, debit and prepaid cards for small value payments will soon be common when more merchants accept this payment scheme.

The future of smart card in electronic commerce is not just in payment cards, but also loyalty cards, airline tickets and other valueadded cards. Customers’ preferences, bonus and other information could be kept in the card. Companies could then obtain their customers’ preferences and shopping histories for planning more customeroriented marketing strategies. The card could also be personalized to hold the cardholder's profile [Gemplus9801]. In this way, companies could become more competitive in attracting customers.


7.3.3 Smart card as electronic wallet

In the future, the smart card would be used for payment in different aspects. They could be used for both bankcard and prepaid debit card functions. Furthermore, because the smart card is easily portable [Gemplus9801], it could be used for both online and offline payment.

In the area of electronic commerce, smart cards can be used for storing and protecting a number of keys [Gemplus9801]. With the use of smart card for payment over the Internet, security risk could be reduced as each transaction is considered an individual event. Furthermore, even if a particular smart card is hacked, the user account will still be safe.

Together with the use of the digital certificate, bank accounts could be prevented from unauthorized access and user’s privacy and security could be achieved.

Although many vendors have developed electronic wallet function in their smart cards, it is safer to store each downloaded electronic cash value as a token in the card. As each token has a serial number which is generated by the bank, even if the smart card payment protocol is hacked, the serial number of the electronic token can be captured and false transaction can be easily identified [Chan1998]. Furthermore, with the electronic token scheme, users can shop privately on the network without exposing their identity.

When electronic payment is widely accepted in daily uses, transactions would become more efficient. A single card could be used for different applications.

7.3.4 Electronic Payment over Mobile Telecommunications

The two main driving forces (applications) for smart card industry are electronic commerce and telecommunications. When a multifunctional smart card is used for telecommunication purposes, it can also be used to cover electronic commerce related applications. This extends the usefulness of the card beyond the simple phone card.

In Finland, the PTT has already begun a pilot service whereby consumers can pay at unattended POS locations using their GSM phones. The charges are simply added to their mobile phone bill at the end of the month [Birch1998].


Hyperion's eLab has been involved in prototyping some elements of the above scheme [Birch1998]. Consumers using the service can deposit and withdraw cash from their bank accounts, and buy goods and services online. Devices currently used in the scheme include the Nokia GSM Communicator, the Newton MessagePad and Windows PC, each fitted with standard smart card readers. The scheme currently uses the Proton and Mondex electronic purses. In this protocol, which is similar to the Open Trading Protocol (OTP), the payment takes place between the consumer's electronic purse and a payment server. After the server has received the amount of payment, it generates a receipt for the merchant. Therefore, the merchant need not change its current software. It only has to process the receipt in the bank communication channel.

When multifunctional electronic wallet is successfully developed on the SIM card, electronic payment using mobile communication channel will become the future transaction mechanism. Visa International also plans to adopt electronic payment system via telecommunication channels in its Visa Open platform. Therefore when the Javabased Visa card becomes an integrated component in the SIM card, electronic payment could be performed via the mobile telecommunication channel [NewsEdge1998a].

7.4 Smart card in Internet securityBecause a smart card can include very precise access information to protect

privacy and data security, smart cards will become an increasingly attractive alternative for PC and Internet access. This application makes the smart card a direct and secure extension of a PC network.

In the system security area, smart cards can be employed for holding personal data such as the user’s login password and other user specific information. With the use of a smart card, the user does not have to remember passwords for different machines because all the passwords can be stored on a single card. With an appropriate PIN for the smart card, the user could login into any computer system.

In the Windows NT 5.0 platform, users can use smart cards to login to their Personal Computer. This ensures one user could only access one PC at a time. If the user’s profile information is stored on the smart card, he/she can even login anywhere on the network with his/her unique user profile. In addition, access to


secure database and Internet server can be protected by the use of smart card. Intrusion detection procedures can be made easier.

There are a number of applications for smart cards in the security related area. We shall focus on the following four topics – Digital ID, Computer Logon, Intrusion detection systems, and biometric authentications.

7.4.1 Smart card as Digital ID

Identification and trust is a vital component in electronic commerce. To do business online, people need to be able to establish trust with their counterparts. In the future banking model, in addition to secure transaction channels, software digital IDs and secure payment software are also required. According to a report given by Newsbytes News Network in November 1997, Internet fraud has increased by 300% over the last year. One of the main reasons for this increase is users are unable to positively identify their counterparts’ identities. If consumers can be sure of the identity of their counterparts and have a quick and simple way of checking their credentials then this kind of frauds could be curtailed.

Digital certificates have been introduced for solving this problem. Digital certificate is a data file that contains an individual’s public key along with other identification information, including the owner’s name, the certificate’s serial number and expiration data, and possibly other usersupplied information. In addition, a digital certificate also contains the name and digital signature of the certification authority (CA) that issued the certificate. The certification authority is a trusted third party, such as a bank, government agency or employer that verifies the identity of the certificate owner before issuing the certificate [Gemplus1998f].

In practice, the public key is made readily available while the private key is secured and accessible only by the rightful owner. These public and private keys are usually generated in pairs. In other words, a digital certificate holder will be given a private and a public key. With a digital certificate, anyone with access to the private key is assumed to have rightful ownership of the certificate. As the private key is the most important component of the digital certificate, protection of the private key is the single most important aspect of using digital certificates. Whenever the private key is exposed or lost, the digital certificate would have to be invalidated and a new one issued.


Current Digital ID is produced by a Certification Authority such as Verisign through the Internet. This certificate is usually stored on the computer of the user. However, because the certificate is kept on the computer, the user will have difficulty in using the same identification at different physical locations. In addition, as the certificate is the personal identification of the user, it should not be accessible by other users. More and more computers are designed to support multiple users, and more and more computers are permanently connected to the Internet. Therefore the certificate kept on a computer could be accessed by other users. Even with the hardest to guess password, the certificate could be obtained by copying it directly out of the hard disk.

Figure 76. A general picture on Digital ID applications.

To protect this digital certificate, users could use the smart card to hold this digital ID [DigiCash1994, DigiCash1996]. Smart cards are widely adopted as the key component in electronic commerce because they provide secure, portable and personal means to transport and use the cryptographic keys in the mass market. Usually, cryptographic smart cards such as Schlumberger’s Cryptoflex card and Gemplus’ GemSafe card are used.

Pilot tests were carried out by Verisign and Schlumberger in January 1998. Verisign’s class 1 Digital IDs can be issued and downloaded to Cryptoflex cards. It can also be used for Internet access with Microsoft IE and the Netscape browser.


As electronic commerce requires digital certificate for authentication, smart cards can be issued for this application. Promoted by Microsoft, IBM/Lotus and Netscape, S/MIME, which uses digital IDs for authentication, has been adopted as one of the choices for secure messaging. With the use of the digital certificate on a smart card, the user can use standard web browser to digitally sign HTML forms or email.

Digital certificate on a smart card is not only a card for authentication on cyberspace. With the digital certificates kept in the smart card, people could access various management information systems via any suitably equipped Internet terminal [Birch1998, DigiCash1994, DigiCash1996]. Digital Certificate on a smart card is believed to be widely used in the future.

