Seminar Report

Smart Card Computing

By
John Xavier
( Y2M016 )
S4 MCA

Department of Computer Science and Engineering

National Institute of Technology
Calicut – 673601

March 2004
 CERTIFICATE

This is to certify that this report titled ‘SMART CARD COMPUTING’

is a bonafide record of the seminar presented by John Xavier (Y2M016) fourth semester
MCA student, National Institute of Technology Calicut.

Coordinator Professor and Head

Place
Date

1
 ACKNOWLEDGEMENT

I would like to put on records my sincere thanks to:

Dr V.K Govindan, Head of the Department, Computer Science and Engineering,

Mrs. Priya Chandran, Assistant Professor, my guide for this seminar, who
helped me in preparing for this seminar.
Miss Nisha K.K, for all the guidance I have received.
All my friends whose wholehearted support helped me at all stages of the
preparation of this seminar

2
 ABSTRACT

The origin of smart cards began when consumer requirements for

convenience and security outpaced the capabilities of magnetic stripe cards. Providing
increased data storage and added security, smart cards were introduced in Europe in the
early 1980’s as stored value cards for payphones. These early smart cards were
disposable, and were an effective means to reduce losses.

Today’s smart cards are re-usable, hold large quantities of data, speed
transaction times, identify the cardholder, and even provide loyalty benefits. And this is
only the beginning of the age of smart cards.

The public demands that smart cards, like any new product, bring obvious
benefit to the existing process. Regardless of the benefits to the proprietor, (accuracy,
cost, savings, etc.) successful smart card programs must provide benefits to the consumer
greater than the consumer-perceived effort in adapting the smart card behavior. The more
challenging it is to understand and use the card, the greater the benefit must be.

For example, consider the replacement of coins with smart cards in

making small retail purchases. The public will accept this substitution only if smart card
use derives a perceived benefit. It is not enough that the proprietor’s cash- handling cost is
decreased. The consumer makes the final decision. This document summarises the
current java Card technology also with the existing standards.

3
 TABLE OF CONTENTS

1. INTRODUCTION AND SHORT HISTORY………………5

2. SMART CARD TYPES………………………………….….6

2.1 ICMEMORY CARDS

2.2 IC MICROPROCESSOR CARDS
2.3 OPTICAL MEMORY CARDS

3. SMART CARD FILE SYSTEM……………………………7

4. INTRODUCTION TO JAVA CARDS……………………..9

4.1 JAVA CARD Vs CONVENTIONAL CARD

4.2 BENEFITS OF JAVA CARD TECHNOLOGY
4.3 COMPONENTS OF JAVA CARD TECHNOLOGY

5. CARD APPLICATION INSTALLATION……………….14

6. SMART CARD COMMUNICATION MODEL………….15

7. SUMMARY…………………………………………………16

8. REFERENCES……………………………………………..17

8.1 PRINTED REFERENCES

8.2 INTERNET REFERENCES

4
 1. INTRODUCTION AND SHORT HISTORY

Smart cards and hardware tokens provide both greater mobility and
enhanced security by allowing users to carry their digital certificates with them. A digital
certificate is like a driver's license for the Internet. Unlike passwords, which could be
different on every site that you visit, the same certificate can be used everywhere that
identification is required. And certificates allow users to establish confidential
communications, identify themselves to other people and web sites, and detect message
tampering.

The first smart card was developed in 1974, by independent

inventor Roland Moreno. This year, almost 1 billion smart cards will be produced
worldwide by several large manufacturers. Currently, 95% of these cards are issued in
Europe, South America, and Asia. By the year 2003, Data Monitor predicts that over 3
billion cards will be in circulation worldwide - with over 15% of the total in use in the
United States and Canada.

