smart card operating systems - faculty.kfupm.edu.sa

Smart Cards Introduction

Part 3 :Part 3 :

Smart card Smart card operating systemsoperating systems


Smart Card Operating System (COS)Smart Card Operating System (COS)

n Why a COS?uMain OS families

n ISO/IEC 7816ucommunication protocolsudata organization (file structure)ucommandsuExample: WG10-compliant IEP

n The trend towards Open OSn Contactless smart cards OS constraintsn Security


An Operating System on a Chip An Operating System on a Chip What is a COS?What is a COS?

n A software specific to each smart card manufacturer

n Loaded and protected in the chip ROM by the chip manufacturerua MASK is created

n A mask contains general-purpose core routines which serve as an interface with a micro-controller

n Special-purpose application programs are stored in EEPROM. uThey are be built on top of

core routines using them as necessary

ROM RAM

CPU EEPROMSECURITY

OS

Chip Organization

EPROM

ØDesigned by GemplusØLoaded by chip manufacturers


Card OS role Card OS role

Operating systems are the core of smart cards

n An operating system handles :u File managementu Security (managing and executing cryptographic

algorithms)u I/O (transferring data to and from the smart cards)u Controlling the execution of commands u Applications u API, …

Similar to the OS of PCs with less memory, more security, and no user (human) interface


Command processing Command processing

n The smart card receives each command via the serial I/O interfaceu The I/O manager executes error detection mechanism

4 The I/O manager is fully independent of other, higher layers

n After a command has been completely received without error, the secure messaging manager must decrypt the message and test its integrity u If the integrity check is OK, the command interpreter decodes

the command. 4 If not possible, the return code manager is called. 4 If decoding is OK, the logical channel manager determines

which channel has been selected, switches over to its state and calls the state machine


Command processing (cont)Command processing (cont)

n The state machines define instruction sequences. They become active when in first instruction of a sequence has been sent to a card.

n The state machine checks whether the command and accompanying parameters are actually permitted in the current state of a Smart Card. u If yes, the actual code of the application command that carries

out the processing of the received command is executed. u If the command is prohibited in a current state, or if its

parameters are not allowed, the terminal receives a message to this effect via the return code manager and I/O manager.



n If it is necessary to access a file while processing a command, the file manager is called.

4 It converts a logical address of the file into its physical address on a chip

4 It also monitors all addresses with regards to region boundaries

4 It tests the access conditions for the file in questionu The file manager itself utilizes a lower-level memory

manager which is responsible for the entire management of the EEPROM. 4Only the memory manager works with physical addresses,

which increases security and portability of OS.



n The return code manager is responsible for generating an answer code.u It produces a complete answer for the program segment

which was called and sends it back to the terminal via I/O manager.

uMay be different return code managers for different applications.

n Usually, there is a dedicated library of cryptographic functions which serves all other modules. It is separate from the rest of the system.


To add new featuresTo add new features

n A FILTER adds new features to an existing COSuSoftware routine stored in the EEPROM uOnly accessible by the COS

n Transition to a new productn Applets are coming up

ROM RAM

CPU EEPROM

SECURITY

COS

Filter

Chip Organization


Main COS FamiliesMain COS Families

n SIM (Subscriber ID module) cardsuGSM 11.11 (TE9), 11.14, OTA 03.48

n Debit/CredituEMV, VISA

n Electronic PurseuWG10, MPCOS, CEPS

n DataBaseu7816-7

n LoyaltyuSimple with counters & rules

n Public Key for ITn Access (GemSafe)


Major standardsMajor standards

n ISO 7810 : plastic cards, dimensionsn ISO 7811 parts 1-6 : ID Cardsn ISO 7816 parts 1-8 : contact integrated circuit cardsn ISO 10536 parts 1-4 : close coupling cardsn ISO 14443 parts 1-4 : remote coupling cards

n US standards :u FIPS-46 : Data encryption standardsu FIPS-81 : DES modes of operationu FIPS-180-1 : secure hash standardsu FIPS-186 : Digital Signature Standards

n GSM (ETSI for 3G, EMV (Europay, Mastercard, VISA), PC/SC, CCITT...