Identification on the Internet is very important. Digital certificates enable organizations and individuals to communicate securely (using encryption) over untrusted networks and authenticate their remote counterparts. Therefore, with the expected widespread adoption of electronic commerce in the future, digital IDs will become the personal identity information and smart cards will become the digital identity cards.

7.4.2 Smart card as Computer access logon key

In March 1997, HewlettPackard, Informix Software and Gemplus demonstrated a jointly developed corporate Intranet and Internet security business card. This card is used for web security and Internet access security.

In Microsoft’s PC/SC plan, one of smart card’s functions is as a secure storage for digital certificates. Moreover, Microsoft has also introduced smart cards into their Graphical Identification aNd Authentication (GINA) system. With this logon mechanism, the smart card is used as the key to computer logon authentication procedure. Access control lists and permission information of particular users are retrieved from the card and the Kerberos server.



Figure 77. Graphical description of Windows NT Logon system.

With this Microsoft Windows logon authentication system, the user’s identity, which is based on the digital certificate, is kept inside the card. Using the certification authority in Microsoft Windows NT 5.0, a digital ID will be issued and sent to the smart card. To enable this mechanism, Microsoft Windows NT 5.0 machines must be configured to be aware of the installed smart card reader. Complete documentation is available in "Smart Card Certificate Enrollment" [Microsoft1998d]. At present time, only Microsoft Windows NT 5.0 and Windows 98 have this builtin smart card authentication scheme.

By developing a GINA DLL that is smart card aware, a smart card containing publickey certificates takes on the functionality of a credential cache that can be used to log a user onto multiple domains.

Further extending this idea, smart cards could be involved in client authentication over a secure protocol such as Secure Sockets Layer (SSL) 3.0. After the integration of the authentication smart card components into the browser, a smart card can be used to enhance the authentication process as a secure store for the private key or even as a cryptographic engine in association with the browser.

In our view, the smart card will become the key to single signon mechanism. In the future, users would be able to log onto multiple servers with single smart card.


7.4.3 Smart card in Intrusion detection System as userprofile holder

More and more companies are using Intranets and Extranets as their secure transaction media. This raises the competitiveness of a company on the one hand but attracts misfeasors, masqueraders and clandestine users on the other hand.

Studies on intrusion detection [Pipkin1997, ISS, ISS1998, Sun] have shown that most intruders and hackers on Internet sites or enterprise networks are insiders of those sites. To fight against those intruders, userprofile based statistical anomaly detection would be a more suitable method than the misuse detection approach, especially within an enterprise network. However, where userprofiles should be stored is one of the main problems. This problem will become more prominent when a worldwide enterprise network is involved. If these profiles are stored only on one localized domain profile server, whenever a user needs to access the company network on business trips, one will have to either ask the network administrator to transfer one's profile to another site or to carry it to other sites by the users themselves. The best method is to allow the users to carry their profiles with them. As userprofiles contain sensitive data, they should be stored in a highly secure storage media, keeping intruders from accessing them. A most often suggested solution is to employ the smart card as the secure storage media [Gemplus1998c, Gemplus1998d, Gemplus1998e, SLB1998a].

With the use of smart card technology, data kept on the smart card could only be accessed or modified by the authorized users or system. Besides, with the computational power of the chip card, encryption and other secure authentication procedures could be performed entirely on the card, making the stored data more secure. Also, with the implementation of the PC/SC smart card standards, smart card will become a standard device on personal computers as well as Unix workstations. Furthermore, the computer logon authentication scheme will soon be implemented and used on Windows NT systems, so use of smart card in userprofile based intrusion detection system is a reasonable projection.


Figure 78. A simple diagram of Smart KIDS.

In an article presented in RAID 98 [Ieong1998b], we proposed a smart cardbased intrusion detection system called Smart KIDS (for enterprise network security protection). When an authorized user with a valid card access any machine on this enterprise network, the intrusion detection scheme starts automatically after authentication logon succeeded. Together with the authentication related personal information and enterprise related user privileges kept in the card, system security can be enforced. Additionally, with the user specific preferences stored, user preferences and system configuration could be restored after the logon procedure.

When a user logon to an enterprise network machine using this authentication scheme, all he/she needs to do is to insert his/her Smart KIDS card. The authentication process will be performed automatically and the agent residing on that machine will assign a routing table from that machine to the destined machines and gateway dynamically according to the network information obtained from the Smart KIDS card and the authentication server. This controls the accessibility of the user based on his/her identity and rights. User's behaviors are captured and together with the userprofile on the Smart KIDS card, a user's behavior "signature" is generated. This signature is generated by the statistical anomaly detection system that summarizes the user login and access times, most frequent logon location and files, and keystroke speed. Also, the agent will monitor and generate alerts if the user's


actions exceed the privilege s/he is entitled to. In case of a severe compromise, the machine will be disconnected from the network by disabling the routing table.

Based on this type of intrusion detection system, the smart card is used not only as an authentication mechanism, but also as a key component for hacker detection.

7.4.4 Biometric authentication

Usually, in a smart card application, user authentication is based on the PIN. However, authentication based on PIN is not a very convenient method especially when the user has a number of PINs and passwords to remember. The user may forget his PIN and cause the card to be disabled after multiple false attempts. Users are known to have intentionally disabled the PIN authentication function. As a result, the security of a smart card would be lost.

As biometric identification techniques such as fingerprint, voice, signature and iris pattern become more mature, more natural and unique identification techniques can be used in the smart card authentication procedure. According to a report in early 1998 by CardTech [CardTech1997], around 64% of the respondents agreed that biometrics technology could help in fighting against financial fraud within 5 years. Many companies have started to use this technique in securityrelated commercial markets such as ATM machines. Siemens has developed a fingerprint recognition system for use with the smart card. In the near future, biometric identification will be integrated in the smart card operating systems, so users could use a combined PIN and biometric authentication scheme. By using algorithms designed in the application development stage, more sophisticated authentication methods could be used.

We believe that in the near future, biometric identification on smart cards will soon replace the traditional authentication methods due to their ease of use and equally high accuracy.


8.SUMMARIES AND CONCLUSIONSBased on the report from Dataquest Inc., a unit of the Gartner Group, the

worldwide chip card market reached $1.4 billion in 1997. Driven by the strong sales in Europe, the market is forecast to continue to show strong growth with revenue reaching $6.8 billion in 2002. Europe was still the No. 1 region for chip card revenue. Around 76.8 percent of the worldwide market in 1997 was generated in the European market.

Regional chip card markets are undergoing changes. By 2002, Europe's share of the worldwide chip card revenue will decline to 47.8 percent, while Asia/Pacific will be the No. 2 region with 30.1 percent of worldwide sales. The Americas (not including the United States) will account for 8.6 percent of sales in 2002, and the United States will have 7.8 percent of chip card revenue [NewsEdge1998c]. Therefore the acceptance rate of smart card by Asia market is much higher than in the American market. In SJB Services’ report, the average annual growth of the smart card market is expected to be more than 50%. Although most of the cards are pay phone cards and twothird of the cards sold are not microprocessor cards, this trend will change. It is expected more card applications would be developed and most of them will require the use of microprocessor cards.

