Posting-Frequency: monthly to alt.technology.smartcards,alt.answers,
Maintainer: Scott Guthery <email@example.com>
See reader questions & answers on this topic! - Help others by sharing your knowledge
Frequently Asked Questions (FAQ) for news:alt.technology.smartcards This is the second version of the FAQ for alt.technology.smartcards. It is an evolution and updating of the first version (www.ioc.ee/atsc/faq.html) of the FAQ created by Jaan Priisaluof (firstname.lastname@example.org) the Estonian Institute of Cybernetics Comments and suggestions for improvement of the a.t.s. FAQ should be sent to Scott Guthery at email@example.com. The current edition of the FAQ is available at www.scdk.com/atsfaq.htm. CONTENTS 1. Purpose of alt.technology.smartcards 2. General Questions 3. Standards and Specifications 4. Programmable Smart Cards 5. Resources 6. Credits 1. Purpose of alt.technology.smartcards The purpose of alt.technology.smartcards is to provide an unmoderated forum for the discussion of technology, applications and issues associated with smart cards. It will serve as a resource for people to: Engage in discussion and debate about technical and public policy issues including the security, privacy, legal, regulatory and economic impact of smart card applications. Educate and inform others about the strength, weaknesses and general use of smart cards; share ideas, information and specific experience about smart cards, both in technology: Find information and have questions answered by people in the smart card community. 2. General Questions 2.1. What is a smart card? A smart card is a credit-card-sized plastic card that contains a general- purpose microprocessor, typically an 8-bit microcontroller such as a Motorola 6805 or an Intel 8051. The microprocessor is underneath a gold contact pad located on one side of the card. 2.2. Where did the phrase "smart card" come from? Smart cards were independently invented in Germany (1967), Japan (1970), the United States(1972), and France (1974). In 1980, when France began a major campaign to export the technology, the Roy Bright of the government's marketing organization Intelimatique coined the word "Smart Card." 2.3 Is it "smart card" or "smartcard"? Most English dictionaries use "smart card" but you'll see both in use. 2.4. Is a.t.s archived somewhere? No. But it would be nice if it were. 2.5. Is a.t.s the right place for information about satellite card analysis, emulation and hacking? Only for TECHNICAL information. Please do not post here satellite card advertisment, channel keys, channel frequencies. Post here only information about algorithms, protocols, security breaches, ECMs. 2.6. Is a.t.s the right place for satellite card and other satellite equipment advertisment? alt.satellite.tv.crypt.forsale would probably generate more sales. 2.7. Is a.t.s the right place for smart card collectors? The rec.collecting hierarchy is probably a better selection. 3. Standards and Specifications 3.1. Are smart cards standardized? There are all sorts of smart card standards. The physical and mechanical standards are observed more uniformly than the software standards. ISO/IEC JTC1 Information technology SC 17 Identification cards and related devices(www.iso.ch/meme/JTC1SC17.html)is interested in common smart card issues. The list of some standards: ISO 7810 Identification cards -- Physical characteristics. ISO/IEC 7812 Identification cards -- Identification of issuers. ISO/IEC 7816 Identification cards -- Integrated circuit(s) with contacts. Parts 1-3 define the communication of cards with contacts for both memory and processor cards. Parts 4-6 are related to specification of processor card operating system and are by their nature contact independent. Parts 7 and 8 will be the extensions of parts 4 and 6. ISO/IEC 10536 Identification cards -- Contactless integrated circuit(s) cards. The standard specifies close coupling (slot and surface) cards communication (parts 1-3) ISO/IEC 10373 Identification cards -- Test methods. ISO/IEC 14443 Remote coupling communication cards. ISO TC 68 Banking and related financial services SC 6 (www.iso.ch/meme/TC68SC6.html) Financial transaction cards, related media and operations is representing interest of smart payment card issuers and is developing the standard series ISO 10202 Financial transaction cards - - Security architecture of financial transaction systems using integrated circuit cards (parts 1-8). CEN/CENELEC and ETSI are interested in telecommunications. EN 742 Identification cards: location of contacts for cards and devices used in Europe. New edition specifies the format ID-000 used for GSM Subscriber Identity Module (SIM). EN 726 Terminal