StandardsStandardsISO7816 for Contact Cards

7816-1 : Card Body

7816-2 : Electrical Module

7816-3 : Electrical Signals & Protocols

7816-4 : Inter-Industry Commands

7816-7 : Database

7816-8 : Security mechanisms

ISO14443 for contactless cards

14443-1 (Completed)Card Body

14443-2 (Approved CD)RF power & signal interface

14443-3 (1st CD)Initialization & AntiCollision

14443-4 (Proposals)Protocol


The ISO 7816...The ISO 7816...


…… Includes Transmission Includes Transmission ProtocolProtocol

n The ISO 7816-3 describes u The way the card and the reader communicate

n Two communication protocols are standardizedu T=0

4 asynchronous, half-duplex, byte oriented, inverse convention, parity bit is even

u T=14 asynchronous, half-duplex, block oriented, with enhanced

security

T=0

T=1Almost all currently available cards follow T=0


...Includes File Architecture...Includes File Architecture

n The card is organized into files. uMF (Master File) : root of the structure. Seen as a main

directory. uDF (Dedicated File) : seen as a directory. Each DF behaves like

an independent card (contains files related to a single application).uEF (Elementary File) contains actual data

4Working EF (application data that must be read or written from the terminal, i.e., data for external world)

4 Internal EF (data for the operating system, secret keys or program code. Access to data is protected by the COS.)

MFMF

DFDF DFDF DFDF EF EF

EFEF EF EF EF


File architecture (cont)File architecture (cont)

MF is present in all Smart Cards. uMF is implicitly selected after the Smart Card is reset.u It contains all other directories and files.

DF is a directory in which other files which logically belong together (DF and EF) are grouped.

EF contains data that are needed for applications. EF always have an internal structure.

MFMF

DFDF DFDF DFDF EF EF

EFEF EF EF EF


...Includes Command sets...Includes Command sets

n File management commandsu read, write, update

4 read binary, update binary4 read record, update record, append record

u select filen Authentication commandsuexternal authenticate, internal authenticate, get

challenge...n Access condition managementu verify code

n Personalization commands...


Transmission Transmission protocolsprotocols

First step : how to communicate with a smart card ?


Communication ProtocolsCommunication Protocols

n Standards Overviewn Protocol application layern APDU (application protocol data unit) exchange

u A software data container that is used to package the data so that they can be exchanged between a Smart Card and a terminal.

n ATR (answer to reset)u A sequence of bytes sent by a Smart Card in response

to a hardware reset. u Includes various parameters relating to a transmission

protocol


Contact Communication ProtocolsContact Communication Protocols

n T=0 (ISO7816-4)uByte protocoluMono channeluGet Response

requiredu> 95% of smart

cards

n T=1 (ISO7816-4)uBlock protocoluPartially capable of

multi-nodeuComplexuInteroperability

issue due to complexity (error cases)


78167816--3 T=03 T=0

•T=0 is byte-oriented •The smallest unit processed by the protocol is a single byte.

•The structure of commands for T=0 is: •Header (always), DataPart (optional).

•Header = CLA, INS, P1, P2, P3 •(class byte, command, parameters). •P3 provides the length of either

•a command, or data, or response. •If error is detected, only one byte is retransmitted. •Asynchronous


78167816--3 T=13 T=1

NAD(assigned)

PCB LEN DATA CRC-1 CRC-2

•Asynchronous Half-Duplex Block Transmission Protocol•Frame Format:

Parameters:•NAD (node address) contains blocks’ source and destination addresses•Timing: BGT (block guard time), BWT (block waiting time) , CWT (character waiting time),•Sizes: LEN (length) IFS(C/D)•EDC: LRC (longitudinal redundancy check), CRC (cyclic redundancy check) •PCB (protocol control byte): I-Block (information block), S-Block (system block) or R-Block (reception acknowledgement block)


