alt.technology.smartcards FAQ
Scott Guthery
Archive-name: technology/smartcards/faq
Posting-Frequency: monthly to alt.technology.smartcards,alt.answers,
news.answers
Last-modified: 1998/06/12
Version: 2.0
URL: http://www.scdk.com/atsfaq.htm
Maintainer: Scott Guthery <sgut...@tiac.net>
Frequently Asked Questions (FAQ) for news:alt.technology.smartcards
This is the second version of the FAQ for alt.technology.smartcards. It
is an evolution and updating of the first version
(www.ioc.ee/atsc/faq.html) of the FAQ created by Jaan Priisaluof
(je...@ioc.ee) the Estonian Institute of Cybernetics
Comments and suggestions for improvement of the a.t.s. FAQ should be sent
to Scott Guthery at sgut...@tiac.net. The current edition of the FAQ is
available at www.scdk.com/atsfaq.htm.
CONTENTS
1. Purpose of alt.technology.smartcards
2. General Questions
3. Standards and Specifications
4. Programmable Smart Cards
5. Resources
6. Credits
1. Purpose of alt.technology.smartcards
The purpose of alt.technology.smartcards is to provide an unmoderated
forum for the discussion of technology, applications and issues
associated with smart cards. It will serve as a resource for people to:
Engage in discussion and debate about technical and public policy issues
including the security, privacy, legal, regulatory and economic impact of
smart card applications.
Educate and inform others about the strength, weaknesses and general use
of smart cards; share ideas, information and specific experience about
smart cards, both in technology:
Find information and have questions answered by people in the smart card
community.
2. General Questions
2.1. What is a smart card?
A smart card is a credit-card-sized plastic card that contains a general-
purpose microprocessor, typically an 8-bit microcontroller such as a
Motorola 6805 or an Intel 8051. The microprocessor is underneath a gold
contact pad located on one side of the card.
2.2. Where did the phrase "smart card" come from?
Smart cards were independently invented in Germany (1967), Japan (1970),
the United States(1972), and France (1974). In 1980, when France began a
major campaign to export the technology, the Roy Bright of the
government's marketing organization Intelimatique coined the word "Smart
Card."
2.3 Is it "smart card" or "smartcard"?
Most English dictionaries use "smart card" but you'll see both in use.
2.4. Is a.t.s archived somewhere?
No. But it would be nice if it were.
2.5. Is a.t.s the right place for information about satellite card
analysis, emulation and hacking?
Only for TECHNICAL information. Please do not post here satellite card
advertisment, channel keys, channel frequencies. Post here only
information about algorithms, protocols, security breaches, ECMs.
2.6. Is a.t.s the right place for satellite card and other satellite
equipment advertisment?
alt.satellite.tv.crypt.forsale would probably generate more sales.
2.7. Is a.t.s the right place for smart card collectors?
The rec.collecting hierarchy is probably a better selection.
3. Standards and Specifications
3.1. Are smart cards standardized?
There are all sorts of smart card standards. The physical and mechanical
standards are observed more uniformly than the software standards.
ISO/IEC JTC1 Information technology SC 17 Identification cards and
related devices(www.iso.ch/meme/JTC1SC17.html)is interested in common
smart card issues. The list of some standards:
ISO 7810 Identification cards -- Physical characteristics.
ISO/IEC 7812 Identification cards -- Identification of issuers.
ISO/IEC 7816 Identification cards -- Integrated circuit(s) with contacts.
Parts 1-3 define the communication of cards with contacts for both memory
and processor cards. Parts 4-6 are related to specification of processor
card operating system and are by their nature contact independent. Parts
7 and 8 will be the extensions of parts 4 and 6.
ISO/IEC 10536 Identification cards -- Contactless integrated circuit(s)
cards. The standard specifies close coupling (slot and surface) cards
communication (parts 1-3)
ISO/IEC 10373 Identification cards -- Test methods.
ISO/IEC 14443 Remote coupling communication cards.
ISO TC 68 Banking and related financial services SC 6
(www.iso.ch/meme/TC68SC6.html) Financial transaction cards, related media
and operations is representing interest of smart payment card issuers and
is developing the standard series ISO 10202 Financial transaction cards -
- Security architecture of financial transaction systems using integrated
circuit cards (parts 1-8).
CEN/CENELEC and ETSI are interested in telecommunications.
EN 742 Identification cards: location of contacts for cards and devices
used in Europe. New edition specifies the format ID-000 used for GSM
Subscriber Identity Module (SIM).
EN 726 Terminal Equipment (TE); Requirements for IC cards and terminals
for telecommunication use. The standard is the technical basis for
smartcards in Europe.
ETSI specified also the GSM SIM. The standard have two names: GSM 11.11
and I-ETSI 300045.