Two decades ago, the smart card was first introduced into the card market at almost the same time as magnetic stripe cards. However, because of high manufacturing cost and lack of applications, the smart card has not been widely accepted until the 1990s. Nowadays, smart card technology is becoming more mature. Many major chip manufacturers such as Motorola, Hitachi and Siemens have produced different card chips for different cards and for different purposes. The smart card is no longer tied to credit card in size and appearance. It is now available in miniature card size (in mobile phone) or even inside watches. Highly secure chip card manufacturing technology has also been developed for financial transaction related uses [Slb1998c]. With this technology, smart cards could be protected from hacking by mechanical or ebeam probing attacks.


Many card application developers had complained that the smart card development environment was not standardized so that development effort could not be reused. By the combined effort of smart card manufacturers, software and hardware vendors as well as operating system designers, the smart card development environment has changed. After the establishment of PC/SC and OCF architectures, software developers would not have to worry about the underlying device they are using. Applications built could be used on different card readers and even different cards (provided that the cards have the same size of memory, file structure and use the same commands) sharing the same standards. When these standards are widely adopted, smart card usage would be as simple as using a floppy drive. Hostside standards will become objectoriented and device independent.

The cardside standards are also undergoing a radical change. Before the announcement of Java Card, smart card operating systems are proprietary products. Traditional cardside software designs are usually confined to a particular card operating system. An application written for card type A will not run on card type B. Furthermore, these cards could only support one single application. The emergence of the Java Card has changed all that. Smart cards become the container for both data and program instead of only data. Rather than acting as a single application card, smart card becomes a multiple purpose card and can now handle more than one applications.

When Mondex and Microsoft entered the card OS market with their MULTOS and Smart Card OS, the trend in cardside standards becomes much clearer. Smart card OS will be converging towards multiapplications OS. A brand new card industry – card application developers will join the smart card market.

In the future, card applications would be downloadable onto any card. Even though in the current stage, there will be more than one development language to use for card application development (for instance, C language for MULTOS card, Visual C++ and Visual Basic for future Microsoft smart card, and Java for Java card), is likely that Java would be the common language for all future cards. This is because Sun Microsystems has already signed an agreement with Mondex for importing Java cardlets to the MULTOS card. Therefore it is reasonable to assume that Java will become one of the main development languages for cardside applications.


Smart cards have already been used in many applications. Uses of smart cards range from door access control to computer access logon, payphone to mobile phone, stored value card to electronic wallet, and campus identity card to national identification card. With the development of multifunctional cards, the functionality of cards could become much richer. Electronic wallet would be combined into the mobile telecommunication card. In fact, multiplepurpose smart cards have already been deployed in Hong Kong’s universities as their campus identification cards.

Barely a decade ago, smart cards could only be thought of as a standalone application on computer systems. Today, smart cards are no longer bounded to a standalone PC application. It is now a network application that could be further extended to be an enterprise network solution. With the use of the Open Card Framework and PC/SC technology, the smart card platform has migrated from a standalone machine platform to the Internet. By using Java together with their Java Native Interface, Javabased smart cards could be connected to a browser as an object with ease. In the future, smart cards would be used for accessing other devices over the Internet.

In a MORI report, 16% of the UK population (and more than 1/3 of all UK Internet users) have bought something online Bulletin in Internet Works, no 9 p1213 (August 1998) [Birch1998]. In a recent poll conducted for the Information Technology Association of America, it was found that 15% of Americans have purchased something online. The lack of a credit card was 5 times more frequently cited than the lack of a computer as a barrier to online shopping. Surfers were far more worried about online merchants misusing their personal information than they were about cyberspace thieves stealing their credit card information (28th June 1998).

With the use of smart card, online shopping customers will soon increase. Using a smart card as the digital certificate store, digital ID would become a portable personal identification document. Customers would be able to authenticate themselves when shopping on the Internet. Together with the use of electronic money, such as Mondex or Visa Cash, electronic money and digital identification card will soon become the only cards in the user’s wallets. Unfortunately, before electronic money becomes widely accepted by the market, a number of problems need to be solved. The most difficult problem to solve is the economic model of electronic cash in the traditional currency market [Rankl1997].


The smart card is not the main concern in the online electronic payment system; the payment protocol is. In our opinion, smart cards would be used everywhere for payment in the future, both online and offline. However, transactions based on smart cards should be restricted to small amounts, at least for the present, because the underlying payment protocol is not developed to be as secure as they need to be. In addition, privacy of the smart card user and bidirectional payment protocol are not yet available in current payment protocols [Hung1998a]. In fact, smart cards fit well into the model for high privacy electronic transactions. Protocols for this model have been described in our companion Electronic Payment Systems Handbook.

A few years ago, cryptography and security on smart cards were the greatest problems to be solved. Nowadays, cryptography on smart cards is quite mature. DES and RSA algorithms have already been implemented on smart cards. Hardware cryptographic modules have been imported to smart cards. As a result, encryption and decryption procedures are now much faster on the smart card. Newer and faster cryptographic algorithms, for instance, Elliptic Curve Cryptography [Boogaerts1998], have been introduced for the smart card. Even though modification and optimization of these ciphers are required, cryptographic issue is no longer the greatest problem to move smart card forward.

With the advance in biometric authentication technology, different biometric authentication schemes have already been used in various applications. Because this authentication needs the cooperation of the information owner to be used, no one would be able to use this information without the user’s approval. Furthermore, because a user may forget a PIN number but not his finger, so the biometric authentication scheme is much more convenient to use and is a natural move in smart card authentication. In the near future, biometric authentication technology would be integrated in the smart card.

More and more applications will make use of the authentication feature of smart cards. For instance, smart cards could be used in workflow control system as a controlling device. Based on this device, manufacturing procedures in the textile industry and financial institutes’ workflow or even normal office environment will benefit.

Other than workflow systems in the traditional office environment, the smart card can become the driving force for the small office and the home office as well as


electronic commerce. In the networked environment, network configuration and remote access services could be performed using the smart card to provide preference, authentication and configuration information.

The smart card currently is considered as a highly secure container. But its usefulness is not restricted to this function. It will soon become an extension of personal computers. Many new applications will emerge when the smart card and related technologies such as network technology advance. With new and innovative ideas, the smart card would become an essential component in our daily life.


GLOSSARYAPDU (Application Protocol Data Unit)

APDU is the basic command unit for a smart card. An APDU contains either a command message or a response message, sent from the interface device to the smart card or from the card to the device. See ISO 78163 standard for more information.

ATM

Automatic Teller Machine. A device that allows a bank account holder to carry out certain transactions using his bank card.

ATR (Answer To Reset)

A message that is returned by a smart card when it is powered up. The ATR indicates the card type, communication protocol and other basic information that is used to determine the parameters for the communication between the card and the interface device. This data is returned by the smart card when it is physically reset.

Authentication

Procedure to check that a card or a system is what it claims to be via a cryptographic process.

Biometrics

Technique using physical characteristics such as fingerprints, hand geometry, voice or signature characteristics, eye patterns, etc., of a person for identification purposes.

CA (Certification Authority)

The entity to certify the identity of one or more parties to an exchange or transaction.

Cardholder

Guide to Smart Card Technology Page 1 0 0

Generally the person to whom a nominative card is issued. For financial transaction cards, the cardholder is usually the customer associated with the primary account number recorded on the card.

Card issuer

An entity which issues users with cards.

Card manufacturer

An entity which produces the actual cards and incorporates modules in them.