Protocol Application LayerProtocol Application LayerAPDU FormatAPDU Format

Header field Body fieldCLA INS P1 P2 Lc Data Field Le

1rst part (mandatory) 2nd part (optional)

Command:

Response:

CLA: Class of the CommandINS: Instruction CodeP1, P2: Command parameters

Data Field SW1 SW21rst part (optional) 2nd part (mandatory)

Lc: Length of subsequent data fieldLe: Expected length of data

to be returned

SW1: Status Word1 = Command Processing StatusSW2: Status Word2 = Command Processing Qualification


APDU Exchange (1/2)APDU Exchange (1/2)

Case1: No input / No output

CLA INS P1 P2 ---- ---- ----

---- SW1 SW2

Case 2 : No input / Output of expected length

CLA INS P1 P2 ---- ---- Le

Data Field SW1 SW2

Case 3 : Input / No output

CLA INS P1 P2 Lc Data Field ----

---- SW1 SW2


APDU Exchange (2/2)APDU Exchange (2/2)

Case 4 : Input / Output of expected length

CLA INS P1 P2 Lc Data Field Le

Data Field SW1 SW2

In this case, TPDU is different for T=0 or T=1. For T=0:command TPDU CLA INS P1 P2 P3=Lc Data Field

• if the command is not accepted, the response TPDU is the following (SW1=6Xh except 61h)

response TPDU (XX) SW1 SW2

if no XX and SW1-SW2 = 9000h, then PCD sends a GET_RESPONSE command (INS=C0h):

command TPDU CLA C0h P1 P2 P3=Le

response TPDU data (Le bytes) SW1 SW2

• if XX field is present and SW1 = 61XXh, then PCD issues a GET_RESPONSE with Le=XXh

command TPDU CLA C0h P1 P2 P3=Le

response TPDU Data Field SW1 SW2


ATR ExampleATR Example

Character Value DescriptionTS 3Bh Direct conventionT0 6xh TB1 and TC1 present, x historical characters (default: x=8)

TB1 00h Vpp not requiredTC1 00h No extra guardtime required

T1-T8 Historical characters (8 bytes)

T1 80h Status information is contained in an optional TLV object

T2 66h Tag: 6 (Pre-issuing data), length: 6 bytesT3 xx OS family name (Gemplus proprietary coding)T4 xx Product name (Gemplus proprietary coding)T5 xx OS version (Gemplus proprietary coding)T6 xx Program version (Gemplus proprietary coding)T7 xx Chip reference (Gemplus proprietary coding)T8 xx Card life status byte (see below)

T9..T15 xx Optional historical characters in ATR file (see below)


EEPROM Memory EEPROM Memory OrganizationOrganization


How EEPROM is partitioned by a COSHow EEPROM is partitioned by a COS

Fabrication data Simiconductor manufacturer

Production facility CSN

16-32 bytes (WORM access)

OPERATING SYSTEM Contains tables and OS pointers which combine with ROM program to yied the complete COS Protected by EDC

APPLICATION PROGRAMS

Application-specific algoritms that are too large to be

in ROM or should not be in ROM

Protected by EDC

FILE REGION

Contains all of the file structures.

MF region DF1 region DF2 region

….

Has strong file-oriented protection.

FREE MEMORY

Free memory management in future


ISO7816ISO7816--4 Data File Structures4 Data File Structures

n Root file : MF (Master File) n Application directory: DF (Dedicated File)

u EF (Elementary Files) of different types:4Working EF may have the following types:

4Transparent EF4Linear Fixed Record EF4Variable Record EF4Cyclic EF

4 System Files (Proprietary)4Response Files,4Key Files, Code Files (with ratification counter...)4Transaction Counter files....4These files are managed fully transparently by the COS

File File structuresstructures


Transparent File Transparent File

Transparent files have no structure. u Often referred to as a binary or amorphous structureu The data contained in the file can be accessed by reading or

writing in bytes or in blocks, with the use of offset value.length1 2 3 … ….

|ß offset à |ß data àu The minimum size of a file is one byte, maximum is not specified.