In the U.S., the National Institute of Standards and Technology (NIST at
http://csrc.ncsl.nist.gov/) has published FIPS 140-1
(http://csrc.ncsl.nist.gov/fips/fip140-1.txt) , "Security Requirements
for Cryptographic Modules" concerns physical security of smart card IC-s
as they are one kind of cryptographic modules.
The Swedish government is standardising a smart card for use by its
citizens called the Secure Electronic Information in Society (SEIS at
www.seis.se/arkivUK.html) card.
3.2. Where do I get the ISO standards?
The ISO standards must be purchased from the ISO catalog at
www.iso.ch/welcome.html.
3.3. What is ISO 7816 all about?
The formal title of ISO 7816 is Integrated Circuit Cards with Electrical
Contacts. It is the most widely used and referenced smart card standard.
ISO 7816 is the international standard for integrated-circuit cards
(commonly known as smart cards) that use electrical contacts. Anyone
interested in obtaining a technical understanding of smart cards needs to
become familiar with ISO 7816.
ISO 7816 currently has nine parts. Some have been completed, some have
been ammended and others are just in draft stage.
3.3.1. Part 1: Physical characteristics
ISO 7816-1:1987 defines the physical dimensions of contact smart cards
and their resistance to static electricity, electromagnetic radiation and
mechanical stress. It also prescribe the physical location of a IC card's
magnetic stripe and embossing area.
3.3.2. Part 2: Dimensions and Location of Contacts
ISO 7816-2:1988 Defines the location, purpose and electrical
characteristics of the card's metallic contacts:
3.3.3. Part 3: Electronic Signals and Transmission Protocols
ISO 7816-3:1989 defines the voltage and current requirements for the
electrical contacts defined in Part 2 and asynchronous half-duplex
character transmission protocol (T=0).
Smart cards that use a proprietary transmission protocol carry the
designation, T=14. In practical terms, that means the card is not
compatible with ISO 7816. Proprietary protocol is used in German health
care cards.
Amendment 1:1992 Protocol type T=1, asynchronous half duplex block
transmission protocol.
Amendment 2:1994 Revision of protocol type selection
3.3.4. Part 4: Inter-industry Commands for Interchange
ISO 7816-4 is a Draft International Standard that will establish a set of
commands across all industries to provide access, security and
transmission of card data. Within this basic kernel, for example, are
commands to read, write and update records.
3.3.5. Part 5: Numbering System and Registration Procedure for
Application Identifiers
ISO 7816-5:1994 establishes standards for Application Identifiers (AIDs).
An AID has two parts. The first is a Registered Application Provider
Identifier (RID) of five bytes that is unique to the vendor. The second
part is a variable length field of up to 11 bytes that RIDs can use to
identify specific applications.
3.3.6. Part 6: Inter-industry data elements (draft)
Describes encoding rules for data needed in many applications e.g. name
and photograph of owner, his preference of languages etc.
3.3.7 Part 7: Interindustry commands for Structured Card Query Language
(SCQL) (draft)
Defines how to treat the data on the card as an SQL database.
3.3.8 Part 8: Inter-industry security architecture (draft)
3.3.9 Part 9: Card functions for multi-application use (draft)
The beginnings of a definition of a multi-application card. Now largely
superceeded by the EMV, Multos and Java Card specifications.
3.4 What about industry specifications?
In addition to standards formulated by recognized standards bodies, there
are a number of specifications created by companies, industrial consortia
and ad hoc users groups. These specifications are typically formulated to
advantage certain interests in the smart card marketplace at the expense
of others.
Europay, MasterCard and Visa formed working group to create their
Integrated Circuit Card Specifications for Payment Systems, commonly
called "EMV'96" or just "EMV" (www.mastercard.com/emv/emvspecs02.html).
The specification was intended to create common technical basis to
compete with the Mondex specifications.
The Java Card Forum (www.javacardforum.org) and JavaSoft
(www.javasoft.com) maintain specifications for the Java Card.
Microsoft lead a group of smart card manufacturers to produce a
specification for the use of smart cards on personal computers and
workstations called PC/SC for Personal Computer/Smart Card
(www.smartcardsys.com/doc/content.html).
The SET (Secure Electronic Transactions at
www.mastercard.com/set/specs.html) and C-SET (Card Secured Electronic
Transactions at wwwusers.imaginet.fr/~cb-mail/) specifications include
descriptions of the smart cards they use.
Visa is very active in the smart card area and has published
specifications for Visa Cash and the Visa Integrated Circuit Card
(www.visa.com/cgi-bin/vee/nt/chip/visdownload.html).
4. Programmable Smart Cards
Perhaps the most revolutionary event in the history of smart cards over
the last 25 years is the recent emergence of programmable smart cards.