COS (Card Operating System)

The microcode contained in the smart card ROM that is used for communicating with the smart card, managing security, and managing data in the smart card files.

Card owner

Owner of the card, usually also the user.

Card reader

Largely mechanical device, which receives data from an integrated circuit(s) card via galvanized contacts

Chip

Also known as integrated circuit. A piece of silicon etched with electronic circuits.

Combi Card

A card which uses both contact and contactless technology.

Contact

A point of electrical connection between an integrated circuit card and its external interface device. ISO standard IC cards have eight contacts (the contact plate is commonly called a module).

Contact Smart Card

A smart card that operates by physical contact between the reader and the smart card's different contacts.


Contactless Smart Card

A smart card that communicates with an antenna by means of a radio frequency signal. There is no need of physical contact between the card and a reader.

DEA (Data Encryption Algorithm)

Same as Data Encryption Standard Algorithm.

DF (Dedicated File)

A dedicated file is the memory organization for microprocessor cards. It is a logical entity that holds a number of elementary files (EF) or other dedicated files that is part of a smart card’s file system. In multipurpose cards (e.g., MPCOS) each DF will normally correspond to a distinct application.

DES (Data Encryption Standard)

Same as Data Encryption Algorithm. The most widely used method for "symmetric" encryption (i.e. using the same key for encryption and decryption). The main source is ANSI X3.92.

Digital Cash

This term is applied to various schemes which represent money using electronic means. In the smart card world, value is usually stored on a card known as an electronic purse. Digital cash, however, normally consists of software "certificates" or tokens which can be stored on computer, or transferred to another party as payment.

Digital Signature

An encrypted field, normally encrypted using the sender’s private key, which is attached to a message to prove its source and integrity.

EEPROM, E2PROM (Electrically Erasable Programmable Read Only Memory)

Chipcard memory which keeps its data without power supply. Memory whose contents can be loaded after manufacture. Contents can be erased and new data can be reloaded

EF (Elementary File)


An elementary file is the smallest logical entity that can be secured in the operating system. This memory organization is part of the smart card file system that contains application data.

Electronic Banking

Banking operation conducted by electronic means, especially electronic funds transfer.

Epurse (Electronic Purse)

A small portable device which contains electronic money. Smart card is the ideal device to implement an electronic purse. It is sometimes called the electronic wallet or the stored value card.

EMV

A cooperation of Europay, Mastercard and Visa to create global specifications for financial related smart cards

Encryption

Manipulating data to make it unreadable to anyone who does not possess the decryption key.

External Authentication

Access to the protected data will only be granted if a successful cryptographic authentication of the external world (e.g. a terminal or card reader) occurred previously.

FERAM (FerroElectric RAM)

Random access memory covered with an additional layer in a patented process to make it nonvolatile (i.e. it does not lose its memory when powered off). FERAM is much faster and uses less space than EEPROM, but the FERAM process is proprietary.

GSM (Global System for Mobile Communications)


It is a specification for an international, terrestrial mobile telephone system. Originally intended to cover a few countries in central Europe, it is increasingly developing into an international standard for mobile telephones

Hybrid Card

Hybrid cards are a combination of conventional smart cards with contacts and contactless cards. Here, the chip and the antenna are integrated in the same plastic card.

IC (Integrated Circuit)

An electronic circuit in which many active or passive elements are fabricated and connected together on a continuous substrate.

ICC (Integrated Circuit Card)

IC Card is equivalent to Smart Card. A card into which one or more ICs have been incorporated.

IFD (Interface Device)

Same as Card Accepting Device or ReadWrite Unit. It is equivalent to card reader.

Initialization

First stage of the card issuing process. The purpose of this process is to load the basic data and all the data common to one application into the smart card's EEPROM

Internal Authentication

Compute authentication data using challenge data sent from the host system and a relevant secret (e.g. a key) stored in the card.

Interoperability

The ability of products manufactured by different companies to operate correctly with one another.

I/O (Input/Output)


The process or devices that move information between the Central Processing Unit and peripherals.

ISO (International Standards Organization)

The international standard ISO 7816 defines the characteristics and interfaces of a smart card. To ensure that semiconductor companies, software developers and smart card makers comply with the same specifications, a number of international standards have been drawn up. These include:

ISO 78161

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 1: Physical Characteristics of IC cards

ISO 78162

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 2: Position of module and contacts on IC cards

ISO 78163

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 3: Electronic signal and transmission protocol with IC cards (i.e., communication between readers and cards)

ISO 78164

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 4: Command set for microprocessor cards

ISO 78165

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 5: Numbering system and registration procedures for application Identifiers

ISO 78166

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 6: Interindustry data elements (Draft International Standard)

ISO 78167


Identification Cards, Integrated Circuit(s) Cards with Contacts Part 7: Enhanced interindustry commands

ISO 78168

Identification Cards, Integrated Circuit(s) Cards with Contacts Part 8: Enhanced identification cards, integrated circuit(s) cards with contacts

Java Card

Schlumberger and Gemplus have developed specifications for running a subset of the Java language on a smart card. Java is an open, machineindependent language which offers a high level of protection between applications; it is thus well suited to a multiapplication smart card, although it imposes a higher overhead than conventional smart card operating systems.

Keys

In a modern encryption system, the algorithm is generally assumed to be known, and what is kept secret is the key. There are many different forms of key, each of which can be regarded as a string of meaningless bits until it is used to encode or decode a message.

MAC (Message Authentication Code)

A cryptographic checksum used to detect whether data is authentic and has not been modified.

Magnetic Stripe card

Card with a magnetic stripe serving as a data carrier

Masked Function

A function that is manufactured into the original chip (see also Filtered Function).

Memory

General term for computer hardware that stores information in electrical or magnetic form.

Memory Card


A plastic card with a simple memory chip with read and write capability.

MF (Master File)

The master file of a smart card's file system is a special dedicated file that represents the root of the file system. This file is unique and obligatory. It has its own security attributes and may contain DFs and/or EFs. After a reset or power up, this file is automatically selected by the operating system. The master file on an ISO 7816compliant smart card has the file identifier 3F0016.

MFC (MultiFunction Card)

A smart card that could handle more than one application.

Microprocessor

A chip that serves as the Central Processing Unit controlling a computer. It provides programmable intelligence.

Mondex

A smart card operating system developed by NatWest in the UK and also an ecash smart card that supports direct transfer of value from one card to another.

OCF (OpenCard Framework)

The OpenCard Framework is an architecture for cards and terminals intended to standardise the development of smart card and terminal applications. It is promoted by Apple, IBM, Netscape, NCI, and Sun, and is strongly linked with Java developments in the same area.

PC/SC (Personal Computer/Smart Card) Workgroup

A group of leading personal computer and smart card companies, founded to work on open specifications to integrate smart cards with personal computers.

Personalization

The process during which individual data are loaded into the chip. Typically performed together with the printing of personal data (name, IDnumber, picture, etc.) and a card number onto the plastic card. In some cases a magnetic stripe is also encoded at the same time. There are usually two sorts of personalization:


graphical and electrical. Graphical personalization modifies the visual aspect of the card (holder's name, photograph) electrical personalization modifies the information held in electronic form.

PIN (Personal Identification Number)

A PIN is a personal identification number used to lock and unlock cards.