Equipment (TE); Requirements for IC cards and terminals for telecommunication use. The standard is the technical basis for smartcards in Europe. ETSI specified also the GSM SIM. The standard have two names: GSM 11.11 and I-ETSI 300045. In the U.S., the National Institute of Standards and Technology (NIST at http://csrc.ncsl.nist.gov/) has published FIPS 140-1 (http://csrc.ncsl.nist.gov/fips/fip140-1.txt) , "Security Requirements for Cryptographic Modules" concerns physical security of smart card IC-s as they are one kind of cryptographic modules. The Swedish government is standardising a smart card for use by its citizens called the Secure Electronic Information in Society (SEIS at www.seis.se/arkivUK.html) card. 3.2. Where do I get the ISO standards? The ISO standards must be purchased from the ISO catalog at www.iso.ch/welcome.html. 3.3. What is ISO 7816 all about? The formal title of ISO 7816 is Integrated Circuit Cards with Electrical Contacts. It is the most widely used and referenced smart card standard. ISO 7816 is the international standard for integrated-circuit cards (commonly known as smart cards) that use electrical contacts. Anyone interested in obtaining a technical understanding of smart cards needs to become familiar with ISO 7816. ISO 7816 currently has nine parts. Some have been completed, some have been ammended and others are just in draft stage. 3.3.1. Part 1: Physical characteristics ISO 7816-1:1987 defines the physical dimensions of contact smart cards and their resistance to static electricity, electromagnetic radiation and mechanical stress. It also prescribe the physical location of a IC card's magnetic stripe and embossing area. 3.3.2. Part 2: Dimensions and Location of Contacts ISO 7816-2:1988 Defines the location, purpose and electrical characteristics of the card's metallic contacts: 3.3.3. Part 3: Electronic Signals and Transmission Protocols ISO 7816-3:1989 defines the voltage and current requirements for the electrical contacts defined in Part 2 and asynchronous half-duplex character transmission protocol (T=0). Smart cards that use a proprietary transmission protocol carry the designation, T=14. In practical terms, that means the card is not compatible with ISO 7816. Proprietary protocol is used in German health care cards. Amendment 1:1992 Protocol type T=1, asynchronous half duplex block transmission protocol. Amendment 2:1994 Revision of protocol type selection 3.3.4. Part 4: Inter-industry Commands for Interchange ISO 7816-4 is a Draft International Standard that will establish a set of commands across all industries to provide access, security and transmission of card data. Within this basic kernel, for example, are commands to read, write and update records. 3.3.5. Part 5: Numbering System and Registration Procedure for Application Identifiers ISO 7816-5:1994 establishes standards for Application Identifiers (AIDs). An AID has two parts. The first is a Registered Application Provider Identifier (RID) of five bytes that is unique to the vendor. The second part is a variable length field of up to 11 bytes that RIDs can use to identify specific applications. 3.3.6. Part 6: Inter-industry data elements (draft) Describes encoding rules for data needed in many applications e.g. name and photograph of owner, his preference of languages etc. 3.3.7 Part 7: Interindustry commands for Structured Card Query Language (SCQL) (draft) Defines how to treat the data on the card as an SQL database. 3.3.8 Part 8: Inter-industry security architecture (draft) 3.3.9 Part 9: Card functions for multi-application use (draft) The beginnings of a definition of a multi-application card. Now largely superceeded by the EMV, Multos and Java Card specifications. 3.4 What about industry specifications? In addition to standards formulated by recognized standards bodies, there are a number of specifications created by companies, industrial consortia and ad hoc users groups. These specifications are typically formulated to advantage certain interests in the smart card marketplace at the expense of others. Europay, MasterCard and Visa formed working group to create their Integrated Circuit Card Specifications for Payment Systems, commonly called "EMV'96" or just "EMV" (www.mastercard.com/emv/emvspecs02.html). The specification was intended to create common technical basis to compete with the Mondex specifications. The Java Card Forum (www.javacardforum.org) and JavaSoft (www.javasoft.com) maintain specifications for the Java Card. Microsoft lead a group of smart card manufacturers to produce a specification for the use of smart cards on personal computers and workstations called PC/SC for Personal Computer/Smart Card (www.smartcardsys.com/doc/content.html). The SET (Secure Electronic Transactions at www.mastercard.com/set/specs.html) and C-SET (Card Secured Electronic Transactions at wwwusers.imaginet.fr/~cb-mail/) specifications include descriptions of the smart cards they use. Visa is very active in the smart card area and has published specifications for Visa Cash and the Visa Integrated Circuit Card (www.visa.com/cgi-bin/vee/nt/chip/visdownload.html). 