Smartcards
Definition
Card with computing processing capabilities.
CPU
ROM
EEPROM
RAM
Interface
With contact
Contactless
Components
CPU
8/16 bit
Crypto-coprocessor (opt.)
ROM
Operating system
Communication
Cryptographic algorithms
EEPROM
File system
Programs/applications
Keys/passwords
RAM
Transient data
Erased on power off
Mechanical contacts
ISO 7816-2
Power
Soft reset
Clock
Half duplex I/O
Physical security
Tamperproof case
Resistance to side-channel attacks
Smartcard applications: Communication protocol stack
T=0 and T=1
T=0
Each byte is transmitted separately
Slower
T=1
Blocks of bytes transmitted
Faster
ATR (ISO 7816-3)
Response of the card to a reset operation
Reports the protocol expected by the card
APDU (ISO 7816-4)
Command APDU (first block)
CLA (1 byte)
Class of the instruction
INS (1 byte)
Command
P1 and P2 (2 bytes)
Command-specific parameters
Lc
Length of the optional command data
Le
Length of data expected in subsequent Response APDU
Zero (0) means all data available
Response APDU (second block)
SW1 and SW2 (2 bytes)
Status bytes
0x9000 means SUCCESS
Encoding objects in smartcards
TLV and ASN.1 BER
Tag-Length-Value (TLV)
Object description with a tag value, the length of its contents and the contents
Each element of TLV is encoded according to ASN.1 BER
Values can contain other TLV objects
The structure can be recursive
File system
File identification.
Name or number
File types
Master File (MF)
File system root, ID 0x3F00
Dedicated File (DF)
Like a directory
Can obtain other EFs or DF
Elementary File (EF)
Ordinary data file
File size fixed and determined when created
File system types
Transparent
Data blocks identified by offset + length
Fixed records
Indexed records
Variable records
Indexed records
Cyclic
Read pointer, write pointer
Cyclic increments
Access control
No restrictions
Protected
The file access APDU must contain a MAC computed with a key shared between the card an the off-card application
External authentication
The file access APDU is only allowed if the card already checked the existence of a common shared key with the off-card application
Previous login
Last updated