1. Muhammad Wasim Raad1 Smart Cards Operating Systems By: Dr Muhammad Wasim Raad Computer Engineering Department

2. Muhammad Wasim Raad2 Smart Chip - 2001+ Co-Processor & 3-DES Engine 16/32-bit RISC Processor Contact: ISO 7816 and USB ROM (96 KB) EEPROM (64+ KB) FLASH (64 KB) Power (1.8 Volt) Ground Clock Reset ISO 7816 I/O RAM (4 KB) MMU USB I/O DPA & SPA Resistant Logic Contactless: ISO 14443

3. Muhammad Wasim Raad3 What is a COS?

4. Muhammad Wasim Raad4 Card OS Role

5. Muhammad Wasim Raad5 Command Processing

6. Muhammad Wasim Raad6 Command Processing(Cont)

7. Muhammad Wasim Raad7 Transmission Protocol

8. Muhammad Wasim Raad8 File Architecture

9. Muhammad Wasim Raad9 File Architecture(Cont)

10. Muhammad Wasim Raad10 Command Sets

11. Muhammad Wasim Raad11 Protocol Application Layer APDU Format

12. Muhammad Wasim Raad12 Access Conditions

13. Muhammad Wasim Raad13 Access Conditions(Cont)

14. Muhammad Wasim Raad14 Access Conditions Examples

15. Muhammad Wasim Raad15 Access Conditions Examples

16. Muhammad Wasim Raad16 Smart Card Operating Systems Smart card operating systems (SCOS) have little resemblance to desktop OS. SCOS supports a collection of instructions on which user applications can be built. ISO 7816-4 standardizes a wide range of instructions in the format of APDUs. Most SMOS supports File Systems

17. Muhammad Wasim Raad17 1990: very few true SM operating systems STARCOS: first developed by Giesecke & Devrient COS: Card operating system accepted worldwide ROM OS only in large no of cards

18. Muhammad Wasim Raad18 OS Based Classification Smart Card Operating Systems (SCOS) are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: –File Handling and Manipulation. –Memory Management. –Data Transmission Protocols. Various SCOS available are:  JavaCard  Oscar  StarCOS  MFC  MultOS  Cyberflex

19. Muhammad Wasim Raad19 Operating Systems Consortium-based –Java Card (Sun) –Multos Proprietary –Card Manufacturers –Microsoft Windows for Smart Cards (WfSC)

20. Muhammad Wasim Raad20 OS protection PINS & KEYS in EF are not accessible except through OS Downloadable codes need authentication Access conditions determine what files to be executed

21. Muhammad Wasim Raad21 Fundamentals Smart Card OS do not include user interfaces or accessability to external memory Security during program execution and protection of data accesses have highest priority

22. Muhammad Wasim Raad22 Very low amount of program code: 3-30KB ROM masks for OS need 10-12 weeks for correcting errors The secure state of EEPROM has noticeable influence on design of OS

23. Muhammad Wasim Raad23 For example all retry counters must be designed such that their maximum value corresponds to the erased state of the EEPROM If this is not the case, it would be possible to reset counter to its initial value by intentionally removing the card during transaction

24. Muhammad Wasim Raad24 This type of attack can be resisted by proper coding of the counter or by making the process of writing the retry counter an atomic process Trap doors must be avoided Cryptographic functions must execute in very short time

25. Muhammad Wasim Raad25 OS can be loaded into EEPROM, but due to expensive EEPROM most OS is in ROM Almost all OS allow program code for additional commands or special cryptographic algorithms to be loaded into EEPROM during completion

26. Muhammad Wasim Raad26 OS must be able to automatically recognize the size of the EEPROM Technical implementation involves OS routine reading the manufacturer’s finishing data Current Smart Card OS is not able to adapt itself to varyations in size of ROM or RAM

27. Muhammad Wasim Raad27 Primary tasks of Smart card OS Transferring data to and from a smart card Controlling execution of commands Managing files Managing and executing cryptographic algorithms

28. Muhammad Wasim Raad28 Source: Z. Chen, “ Java Card Technology for Smart Cards ” Smart Card Communication Model * The card sends out an ATR (Answer to Reset) immediately after insertion. ** APDU stands for Application Protocol Data Unit (ISO 7816-4).

29. Muhammad Wasim Raad29 Smart Card File System (ISO 7816-4) MF DF EF DF EF DF MF Master File (root directory, must always be present) DF Dedicated File (directory file, can contain directory and data files) EF Elementary File (data file)

30. Muhammad Wasim Raad30 Smart Card File Names (ISO 7816-4) Reserved FIDs 3F00 MF root directory 0000 EF PIN and PUK #1 0100 EF PIN and PUK #2 0001 EF application keys 0011 EF management keys 0002 EF manufacturing info 0003 EF card ID info 0004 EF card holder info 0005 EF chip info 3FFF file path selection FFFF reserved for future use MF FID File Identifier (2 bytes) DF DF Name (1-16 Bytes) usually ISO 7816-5 AID EFShort-FID (5bits) FID File Identifier (2 bytes)

