View all headers

From: sguthery@tiac.net (Scott Guthery)
Newsgroups: alt.answers,news.answers
Subject: alt.technology.smartcards FAQ
Followup-To: alt.technology.smartcards
Date: Sun, 21 Jun 1998 10:36:20 -0400
Organization: Smart Commerce Solutions
Lines: 470
Sender: sguthery@tiac.net (Scott Guthery)
Approved: news-answers-request@MIT.EDU
Expires: 20 July 1998
Message-ID: <MPG.ff6e46e80e24b27989680@news.tiac.net>
Reply-To: sguthery@tiac.net (Scott Guthery)
NNTP-Posting-Host: www.scdk.com
Keywords: smartcards
X-Newsreader: MicroPlanet Gravity v2.10.980
Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!hecate.umd.edu!dailyplanet.wam.umd.edu!haven.umd.edu!news.cs.jhu.edu!news4.his.com!news.lightlink.com!newsroute.bconnex.ca!feed.nntp.acc.ca!news.idt.net!news-peer-east.sprintlink.net!news-peer.sprintlink.net!news.sprintlink.net!cpk-news-hub1.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news-feed1.tiac.net!posterchild2!news@tiac.net
Xref: senator-bedfellow.mit.edu alt.answers:34892 news.answers:132959

View main headers

Frequently Asked Questions (FAQ) for news:alt.technology.smartcards

This is the second version of the FAQ for alt.technology.smartcards. It 
is an evolution and updating of the first version 
(www.ioc.ee/atsc/faq.html) of the FAQ created by Jaan Priisaluof 
(jean@ioc.ee) the Estonian Institute of Cybernetics 

Comments and suggestions for improvement of the a.t.s. FAQ should be sent 
to Scott Guthery at sguthery@tiac.net.  The current edition of the FAQ is 
available at www.scdk.com/atsfaq.htm.

CONTENTS
1. Purpose of alt.technology.smartcards
2. General Questions
3. Standards and Specifications
4. Programmable Smart Cards
5. Resources
6. Credits

1. Purpose of alt.technology.smartcards

The purpose of alt.technology.smartcards is to provide an unmoderated 
forum for the discussion of technology, applications and issues 
associated with smart cards. It will serve as a resource for people to:

Engage in discussion and debate about technical and public policy issues 
including the security, privacy, legal, regulatory and economic impact of 
smart card applications. 

Educate and inform others about the strength, weaknesses and general use 
of smart cards; share ideas, information and specific experience about 
smart cards, both in technology: 

Find information and have questions answered by people in the smart card 
community.

2. General Questions

2.1. What is a smart card?

A smart card is a credit-card-sized plastic card that contains a general-
purpose microprocessor, typically an 8-bit microcontroller such as a 
Motorola 6805 or an Intel 8051. The microprocessor is underneath a gold 
contact pad located on one side of the card.

2.2. Where did the phrase "smart card" come from?

Smart cards were independently invented in Germany (1967), Japan (1970), 
the United States(1972), and France (1974). In 1980, when France began a 
major campaign to export the technology, the Roy Bright of the 
government's marketing organization Intelimatique coined the word "Smart 
Card."

2.3 Is it "smart card" or "smartcard"?

Most English dictionaries use "smart card" but you'll see both in use.

2.4. Is a.t.s archived somewhere?

No. But it would be nice if it were.

2.5. Is a.t.s the right place for information about satellite card 
analysis, emulation and hacking?

Only for TECHNICAL information. Please do not post here satellite card 
advertisment, channel keys, channel frequencies. Post here only 
information about algorithms, protocols, security breaches, ECMs.

2.6. Is a.t.s the right place for satellite card and other satellite 
equipment advertisment?

alt.satellite.tv.crypt.forsale would probably generate more sales.

2.7. Is a.t.s the right place for smart card collectors?

The rec.collecting hierarchy is probably a better selection.

