You are previewing Smart Cards: The Developer's Toolkit.
O'Reilly logo
Smart Cards: The Developer's Toolkit

Book Description

The complete smart card guidebook for decision-makers, product managers, developers, and integrators.

  • Smart card application development from start to finish: design, development, and deployment

  • Covers every component of a complete system: cards, readers, host software, management systems, and more

  • Focuses on advanced "post issuance programmable" multi-application smart cards

  • Presents detailed case studies and product coverage

  • Offers up-to-the-minute insights into the evolving smart card marketplace and smart card technology

  • Smart cards represent a breakthrough solution for maximizing security in a wide range of applications. Now, two leading smart card consultants present a thorough, up-to-date, accessible introduction to smart card technology that will be invaluable to developers and decision-makers alike. Smart Cards: A Developer's Toolkit covers all you need to know to plan, design, develop, and deploy advanced multi-application smart card environments, including:

  • Smart card physical structure, construction, tamper resistance, and tamper-evident features

  • International standards, inter-industry command sets, and industry specifications

  • "Post issuance programmable" smart cards: the cutting edge of smart card deployment

  • An in-depth review of two "high-performance" smart cards, including one multi-application card

  • PC and workstation host software for supporting smart cards

  • Applications with the SIM smart cards in GSM and 3G mobile phones

  • Card management systems and readers for large-scale applications in real-world environments

  • The evolving marketplace for smart cards in the U.S. and worldwide

  • The authors present case studies from today's most advanced smart card deployments, covering both the logistics of initial deployment and best practices for supporting ongoing operations and card populations. Whether you're an IT manager, corporate security officer, product manager, developer, or integrator, Smart Cards: A Developer's Toolkit gives you a powerful new weapon for protecting your digital assets.