Rather than freezing the program that runs in the smart card in read-only
memory at the time the card is manufactured, programmable smart cards let
you add executable code to the smart card at time in its lifetime. The
primary intended use of programmable smart cards is to create multi-
application smart cards on which applications can be added and deleted at
will. Thus you might decide to get rid of the Koffee Klub Frequent
Drinker program and add the Budapest Transport System ticket program.
There are a number of programmable smart cards on the market. Some can be
programmed in high-level languages, some can be programmed in virtual
assembly language and some can only be programmed in the assembly
language of the chip on the smart card.
The Basic Card from Zeitcontrol (www.zeitcontrol.com/) can be programmed
in Basic. Zeitcontrol has done a excellent job of integrating the
development of the program on the smart card with the development of the
program on the host or terminal that is using it.
The MULTOS (www.multos.com/) smart card is a smart card defined by
MAOSCO, a spin-off of MONDEX and MasterCard. The MULTOS card can be
programmed in C and in MEL (MAOS Executable Language), which is the
assembly language for the virtual machine on the card.
Keycorp (www.keycorp.com.au) is marketing a smart card called OSSCA
(Operating System for Smart Card Applications) which you can program in
the Forth language.
A number of card manufacturers have announced cards which can be
programmed in Java but only Schlumberger(www.cyberflex.austin.et.slb.com)
has production cards on the market. Gemplus (www.gemplus.com) is making
available 32-bit experimental cards that run Java.
Both Syprus (www.spyrus.com) and Datakey (www.datakey.com) have cards in
development that let you add programs written in native assembler. The
operating system on the Spyrus card is called SPYCOS and the operating
system on the Data key card is called DKCCOS.
The HOST operating system from Oberthur (www.oberthurkirk.com) is also
advertised as supporting the field loading of native code applications.
5. Resources
5.1. Newsgroups
Besides news:alt.technology.smartcards, there are other newsgroups that
while not devoted exclusively to smart cards carry information relevant
to smart cards.
news:sci.crypt - Different methods of data en/decryption.
news:sci.crypt.research - Cryptography, cryptanalysis, and related
issues. (Moderated)
news:comp.security.misc - Security issues of computers and networks.
news:alt.security - Security issues on computer systems.
news:alt.stellite.tv.europe - Europe satellite TV watchers' forum,
contains info about smart card operated video descrambling.
news:alt.satellite.tv.crypt - Satellite TV payment systems security.
5.2. Pointer Farms
There are far too many smart card resources on the Web and they change so
quickly that it would be futile to try to list them all here. There are
however a number of people who have built wonderful pages of pointers to
smart card resources Therefore rather than listing the original
resources, we just include pointers to these pages of pointers here.
Please let the FAQ maintainer (sgut...@tiac.net) know about your
favorites.
Smart Card Resources on the Web -
http://www.dice.ucl.ac.be/crypto/card.html
ISO-7816 - http://ctl77.nectec.or.th/~nopporn/smartcard/iso7816.html
Smart Card News - http://www.smartcard.co.uk/index.html
Smart Card Manufacturers and Services -
http://www.smartcard.co.uk/links.html
Yahoo Search - "smart card" - http://search.yahoo.com/search?p=smart+card
Smart Card Security Information Page -
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
HIP Smart Card - http://cuba.xs4all.nl/~hip/
General Smart Card Information - http://www.cryptsoft.com/scard/
Smart Card Security News
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
The Smart Card Cybershow - http://www.cardshow.com/
The Smart Card Club - http://www.smartcardclub.co.uk/
5.3. Smart Card Associations
Card Europe (www.gold.net/users/ct96/), The Association For Smart Cards
Across Europe, Director - Alan Leibert (al...@cardeurope.cityscape.co.uk)
is maintaining
a Smart Card Database (www.gold.net/users/ct96/scdb.htm). 146 Valley Road
Rickmansworth Herts WO3 4BP United Kingdom, tel: 44-1923-897477, fax: 44-
1923- 897414.
Smart Card Industry Association (SCIA at www.scia.org/) offers SmartFax
Fax Back System. To use the system call 800- 405-SCIA (US Only) or 202-
789-0407 (Overseas).
