News
EMV access condition values
AEF files As already noted, the ADF file is an access point to the AEF files containing the data of the application corresponding to the ADF file. After the terminal selects the ADF file, all the AEF files of this application can be selected by the SFI name of these files. The SFI value of any application AEF file varies from 1 to 30. According to Book 3 of the EMV specifications, AEF files identified by SFI in the range from 1 to 10 store data defined in the EMV standard. Files identified by SFI in the range from 11 to 20 and from 21 to 30...
read moreEMV file system
Ef files As noted earlier, it is in the EF files that the data of the card and its applications are stored. In terms of graph theory, EF files are leaves (terminal vertices of a graph) in the tree-like file structure of the IPC. ISO 7816-4, an EF file may have its own header (FCI). Consider a possible FCI implementation for an EF file. EF file and takes two bytes. The card EF file operating system reserves the required EEPR0M space. New data can be added to the EF file until there is no free space in the reserved space. The data element File...
read moreThe file structure, commands, and data protection mechanisms in microprocessor-based cards of the EMV standard
Data objects and their encoding Any application of a microprocessor card uses a certain set of data elements (Data Element) — minimal units of information that are identified by their name, content, and format (digital, binary, symbolic, and mixed formats are allowed). Data elements are logical structures, and for their storage in card memory, they are cardped (encoded) into physical data objects (Data Object). There are various forms of displaying data elements in data objects. The BER-TLV encoding defined by the IS0/IEC 8825 standard is...
read moreGeneral trends in the development of microprocessor cards
General trends in the development of microprocessor cards today are dictated not by the banking sector, but by telecommunications applications. The main focus of these trends is to: – eliminate the weak telecommunications capabilities of the smart card associated with the support of low-speed half-duplex asynchronous communication protocols that have not changed for more than 15 years; implementation of multitasking (multithreaded) mode of operation of the smart card, i.e. its ability to run multiple applications at any given time. The...
read morePhysical security assessment of a microprocessor EMV card
When evaluating the security of an information system, two questions usually arise: what is the level of security of the system and how much it costs to ensure this level of security. Over the past fifteen years, the emergence of standards that allow independent assessments of information system security has made it possible to get answers to these questions. The Information Technology Security Evaluation Criteria (ITSEC) standard was developed in Europe and recognized by France, Germany, the United Kingdom, and the Netherlands in 1991.at the...
read moreMulti-layer operating systems
There are different approaches to implementing application programs (applications) on the card. The first approach is that IPC applications are developed for a specific “native” operating system of the card’s microprocessor. These cards are called Native cards or static cards. The latter name is due to the fact that applications of such cards cannot be transferred to cards using a different operating system. On static cards, the application, using the functions of the operating system and application programming interfaces...
read moreApplication layer protocol
The IS0/IEC 7816-4 standard defines the functions used by smart card and terminal applications when performing a transaction. It describes two classes of functions. First, the commands available to the terminal program for working with information stored in the card file system are defined. Second, security features are defined that can be used to restrict access to card applications and files, as well as to ensure secure data exchange. These functions include authentication of the card and an external program that works with the card,...
read moreEMV communication protocols
Information exchange between the card and terminal applications from a communication point of view is carried out in accordance with the seven level Reference model of interaction of open systems (EMBOS). EMBOS describes the General communication interaction between two objects, introducing the concept of seven different Protocol levels placed on top of each other. The EMBOS Protocol Suite provides a reliable mechanism for information exchange between two applications that are generally supported on different hardware and software platforms....
read moreInitial installation of the EMV Protocol card
The dialog between the reader and the card takes place in several consecutive stages: connecting and activating card contacts (switching the card to an idle state); initial installation (reinstalling the card); data exchange between the card and the reader; disabling (deactivating) the card. When entering the card into the reader, the terminal does not supply power to the card. This is due to the fact that the card chip can be seriously damaged if the voltage is applied to an unintended card contact. The power supply is not applied until the...
read moreTypical values of EMV operations from the RSA algorithm
Consider the execution times of various RSA operations on the Crypto@1408Bit cryptoprocessor used in Infineon’s SLE88CFX1M00P and SLE88CFX8002P chips . The crypto processor has a private memory of size 880 bytes. Note that the speed of RSA operations depends linearly on the clock frequency of the cryptoprocessor. The RSA key generation time is a random variable (see the description of the algorithm in app. C), so the table shows the average values of this indicator. Finally, note that the public key exponent value F_4 = 216+ 1 = 65,537...
read more