4 The maximum number of bytes that can be read in a short format is 255; in long format 65,536. The maximum offset value is 32,767.

u Therefore, the maximum length is 65,795 bytes or 98,303 bytesu Commands: READ BINARY, WRITE BINARY, UPDATE BINARY


Linear Fixed Record File Structure Linear Fixed Record File Structure

Linear Fixed Record EF is based on linking fixed-length records. u A record consists of a series of individual bytes. Individual record within

this data structure can be freely accessed. u The smallest unit of access is record. u Commands: READ RECORD, WRITE RECORD, UPDATE RECORDu The length of a single record is determined by the access commands, it

can range from 1 to 254 bytes. But all records have the same length!Byte number

Record numberThe first is always

1Up to ‘FE’ or 254

m1


Linear Variable File Structure Linear Variable File Structure

Linear Variable File structure is used to save memory when the records have highly variable lengths and is based on linking variable-length records. u A record consists of a series of individual bytes. Individual record

within this data structure can be freely accessed. u The smallest unit of access is record. u Commands: READ RECORD, WRITE RECORD, UPDATE

RECORDu The length of a single record is determined by the access

commands, it can range from 1 to 254 bytes. u Records have variable length!


Cyclic File StructureCyclic File Structure

Cyclic File structure is based on the linear fixed-length file structure. u All records have the same length!u A record consists of a series of individual bytes. The number and

size are analogous to the linear fixed-length file structure. u In addition, the EF contains a pointer that always indicates the

record that was last written. This record is always numbered 1.u If the pointer reaches the last record in EF, it is automatically set by

OS to point to the first record when the next access occurs.

u This structure is typically used for log files within the Smart card in which the oldest entry is always overwritten by a new entry.


The MultiThe Multi--Application ConceptApplication Concept

n security and datamanagement specific to each application

Root

E-Purse

Data File

Data File

Data File

. . .

Loyalty

. . .

Example


Data FilesData Files

n There are different file structures adapted to different needsuSecurity files : for secret codes and keysuPurse file : for electronic moneyuLoyalty counteru ...

Purse File Identity File

Key File Secret CodeFile

Purseapplication

Loyaltyapplication

Root


Access ConditionsAccess Conditions

n Access conditions define rights that must be granted before actions can be performed on files

n All files have information that regulates access to them encoded in the file header

n Access conditions are defined when the file is created; they depend on the type of the fileuFor the MF and DF’s the access conditions are related to

creation of new filesuFor the EF’s the access conditions are related to data access

(read or write privileges).


Access Conditions (cont)Access Conditions (cont)n Command-oriented access conditions define allowed command

for the access in questionuFor DF’s: specify the conditions under which specific commands

can be executed within the given directory 4Create, Delete Files, Register ...

uFor EF’s: regulate all possible types of access to ES’s. 4The number of access commands varies, and may include

APPEND, DELETE FILE; INVALIDATE, READ/SEAK, LOCK,…

ReadWriteUpdate

EF#1

EF#2

EF#3

Dedicated File Create EFs


Access Condition Example 1/2Access Condition Example 1/2

EFIdentity File

Access ConditionsRead : FreeUpdate : SC#2

Read

OK

Access conditions are specific to each fileAccess conditions are specific to each file


Access Condition Example 2/2Access Condition Example 2/2

EFIdentity File

Access ConditionsRead : FreeUpdate : SC#2

Update

!!NOT OK!!AC not fulfilled

SC#2

UpdateOK!!

Access conditions are checked by the OSAccess conditions are checked by the OS

OK!!