    Table of Contents

    1. Copyright
    2. Foreword
    3. Preface
      1. Acknowledgments
    4. 1. Overview of Smart Cards and Their Programming
      1. History of Smart Cards
      2. The Generic Smart Card Application
      3. Major IT Applications—The Big Four
        1. Physical ID Token
          1. Picture ID
          2. Printed Personal Information
          3. Embossing
          4. Magnetic Stripe
          5. Bar Code
          6. Anti-counterfeiting
          7. The Application in Practice
        2. Physical Access
          1. Chip Card
          2. Contactless and Combi Cards
          3. Permission Conveyance
        3. Electronic ID Token
          1. Cardholder Authentication
          2. Authenticated Identity
          3. Digital Signature
          4. Personal Information Storage
          5. The Application in Practice
        4. Financial Services
          1. Cash Payment
          2. Credit/Debit Payment
        5. The Applications in Action
      4. Smart Card Programming
        1. Host Software
        2. Card Software
        3. Host and Card Software Integration
        4. Host Programs
        5. High-Level Language Card Programs
        6. Assembly Language Card Programs
      5. Elements of Smart Cards
        1. Smart Card Software Security
        2. Smart Card Operating Systems
        3. Smart Card File Systems
        4. Smart Card Communications
        5. Smart Card Hardware
        6. The Smart Card Memory System
        7. The Smart Card CPU
        8. Smart Card Input/Output
        9. Smart Card System Design
        10. Data Security
        11. Data Integrity
        12. Smart Card System Architectures
      6. Organization of the Book
    5. 2. Physical Characteristics of Smart Cards
      1. Physical Security
        1. Processor and Memory Architecture
        2. Tamper-Resistant Packaging
      2. Card Construction
        1. Card Body
        2. ICC
        3. Magnetic Stripe
        4. Embossing
        5. Printing
          1. Security
          2. Anti-counterfeiting
        6. Contactless Cards
        7. Combination Cards
      3. ICC Architecture
        1. Processor
          1. Physical Interface
            1. Power
            2. I/O
            3. Synchronization
          2. Security Features
        2. Memory
        3. Cryptographic Assist
        4. Security Hardening
      4. Summary
    6. 3. Basic Standards for Smart Cards
      1. ID Card Standards
      2. Physical Characteristics of Identification Cards
      3. Encoding of Information for Identification Cards
      4. The Business Model for Identification Cards
      5. Smart Card Standards
      6. Characteristics of Smart Cards
      7. Other Smart Card Standards and Specifications
      8. Link-Level Protocols to Smart Cards
        1. The T=0 Protocol
        2. The T=1 Protocol
      9. Application-Level Protocols
      10. Summary
    7. 4. Smart Card Applications
      1. General Architecture of Applications
      2. Infrastructure
      3. Security
        1. Objectives and Characteristics of Security Systems
          1. Authentication
          2. Authorization
          3. Privacy
          4. Integrity
          5. Nonrepudiation
      4. Security Mechanisms
        1. Authentication
          1. Symmetric Key Authentication
          2. Asymmetric Key Authentication
        2. Integrity
          1. One-Way Hash Codes
          2. Digital Signatures
        3. Authorization
          1. ACLs
        4. Capabilities List
        5. Privacy
          1. Bulk Encryption
      5. Access Conditions
      6. Interindustry Smart Card Commands (ISO 7816-4)
        1. APDUs
        2. Error Responses
        3. Security Commands
          1. The Verify Command
          2. The Internal Authenticate Command
          3. The External Authenticate Command
          4. The Get Challenge Command
        4. File System
        5. MF Characteristics
        6. DF Characteristics
        7. EF Characteristics
        8. File Access Commands
          1. The Select File Command
          2. The Read Binary Command
          3. The Write Binary Command
          4. The Update Binary Command
          5. The Erase Binary Command
          6. The Read Record Command
          7. The Write Record Command
          8. The Append Record Command
          9. The Update Record Command
        9. Administrative Commands
          1. The Get Response Command
          2. The Manage Channel Command
          3. The Envelope Command
          4. The Get Data Command
          5. The Put Data Command
      7. Summary
    8. 5. Multiapplication Smart Cards
      1. Why Multiapplication Smart Cards
      2. A Brief History of On-Card Interpreters and Virtual Machines
      3. Application Selection and AIDs
      4. Application Identifiers
      5. ISO-7816 Application Selection
      6. Other Application Selection Schemes
      7. The SCADA Card
        1. SCADA Card APDUs
        2. The SCADA Card Online Application
          1. Code for the Online Application
        3. The SCADA Card Administration Application
          1. Code for the Administrative Application
      8. The Multos Card
        1. The Multos Virtual Machine
        2. The Multos Programming Model
        3. The SCADA Application on Multos
          1. Code for SCADA Application on Multos Card
        4. The Multos Application Development Cycle
      9. The Java Card
        1. The Java Card Virtual Machine
        2. The Java Card Programming Model
        3. The SCADA Application on a Java Card
          1. Code for Online SCADA Application for Java Card
        4. The Java Card Application Development Cycle
      10. The Windows-Powered Smart Card
        1. The Windows Card Virtual Machine
        2. The Windows Card Programming Model
        3. The SCADA Program on a Windows-Powered Smart Card
          1. Code for SCADA Program on a Windows Smart Card
        4. The Windows Card Application Development Cycle
      11. The ZeitControl Basic Card
        1. The ZeitControl Basic Card Virtual Machine
        2. The ZeitControl Programming Model
        3. The SCADA Online Application for the ZeitControl Card
          1. Code for Online SCADA Application for Basic Card
      12. The Basic Card Application Development Cycle
      13. Data Access Control
        1. Application-Centric versus Data-Centric Access Control
        2. ISO 7816-9 Data Access Control
        3. Application-Centric Access Control Using Data Ownership and Interapplication Communication
          1. Data Sharing on a Java Card
          2. Data Sharing on the Multos Card
        4. Data-Centric Access Control Using File Attributes and Access Control Lists
          1. Data Sharing on the Basic Card
          2. Data Sharing on the Microsoft Card
      14. Summary of the Four Programmable Smart Cards