31. Muhammad Wasim Raad31 EEPROM pages 100'000 write cycles 64 byte page size Smart Card Internal File Structure EF Header Body –Header: file structure info, access control rights, pointer to data body content changes never or seldom, protected from erasure –Body: data, content might change often, many write operations pointer

32. Muhammad Wasim Raad32

33. Muhammad Wasim Raad33 MULTOS A high security architecture –Apps needing high security can reside next to apps needing low security Co-residence of multiple, inter-operable, platform independent applications Dynamic remote loading and deletion of applications over the lifetime of a card –Achieved using the language MEL (MULTOS Executable Language)

34. Muhammad Wasim Raad34 PC/SC Architecture designed to ensure the following work together even if made by different manufacturers: –smart cards –smart card readers –computers Differs from OpenCard because it offers API interoperability rather than uniform API Designed for Windows environment with development in Visual C++

35. Muhammad Wasim Raad35 Java card The Java Card specifications enable Java technology to run on smart cards and other devices Multi-Application Capable - Java Card technology enables multiple applications to co-exist securely on a single smart card Dynamic: - New applications can be installed securely Secure: - relies on the inherent security of the Java programming language to provide a secure execution environment. - platform's proven industry deployments and security evaluations ensure that card issuers benefit from the most capable and secure technology available today.

36. Muhammad Wasim Raad36

37. Muhammad Wasim Raad37

38. Muhammad Wasim Raad38 How can the SMART card help in new channels? Earning and redeeming rewards with Virtual Merchants To store personal data for covenience on-line To Secure Virtual World Shopping with Credit (Chip SecureCode) or e-Cash To Managing Finances Securely and Conveniently Virtual Health, Govt or other Services Entertainment on Demand

39. Muhammad Wasim Raad39 Proprietary Smart Card Operating Systems Chip Hardware B Chip Hardware A Proprietary OS A Proprietary OS B Native EMV Code Native Loyalty Code Data ROM E2 Native EMV Code Native EMV Code Native Loyalty Code Data ROM E2 l Proprietary Chip OS developed in “native” code - specific to underlying silicon - to access chip functions. OS often dedicated to performing a single specific function – e.g. EMV l OS code is fixed in the ROM of the chip, and cannot be changed after the chip is made. l Limited number of programmers able to make adaptations to proprietary OS – impact on time to market if changes / new functions required. l In order to multi-source silicon, native code must be redeveloped from scratch for new chip. Chip Hardware B Chip Hardware A

40. Muhammad Wasim Raad40 KILLER Applications

41. Muhammad Wasim Raad41 Open Platform (Card Manager & Security Domain) API Windows for Smart Card by Microsoft and Global Platform Java Card by Sun Micro and Global Platform Multos Credit/Debit WIMSIM Logical & Physical Access LoyaltyE-Purse oror Operating System Options MULTOS by Mondex International and MAOSCO Council

42. Muhammad Wasim Raad42

43. Muhammad Wasim Raad43

44. Muhammad Wasim Raad44

45. Muhammad Wasim Raad45

46. Muhammad Wasim Raad46 Proximity Solutions for MULTOS 2 types of MULTOS “Dual-Interface” cards – supporting communication with the chip via both the contact plate and the contactless interface based on Proximity Standard - ISO 14443 l Hitachi/DNP Contactless MULTOS: 36K EEPROM, Type B contactless interface, Available now l Supports both versions of Paypass transaction (contactless M/Chip 4, or Contactless Track 2 data) and in fact can execute ANY existing MULTOS application over the contactless interface. l Keycorp / Philips Contactless MULTOS, 16K EEPROM, MIFARE Type A contactless interface, Prototypes available now l Supports Mifare ticketing only. Full contactless MULTOS application execution planned for Q3 2004 250K issued for Japan Residential ID card

47. Muhammad Wasim Raad47 Smart Card Corporate ID& E- Purse Multi-application system

48. Muhammad Wasim Raad48 Smart toolz File creation utility

49. Muhammad Wasim Raad49 What is RFID? RFID is an ADC technology that uses radio-frequency waves to transfer data between a reader and a movable item to identify, categorize, track... RFID is fast, reliable, and does not require physical sight or contact between reader/scanner and the tagged item

50. Muhammad Wasim Raad50 What is RFID Radio Frequency Identification Label(Transponder) Reader/Antenna(Interrogator) Computer  Tag enters RF field ‚ RF signal powers tag  Tag transmits ID, plus data „ Reader captures data  Reader sends data to computer  Computer determines action  Computer instructs reader  Reader transmits data to tag

51. Muhammad Wasim Raad RFID Diagram: Note: The host is the software database... Reader RF Module Antenna Host Computer RFID Primer

52. Muhammad Wasim Raad Note: The RF module creates radio frequency (RF). It receives and transmits RF through the antenna… Reader RF Module Antenna Host Computer RFID Primer

53. Muhammad Wasim Raad Note: The RF module creates radio frequency (RF). It receives and transmits RF through the antenna… Reader RF Module Antenna Host Computer RFID Primer