3.  Standards and Specifications

3.1. Are smart cards standardized?

There are all sorts of smart card standards. The physical and mechanical 
standards are observed more uniformly than the software standards.
ISO/IEC JTC1 Information technology SC 17 Identification cards and 
related devices(www.iso.ch/meme/JTC1SC17.html)is interested in common 
smart card issues. The list of some standards:

ISO 7810 Identification cards -- Physical characteristics. 

ISO/IEC 7812 Identification cards -- Identification of issuers. 

ISO/IEC 7816 Identification cards -- Integrated circuit(s) with contacts. 
Parts 1-3 define the communication of cards with contacts for both memory 
and processor cards. Parts 4-6 are related to specification of processor 
card operating system and are by their nature contact independent. Parts 
7 and 8 will be the extensions of parts 4 and 6. 

ISO/IEC 10536 Identification cards -- Contactless integrated circuit(s) 
cards. The standard specifies close coupling (slot and surface) cards 
communication (parts 1-3) 

ISO/IEC 10373 Identification cards -- Test methods. 

ISO/IEC 14443 Remote coupling communication cards. 

ISO TC 68 Banking and related financial services SC 6 
(www.iso.ch/meme/TC68SC6.html) Financial transaction cards, related media 
and operations is representing interest of smart payment card issuers and 
is developing the standard series ISO 10202 Financial transaction cards -
- Security architecture of financial transaction systems using integrated 
circuit cards (parts 1-8).

CEN/CENELEC and ETSI are interested in telecommunications. 

EN 742 Identification cards: location of contacts for cards and devices 
used in Europe. New edition specifies the format ID-000 used for GSM 
Subscriber Identity Module (SIM). 

EN 726 Terminal Equipment (TE); Requirements for IC cards and terminals 
for telecommunication use. The standard is the technical basis for 
smartcards in Europe. 

ETSI specified also the GSM SIM. The standard have two names: GSM 11.11 
and I-ETSI 300045. 

In the U.S., the National Institute of Standards and Technology (NIST at 
http://csrc.ncsl.nist.gov/) has published FIPS 140-1 
(http://csrc.ncsl.nist.gov/fips/fip140-1.txt) , "Security Requirements 
for Cryptographic Modules" concerns physical security of smart card IC-s 
as they are one kind of cryptographic modules.

The Swedish government is standardising a smart card for use by its 
citizens called the Secure Electronic Information in Society (SEIS at 
www.seis.se/arkivUK.html) card.

3.2. Where do I get the ISO standards?

The ISO standards must be purchased from the ISO catalog at 
www.iso.ch/welcome.html.

3.3. What is ISO 7816 all about?

The formal title of ISO 7816 is Integrated Circuit Cards with Electrical 
Contacts. It is the most widely used and referenced smart card standard. 
ISO 7816 is the international standard for integrated-circuit cards 
(commonly known as smart cards) that use electrical contacts. Anyone 
interested in obtaining a technical understanding of smart cards needs to 
become familiar with ISO 7816.
ISO 7816 currently has nine parts. Some have been completed, some have 
been ammended and others are just in draft stage.

3.3.1. Part 1: Physical characteristics
ISO 7816-1:1987 defines the physical dimensions of contact smart cards 
and their resistance to static electricity, electromagnetic radiation and 
mechanical stress. It also prescribe the physical location of a IC card's 
magnetic stripe and embossing area. 

3.3.2. Part 2: Dimensions and Location of Contacts
ISO 7816-2:1988 Defines the location, purpose and electrical 
characteristics of the card's metallic contacts:

3.3.3. Part 3: Electronic Signals and Transmission Protocols
ISO 7816-3:1989 defines the voltage and current requirements for the 
electrical contacts defined in Part 2 and asynchronous half-duplex 
character transmission protocol (T=0). 
Smart cards that use a proprietary transmission protocol carry the 
designation, T=14. In practical terms, that means the card is not 
compatible with ISO 7816. Proprietary protocol is used in German health 
care cards.
Amendment 1:1992 Protocol type T=1, asynchronous half duplex block 
transmission protocol. 
Amendment 2:1994 Revision of protocol type selection

3.3.4. Part 4: Inter-industry Commands for Interchange
ISO 7816-4 is a Draft International Standard that will establish a set of 
commands across all industries to provide access, security and 
transmission of card data. Within this basic kernel, for example, are 
commands to read, write and update records. 