      15. Summary
    9. 6. Commercial Smart Card Commands
      1. Cryptoflex 32K eGate
        1. Commands
          1. Administrative Commands
            1. CREATE FILE
            2. CREATE RECORD
            3. DELETE FILE
          2. Security Commands
            1. Key Files
            2. VERIFY KEY
            3. VERIFY CHV
            4. CHANGE CHV
            5. UNBLOCK CHV
            6. LOGOUT AC
            7. GET CHALLENGE
            8. INTERNAL AUTHENTICATION
            9. EXTERNAL AUTHENTICATION
            10. INVALIDATE
            11. REHABILITATE
          3. Public Key Cryptography Support
            1. SHA_1 INTERMEDIATE
            2. SHA_1 LAST
            3. GENERATE DES KEY
            4. DES BLOCK INIT
            5. DES BLOCK
            6. RSA SIGNATURE
            7. RSA SIGNATURE INTERMEDIATE
            8. RSA SIGNATURE LAST
            9. RSA KEY GENERATION
          4. File System Commands
            1. SELECT
            2. UPDATE BINARY
            3. UPDATE BINARY ENCIPHERED
            4. UPDATE RECORD
            5. READ BINARY
            6. READ BINARY ENCIPHERED
            7. READ RECORD
            8. SEEK
            9. DECREASE
            10. INCREASE
            11. DIR NEXT
            12. GET AC KEYS
            13. GET RESPONSE
          5. Cryptoflex Summary
      2. Cyberflex 32K eGate
        1. GlobalPlatform Architecture
          1. Life Cycle
            1. Key Sets
            2. OP_Ready
            3. Initialized
            4. Secured
            5. CM_Locked
            6. Terminated
          2. Card Manager
          3. Security Domain
        2. Commands
          1. Card Manager Exclusive Commands
            1. DELETE
            2. INSTALL
            3. LOAD
          2. Establishing Secure Channels
          3. Card Manager and Security Domain Commands
            1. EXTERNAL AUTHENTICATE
            2. GET DATA
            3. GET STATUS
            4. GET RESPONSE
            5. INITIALIZE UPDATE
            6. PIN CHANGE/UNBLOCK
            7. PUT DATA
            8. PUT KEY
            9. SELECT
            10. SET STATUS
          4. Applet APIs
      3. Summary
    10. 7. Smart Card Infrastructure
      1. Smart Card Protocol Stacks
        1. PC/SC
        2. A Simple SSP API
        3. The Smart Card Protocol Stack
        4. Unix PC/SC Architecture
          1. PC/SC Lite Implementation
          2. Linux Implementation
          3. Mac OS Implementation
          4. SSP
          5. Reader Device Driver
          6. CryptoAPI
            1. Architecture
            2. API
            3. CSP
          7. PKCS-11
            1. Architecture
            2. PKCS #15
          8. Standardizing on a Smart Card Application (Applet)
      2. STIP–Small Terminal Interoperability Platform
      3. Summary
    11. 8. GSM and Smart Cards
      1. Introduction
      2. SIM Standards and Their Evolution
        1. The Core Standards for Secure Mobile Applications
      3. SIM APDUs
        1. TERMINAL PROFILE and the SIM Service Table
        2. Event Download
        3. The “91 XX” Status Word
        4. The Birth of the SIM Application Toolkit
        5. The Card Application Toolkit
      4. Programming Language Bindings for the Card Application Toolkit
      5. Example: The Rapid Reorder Application
        1. Overview of the Rapid Reorder Use of the SIM Toolkit
        2. The C Code for Rapid Reorder
          1. C Source Code for the Rapid Reorder Application
      6. Evolution of the SIM and the Card Application Toolkit
      7. Summary
    12. 9. Authorization: Public Keys Without the Infrastructure
      1. Introduction
      2. Making the Intangible Tangible
        1. Binding a Right to a Physical Object
      3. Shared Rights
      4. Group Membership
      5. Digital Rights Management (DRM)
      6. Remote Control
        1. Review
      7. Example 1: The WCLA Auction Card
        1. Auction Card Initialization
        2. Making a Bid
        3. Redeeming a Winning Bid
      8. The Auction Advisor Program
      9. Example 2: Mobile Authorization Using a WIM
        1. SWIMs, WIBs, and the USAT Interpreter
      10. Summary
    13. 10. Smart Card System Management
      1. Converging Systems
      2. The Actors
        1. The Card Issuer
        2. The ICC Manufacturer
        3. The Smart Card Manufacturer
        4. The Application Developer
        5. The POS Manufacturer
        6. The Cardholder
      3. The Infrastructure
        1. The Card
        2. The InterFace Device
          1. Simple Readers
        3. The PC
        4. The Network
        5. The Application
      4. The Card System
        1. Life Cycle
        2. Smart Card Operating System Software Development
        3. Mask Development
        4. Code Development
        5. Chip Simulators
        6. Chip Emulators
        7. Protocol Analyzers
      5. Card Manufacturing
      6. Characteristics to be Managed
        1. Data Model
        2. Card
        3. Keys
          1. Personal Identification Number (PIN)
          2. Private
          3. Public
        4. Applications
        5. Transaction
      7. Elements of a Card Management System
        1. Card Management System Components
          1. Certification Authority
          2. Registration Authorities
          3. Certificate Format
          4. Key Management
          5. Directory Services
            1. Real-Time Confirmation
            2. Certificate Revocation Lists
          6. Application Management
            1. Locked Cards
            2. Lost Cards
        2. Card Issuing System Components
          1. Personal Data Capture
          2. Card Printing Services
          3. Application Personalization
          4. Biometric Information and Photograph Capture
      8. Summary
    14. 11. Current Trends and Future Directions
      1. The Frontier of IT Networks
      2. The ETSI Smart Card Platform Project
        1. Responsibilities
        2. Tasks
        3. Organization
        4. Liaisons
      3. Achieving Smart Card Interoperability
        1. INCREASE
        2. INCREASE Function
          1. Definition and Applicability
          2. Conformance Requirement
          3. Test Purpose
          4. Method of Test
      4. The SCP Standards
      5. The UICC Platform
      6. Next Generation Smart Card Operating Systems (COSng)
        1. The Generic Smart Card Application
        2. Desidirata for COSng
          1. Generic Example of COSng
        3. File System Including Data Sharing
        4. Multitasking Including Inter-Application Communication and Synchronization
        5. Cryptography Including Authentication and Authorization
        6. Communication Including Secure Messaging
        7. Human Interface
        8. Fujitsu's HIPERSIM Smart Card Operating System
      7. Summary
    15. Glossary