PKA (Public Key Algorithm)

A cryptographic algorithm in which encryption and decryption are performed using two different keys, one of which is referred to as the public key and one of which is referred to as the private key. The public key is published and available to anyone wishing to send an encrypted message to the holder of the private key. Receiver of the message could also use the public key to verify the identity of the sender.

POS (Point of Sale)

POS terminals (in comparison to central terminal) are the locations at which a transaction is contracted.

PrePaid Card

A card paid for at the point of sale, and permitting the holder to buy goods or services usually of a particular type up to the prepaid value. Not all such cards are ISO standard identification cards because some do not show the identity of the bearer (e.g., phone cards, transportation cards).

Private Key

A key only known to the owner. A cryptographic key known only to the owner. Or, the secret component of an asymmetric cryptographic key.

Protocol

A set of rules and procedures governing interchange of information between a smart card and a reader. The ISO defines several protocols, including T=0, T=1 and T=14

Public Key

The publicly available and distributed component of an asymmetric cryptographic key.


RAM (RandomAccess Memory)

A volatile memory that is used as a scratchpad by the microprocessor in certain smart cards.

ROM (ReadOnly Memory)

A memory in which the information can be read but not written. Chip operating systems are normally masked into the ROM, which is also referred to as firmware.

RSA

A public key algorithm named according to its inventors Rivest, Shamir, Adleman.

SAM (Security Access Module)

A dedicated microprocessor unit that enables active authentication with appropriate memory or microprocessor card.

Session

Period of time between two card resets, or between power up and a power down.

Session key

A random number generated to server as a key for a specific transaction or set of transactions.

SET (Secure Electronic Transaction)

A technology developed by a group of companies including IBM and Visa for customertobusiness type ecommerce. The vehicle for transaction used are mainly credit cards.

SIM (Subscriber Identification Module)

A specific type of smart card for GSM systems holding the subscriber's ID number, thus allowing him to call from any GSM device.

Smart Card

A smart card or chip card is a plastic card with an embedded microchip.

Stored Value Card


A card which is used to store value such as loyalty points or credit for canteen meals. In Europe, the term is used to denote a card which is issued and redeemed within a closed circuit, in contrast with an electronic purse, which can be used to buy goods and services in the open market. In the USA, the term "stored value card" is used more widely, and can denote an electronic purse.

TPDU (Transmission Protocol Data Unit)

A block of data sent from the smart card to the host application.

T=0, T=1, T=14

The asynchronous character and block protocols respectively defined by ISO 7816 part 3.

Volatile Memory

A memory device that does not retain stored information when power is interrupted (e.g., RAM).


REFERENCES[ADE] ADE, “What is a CombiCard?”, ADE, http://www.combicard.com/What%20is%20a%20CombiCard.htm

[Bull1998] Bull Groupe, “Smart Card’s World Applications”, CP8 Transac, Bull Groupe, 1998, http://www.cp8.bull.net/scworld/applica.htm

[Birch1998] Dave Birch, “Smartcards & ECommerce: ECommerce Security in Context”, Scandicards 1998, http://www.hyperion.co.uk

[Boogaerts1998] Therese Boogaerts, “Implementation of elliptic curves cryptosystems for smart cards”, CARDIS’98, 1998

[CardTech1997] CardTech/SecurTech, “CTST Attendee Survey Shows Pragmatic Optimism”, CardTech/SecurTech, 1998, http://www.ctst.com/survey.htm

[CardTech1998a] Faulkner & Gray, Inc., “Smart Card Sales at a Glance: Industry Ranking”, http://cardtech.faulknergray.com/ranking.htm

[Chan1998] PuiNang Chan, Samuel T. Chanson, Ricci Ieong, and James Pang, "Smart Card Payment over Internet with Privacy Protection", CARDIS'98, 1998

[Chaum1989] David Chaum, “International Smart Card 2000 Conference”, Smart Card 2000 Conference, Amsterdam, October 1989

[Chen1998] Zhiqun Chen and Rinaldo Di Giorgio, “Understanding Java Card 2.0”, March 1998, http://www.javaworld.com/javaworld/jw021998/jw03javadev.html

[CityU1997] Technical Team, CSC, “Technology Information Series: Smartcard, RFID and Related Information”, City University of Hong Kong, 1997, http://cctpwww.cityu.edu.hk/computer/c3smartcard.htm

[Clemons1997] Eric K. Clemons, David C. Croson, and Bruce W. Weber, “Reengineering Money: The Mondex Stored Value Card and Beyond”, International Journal of Electronic Commerce, Winter 199697, Vol. 1, No. 2, pp. 531


http://cctpwww.cityu.edu.hk/computer/c3-smartcard.htm

http://www.javaworld.com/javaworld/jw-02-1998/jw-03-javadev.html

http://cardtech.faulknergray.com/ranking.htm

http://www.ctst.com/survey.htm

http://www.hyperion.co.uk/

http://www.cp8.bull.net/scworld/applica.htm

http://www.combi-card.com/What%20is%20a%20CombiCard.htm

http://www.combi-card.com/What%20is%20a%20CombiCard.htm

[Crosbie] M. Crosbie and K. Price, “Intrusion Detection Systems”, http://www.cs.purdue.edu/coast/intrusiondetection/ids.html

[Devargas1992] M. Devargas, “Smart cards and memory cards”, NCC Blackwell, Manchester, 1992.

[DigiCash1994] David Chaum, “Prepaid Smart Card Techniques: A Brief Introduction and Comparison”, DigiCash, 1994, http://www.digicash.com/news/archive/cardcom.html

[DigiCash1996] DigiCash, “Digital Signatures and Smart Cards”, 3rd International Smart Card Conference, Amsterdam, March 1996, http://www.digicash.com/news/archive/digbig.html

[DiGiorgio1997a] Rinaldo Di Giorgio, “Smart cards: A primer”, JavaWorld, December 1997, http://www.javaworld.com/jw121997/jw12javadev.html

[DiGiorgio1997b] Rinaldo Di Giorgio, “Interview: Smart card guru answers questions”, JavaWorld, December 1997, http://www.javaworld.com/jw121997/jw12javadev.interview.html

[DiGiorgio1998a] Rinaldo Di Giorgio, “Smart cards and the OpenCard Framework”, JavaWorld, January 1998, http://www.javaworld.com/jw011998/jw01javadev.html

[DuCastel98] CyberFlex Live!, winter 1998, p6

[Ferranti1997] Marc Ferranti, “Netscape Embraces Smart Card Standard”, August 7, 1997, IDG News Service

[Fung&Leung1998] Andy O. T. Fung and Ivan K. K. Leung, “Final Year Project 9899, A Contact Smart Card Development System Report”, September 1998

[Gemplus9801] Gemplus and Electronic Commerce, http://www.gemplus.com/applications/electronic_commerce.htm

[Gemplus1998a] Gemplus S. C. A., “Gemplus Previews Windows NT 5.0 SecureLogon With Smart Cards At CardTech/SecurTech’98”, April 1998, http://www.gemplus.com/presse/1998/windows_nt5.htm

