Smart Card Developer's Kit

Scott Guthery and Tim Jurgensen

Table of Contents

Foreword by Nick Habgood, MAOSCO

Preface

 

Part I Smart Card Background and Basics

Chapter 1 Smart Card Programming
 

Smart Card Software
   

Host Software
   

Card Software
   

Host and Card Software Integration
   

High-Level Language Card Programs
   

Assembly Language Card Programs
   

Smart Card Software Security
 

Smart Card Operating Systems
 

Smart Card File Systems
 

Smart Card Communications
 

Smart Card Hardware
   

The Smart Card Memory System
   

The Smart Card Central Processing Unit
   

Smart Card Input/Output
 

Smart Card System Design
   

Data Security
   

Data Integrity
 

Smart Card System Architecture
 

Summary

Chapter 2 Physical Characteristics of Smart Cards
 

What's in the Card?
   

Integrated Circuit Chips
   

Coprocessors
   

Security Features
 

The Manufacturing Process
   

Mask Development
   

Code Development
   

Chip Simulators
   

Chip Emulators
   

Protocol Analyzers
   

Interface Devices (Readers)
 

Summary

Chapter 3 Some Basic Standards for Smart Cards
 

ISO, IEC, and ANSI Standards for Smart Cards
   

Physical Characteristics of Identification Cards
   

Encoding of Information for Identification Cards
   

The Business Model for Identification Cards
 

Smart Card Standards
   

Characteristics of Smart Cards
   

Other Smart Card Standards and Specifications
 

Summary

Chapter 4 Smart Card Commands
 

Link-Level Protocols
   

The T=0 Protocol
   

The T=1 Protocol
 

Application-Level Protocols
   

The ISO 7816-4 APDU
   

The File System API
   

The Security API
 

Summary

Chapter 5 The Schlumberger Multiflex Smart Card
 

Activating Smart Cards: Reset and Answer to Reset
 

Directories and Files
   

Selecting a Directory
   

Selecting an Elementary File
   

Keys and Key Files
   

Creating a PIN File and Updating the External Authentication Key File
   

Record Files and Seek
   

Cyclic Files and Electronic Purses
 

Multiflex Commands
   

Protected-Model Commands
 

Internal and External Authentication
   

Authentication States and Authentication State Transitions
 

Tracking EEPROM Usage
 

Summary

 

Part II Smart Card Software Development

Chapter 6 Smart Card Software Development Tools
 

Tools for Host Software Development
   

Smart Card Editors
   

Smart Card Systems, Infrastructures, and Plug-Ins
   

Smart Card Software Development Kits and Application Programming Interfaces
   

Smart Card Reader Interfaces
 

Tools for Card Software Development
   

Assemblers and Compilers
   

Simulators and Debuggers
   

Emulators and Testers
   

Smart Card Operating Systems
 

Miscellaneous Tools
 

Summary

Chapter 7 Reader-Side Application Programming Interfaces
 

PC/SC
   

The PC/SC API
   

The Multiflex SSP
   

MULTOS
   

The Open Card Framework
 

ICC Specification for Payment Systems (EMV'96)
   

EMV Commands
   

Data Authentication and Digital Certificates
   

Visa Integrated Circuit Card Specification
   

SET 2.0 and the Visa Open Technology Platform
   

C-SET
   

IATA 791/20.204
 

Cryptographic Smart Cards
   

Cryptographic Smart Card Commands
   

The DCE Personal Security Module API
 

Summary

Chapter 8 Card-Side Application Programming Interfaces
 

Programming Considerations
   

Counterfeit Cards
   

Special Considerations in Writing Card-Side Software
   

Memory
   

Tearing
   

Testing and Debugging
   

Linking and Loading
   

File Design
   

Reader Behavior
   

Reader Communication
 

The Standards-Based APIs
   

The ISO 7816-4 Standard
   

The GSM 11.14 Standard
 

The Vendor APIs
   

Schlumberger's Customer-Oriented System
   

MULTOS
 

The Java Card
   

Java Card API Developments
   

Schlumberger's Java Card 1.0 API
   

Schlumberger's Java Card 20. Core API
   

The JavaSoft Java Card 2.0 API
 

Summary

Chapter 9 Smart Cards and Security
 

Objectives and Characteristics of Security Systems
   

Authentication
   

Authorization
   

Privacy
   

Integrity
   

Nonrepudiation
 

The System Components
   

The Card
   

The Cardholder
   

The Card Issuer
   

The Terminal
   

The PC
   

The Network
   

The Application
 

The Mechanisms
   

Physical Security
   

Authentication
   

Integrity
   

Authorization
   

Privacy
 

Summary

 

Part III Smart Card Application Examples

Chapter 10 The Smart Shopper Card Program
 

The Story of the Smart Shopper Cards
   

Merchants Using Smart Shopper
   

Scenarios for Using Smart Shopper
 

High-Level Design
 

File Layout
   

The Master File
   

The Cardholder Personal Data File
   

The Smart Commerce Solutions Card Administration File
   

The Merchant External Authentication File
   

The Frequent Buyer Points File
   

The Cumulative Purchases File
   

The Want List File
   

File Sizes
 

Card Security Architecture
 

Personalizing the Smart Shopper Card
 

The Smart Commerce Solutions Web Site and Smart Commerce Solutions Application Programs
   

The Smart Shopper Card Browser Program
 

The Harvest Festival Application Programs
 

The Scrivener's Corner Application Program
 

The Smart Commerce Solutions Smart Shopper Card Management Utility
 

Summary

Chapter 11 The FlexCash Card: An E-commerce Smart Card Application
 

An Example: E-Coins, E-Money, and E-Bucks
 

The Design of the FlexCash Smart Card Program
 

FlexCash Card Monitor Implementation
 

The Flex Cash Card Browser and Editor
 

The E-Bucks E-cash Protocol and Implementation
   

The E-Bucks E-cash Protocol
   

The E-Bucks Card-Side Code
   

The E-Bucks Reader-Side Code
 

Summary

Glossary

Appendix A - ISO 7816-4 Smart Card Commands

Appendix B - Multiflex 3K Smart Card Commands