Transcript Document

Programming Smart Cards
Rajnish Kumar
Comp527.
Expect to learn

Cardlet

Development

Installation

Coke Machine Interface Implementation

Basic Cryptography
Smart Cards


A Card with built-in micro-processor and
memory.
Applications :

Pre-paid calling card

Security needs

e-cash
Terminology

Program



Cardlet



Applet
Application
Instance of Program
Unique AID
APDU

Communication format between card and terminal
Java Card Architecture
Cardlets
Loader Application
Javacard API
SOLO virtual Machine
APDU Mgmt
FileSystem
Crypto
Chip Dependent Functions
Utilities
Developing a Cardlet
1.
Develop a
.java file
Compile to
.class
-Use the packages provided
-Javacard.framework
-Javacardx.cryptography
-Use “-g” to compile
- javac –g wallet.java
Developing a Cardlet
1.
Compile to
.class
Develop a
.java file
2.
Create a
.bin file
Use MakeSOLO tool to
generate .bin file from
.class
Developing a Cardlet
1.
Use CardletManager
tool to download .bin
file to the card.
Compile to
.class
Develop a
.java file
2.
3.
Create a
.bin file
Download as a
program file
Developing a Cardlet
1.
•Instantiate the program
Compile to
.class
Develop a
.java file
2.
•Assign AID
3.
Create a
.bin file
4.
Download as a
program file
Install as a
Cardlet
Methods required for Cardlet



install() : instantiate cardlet object
select() : prepare the cardlet for
execution
process() : switch statement
Optional :

main() : entry point for cardlet
Javacard.framework






AID
APDU
ISO
OwnerPin
Applet
Util
- Application ID
- Handling communication buffer
- constants
- array functions
Beware !!

Card resource limitations




Total cardlet size : 13.5 kb
Limited heap and stack size
Operation time out
Desynchronization

Writing Terminal Application
Java Card’s native commands



Hosted by Loader utility
Loader acts as native OS
Loader’s function :



Conduct transaction between terminal and
cardlet
Provide cryptography support
Manage card’s files, program files and
cardlets.
Example Commands







CreateFile
DeleteFile
SelectFile
ReadBinary
UpadteBinary
VerifyCHV
VerifyKey
Terminal Application


Use slb.iop.* classes to write terminal
application in Java
Example method :

SmartCard.sendCardAPDU( CLA,
INS,
P1,P2,
dataArray,
Mode )
Command format (APDU)
From Terminal
CLA
From Card,
To Terminal

INS
P1
P2
P3
Data
SW1
CLA : Command Class ( 1byte )


00h for loader class ( Card specific ).
03h for Wallet ( User defined )
SW2
Command format
From Terminal
CLA
INS
P1
P2
P3
Data
From Card,
To Terminal

SW1
INS : Command Instruction Identifier (1b)


CLA + INS uniquely identifies the command
If native, loader process


Else, forwarded to suitable cardlet
03h for getBalance().
SW2
Command format
From Terminal
From Card,
To Terminal



CLA
INS
P1
P2
P3
Data
SW1
SW2
P1,P2 : Command parameters
P3
: number of bytes of data to follow, or
expected by the terminal
SW1,SW2 : status words.

Cryptography Support
Cryptography Support




Symmetric/Asymmetric Authentication
Internal/External Authentication
Key Files
Supported Encryption Algorithms:



DES
3-DES
RSA
Key Files
Key File
File ID
Details
CHV1
CHV2
0000
0100
Card holder verification PIN,
unblocking PIN, attempts
Ext Key file
0011
Contains DES/3DES keys for external
authentication, transport key
Int Key file
0001
DES/3DES keys for internal
authentication, MAC
RSA-PRI
RSA-PUB
0012
1012
Private key
Public key
External Authentication
1.
2.
3.
Terminal calls AskRandom. Card has to
return a challenge (random number ).
Terminal encrypts the challenge. Sends the
encrypted challenge back to card using
ExternalAuth . Key ID is also specified.
Card checks the correctness of terminal
response, and authenticates if correct.
Internal Authentication
1.
Call an
CLA INS
00/F0
2.
3.
88
InternalAuth command
P1
P2
algo_ID key_nb
P3
Mode
length
S/R
Call getResponse to get the cryptogram
Check if cryptogram is correct.
Javacardx.crypto

Classes





DES_Key
DES3_Key
RSA_PrivateKey
RSA_PublicKey
MessageDigest
En/Decryption

DES_Key class methods





encryptECB, encryptCBC
decryptECB, decryptCBC
generateMAC, verifyMAC
setKey
getBlockSize

Code Walk Through
Reference

SDK Guide
Cyberflex Access Programmer’s Guide

Search google for Java cryptography

www.cyberflex.com/Support/support.html
