Smartcards
Last updated
Secure Execution Environments
Last updated
Card with computing processing capabilities.
CPU
ROM
EEPROM
RAM
With contact
Contactless
8/16 bit
Crypto-coprocessor (opt.)
Operating system
Communication
Cryptographic algorithms
File system
Programs/applications
Keys/passwords
Transient data
Erased on power off
ISO 7816-2
Power
Soft reset
Clock
Half duplex I/O
Tamperproof case
Resistance to side-channel attacks
T=0
Each byte is transmitted separately
Slower
T=1
Blocks of bytes transmitted
Faster
ATR (ISO 7816-3)
Response of the card to a reset operation
Reports the protocol expected by the card
Command APDU (first block)
CLA (1 byte)
Class of the instruction
INS (1 byte)
Command
P1 and P2 (2 bytes)
Command-specific parameters
Lc
Length of the optional command data
Le
Length of data expected in subsequent Response APDU
Zero (0) means all data available
Response APDU (second block)
SW1 and SW2 (2 bytes)
Status bytes
0x9000 means SUCCESS
Tag-Length-Value (TLV)
Object description with a tag value, the length of its contents and the contents
Each element of TLV is encoded according to ASN.1 BER
Values can contain other TLV objects
The structure can be recursive
File identification.
Name or number
File types
Master File (MF)
File system root, ID 0x3F00
Dedicated File (DF)
Like a directory
Can obtain other EFs or DF
Elementary File (EF)
Ordinary data file
File size fixed and determined when created
Transparent
Data blocks identified by offset + length
Fixed records
Indexed records
Variable records
Indexed records
Cyclic
Read pointer, write pointer
Cyclic increments
No restrictions
Protected
The file access APDU must contain a MAC computed with a key shared between the card an the off-card application
External authentication
The file access APDU is only allowed if the card already checked the existence of a common shared key with the off-card application
Previous login
