Smart Cards Operating Systems????? ??????? ???????? ?????? - PowerPoint PPT Presentation

About This Presentation
Title:

Smart Cards Operating Systems????? ??????? ???????? ??????

Description:

Muhammad Wasim Raad. 1. Smart Cards Operating Systems????? ??????? ???????? ?????? ... Muhammad Wasim Raad. 19. OS must be able to automatically recognize the ... – PowerPoint PPT presentation

Number of Views:1301
Avg rating:3.0/5.0
Slides: 42
Provided by: Ain69
Category:

less

Transcript and Presenter's Notes

Title: Smart Cards Operating Systems????? ??????? ???????? ??????


1
Smart Cards Operating Systems????? ???????
???????? ??????
  • By Dr Muhammad Wasim Raad
  • Computer Engineering Department

2
Smart Chip - 2001
Power (1.8 Volt)
Co-Processor 3-DES Engine
ROM (96 KB)
Ground
RAM (4 KB)
Clock
16/32-bit RISC Processor
EEPROM (64 KB) FLASH (64 KB)
Reset
ISO 7816 I/O
Contact ISO 7816 and USB
MMU
USB I/O
DPA SPA Resistant Logic
Contactless ISO 14443
3
???? ???? ????? ??????? ?????? What is a
COS?
4
Card OS Role????? ???? ????? ???????
5
Transmission Protocol
6
File Architecture
7
File Architecture(Cont)
8
Command Sets
9
ISO 7816-4 Command Sets
10
Protocol Application LayerAPDU Format
11
Access Conditions
12
Access Conditions Examples
13
Access Conditions Examples
14
Smart Card Operating Systems
  • Smart card operating systems (SCOS) have little
    resemblance to desktop OS.
  • SCOS supports a collection of instructions on
    which user applications can be built.
  • ISO 7816-4 standardizes a wide range of
    instructions in the format of APDUs.
  • Most SMOS supports File Systems

15
  • Very low amount of program code 3-30KB
  • ROM masks for OS need 10-12 weeks for
    correcting errors
  • The secure state of EEPROM has noticeable
    influence on design of OS

16
  • For example all retry counters must be
    designed such that their maximum value
    corresponds to the erased state of the EEPROM
  • If this is not the case, it would be
    possible to reset counter to its initial value
    by intentionally removing the card during
    transaction

17
  • This type of attack can be resisted by
    proper coding of the counter or by making
    the process of writing the retry counter an
    atomic process
  • Trap doors must be avoided
  • Cryptographic functions must execute in very
    short time

18
  • OS can be loaded into EEPROM, but due to
    expensive EEPROM most OS is in ROM
  • Almost all OS allow program code for
    additional commands or special cryptographic
    algorithms to be loaded into EEPROM during
    completion

19
  • OS must be able to automatically recognize
    the size of the EEPROM
  • Technical implementation involves OS routine
    reading the manufacturers finishing data
  • Current Smart Card OS is not able to adapt
    itself to varyations in size of ROM or RAM

20
Primary tasks of Smart card OS
  • Transferring data to and from a smart card
  • Controlling execution of commands
  • Managing files
  • Managing and executing cryptographic algorithms

21
Smart Card Communication Model
The card sends out an ATR (Answer to Reset)
immediately after insertion. APDU stands for
Application Protocol Data Unit (ISO 7816-4).
Source Z. Chen, Java Card Technology for Smart
Cards
22
Smart Card File System (ISO 7816-4)
23
Smart Card File Names (ISO 7816-4)
Reserved FIDs 3F00 MF root directory 0000 EF
PIN and PUK 10100 EF PIN and PUK 2 0001 EF
application keys0011 EF management keys 0002
EF manufacturing info0003 EF card ID
info0004 EF card holder info0005 EF chip
info 3FFF file path selection FFFF reserved for
future use
24
Smart Card Internal File Structure
  • Header file structure info, access control
    rights, pointer to data body
    content changes never or seldom, protected from
    erasure
  • Body data, content might change often, many
    write operations

25
(No Transcript)
26
MULTOS
  • A high security architecture
  • Apps needing high security can reside next to
    apps needing low security
  • Co-residence of multiple, inter-operable,
    platform independent applications
  • Dynamic remote loading and deletion of
    applications over the lifetime of a card
  • Achieved using the language MEL (MULTOS
    Executable Language)

27
PC/SC
  • Architecture designed to ensure the following
    work together even if made by different
    manufacturers
  • smart cards
  • smart card readers
  • computers
  • Differs from OpenCard because it offers API
    interoperability rather than uniform API
  • Designed for Windows environment with development
    in Visual C

28
Java card
  • The Java Card specifications enable Java
    technology to run on smart cards and other
    devices
  • Multi-Application Capable
  • - Java Card technology enables multiple
    applications to co-exist securely on a single
    smart card
  • Dynamic
  • - New applications can be installed securely
  • Secure
  • - relies on the inherent security of the Java
    programming language to provide a secure
    execution environment.
  • - platform's proven industry deployments and
    security evaluations ensure that card issuers
    benefit from the most capable and secure
    technology available today.

29
Java Card
  • Platform independent
  • Does not support issuer control
  • Not secure enough for finantial applications

30
Java Card Architecture Components
31
(No Transcript)
32
(No Transcript)
33
Java Card I/O with APDUs
OS selects applet and invokes its process method
command APDU, incl. applet ID
applet
applet
applet
applet
Applet sends response APDU
applet executes
Java Card platform
terminal
smartcard hardware
34
How can the SMART card help in new channels?
35
Proprietary Smart Card Operating Systems
  • Proprietary Chip OS developed in native code -
    specific to underlying silicon - to access chip
    functions. OS often dedicated to performing a
    single specific function e.g. EMV

Data
Data
Data
Data
E2
E2
ROM
ROM
  • OS code is fixed in the ROM of the chip, and
    cannot be changed after the chip is made.

Chip Hardware A
Chip Hardware B
  • Limited number of programmers able to make
    adaptations to proprietary OS impact on time to
    market if changes / new functions required.
  • In order to multi-source silicon, native code
    must be redeveloped from scratch for new chip.

Chip Hardware A
Chip Hardware B
36
KILLER Applications
37
MULTOS
  • The only OS obtaining ITSEC(E6)
  • Very secure
  • Multi-application support
  • Requires Coprocessor for RSA makes it expensive

38
MULTOS The OPEN STANDARD smart card operating
system
  • MULTOS defines a standard CHIP HARDWARE
    INDEPENDENT Smart Card Operating System
  • Portable
  • Develop applications ONCE and run on ANY MULTOS
    chip.
  • Open
  • Develop in C or Java and Compile. API FREELY
    available.

C Compiler
Java Compiler / Translator
MEL Editor
EMV
EMV
  • Highest Hardware and OS Security Assurance
  • ITSEC E6 High evaluated
  • MULTOS SCHEME facilitates management of multiple
    applications
  • Advanced Asymmetric Cryptographic mechanism

PKI
Application A
PKI
Application A
E2PROM
E2PROM
MULTOS API
MULTOS API
MULTOS VM
MULTOS VM

ROM

ROM
Infineon Silicon
Renesas Silicon
39
Operating System Options
Logical Physical Access
WIM SIM
Loyalty E-Purse
Credit/Debit
Open Platform (Card Manager Security Domain) API
MULTOS by Mondex International and MAOSCO Council
Windows for Smart Card by Microsoft and Global Pla
tform
Java Card by Sun Micro and Global Platform
or
or
Multos
40
(No Transcript)
41
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com