By way of comparison, there are over 900 million credit cards in

circulation today. Major uses will include providing enhanced financial services,
increasing the security and flexibility of cellular phones, and securing satellite and cable
transmissions in TV set-top boxes

5
2. SMART CARD TYPES

Today there are three categories of smart cards, all of which are evolving
rapidly into new markets and applications:

2.1 INTEGRATED CIRCUIT (IC) MEMORY CARDS

IC memory cards can hold up to 1-4 KB of data, but have no

processor on the card with which to manipulate that data. Thus, they are dependent on
the card reader (also known as the card-accepting device) for their processing and are
suitable for uses where the card performs a fixed operation.

Memory cards represent the bulk of the 600 million smart cards sold last
year, primarily for pre-paid, disposable-card applications like pre-paid phone cards.
Memory cards are popular as high-security alternatives to magnetic stripe cards.

2.2 INTEGRATED CIRCUIT (IC) MICROPROCESSOR CARDS

Microprocessor cards (also generally referred to by the industry as "chip

cards") offer greater memory storage and security of data than a traditional magnetic
stripe card. Chip cards also can process data on the card. The current generation of
chip cards has an eight-bit processor, 16KB read-only memory, and 512 bytes of
random-access memory. This gives them the equivalent processing power of the
original IBM-XT computer, albeit with slightly less memory capacity.

These cards are used for a variety application, especially those that have
cryptography built in, which requires manipulation of large numbers. Thus, chip cards
have been the main platform for cards that hold a secure digital identity.

6
2.3 OPTICAL MEMORY CARDS

Optical memory cards look like a card with a piece of a CD glued on top -
which is basically what they are. Optical memory cards can store up to 4 MB of data. But
once written, the data cannot be changed or removed. Thus, this type of card is ideal for
record keeping - for example medical files, driving records, or travel histories. Today,
these cards have no processor in them (although this is coming in the near future). While
the cards are comparable in price to chip cards, the card readers use non-standard
protocols and are expensive.

3. SMART CARD FILE SYSTEM

MF

DF DF EF EF

DF EF EF EF EF

File System is similar to a typical UNIX/WINDOWS file system as we

see here.

7
 A central application for smart cards defined by the ISO/IEC 7816-4
standard is a file system. The file system is actually applied to the nonvolatile memory on
the smart card; generally EEPROM. The file system defined is a relatively
straightforward hierarchical structure comprising three basic elements:

• A master file (MF) component

• A dedicated file (DF) component
• An elementary file (EF) component

The MF component is the root of the file hierarchy; there is only one MF
on a smart card. An MF may contain, as elements, a DF, or even many DFs, and it may
contain zero to many EFs. The DF component is essentially a container for EF
components; a DF may contain zero to many EFs. An EF component may contain only
records.

Several characteristics of the smart card file system are significantly

different from typical (that is, disk based) file systems. These differences are almost
exclusively due to the physical characteristics of the EEPROM memory system,
specifically the facts that EEPROM memory can be subjected to only a modest number of
erase and write cycles and that it is significantly faster to write to EEPROM memory in a
cumulative fashion than in a pure erase and then write fashion. The first of these
characteristics resulted in the definition of a rather unique file structure called a cyclic
file. The second characteristic resulted in rather unique definitions of the various file
write commands.

The following are the smart card file access commands

CREATE FILE create a file

DELETE FILE delete a file

8
 READ / SEEK read from a file / search in a file
WRITE / UPDATE write to a file
ERASE set bytes to a predefined pattern
APPEND append to a file
INCREASE / DECREASE increase / decrease a counter
INVALIDATE apply reversible lock
REHABILITATE remove reversible lock
LOCK apply irreversible lock

4. INTRODUCTION TO JAVA CARDS

The Java Card specifications enable Java technology to run on smart cards
and other devices with limited memory. The Java Card API allows applications written
for one Java Card-enabled smart card platform, to run on any other Java Card-enabled
platform.

There are several unique benefits of the Java Card technology, such as

• Platform Independent

Java Card applets that comply with the Java Card API specification will
run on cards developed using the JCAE - allowing developers to use the same Java
Card applet to run on different vendors' cards.

• Multi-Application Capable

9
 Multiple applications can run on a single card. In the Java programming
language, the inherent design around small, downloadable code elements makes it
easy to securely run multiple applications on a single card.