3.3.5. Part 5: Numbering System and Registration Procedure for 
Application Identifiers
ISO 7816-5:1994 establishes standards for Application Identifiers (AIDs). 
An AID has two parts. The first is a Registered Application Provider 
Identifier (RID) of five bytes that is unique to the vendor. The second 
part is a variable length field of up to 11 bytes that RIDs can use to 
identify specific applications. 

3.3.6. Part 6: Inter-industry data elements (draft)
Describes encoding rules for data needed in many applications e.g. name 
and photograph of owner, his preference of languages etc.

3.3.7 Part 7: Interindustry commands for Structured Card Query Language 
(SCQL) (draft)
Defines how to treat the data on the card as an SQL database.

3.3.8 Part 8: Inter-industry security architecture (draft)

3.3.9 Part 9: Card functions for multi-application use (draft)
The beginnings of a definition of a multi-application card. Now largely 
superceeded by the EMV, Multos and Java Card specifications.

3.4 What about industry specifications?

In addition to standards formulated by recognized standards bodies, there 
are a number of specifications created by companies, industrial consortia 
and ad hoc users groups. These specifications are typically formulated to 
advantage certain interests in the smart card marketplace at the expense 
of others.

Europay, MasterCard and Visa formed working group to create their 
Integrated Circuit Card Specifications for Payment Systems, commonly 
called "EMV'96" or just "EMV" (www.mastercard.com/emv/emvspecs02.html). 
The specification was intended to create common technical basis to 
compete with the Mondex specifications. 

The Java Card Forum (www.javacardforum.org) and JavaSoft 
(www.javasoft.com) maintain specifications for the Java Card.

Microsoft lead a group of smart card manufacturers to produce a 
specification for the use of smart cards on personal computers and 
workstations called PC/SC for Personal Computer/Smart Card 
(www.smartcardsys.com/doc/content.html).

The SET (Secure Electronic Transactions at 
www.mastercard.com/set/specs.html) and C-SET (Card Secured Electronic 
Transactions at  wwwusers.imaginet.fr/~cb-mail/) specifications include 
descriptions of the smart cards they use.

Visa is very active in the smart card area and has published 
specifications for Visa Cash and the Visa Integrated Circuit Card 
(www.visa.com/cgi-bin/vee/nt/chip/visdownload.html).

4. Programmable Smart Cards

Perhaps the most revolutionary event in the history of smart cards over 
the last 25 years is the recent emergence of programmable smart cards. 
Rather than freezing the program that runs in the smart card in read-only 
memory at the time the card is manufactured, programmable smart cards let 
you add executable code to the smart card at time in its lifetime. The 
primary intended use of programmable smart cards is to create multi-
application smart cards on which applications can be added and deleted at 
will. Thus you might decide to get rid of the Koffee Klub Frequent 
Drinker program and add the Budapest Transport System ticket program.

There are a number of programmable smart cards on the market. Some can be 
programmed in high-level languages, some can be programmed in virtual 
assembly language and some can only be programmed in the assembly 
language of the chip on the smart card. 

The Basic Card from Zeitcontrol (www.zeitcontrol.com/) can be programmed 
in Basic. Zeitcontrol has done a excellent job of integrating the 
development of the program on the smart card with the development of the 
program on the host or terminal that is using it. 

The MULTOS (www.multos.com/) smart card is a smart card defined by 
MAOSCO, a spin-off of MONDEX and MasterCard. The MULTOS card can be 
programmed in C and in MEL (MAOS Executable Language), which is the 
assembly language for the virtual machine on the card.

Keycorp (www.keycorp.com.au) is marketing a smart card called OSSCA 
(Operating System for Smart Card Applications) which you can program in 
the Forth language.

A number of card manufacturers have announced cards which can be 
programmed in Java but only Schlumberger(www.cyberflex.austin.et.slb.com) 
has production cards on the market. Gemplus (www.gemplus.com) is making 
available 32-bit experimental cards that run Java.