File OrganizationFile Organizationn Each file is made of

u File descriptor (header)4 Contains all information for file & security management

4file name (e.g., FID = ‘0001’)4File type (e.g., FF)4File structure (e.g., linear fixed) and size (e.g., 3 records of 5 bytes)4Access conditions (e.g., READ = after PIN code was entered)4Link to the file tree (e.g., directly under MF)

File header can contain special attributes, such as high update activity, WORM or EDCprotection, file manager support

u File body4 Contains the data stored in the EF

Descriptor

Body

ACAC


File IdentifierFile Identifiern The OS enables data access by file identifier (logical name)

instead of physical memory addressuEvery file has 2-byte FID which is used to select the file.uFile creation order has no importance to the application

File ID

EEPROMMF 3F 00

DF 01 00

DF 02 00

EF 01 01


Example :Example :

WG10 EWG10 E--purse filespurse files


Example: WG10 IEP Files (1/5)Example: WG10 IEP Files (1/5)

File ID 0011hFile type TransparentFile size ≥22 bytes

Bytes Description Data element Length (bytes)1 - 3 Purse Provider Identifier PPIEP 3

4 - 8 IEP Identifier IEP 59 - 11 Expiry date DEXPIEP 3

12 - 14 Activation date DACTIEP 3

15 - 17 Deactivation date DDEAIEP 318 Authentication mode AMIEP 1

19 - 20 Application Profile APIEP 2

21-22 IEP option bytes(*) OPTIEP 2

23... Discretionary Data (ignored by the OS) DD var

IEP Information EF:

IEP : Inter-sector Electronic Purse



File ID 0012hFile type Linear fixedRecord Length ≥2 bytes

Bytes Description Data element Length (bytes)1 Algorithm Identifier ALGIEP 12 Key version VKIEP 1

3... Discretionary Data (ignored by the OS) DD var

IEP Key Information EF:

File ID 0013hFile type TransparentFile size ≥11 bytes

Bytes Description Data element Length (bytes)1 - 4 IEP Balance BALIEP 45 - 7 Currency Code CURRIEP 3

8 - 11 Maximum Balance BALmaxIEP 412... Discretionary Data (ignored by the OS) DD var

IEP Balance EF:



File ID 0014hFile type CyclicRecord length ≥15 bytes

Bytes Description Data element Length (bytes)1 Transaction type TRT 1

2 - 3 Transaction number NTIEP 24 - 7 IEP balance BALIEP 4

8 - 11 Amount received from LDA MLDA 412 - 15 PPSAM identifier PPSAM 4

16... Discretionary Data (optional) DD up to 8

Load Log EF (LLOG):



File ID 0015hFile type CyclicRecord length ≥22 bytes


2 - 3 IEP transaction number NTIEP 24 - 7 Total amount of the transaction MTOTIEP 48 - 11 IEP balance BALIEP 412 - 14 Currency code CURRIEP 315 - 18 PSAM identifier PSAM 419 - 22 PSAM transaction number or Discretionary

Data (mandatory)NTPSAM or

DD4


Purchase Log EF (PLOG):



Currency Conversion Log EF (CCLOG):

File ID '0017'File type CyclicRecord length ≥21 bytes


2 - 3 IEP transaction number NTIEP 24 - 7 Balance of the IEP (old value) BALIEP (old) 48 - 10 Currency Code (old value) CURRIEP (old) 311 - 14 Balance of the IEP (new value) BALIEP (new) 415 - 17 Currency Code (new value) CURRIEP (new) 318 - 21 PPSAM Identifier PPSAM 4



ISO7816ISO7816--4 Command Set4 Command Setn Read Binaryn Read Recordn Write Binaryn Write Recordn Update Binaryn Update Recordn Erase Binaryn Log Recordn Get Datan Put Data (TLV)n Select Filen Verify

n Internal Authenticaten External Authenticaten Manage Channeln Get Responsen ATR

n APDU command format


Commands: Example (1/3)Commands: Example (1/3)