[Gemplus 1998b] Gemplus S. C. A., “Frequently Asked Questions Java Card and GemXpresso RAD”, March 1998,


http://www.gemplus.com/presse/1998/windows_nt5.htm

http://www.gemplus.com/applications/electronic_commerce.htm

http://www.javaworld.com/jw-01-1998/jw-01-javadev.html

http://www.javaworld.com/jw-12-1997/jw-12-javadev.interview.html


http://www.digicash.com/news/archive/digbig.html

http://www.digicash.com/news/archive/cardcom.html

http://www.cs.purdue.edu/coast/intrusion-detection/ids.html

https://store.gemplus.com/WebObjects/Gemplus.woa/Resources/Cache/GemXpresso_Whitepaper.htm

[Gemplus1998c] Gemplus S. C. A., “Smart Cards and the Internet”, http://www.gemplus.com/welcome/internet.htm

[Gemplus1998d] Gemplus S. C. A., “Smart Card Applications”, http://www.gemplus.com/application.htm

[Gemplus1998e] Gemplus S. C. A., “What is a Smart Card?”, http://www.gemplus.com/welcome/what_is.htm

[Gemplus1998f] Gemplus S. C. A. “Information Technology: Network Security”, http://www.gemplus.com/app/it/netsecurity.htm

[Gemplus 1998g] Gemplus S. C. A. “Smart Card Terms”, http://www.gemplus.fr/basics/terms.htm

[GIE1997] Groupement des Cartes Bancaires, “ChipSecure Electronic Transaction (CSET) Security Architecture”, 29 January 1997

[Gorman1997] Trisha Gorman, “Smart cards come to the Web are you ready?”, March 1997, NetscapeWorld, http://www.netscapeworld.com/netscapeworld/nw031997/nw03smartcard.html

[Guthery1998] Scott B. Guthery and Timothy M. Jurgensen, “Smart Card Developer’s Kit”, Macmillian Technical Publishing, Indianapolis, Indiana, 1998, http://www.scdk.com/

[Hickman9801] PC Magazine Online Trends: Smart cards go Java http://www.zdnet.com/pcmag/news/trends/t980116a.htm

[HKSAR1997] The Hong Kong Electronic Industries Association Ltd., “Study on the impact of the Development and Manufacturing Technology of Smart Card products to the Hong Kong electronic industry”, October 1997, Hong Kong SAR Government Industry Department

[Hung1998] Hung, C. K. Patrick, and Ieong, S. C. Ricci, "Security and Privacy issues on Smart Card Payment on Web", CSCWID'98, July 1997


http://www.zdnet.com/pcmag/news/trends/t980116a.htm

http://www.scdk.com/

http://www.netscapeworld.com/netscapeworld/nw-03-1997/nw-03-smartcard.html

http://www.gemplus.fr/basics/terms.htm

http://www.gemplus.com/app/it/netsecurity.htm

http://www.gemplus.com/welcome/what_is.htm

http://www.gemplus.com/application.htm

http://www.gemplus.com/welcome/internet.htm



[IBM0597] IBM & Siemens in Smart card partnership, http://www.chipcard.ibm.com/siemens.html

[IBM1998a] IBM ChipCard, “IBM Smart Card Solution Elements – Technical Overview”, IBM, 1998, http://www.chipcard.ibm.com/overview/sc_2.htm

[IBM1998b] IBM ChipCard, “IBM Smart Card Solution Elements – Technical Overview – Glossary”, IBM, 1998, http://www.chipcard.ibm.com/overview/sc_6.htm

[Ieong1998b] Ricci Ieong, James Pang, “Enhanced network intrusion detection in a smart enterprise”, RAID98, 1998, http://www.zurich.ibm.com/~dac/Prog_RAID98/Talks.html#Ieong_25

[ISS] Internet Security System Inc., “Understanding the Risk”, http://www.iss.net/prod/utr.html

[ISS1998] Internet Security System Inc., “Adaptive Security Model, A Model Solution A Solution Model”, June 1998, http://www.iss.net/prod/asm2_wp/asm2_wp3002.html

[JavaSun1] Smart Card Overview, http://java.sun.com/products/javacard/smartcards.html

[Klaus1998] Klaus Vedder and Franz Weikmann, “Smart Cards: Requirements, Properties and Applications”, Giesecke& Devrient GmbH, http://www.gdm.de/products/card/pay+mm/vortrag/vortrag.htm

[Lavare] Bo Lavare, “Smartcard security information page”, October 13, 1998, http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm

[McCrindle1990] John A. McCrindle, “Smart cards”, SpringerVerlag, Kempston, 1990.

[Michigan9701] Ubiquitous Smartcards at the University of Michigan http://www.citi.umich.edu/projects/sinciti/smartcard/smartcardvision.htm

[Microsoft1997a] Microsoft TechNet, “Smart Cards (Windows NT 4.0 and 5.0, Windows 95 and 98) White Paper”, NT Server Technical Notes, Microsoft TechNet, September 1997


http://www.citi.umich.edu/projects/sinciti/smartcard/smartcard-vision.htm

http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm

http://www.gdm.de/products/card/pay+mm/vortrag/vortrag.htm

http://java.sun.com/products/javacard/smartcards.html

http://www.iss.net/prod/asm-2_wp/asm-2_wp3002.html

http://www.iss.net/prod/utr.html

http://www.zurich.ibm.com/~dac/Prog_RAID98/Talks.html#Ieong_25

http://www.chipcard.ibm.com/overview/sc_6.htm


http://www.chipcard.ibm.com/siemens.html

[Microsoft1998a] Microsoft Corporation, “Microsoft enters the smart card market with lowcost, easytouse approach”, Microsoft Corporation, http://www.microsoft.com/presspass/features/1027smartcard.htm

[Microsoft1998b] Microsoft, “Smart Card for Windows: Backgrounder”, October 1998, http://microsoft.com/windowsce/smartcard/datasheet.asp

[Microsoft1998c] Microsoft, “Smart Card for Windows: Backgrounder, the Smart Card Market Opportunity”, October 1998, http://www.microsoft.com/presspass/features/smartcardbg.htm

[Microsoft1998d] Microsoft, “Windows NT 5.0: Smart Card Certificate Enrollment”, 1998, http://ntbeta.microsoft.com/Documentation/Doc.asp

[Microsoft1998e] Microsoft, “Windows NT 5.0: Smart Card Log On to Windows NT 5.0”, 1998, http://ntbeta.microsoft.com/Documentation/Doc.asp

[MPACT9707] MPACT Immedia takes aim at Internet Smartcard purchasing, http://www.mpactimmedia.com/pr/1997/canarie.htm

[Multos] Maosco Ltd., “Multos smartcard”, http://www.multos.com

[NCWorld9706] http://www.ncworldmag.com/ncworld/ncw061997/ncw06newsbriefs.htm

[NewsEdge1998a] NewsEdge, “Visa International Expands Reach of Visa Open Platform Into Telecommunications Industry Joint Development with ETSI of Standards for SIM Cards”, NewsPage, October 27, 1998

[NewsEdge1998b] NewsEdge, “Frost & Sullivan Analyzes Microsoft’s Unveiling of its SmartCard Operating System”, NewsPage, October 28, 1998, http://www.newspage.com/cgibin/NA.GetStory?story=p1027154.301&date=19981028&Query=smart+cards