• Post-Issuance of Applications

The installation of applications, after the card has been issued, provides
card issuers with the ability to dynamically respond to their customer's changing
needs. For example, if a customer decides to change the frequent flyer program
associated with the card, the card issuer can make this change, without having to issue
a new card.

• Flexible

The Object-Oriented methodology of the Java Card technology provides

flexibility in programming smart cards.

• Compatible with Existing Smart Card Standards

The Java Card API is compatible with formal international standards, such
as, ISO7816, and industry-specific standards, such as, Europay/Master Card/Visa
(EMV).

10
 4.1 JAVA CARD VS CONVENTIONAL CARD

As we can see from this diagram, in a Java Card along with Card OS there is Java
Interpreter and Java Card API’s .Because of this irrespective of the OS the applications
can be handled

4.2 BENEFITS OF JAVA CARD TECHNOLOGY

1. Ease of application development

2. Hardware independence

3. Multiple applications

4. Security

11
 5. Compatibility with existing smart card standards

4.3 COMPONENTS OF JAVA CARD TECHNOLOGY

1. Java Card Application Programming Interface (API)

The Java Card API is compatible with formal international

standards and industry-specific standards. It contains the class definitions required to
support the Java Card VM and the Java Card RE.

2. Java Card Virtual Machine (JCVM)

The Java Card Virtual Machine (JVM) Specification defines the

features, services, and behavior required of an implementation of the Java Card
technology. It includes the instruction set of a Java Card Virtual Machine, the
supported subset of the Java language, and the file formats used for installing applets
and libraries into devices, like smart cards, which implement Java Card technology.

12
 3. Java Card Runtime Environment (JCRE)

The Java Card Runtime Environment (JRE) Specification

complements the Java Card API Specification and defines the necessary behavior of
the runtime environment in any implementation of the Java Card technology. Such an
implementation includes an implementation of the Java Card Virtual Machine, the
Java Card Application Programming Interface (API) classes, and runtime support
services such as the selection and deselection of applets.

Java Card consists of the following hardware

1. ROM for program code of VM, API, and pre- installed applets

2. EEPROM for persistent data, for objects and their fields (i.e. heap) and code of
downloaded applets

13
3. RAM for transient data, for stack and specially allocated scratchpad arrays
Writing to EEPROM is slower & consumes more power than writing to RAM, and
EEPROM lifetime limited to certain number of writes.

5 CARD APPLICATION INSTALLATION

14
 As we see here the compiled class files are combined together to form a

CAP (Combined Applet file). This CAP file is finally transferred to smart card for its

implementation.

6 SMART CARD COMMUNICATION MODEL

15
 Communication with smartcard via byte array buffer APDU, following
ISO7816.Terminal sends card a command APDU and smart card sends a response APDU
in response

Terminal APDU Components

CLA: Class byte

INS: Instruction byte

P1, P2: Parameters

Lc: Length data block

Le: Expected length response

Response APDU Components

SW1: Status Word 1

SW2: Status Word 2

16
7 SUMMARY

Smart cards have evolved in the past two decades from plastic
cards with simple contact-based memory chips to the ultimate flexibility of contactless
microprocessors in a wide array of smart objects. But technological advances alone will
not ensure the long-term success of smart cards. From the consumer perspective, the
benefits of adopting this new technology must greatly outweigh the effort required to
alter long-standing habits.

With the strength, flexibility, and capacity of contactless

microprocessors, card issuers have access to a powerful tool to win consumer smart card
acceptance and, in the process, enhance customer relationships.

17
8. REFERENCES

8.1 PRINTED REFERENCES

• Mike Hendry, Smart Card Security and Applications , 1994.

8.2 INTERNET REFERENCES

• http://www.smartchip.com
• http://www.cs.berkley.edu/smartchip
• http://www.ibm.com/cs/smartcard
• http://developer.sun.com/technology/smartcard
• http://cs.wisc.edu/technology/smartcard

18