Command CLA INS P1 P2 Lc LeSelect File 00h A4h 00h

Child EF, using File Identifier 02h 02h 0ChDF or MF, using DF Name 04h var var

Read Binary 00h B0h ofs varDirect Selection ofsImplicit Selection sfi

Update Binary (Standard) 00h D6h ofs varDirect Selection ofsImplicit Selection sfi

Read Record 00h B2h rec varDirect Selection 04hImplicit Selection sfi



Create File (Standard) 80h E0h 00h 00h varVerify Secret Code 00h 20h 00h 00h

Present a Secret Code 08hRead the number of Retries

Internal Authenticate 00h 88h 00h 08h 0AhGlobal level key/transaction number 00hLocal level key/transaction number 80h

Set Access Conditions (Standard) 80h 16h ACCurrent EF, AC1 (Update) 00hCurrent EF, AC2 (Read) 01hCurrent DF, AC1 (Update) 02hCurrent DF, AC2 (Tamperproof) 03h



Secure Messaging Command CLA INS P1 P2 Lc LeUpdate Binary (Secure Messaging) 04h D6h ofs var 03h

Direct Selection ofsImplicit Selection sfi

Update Record (Secure Messaging) 04h DCh rec var 03hDirect Selection 04hImplicit Selection sfi

Append Record (Secure Messaging) 04h E2h rec var 03hDirect Selection 00hImplicit Selection sfi

Create File (Secure Messaging) 84h E0h 00h 00h var 03hSet Access Conditions (Secure Messaging) 84h 16h ac 03h 03h

Current EF, AC1 (Update) 00hCurrent EF, AC2 (Read) 01hCurrent DF, AC1 (Update) 02hCurrent DF, AC2 (Tamperproof) 03h


ISO7816ISO7816--4: Card Responses4: Card Responses

SW1 - SW2

Process Completed Process Aborted

Warnings Normal ExecutionChecking

'90 00''61 00'

'62 XX' '63 XX' '64 XX' '65 XX''67 XX -''6F XX'


Today's MultiToday's Multi--application Card application Card ExampleExample

PSE

ADF 1 ADF 2 ADF3DIR EF

AEF AEF AEF AEF AEF AEFAEF

LoyaltyLoyalty

Access ControlAccess Control

n Dedicated Payment Function in OS

n Dedicated Data File

n ISO 7816-4 Data Filesn Generic Access functions in

read, Update and Writen Cryptographic security

n ISO 7816-4 Data Files

n Access in read only


Evolution of the Evolution of the Smart Card Smart Card TechnologyTechnology


MultiMulti--application COS application COS

n Multi-applications are reality

uone exe code + multiple file systems

EXECUTABLE

ISO 7816-4FILE SYSTEM

PSE

ADF 1 ADF 2 ADF3DIR EF

AEF AEF AEF AEF AEF AEFAEF

Chip Resources

Operating S.

App

licat

ion

Dat

a 1

App

licat

ion

Dat

a 2

App

licat

ion

Dat

a 3


Evolution of the Smart Card Evolution of the Smart Card TechnologyTechnology

Mono-application cards

Dedicated OS

n All the benefits of smart cards

n Optimized chip size/ cost effective cards

u Hard business case

u limited marketing tool

u very limited flexibility for scheme evolutions

Multi-application cards

Multi-use OS

n facilitate the business case

n new valuable services to customers

u Scheme finalized before issuance

u limited flexibility for evolutions

Multi-application platforms

Open OS

n very flexible platforms

n can support new applications after issuance of the card

n No infrastructure upgrade

u not available as of today for operation

yesterdayyesterday todaytoday tomorrowtomorrow


MultiMulti--application application in the future: in the future:

OpenOpen Operating SystemsOperating Systems


Requirements for anRequirements for anOpen Operating SystemOpen Operating System

n To Add new functionalities during life of the card

n To Keep or improve traditional level of security in each application

n Reduce the development cycle for applications by offering Standard Application Programming Interface and toolboxes

n Authorize third parties to develop applications

n Use a large-base of developers and provide them access to easy to use language and tools


Requirements for anRequirements for anOpen Operating SystemOpen Operating System

n Provide chip independence among multiple hardware targets (chips)

n Provide isolation and separation between Multiple Applications and System

WriteSiemensThomsonMotorolaHitachi


Chip Resources

What is an Open Operating System?What is an Open Operating System?