54. Muhammad Wasim Raad Note: Tag (transponder) is interrogated by the antenna.... Reader Reader RF Module Tag Antenna Host Computer RFID Primer

55. Muhammad Wasim Raad Note: The antenna captures the tag ID number…first as analog RF waves, then it is converted to digital information. (Tag ID Communication) Reader RF Module Tag Antenna Host Computer RFID Primer

56. Muhammad Wasim Raad56 An RFID Tag Is A Portable Database …A sophisticated computing and communications device …A wireless extension of Information Systems Interrogation Unit Tx/Rx Micro Computer Computer Network Antenna Tag Radio Tx/Rx RAMROM CPUI/O Pwr Supply Radio Tx/Rx RAMROM CPUI/O Pwr Supply

57. Muhammad Wasim Raad57 What is RFID? -- The Tags Tags can be read-only or read-write Tag memory can be factory or field programmed, partitionable, and optionally permanently locked Bytes left unlocked can be rewritten over more than 100,000 times

58. Muhammad Wasim Raad58 Tags can be attached to almost anything: –pallets or cases of product –vehicles –company assets or personnel –items such as apparel, luggage, laundry –people, livestock, or pets –high value electronics such as computers, TVs, camcorders What is RFID? -- The Tags

59. Muhammad Wasim Raad59 Are All Tags The Same? Basic Types: Active Tag transmits radio signal Battery powered memory, radio & circuitry High Read Range (300 feet) Passive Tag reflects radio signal from reader Reader powered Shorter Read Range (4 inches - 15 feet)

60. Muhammad Wasim Raad60 Variations: –Memory Size (16 bits - 512KBytes +) Read-Only, Read/Write or WORM Type: EEProm, Antifuse, FeRam –Arbitration (Anti-collision) Ability to read/write one or many tags at a time –Frequency 125KHz - 5.8 GHz –Physical Dimensions Thumbnail to Brick sizes –Price ($0.50 to $250) Are All Tags The Same?

61. Muhammad Wasim Raad61 Types of Tags - Memory Segmentation  Read Only (Factory Programmed)  WORM - Write Once, Read Many times  Reprogrammable (Field Programmable)  Read/Write (In-Use Programmable)

62. Muhammad Wasim Raad62 What is RFID? -- The Readers Readers (interrogators) can be at a fixed point such as –Entrance/exit –Point of sale –Warehouse Readers can also be mobile -- tethered, hand-held, or wireless

63. Muhammad Wasim Raad63 Advantages Uses normal CMOS processing — basic and ubiquitous Relative freedom from regulatory limitations Well suited for applications requiring reading small amounts of data at slow speeds and minimal distances Penetrates materials well (water, tissue, wood, aluminum) <150 kHz (125 kHz & 134 kHz )

64. Muhammad Wasim Raad64 Disadvantages: Does not penetrate or transmit around metals (iron, steel) Handles only small amounts of data Slow read speeds Large Antennas -- compared to higher frequencies Minimal Range <150 kHz (125 kHz & 134 kHz )

65. Muhammad Wasim Raad65 Disadvantages: Tag construction: 4 is thicker (than 13.56 MHz) 4 is more expensive (than 13.56 MHz) 4 more complex (requires more turns of the induction coil) <150 kHz (125 kHz & 134 kHz )

66. Muhammad Wasim Raad66 RFID Primer…Frequencies Inductive Magnetic Field Coupling: 13.56 MHz (Popular Smart Card Frequency) 1 MHz 10 MHz Mid. Freq. EAS AM CB RFID: Smart Cards

67. Muhammad Wasim Raad67 13.56 MHz Advantages Uses normal CMOS processing--basic and ubiquitous Well suited for applications requiring reading small amounts of data and minimal distances Penetrates water/tissue well Simpler antenna design (fewer turns of the coil); lower costs to build Higher data rate (than 125 kHz--but slower than higher MHz systems) Thinner tag construction (than 125 kHz)

68. Muhammad Wasim Raad68 Disadvantages Government regulated frequency (U.S. versus Europe) Does not penetrate or transmit around metals (unless very thick) Large Antennas (compared to higher frequencies) Larger tag size than higher frequencies Tag construction: requires more than one surface to complete a circuit Minimal Range 13.56 MHz

69. Muhammad Wasim Raad69 Bar Codes vs. RFID

70. Muhammad Wasim Raad70 RFID Applications Petrol Service Stations –In Singapore, the Mobil petrol service stations has already introduced RFID technology to implement their Speed Pass system to enable drivers to fill up the petrol and drive away. All information will be gathered automatically through RFID smart tags and customers’ bills can be settled through GIRO.

71. Muhammad Wasim Raad71 RFID Application in Petrol Service Station

72. Muhammad Wasim Raad72 RFID Application in a Factory Canteen In the video, it is very interesting to notice that in the factory canteen’s environment, RFID tags are attached at the bottom of the plates to identify the cooked food and its price. The staff of the factory need only to pick up the food on the tray and place the tray on top of a RFID reader. The RFID reader will identify the products and its price. The staff need only to place the cash card to pay for the food.