[NewsEdge1998c] NewsEdge, “Worldwide Chip Card Market Forecast to Reach $6.8 Billion by 2002, According to GartnerGroup`s Dataquest; New Report Provides Detailed FiveYear Forecast for the Industry”, NewsPage, November 3, 1998, http://www.newspage.com/cgibin/NA.GetStory?story=b1102082.101&date=19981103&Query=smart+cards


http://www.newspage.com/cgi-bin/NA.GetStory?story=b1102082.101&date=19981103&Query=smart+cards


http://www.newspage.com/cgi-bin/NA.GetStory?story=p1027154.301&date=19981028&Query=smart+cards

http://www.newspage.com/cgi-bin/NA.GetStory?story=p1027154.301&date=19981028&Query=smart+cards

http://www.ncworldmag.com/ncworld/ncw-06-1997/ncw-06-newsbriefs.htm

http://www.ncworldmag.com/ncworld/ncw-06-1997/ncw-06-newsbriefs.htm

http://www.multos.com/

http://www.mpactimmedia.com/pr/1997/canarie.htm

http://ntbeta.microsoft.com/Documentation/Doc.asp


http://www.microsoft.com/presspass/features/smartcardbg.htm

http://microsoft.com/windowsce/smartcard/datasheet.asp

http://www.microsoft.com/presspass/features/10-27smartcard.htm

[NewsEdge1998d] NewsEdge, “Smart Card Market to Reach 3.8 Billion Cards by Year 2000; Average Annual Increase of 52 Percent”, NewsPage, September 1998, http://www.newspage.com/cgibin/NA.GetStory?story=b0923112.901&date=19980924&Query=smart+cards

[Priisalu1995] Jaan Priisalu, “A Frequently Asked Questions list (FAQ) for alt.technology.smartcards, 1995, http://www.ioc.ee/atsc/faq.html

[PCSC1996] PC/SC Workgroup, “PC/SC Workgroup, Integrating PC's and Smart Cards”, http://www.smartcardsys.com/

[Pipkin1997] Donald L. Pipkin, "Halting the Hacker, a practical Guide to Computer Security", Prentice Hall PTR, Upper Saddle River, New Jersey, 1997

[Rankl1997] W. Rankl and W. Effing, “Smart Card Handbook”, John Wiley & Sons Ltd., Chichester, 1997

[Sarlin1996a] Philippe Sarlin, “PC/SC Technical Overview”, PC/SC Workgroup, http://www.smartcardsys.com/doc/CTST2doc.zip, December 1996

[Schaeck1998a] Thomas Schaeck and Rinaldo Di Giorgio, “How to write OpenCard card services for Java Card applets”, JavaWorld, Oct 1998, http://www.javaworld.com/javaworld/jw101998/jw10javadev.html

[Scourias] John Scourias, “Overview of the Global System for Mobile Communications”, http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html

[Slb9704] FirstEver JavaBased Smart card Demonstrated by Schlumberger, http://222.slb.com/ir/news/etjava0497.html

[Slb9710] World's First 'Java SIM card' released for Trials Heralding Upgrade to Open MultiApplication Environment for Mobile Comms

[Slb1998a] Schlumberger Limited, “Smart Card Technology”, http://www.slb.com/smartcards/technology.html

[Slb1998b] Schlumberger Limited, “Cyberflex 2.0 Multi 8K”, http://www.cyberflex.austin.et.slb.com/cyberflex/cyberhome3.htm


http://www.cyberflex.austin.et.slb.com/cyberflex/cyberhome3.htm

http://www.slb.com/smartcards/technology.html

http://222.slb.com/ir/news/et-java0497.html

http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html


http://www.smartcardsys.com/doc/CTST-2doc.zip


http://www.ioc.ee/atsc/faq.html



[Slb1998c] Schlumberger, “World First: Smart Card Security Breakthrough Prepares Industry for Future Applications”, October 27, 1998, http://www.slb.com/ir/news/sctsishell1098.htm

[Taschler1997] Scott Taschler, “Technical Introduction to SignaSURE CIP White Paper”, September 30, 1997, http://ww.datakey.com/White_Papers/cip_whitepaper.htm

[Verisign9701] Verisign Announces First online issurance of digital IDs on Smart card. http://www.verisign.com/pr/pr_smartcard.html

[Visa1998] Visa, “The Open Platform Technology: Overview”, http://www.visa.com/cgibin/vee/nt/suppliers/open/tech.html


http://www.visa.com/cgi-bin/vee/nt/suppliers/open/tech.html

http://www.verisign.com/pr/pr_smartcard.html

http://ww.datakey.com/White_Papers/cip_whitepaper.htm

http://www.slb.com/ir/news/sct-sishell1098.htm

http://www.slb.com/ir/news/sct-sishell1098.htm

Part IV. Appendices


APPENDIXA. Price Comparison of different cards and

readersThe price and feature comparison shown below is obtained from the Internet and

the sales department of three smart card companies in Hong Kong (Advanced Card Systems, Gemplus and Schlumberger). The price may not be reflecting the true selling price. It is just for reference. For more detail prices of these cards, please contact them directly.

Smart Cards

Categories of Cards

Company and Card name

Description Price of the Card

Magnetic Stripe Card

US$0.20 0.751


Smart Card

Memory Card General InformationUS$1 $20

(1K Card US$ 1.0 – 2.5)

Contact CPU Card

General InformationUS$1 US$20

(8K Card US$ 7 – 15) *

Schlumberger/ Cyberflex Open 16K

Java Card, 16K EEPROM, 8bit

processorUS$ 18.67

Schlumberger/ MultiflexMultipurpose, 3K EEPROM, 8bit

processor

US$ 5.63 (without any printing, and quantities

below 1000)

Schlumberger/ MultiflexMultipurpose, 8K EEPROM, 8bit

processor


below 1000)

Schlumberger/ Payflex

Multipurpose, 1K EEPROM, 8bit processor with

electronic purse function


below 1000)

Schlumberger/ Payflex

Multipurpose, 4K EEPROM, 8bit processor with



below 1000)

Schlumberger/ Cryptoflex

Multipurpose, 4K EEPROM, on board

RSA 1024, DES, TripleDES signature and key

US$ 12.95

Schlumberger/ Cryptoflex

Multipurpose, 8K EEPROM, on board

RSA 1024, DES, TripleDES signature and key

US$ 14.52

Schlumberger/ SIMflexMultipurpose, 3K

EEPROMUS$ 3.71


EEPROMUS$ 4.46


EEPROMUS$ 7.07

ACS/ ACOS1

Multipurpose, 1K EEPROM, 8bit processor, with


US$ 3.5 (Sample quantity)

Gemplus/ GemXpressoJava Card 2.0, 4K EEPROM, 32bit US$ 130


Card Readers

Categories of cards

Company and Card name

DescriptionPrice of Reader

Magnetic Stripe Card General information US$ 7501

Smart Card

Memory Card Reader

General information US$ 500

Contact CPU Card Reader

General information US$ 500

Schlumberger/ Reflex 60 ISO 7816 compatible US$ 74

Schlumberger/ Reflex 72ISO 7816 compatible, PC/SC

supportedUS$ 100

ACS/ ACR10 Support all memory cards only HK$ 500

ACS/ ACR20ISO 7816 compatible, PC/SC

supportedHK$ 600

Gemplus/ Gem410XISO 7816 compatible, PC/SC

supportedUS$ 100

Contactless Card Reader

General information US$1000


Smart Card Application Development Kit

Categories of cards Company name Description Price of Reader

Cyberflex Open16K Development Kit Schlumberger2 Cyberflex Open16K Cards, 1 Reader, 1

Toolkit DocumentationUS$ 499

The ACOS1 Evaluation Kit Advanced Card Systems

ACR20 reader/writer, ACR20 reader/writer

User Guide, 16 bit and 32 bit libraries and

drivers for development, PC/SC

compatible IFD handler

US$ 120

GemXpresso RAD 1.0 Gemplus

2 GemXpresso Applet Prototyping Cards, 1 GemXpresso Support

Card for online support access, 1 standalone reader

US$ 799


B. ResourcesMost recent information about smart card technology can be found on the

Internet. The following sites and books may be useful for people to learn more about smart card.