Both Syprus (www.spyrus.com) and Datakey (www.datakey.com) have cards in 
development that let you add programs written in native assembler. The 
operating system on the Spyrus card is called SPYCOS and the operating 
system on the Data key card is called DKCCOS.  

The HOST operating system from Oberthur (www.oberthurkirk.com) is also 
advertised as supporting the field loading of native code applications.

5. Resources

5.1. Newsgroups

Besides news:alt.technology.smartcards, there are other newsgroups that 
while not devoted exclusively to smart cards carry information relevant 
to smart cards.

news:sci.crypt - Different methods of data en/decryption.

news:sci.crypt.research - Cryptography, cryptanalysis, and related 
issues. (Moderated)

news:comp.security.misc - Security issues of computers and networks.

news:alt.security - Security issues on computer systems.

news:alt.stellite.tv.europe - Europe satellite TV watchers' forum, 
contains info about smart card operated video descrambling.

news:alt.satellite.tv.crypt - Satellite TV payment systems security.

5.2. Pointer Farms

There are far too many smart card resources on the Web and they change so 
quickly that it would be futile to try to list them all here. There are 
however a number of people who have built wonderful pages of pointers to 
smart card resources Therefore rather than listing the original 
resources, we just include pointers to these pages of pointers here. 
Please let the FAQ maintainer (sguthery@tiac.net) know about your 
favorites.

Smart Card Resources on the Web  - 
http://www.dice.ucl.ac.be/crypto/card.html 

ISO-7816 - http://ctl77.nectec.or.th/~nopporn/smartcard/iso7816.html 

Smart Card News - http://www.smartcard.co.uk/index.html 

Smart Card Manufacturers and Services - 
http://www.smartcard.co.uk/links.html 

Yahoo Search - "smart card" - http://search.yahoo.com/search?p=smart+card 


Smart Card Security Information Page - 
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm 

HIP Smart Card - http://cuba.xs4all.nl/~hip/ 

General Smart Card Information - http://www.cryptsoft.com/scard/ 

Smart Card Security News 
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm 

The Smart Card Cybershow - http://www.cardshow.com/ 

The Smart Card Club - http://www.smartcardclub.co.uk/ 

5.3. Smart Card Associations

Card Europe (www.gold.net/users/ct96/), The Association For Smart Cards 
Across Europe, Director - Alan Leibert (alan@cardeurope.cityscape.co.uk) 
is maintaining 
a Smart Card Database (www.gold.net/users/ct96/scdb.htm). 146 Valley Road 
Rickmansworth Herts WO3 4BP United Kingdom, tel: 44-1923-897477, fax: 44-
1923- 897414.


Smart Card Industry Association (SCIA at www.scia.org/) offers SmartFax 
Fax Back System. To use the system call 800- 405-SCIA (US Only) or 202-
789-0407 (Overseas).

Smart Card Forum (www.smartcrd.com/). Catherine Allen or Linette 
Leatherwood, 3030 N. Rocky Point Drive W., Suite 670, Tampa, Florida 
33607, USA ; Tel: +1 813 286 2339; Fax: +1 813 281 8752, Bob Gilson, 
Executive Director

ACT Canada 7 Iles Street Ajax, Ontario L1T 3V7 CANADA tel: +1 905-683-
1442 fax: +1 905-683- 0071 Cathy Johnson, Executive Director

AIM USA 634 Alpha Drive Pittsburgh, PA 15238-2802 tel: +1 412-963-8588 
fax: +1 412-963-8753 e- mail: adc@aimusa.org Larry Roberts, Acting 
President

Electronic Funds Transfer Association (EFTA) 950 Herndon Parkway, Suite 
390 Herndon, VA 22070 tel: +1 703-435-9800 fax: +1 703-435-7157 Lisa 
Eyler, Director of Marketing

Federal Smart Card Users Group 3700 East-West Highway, Room 10020 
Hyattsville, MD 20782 tel: +1 202-874-8859 fax: +1 202-874-8861 John 
Moore, Chairman
International Card Manufacturers Association 34-C Washington Road 
Princeton Junction, NJ 08550 tel: +1 609-799-4900 fax: +1 609-799-7032 
Mary Kay Metcalf, Communications Manager