Smart Card Forum (www.smartcrd.com/). Catherine Allen or Linette
Leatherwood, 3030 N. Rocky Point Drive W., Suite 670, Tampa, Florida
33607, USA ; Tel: +1 813 286 2339; Fax: +1 813 281 8752, Bob Gilson,
Executive Director
ACT Canada 7 Iles Street Ajax, Ontario L1T 3V7 CANADA tel: +1 905-683-
1442 fax: +1 905-683- 0071 Cathy Johnson, Executive Director
AIM USA 634 Alpha Drive Pittsburgh, PA 15238-2802 tel: +1 412-963-8588
fax: +1 412-963-8753 e- mail: a...@aimusa.org Larry Roberts, Acting
President
Electronic Funds Transfer Association (EFTA) 950 Herndon Parkway, Suite
390 Herndon, VA 22070 tel: +1 703-435-9800 fax: +1 703-435-7157 Lisa
Eyler, Director of Marketing
Federal Smart Card Users Group 3700 East-West Highway, Room 10020
Hyattsville, MD 20782 tel: +1 202-874-8859 fax: +1 202-874-8861 John
Moore, Chairman
International Card Manufacturers Association 34-C Washington Road
Princeton Junction, NJ 08550 tel: +1 609-799-4900 fax: +1 609-799-7032
Mary Kay Metcalf, Communications Manager
National Association of Campus Card Users, Inc. 308 Woodbourne Avenue
Baltimore, MD 21212-3825 tel: +1 410-433-3688 fax: +1 410-435-6125 J.
Paul Melanson, President
Personal Computer Memory Card Industry Association 1030 East Duane
Avenue, Suite G Sunnyvale, CA 94086 tel: +1 408-720-0107 fax: +1 408-720-
9416 Bill Lempesis, Executive Director
5.4. Conferences
A schedule of upcoming smart card conferences is maintained by the Smart
Card Club (www.smartcardclub.co.uk/conferences.html). Notable are:
European Smart Card Application and Technology, held regularly in the
beginning of September.
Cards UK Exhibition & Conference. Annual fall conference in London.
CARDIS. Primarily academic and research center presentations. No "floor
show". Every eighteen months.
Cartes. The annual smart card show in Paris.
Cards Australia. Annual show down-under.
Asia Card Technology. New but rapidly growing show.
CardTech/SecurTech (www.ctst.com/) conferences in the U.S. The
Proceedings from these shows are particularly useful.
5.5. Books
Smart Cards: Seizing Strategic Business Opportunities by Catherine Allen
and William Barr (eds.) ... $26.25 at
www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/
Smart Cards: A Guide to Building and Managing Smart Card Applications by
Henry Dreifus and Thomas Monk ... $31.99 at
www.amazon.com/exec/obidos/ISBN=0471157481/smartcarddevelopA/
Smart Card Developers Kit (including a CD-ROM and a working smart card)
by Scott Guthery and Tim Jurgensen ... $79.95 at
www.amazon.com/exec/obidos/ISBN=1578700272/smartcarddevelopA/
Smart Card Security and Applications by Mike Hendry ... $65.00 at
www.amazon.com/exec/obidos/ISBN=0890069530/smartcarddevelopA/
Smart Cards: The Global Information Passport: Managing a Successful Smart
Card Program by Kaplan ... $44.95 at
www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/
Smart Card Handbook by Wolfgang Rankl and Wolfgang Effing ... $79.95 at
www.amazon.com/exec/obidos/ISBN=0471967203/smartcarddevelopA/
Smart Cards by Jose Luis Zoreda and Jose Manuel Oton ... $67.00 at
www.amazon.com/exec/obidos/quicksearch-query/002-6898337-
4117866/smartdevelopA/
5.6 Newsletters
Personal Identification Newsletter (PIN), Warfel & Miller Publishing,
monthly, US$345 per year. 12300 Twinbrook Parkway #300, Rockville, MD,
20852 (301) 881-6668 fax (301) 881-2554. Cards...@aol.com
Mr. Stephan Seidman, Editor & Publisher, Smart Card Monthly, P.O. Box
548, Lopez Island, WA 98261, tel: +1 360-468-3570, fax: +1 360-468-3571
Mr. Jerome Svigals, Publisher, Smart Cards and Comments, 221 Yarborough
Lane, Redwood City, CA 94061, tel: +1 415-365-5920, fax: +1 415-363-2198
Mr. H. Spencer Nilson , Publisher, The Nilson Report, P.O. Box 49936
(Barrington Station), Los Angeles, CA 90049, tel: +1 310-396-0615, fax:
+1 805-983-0792
Ms. Jane Adams, International Managing Editor, World Card Technology,
European Office: 42 Phoenix Court, Hawkins Road, Colchester, Essex CO2
8JY, tel: 44-31-337-3311, fax: 44-31-337-7739
6. Credits
The following folks help maintain the alt.technology.smartcards FAQ:
Folkert van Heusden (mailto:f.v.h...@ftr.nl)
Bo Lavare (mailto:bola...@geocities.com)
Ben Miller(mailto:ben_m...@faulknergray.com)
Hunter Trumbo (mailto:tru...@smartdynamics.com)
Send in your suggestions and join the team.