Programming Smart Cards Rajnish Kumar Comp527.

Expect to learn Cardlet Development Installation Coke Machine Interface Implementation Basic Cryptography

Smart Cards A Card with built-in micro-processor and memory. Applications : Pre-paid calling card Security needs e-cash

Terminology Program Applet Application Cardlet Instance of Program Unique AID APDU Communication format between card and terminal

Java Card Architecture Loader Application Cardlets Javacard API SOLO virtual Machine APDU MgmtFileSystemCrypto Utilities Chip Dependent Functions

Developing a Cardlet Develop a.java file -Use the packages provided -Javacard.framework -Javacardx.cryptography -Use “-g” to compile - javac –g wallet.java 1. Compile to.class

Developing a Cardlet Develop a.java file 1. Compile to.class Create a.bin file 2. Use MakeSOLO tool to generate.bin file from.class

Developing a Cardlet Develop a.java file 1. Compile to.class Create a.bin file 2. Use CardletManager tool to download.bin file to the card. Download as a program file 3.

Develop a.java file 1. Compile to.class Create a.bin file 2. Instantiate the program Assign AID Download as a program file 3. Install as a Cardlet 4. Developing a Cardlet

Methods required for Cardlet install() : instantiate cardlet object select() : prepare the cardlet for execution process() : switch statement Optional : main() : entry point for cardlet

Javacard.framework AID - Application ID APDU - Handling communication buffer ISO - constants OwnerPin Applet Util - array functions

Beware !! Card resource limitations Total cardlet size : 13.5 kb Limited heap and stack size Operation time out Desynchronization

Writing Terminal Application

Java Card’s native commands Hosted by Loader utility Loader acts as native OS Loader’s function : Conduct transaction between terminal and cardlet Provide cryptography support Manage card’s files, program files and cardlets.

Example Commands CreateFile DeleteFile SelectFile ReadBinary UpadteBinary VerifyCHV VerifyKey

Terminal Application Use slb.iop.* classes to write terminal application in Java Example method : SmartCard.sendCardAPDU( CLA, INS, P1,P2, dataArray, Mode )

Command format (APDU) CLA : Command Class ( 1byte ) 00h for loader class ( Card specific ). 03h for Wallet ( User defined ) CLAINSP1P2P3 From Terminal SW1 SW2 From Card, To Terminal Data

Command format INS : Command Instruction Identifier (1b) CLA + INS uniquely identifies the command If native, loader process Else, forwarded to suitable cardlet 03h for getBalance(). CLAINSP1P2P3 From Terminal SW1 SW2 From Card, To Terminal Data

Command format P1,P2 : Command parameters P3 : number of bytes of data to follow, or expected by the terminal SW1,SW2 : status words. CLAINSP1P2P3 From Terminal SW1 SW2 From Card, To Terminal Data

Cryptography Support

Symmetric/Asymmetric Authentication Internal/External Authentication Key Files Supported Encryption Algorithms: DES 3-DES RSA

Key Files Key FileFile IDDetails CHV1 CHV Card holder verification PIN, unblocking PIN, attempts Ext Key file0011Contains DES/3DES keys for external authentication, transport key Int Key file0001DES/3DES keys for internal authentication, MAC RSA-PRI RSA-PUB Private key Public key

External Authentication 1. Terminal calls AskRandom. Card has to return a challenge (random number ). 2. Terminal encrypts the challenge. Sends the encrypted challenge back to card using ExternalAuth. Key ID is also specified. 3. Card checks the correctness of terminal response, and authenticates if correct.

Internal Authentication 1. Call an InternalAuth command 2. Call getResponse to get the cryptogram 3. Check if cryptogram is correct. CLA INS P1 P2 P3 Mode 00/F0 88 algo_ID key_nb length S/R

Javacardx.crypto Classes DES_Key DES3_Key RSA_PrivateKey RSA_PublicKey MessageDigest

En/Decryption DES_Key class methods encryptECB, encryptCBC decryptECB, decryptCBC generateMAC, verifyMAC setKey getBlockSize

Code Walk Through

Reference SDK Guide Cyberflex Access Programmer’s Guide Search google for Java cryptography