Operating System (OS)

Virtual MachineAPI

App

licat

ion

a

App

licat

ion

b

App

licat

ion

c

App

licat

ion

...Chip Resources

Operating S.

App

licat

ion

Dat

a 1

App

licat

ion

Dat

a 2

App

licat

ion

Dat

a 3

Traditional OS Open OS


What is an Application in a Open What is an Application in a Open OS Card?OS Card?

App

licat

ion

a=EXECUTABLE

FILE SYSTEMPSE

ADF 1DIR EF

AEF AEF AEF


Java Card Architecture Java Card Architecture --OnOn--Card componentsCard components

Native Functions &System Resources

Card Executive

Virtual Machine

APIs

GEMWG10

GEMWG10

MPCOS GSM

Hardware

Java Language

Assembler

1234 4567 8901

9/98


OS developmentOS developmentHow does it work inside ?


OS developmentOS developmentn Tools :uemulators, simulatorsuuser’s guide, technical support

n Detailed chip specificationsn OS design / developmentn Qualificationuunitary testsunormal executionu full qualificationuacceptance tests


OS processingOS processingn Data logical accessn Data processingn Back-up managementusingle EEPROM updateumultiple EEPROM update (indivisibility)uanti-stressunested backup...

n Security checksuContext verificationsuSecurity sensors

n Protocol processingn I/O


OS Command ProcessingOS Command ProcessingExamples of verifications

done before command processing:uCorrect TPDU formatuCorrect Le/Lc according to commanduCorrect P1/P2 according to commanduProper EF type for the commanduProper DF if specific (IEP DF,...)uCommand is allowed according to the current stateuData necessary for the command is not corrupted u IEP is active and not deactivateduThe file descriptor integrity uFile access conditionsu ...


Laboratory 2 (1/2)Laboratory 2 (1/2)

n Describe microprocessor architecture. n Different applications have varying proportion of different

memory types. One can say that cards are divided into applications according to these ratios, as well as by the functions built into the mask. uGive characteristics of different memory types and what

they are used for. Volatile vs. non-volatile memory. u In what ratio (only in terms “large” or “small”) these

memories will be used for following: 4Cards storing health records4Cryptographic cards for public key cryptography4New generation of security modules for mobile

telephones (store subscriber profile, passwords, phone books, call history)


Laboratory 2 (2/2)Laboratory 2 (2/2)n What is a card operating system? What is its role? n What is the difference between “COS” and “mask”?n What is the name of the root file ? What is the function of the root

file?n How the rest of the file system is organized? n Using the WG10 IEP (electronic purse) example, design a file

structure with brief characteristic of the EF for a student Id smart card used for:u Identification and access to a building and labsu Library access (keeping a record of currently borrowed books)u Pre-loaded electronic purse for on-campus canteens, vending

machines, copiersn What is an access control? Give an example. n What is the main difference between COS and open OS? What are

the potential problems with open OS for smart cards?


Risk ManagementRisk Management

n Security is globaln Security does not last n Security is not freen Security requirements depends on applications

uPay TV

uCredit & Debit

uPre-Paid Telephone

uCellular Phone GSM/PCS

uNetwork Security

uLoyalty


DECREMENTRATIFICATION

COUNTER

Weak software implementationWeak software implementationShould be prevented by Should be prevented by programming rules !programming rules !

EXAMPLE:

PIN CODERATIFICATION

PIN CODE

PIN CODECORRECT?

BACKUP &DECREMENT

RATIFICATIONCOUNTER

YES

NO

smart card operating systems - faculty.kfupm.edu.sa

Documents