4. Programmable Smart Cards Perhaps the most revolutionary event in the history of smart cards over the last 25 years is the recent emergence of programmable smart cards. Rather than freezing the program that runs in the smart card in read-only memory at the time the card is manufactured, programmable smart cards let you add executable code to the smart card at time in its lifetime. The primary intended use of programmable smart cards is to create multi- application smart cards on which applications can be added and deleted at will. Thus you might decide to get rid of the Koffee Klub Frequent Drinker program and add the Budapest Transport System ticket program. There are a number of programmable smart cards on the market. Some can be programmed in high-level languages, some can be programmed in virtual assembly language and some can only be programmed in the assembly language of the chip on the smart card. The Basic Card from Zeitcontrol (www.zeitcontrol.com/) can be programmed in Basic. Zeitcontrol has done a excellent job of integrating the development of the program on the smart card with the development of the program on the host or terminal that is using it. The MULTOS (www.multos.com/) smart card is a smart card defined by MAOSCO, a spin-off of MONDEX and MasterCard. The MULTOS card can be programmed in C and in MEL (MAOS Executable Language), which is the assembly language for the virtual machine on the card. Keycorp (www.keycorp.com.au) is marketing a smart card called OSSCA (Operating System for Smart Card Applications) which you can program in the Forth language. A number of card manufacturers have announced cards which can be programmed in Java but only Schlumberger(www.cyberflex.austin.et.slb.com) has production cards on the market. Gemplus (www.gemplus.com) is making available 32-bit experimental cards that run Java. Both Syprus (www.spyrus.com) and Datakey (www.datakey.com) have cards in development that let you add programs written in native assembler. The operating system on the Spyrus card is called SPYCOS and the operating system on the Data key card is called DKCCOS. The HOST operating system from Oberthur (www.oberthurkirk.com) is also advertised as supporting the field loading of native code applications. 5. Resources 5.1. Newsgroups Besides news:alt.technology.smartcards, there are other newsgroups that while not devoted exclusively to smart cards carry information relevant to smart cards. news:sci.crypt - Different methods of data en/decryption. news:sci.crypt.research - Cryptography, cryptanalysis, and related issues. (Moderated) news:comp.security.misc - Security issues of computers and networks. news:alt.security - Security issues on computer systems. news:alt.stellite.tv.europe - Europe satellite TV watchers' forum, contains info about smart card operated video descrambling. news:alt.satellite.tv.crypt - Satellite TV payment systems security. 5.2. Pointer Farms There are far too many smart card resources on the Web and they change so quickly that it would be futile to try to list them all here. There are however a number of people who have built wonderful pages of pointers to smart card resources Therefore rather than listing the original resources, we just include pointers to these pages of pointers here. Please let the FAQ maintainer (firstname.lastname@example.org) know about your favorites. Smart Card Resources on the Web - http://www.dice.ucl.ac.be/crypto/card.html ISO-7816 - http://ctl77.nectec.or.th/~nopporn/smartcard/iso7816.html Smart Card News - http://www.smartcard.co.uk/index.html Smart Card Manufacturers and Services - http://www.smartcard.co.uk/links.html Yahoo Search - "smart card" - http://search.yahoo.com/search?p=smart+card Smart Card Security Information Page - http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm HIP Smart Card - http://cuba.xs4all.nl/~hip/ General Smart Card Information - http://www.cryptsoft.com/scard/ Smart Card Security News http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm The Smart Card Cybershow - http://www.cardshow.com/ The Smart Card Club - http://www.smartcardclub.co.uk/ 5.3. Smart Card Associations Card Europe (www.gold.net/users/ct96/), The Association For Smart Cards Across Europe, Director - Alan Leibert (email@example.com) is maintaining a Smart Card Database (www.gold.net/users/ct96/scdb.htm). 