National Association of Campus Card Users, Inc. 308 Woodbourne Avenue 
Baltimore, MD 21212-3825 tel: +1 410-433-3688 fax: +1 410-435-6125 J. 
Paul Melanson, President

Personal Computer Memory Card Industry Association 1030 East Duane 
Avenue, Suite G Sunnyvale, CA 94086 tel: +1 408-720-0107 fax: +1 408-720-
9416 Bill Lempesis, Executive Director

5.4. Conferences

A schedule of upcoming smart card conferences is maintained by the Smart 
Card Club (www.smartcardclub.co.uk/conferences.html). Notable are:

European Smart Card Application and Technology, held regularly in the 
beginning of September. 

Cards UK Exhibition & Conference. Annual fall conference in London.

CARDIS. Primarily academic and research center presentations. No "floor 
show". Every eighteen months. 

Cartes. The annual smart card show in Paris.

Cards Australia. Annual show down-under.

Asia Card Technology. New but rapidly growing show.

CardTech/SecurTech (www.ctst.com/) conferences in the U.S. The 
Proceedings from these shows are particularly useful.

5.5. Books

Smart Cards: Seizing Strategic Business Opportunities by Catherine Allen 
and William Barr (eds.) ... $26.25 at 
www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/

Smart Cards: A Guide to Building and Managing Smart Card Applications by 
Henry Dreifus and Thomas Monk ... $31.99 at 
www.amazon.com/exec/obidos/ISBN=0471157481/smartcarddevelopA/

Smart Card Developers Kit (including a CD-ROM and a working smart card) 
by Scott Guthery and Tim Jurgensen ... $79.95 at 
www.amazon.com/exec/obidos/ISBN=1578700272/smartcarddevelopA/

Smart Card Security and Applications by Mike Hendry ... $65.00 at 
www.amazon.com/exec/obidos/ISBN=0890069530/smartcarddevelopA/ 

Smart Cards: The Global Information Passport: Managing a Successful Smart 
Card Program by Kaplan ... $44.95 at 
www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/ 

Smart Card Handbook by Wolfgang Rankl and Wolfgang Effing ... $79.95 at 
www.amazon.com/exec/obidos/ISBN=0471967203/smartcarddevelopA/

Smart Cards by Jose Luis Zoreda and Jose Manuel Oton ... $67.00 at 
www.amazon.com/exec/obidos/quicksearch-query/002-6898337-
4117866/smartdevelopA/ 

5.6 Newsletters

Personal Identification Newsletter (PIN), Warfel & Miller Publishing, 
monthly, US$345 per year. 12300 Twinbrook Parkway #300, Rockville, MD, 
20852 (301) 881-6668 fax (301) 881-2554. Cardsmarts@aol.com

Mr. Stephan Seidman, Editor & Publisher, Smart Card Monthly, P.O. Box 
548, Lopez Island, WA 98261, tel: +1 360-468-3570, fax: +1 360-468-3571

Mr. Jerome Svigals, Publisher, Smart Cards and Comments, 221 Yarborough 
Lane, Redwood City, CA 94061, tel: +1 415-365-5920, fax: +1 415-363-2198 

Mr. H. Spencer Nilson , Publisher, The Nilson Report, P.O. Box 49936 
(Barrington Station), Los Angeles, CA 90049, tel: +1 310-396-0615, fax: 
+1 805-983-0792

Ms. Jane Adams, International Managing Editor, World Card Technology, 
European Office: 42 Phoenix Court, Hawkins Road, Colchester, Essex CO2 
8JY, tel: 44-31-337-3311, fax: 44-31-337-7739

6. Credits

The following folks help maintain the alt.technology.smartcards FAQ:

Folkert van Heusden (mailto:f.v.heusden@ftr.nl)
Bo Lavare (mailto:bolavare@geocities.com)
Ben Miller(mailto:ben_miller@faulknergray.com)
Hunter Trumbo (mailto:trumbh@smartdynamics.com)

Send in your suggestions and join the team.