Collections of Smart Card Books

Catherine A. Allen, William J. Barr, Ron Schultz, “Smart cards : seizing strategic business opportunities”, Irwin Professional Pub., Chicago, 1997

Scott B. Guthery and Timothy M. Jurgensen, “Smart Card Developer’s Kit”, Macmillian Technical Publishing, Indianapolis, Indiana, 1998, http://www.scdk.com/

The Hong Kong Electronic Industries Association Ltd., “Study on the impact of the Development and Manufacturing Technology of Smart Card products to the Hong Kong electronic industry”, October 1997, Hong Kong SAR Government Industry Department

Hendry, Michael, “Smart card security and applications”, Artech House, Boston, Mass, 1997

Microsoft TechNet, “Smart Cards (Windows NT 4.0 and 5.0, Windows 95 and 98) White Paper”, NT Server Technical Notes, Microsoft TechNet, September 1997

W. Rankl and W. Effing, “Smart Card Handbook”, John Wiley & Sons Ltd., Chichester, 1997

Collections of General Smart Card Internet Resources

David B Everett, “Smart Card Technology: Introduction To Smart Cards”, http://www.smartcard.co.uk/tech1.html

Trisha Gorman, “Smart cards come to the Web are you ready?”, March 1997, NetscapeWorld, http://www.netscapeworld.com/netscapeworld/nw031997/nw03smartcard.html




http://www.smartcard.co.uk/tech1.html

http://www.scdk.com/

IBM ChipCard, “IBM Smart Card Solution Elements – Technical Overview”, 1998, IBM, http://www.chipcard.ibm.com/overview/sc_2.htm

JavaWorld, “A Collection of Smart Card urls organized by topic, Smart card FAQ”, http://www.javaworld.com/javaworld/jw121997/javadev/SmartCardList.html

Klaus Vedder and Franz Weikmann, “Smart Cards: Requirements, Properties and Applications”, Giesecke& Devrient GmbH, http://www.gdm.de/products/card/pay+mm/vortrag/vortrag.htm

Jaan Priisalu, “A Frequently Asked Questions list (FAQ) for alt.technology.smartcards, 1995, http://www.ioc.ee/atsc/faq.html

PC/SC Workgroup, “PC/SC Workgroup, Integrating PC's and Smart Cards”, http://www.smartcardsys.com/

Philippe Sarlin, “PC/SC Technical Overview”, PC/SC Workgroup, http://www.smartcardsys.com/doc/CTST2doc.zip, December 1996

Smart Card Search Engine, http://www.smartcardsearch.com/

Collections of Java Card Technology on Internet

Zhiqun Chen and Rinaldo Di Giorgio, “Understanding Java Card 2.0”, March 1998, http://www.javaworld.com/javaworld/jw021998/jw03javadev.html

Rinaldo Di Giorgio, “Smart cards and the OpenCard Framework”, JavaWorld, January 1998, http://www.javaworld.com/jw011998/jw01javadev.html

Rinaldo Di Giorgio, “Smart cards: A primer”, JavaWorld, December 1997, http://www.javaworld.com/jw121997/jw12javadev.html

Rinaldo Di Giorgio, “Interview: Smart card guru answers questions”, JavaWorld, December 1997, http://www.javaworld.com/jw121997/jw12javadev.interview.html

Gemplus S. C. A., “Frequently Asked Questions Java Card and GemXpresso RAD”, March 1998, https://store.gemplus.com/WebObjects/Gemplus.woa/Resources/Cache/GemXpresso_Whitepaper.htm

Smart Card Overview, http://java.sun.com/products/javacard/smartcards.html


http://java.sun.com/products/javacard/smartcards.html



http://www.javaworld.com/jw-12-1997/jw-12-javadev.interview.html




http://www.smartcardsearch.com/

http://www.smartcardsys.com/doc/CTST-2doc.zip


http://www.ioc.ee/atsc/faq.html



http://www.javaworld.com/javaworld/jw-12-1997/javadev/SmartCardList.html


Thomas Schaeck and Rinaldo Di Giorgio, “How to write OpenCard card services for Java Card applets”, JavaWorld, Oct 1998, http://www.javaworld.com/javaworld/jw101998/jw10javadev.html

Schlumberger Limited, “Cyberflex Card”, http://www.cyberflex.slb.com

Collections of Smart Card Security Technology on Internet

David Chaum, “Prepaid Smart Card Techniques: A Brief Introduction and Comparison”, DigiCash, 1994, http://www.digicash.com/news/archive/cardcom.html

DigiCash, “Digital Signatures and Smart Cards”, 3rd International Smart Card Conference, Amsterdam, March 1996, http://www.digicash.com/news/archive/digbig.html

Gemplus S. C. A., “Gemplus Previews Windows NT 5.0 SecureLogon With Smart Cards At CardTech/SecurTech’98”, April 1998, http://www.gemplus.com/presse/1998/windows_nt5.htm

Bo Lavare, “Smartcard security information page”, October 13, 1998, http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm

Microsoft, “Windows NT 5.0: Smart Card Certificate Enrollment”, 1998, http://ntbeta.microsoft.com/Documentation/Doc.asp

Microsoft, “Windows NT 5.0: Smart Card Log On to Windows NT 5.0”, 1998, http://ntbeta.microsoft.com/Documentation/Doc.asp

Scott Taschler, “Technical Introduction to SignaSURE CIP White Paper”, September 30, 1997, http://ww.datakey.com/White_Papers/cip_whitepaper.htm

Verisign Announces First online issurance of digital IDs on Smart card. http://www.verisign.com/pr/pr_smartcard.html

Collections of Smart Card Payment Technology on Internet

Electronic Trading Concept, Electronic Commerce Resources: Smart Cards, http://www.etc.com.au/smart_cards/


http://www.etc.com.au/smart_cards/

http://www.verisign.com/pr/pr_smartcard.html

http://ww.datakey.com/White_Papers/cip_whitepaper.htm



http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm

http://www.gemplus.com/presse/1998/windows_nt5.htm

http://www.digicash.com/news/archive/digbig.html

http://www.digicash.com/news/archive/cardcom.html

http://www.cyberflex.slb.com/


Gemplus and Electronic Commerce, http://www.gemplus.com/applications/electronic_commerce.htm

Maosco Ltd., “Multos smartcard”, http://www.multos.com

Visa, “The Open Platform Technology: Overview”, http://www.visa.com/cgibin/vee/nt/suppliers/open/tech.html




http://www.multos.com/

http://www.gemplus.com/applications/electronic_commerce.htm

Documents

Smart Card - Introduction to Smart Card Technology