146 Valley Road Rickmansworth Herts WO3 4BP United Kingdom, tel: 44-1923-897477, fax: 44- 1923- 897414. Smart Card Industry Association (SCIA at www.scia.org/) offers SmartFax Fax Back System. To use the system call 800- 405-SCIA (US Only) or 202- 789-0407 (Overseas). Smart Card Forum (www.smartcrd.com/). Catherine Allen or Linette Leatherwood, 3030 N. Rocky Point Drive W., Suite 670, Tampa, Florida 33607, USA ; Tel: +1 813 286 2339; Fax: +1 813 281 8752, Bob Gilson, Executive Director ACT Canada 7 Iles Street Ajax, Ontario L1T 3V7 CANADA tel: +1 905-683- 1442 fax: +1 905-683- 0071 Cathy Johnson, Executive Director AIM USA 634 Alpha Drive Pittsburgh, PA 15238-2802 tel: +1 412-963-8588 fax: +1 412-963-8753 e- mail: firstname.lastname@example.org Larry Roberts, Acting President Electronic Funds Transfer Association (EFTA) 950 Herndon Parkway, Suite 390 Herndon, VA 22070 tel: +1 703-435-9800 fax: +1 703-435-7157 Lisa Eyler, Director of Marketing Federal Smart Card Users Group 3700 East-West Highway, Room 10020 Hyattsville, MD 20782 tel: +1 202-874-8859 fax: +1 202-874-8861 John Moore, Chairman International Card Manufacturers Association 34-C Washington Road Princeton Junction, NJ 08550 tel: +1 609-799-4900 fax: +1 609-799-7032 Mary Kay Metcalf, Communications Manager National Association of Campus Card Users, Inc. 308 Woodbourne Avenue Baltimore, MD 21212-3825 tel: +1 410-433-3688 fax: +1 410-435-6125 J. Paul Melanson, President Personal Computer Memory Card Industry Association 1030 East Duane Avenue, Suite G Sunnyvale, CA 94086 tel: +1 408-720-0107 fax: +1 408-720- 9416 Bill Lempesis, Executive Director 5.4. Conferences A schedule of upcoming smart card conferences is maintained by the Smart Card Club (www.smartcardclub.co.uk/conferences.html). Notable are: European Smart Card Application and Technology, held regularly in the beginning of September. Cards UK Exhibition & Conference. Annual fall conference in London. CARDIS. Primarily academic and research center presentations. No "floor show". Every eighteen months. Cartes. The annual smart card show in Paris. Cards Australia. Annual show down-under. Asia Card Technology. New but rapidly growing show. CardTech/SecurTech (www.ctst.com/) conferences in the U.S. The Proceedings from these shows are particularly useful. 5.5. Books Smart Cards: Seizing Strategic Business Opportunities by Catherine Allen and William Barr (eds.) ... $26.25 at www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/ Smart Cards: A Guide to Building and Managing Smart Card Applications by Henry Dreifus and Thomas Monk ... $31.99 at www.amazon.com/exec/obidos/ISBN=0471157481/smartcarddevelopA/ Smart Card Developers Kit (including a CD-ROM and a working smart card) by Scott Guthery and Tim Jurgensen ... $79.95 at www.amazon.com/exec/obidos/ISBN=1578700272/smartcarddevelopA/ Smart Card Security and Applications by Mike Hendry ... $65.00 at www.amazon.com/exec/obidos/ISBN=0890069530/smartcarddevelopA/ Smart Cards: The Global Information Passport: Managing a Successful Smart Card Program by Kaplan ... $44.95 at www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/ Smart Card Handbook by Wolfgang Rankl and Wolfgang Effing ... $79.95 at www.amazon.com/exec/obidos/ISBN=0471967203/smartcarddevelopA/ Smart Cards by Jose Luis Zoreda and Jose Manuel Oton ... $67.00 at www.amazon.com/exec/obidos/quicksearch-query/002-6898337- 4117866/smartdevelopA/ 5.6 Newsletters Personal Identification Newsletter (PIN), Warfel & Miller Publishing, monthly, US$345 per year. 12300 Twinbrook Parkway #300, Rockville, MD, 20852 (301) 881-6668 fax (301) 881-2554. Cardsmarts@aol.com Mr. Stephan Seidman, Editor & Publisher, Smart Card Monthly, P.O. Box 548, Lopez Island, WA 98261, tel: +1 360-468-3570, fax: +1 360-468-3571 Mr. Jerome Svigals, Publisher, Smart Cards and Comments, 221 Yarborough Lane, Redwood City, CA 94061, tel: +1 415-365-5920, fax: +1 415-363-2198 Mr. H. Spencer Nilson , Publisher, The Nilson Report, P.O. Box 49936 (Barrington Station), Los Angeles, CA 90049, tel: +1 310-396-0615, fax: +1 805-983-0792 Ms. Jane Adams, International Managing Editor, World Card Technology, European Office: 42 Phoenix Court, Hawkins Road, Colchester, Essex CO2 8JY, tel: 44-31-337-3311, fax: 44-31-337-7739 6. Credits The following folks help maintain the alt.technology.smartcards FAQ: Folkert van Heusden (mailto:email@example.com) Bo Lavare (mailto:firstname.lastname@example.org) Ben Miller(mailto:email@example.com) Hunter Trumbo (mailto:firstname.lastname@example.org) Send in your suggestions and join the team.