Presentation on theme: "Programming Smart Cards Rajnish Kumar Comp527.. Expect to learn Cardlet Development Installation Coke Machine Interface Implementation Basic Cryptography."— Presentation transcript:
Programming Smart Cards Rajnish Kumar Comp527.
Expect to learn Cardlet Development Installation Coke Machine Interface Implementation Basic Cryptography
Smart Cards A Card with built-in micro-processor and memory. Applications : Pre-paid calling card Security needs e-cash
Terminology Program Applet Application Cardlet Instance of Program Unique AID APDU Communication format between card and terminal
Java Card Architecture Loader Application Cardlets Javacard API SOLO virtual Machine APDU MgmtFileSystemCrypto Utilities Chip Dependent Functions
Developing a Cardlet Develop a.java file -Use the packages provided -Javacard.framework -Javacardx.cryptography -Use “-g” to compile - javac –g wallet.java 1. Compile to.class
Developing a Cardlet Develop a.java file 1. Compile to.class Create a.bin file 2. Use MakeSOLO tool to generate.bin file from.class
Developing a Cardlet Develop a.java file 1. Compile to.class Create a.bin file 2. Use CardletManager tool to download.bin file to the card. Download as a program file 3.
Develop a.java file 1. Compile to.class Create a.bin file 2. Instantiate the program Assign AID Download as a program file 3. Install as a Cardlet 4. Developing a Cardlet
Methods required for Cardlet install() : instantiate cardlet object select() : prepare the cardlet for execution process() : switch statement Optional : main() : entry point for cardlet
Javacard.framework AID - Application ID APDU - Handling communication buffer ISO - constants OwnerPin Applet Util - array functions
Beware !! Card resource limitations Total cardlet size : 13.5 kb Limited heap and stack size Operation time out Desynchronization
Writing Terminal Application
Java Card’s native commands Hosted by Loader utility Loader acts as native OS Loader’s function : Conduct transaction between terminal and cardlet Provide cryptography support Manage card’s files, program files and cardlets.
Example Commands CreateFile DeleteFile SelectFile ReadBinary UpadteBinary VerifyCHV VerifyKey
Terminal Application Use slb.iop.* classes to write terminal application in Java Example method : SmartCard.sendCardAPDU( CLA, INS, P1,P2, dataArray, Mode )
Command format (APDU) CLA : Command Class ( 1byte ) 00h for loader class ( Card specific ). 03h for Wallet ( User defined ) CLAINSP1P2P3 From Terminal SW1 SW2 From Card, To Terminal Data
Command format INS : Command Instruction Identifier (1b) CLA + INS uniquely identifies the command If native, loader process Else, forwarded to suitable cardlet 03h for getBalance(). CLAINSP1P2P3 From Terminal SW1 SW2 From Card, To Terminal Data
Command format P1,P2 : Command parameters P3 : number of bytes of data to follow, or expected by the terminal SW1,SW2 : status words. CLAINSP1P2P3 From Terminal SW1 SW2 From Card, To Terminal Data
Key Files Key FileFile IDDetails CHV1 CHV Card holder verification PIN, unblocking PIN, attempts Ext Key file0011Contains DES/3DES keys for external authentication, transport key Int Key file0001DES/3DES keys for internal authentication, MAC RSA-PRI RSA-PUB Private key Public key
External Authentication 1. Terminal calls AskRandom. Card has to return a challenge (random number ). 2. Terminal encrypts the challenge. Sends the encrypted challenge back to card using ExternalAuth. Key ID is also specified. 3. Card checks the correctness of terminal response, and authenticates if correct.
Internal Authentication 1. Call an InternalAuth command 2. Call getResponse to get the cryptogram 3. Check if cryptogram is correct. CLA INS P1 P2 P3 Mode 00/F0 88 algo_ID key_nb length S/R