News

EMV file system

Ef files As noted earlier, it is in the EF files that the data of the card and its applications are stored. In terms of graph theory, EF files are leaves (terminal vertices of a graph) in the tree-like file structure of the IPC. ISO 7816-4, an EF file may have its own header (FCI). Consider a possible FCI implementation for an EF file. EF file and takes two bytes. The card EF file operating system reserves the required EEPR0M space. New data can be added to the EF file until there is no free space in the reserved space. The data element File...

read more

The file structure, commands, and data protection mechanisms in microprocessor-based cards of the EMV standard

Data objects and their encoding Any application of a microprocessor card uses a certain set of data elements (Data Element) — minimal units of information that are identified by their name, content, and format (digital, binary, symbolic, and mixed formats are allowed). Data elements are logical structures, and for their storage in card memory, they are cardped (encoded) into physical data objects (Data Object). There are various forms of displaying data elements in data objects. The BER-TLV encoding defined by the IS0/IEC 8825 standard is...

read more

General trends in the development of microprocessor cards

General trends in the development of microprocessor cards today are dictated not by the banking sector, but by telecommunications applications. The main focus of these trends is to: – eliminate the weak telecommunications capabilities of the smart card associated with the support of low-speed half-duplex asynchronous communication protocols that have not changed for more than 15 years; implementation of multitasking (multithreaded) mode of operation of the smart card, i.e. its ability to run multiple applications at any given time. The...

read more

Physical security assessment of a microprocessor EMV card

When evaluating the security of an information system, two questions usually arise: what is the level of security of the system and how much it costs to ensure this level of security. Over the past fifteen years, the emergence of standards that allow independent assessments of information system security has made it possible to get answers to these questions. The Information Technology Security Evaluation Criteria (ITSEC) standard was developed in Europe and recognized by France, Germany, the United Kingdom, and the Netherlands in 1991.at the...

read more

Multi-layer operating systems

There are different approaches to implementing application programs (applications) on the card. The first approach is that IPC applications are developed for a specific “native” operating system of the card’s microprocessor. These cards are called Native cards or static cards. The latter name is due to the fact that applications of such cards cannot be transferred to cards using a different operating system. On static cards, the application, using the functions of the operating system and application programming interfaces...

read more

Application layer protocol

The IS0/IEC 7816-4 standard defines the functions used by smart card and terminal applications when performing a transaction. It describes two classes of functions. First, the commands available to the terminal program for working with information stored in the card file system are defined. Second, security features are defined that can be used to restrict access to card applications and files, as well as to ensure secure data exchange. These functions include authentication of the card and an external program that works with the card,...

read more

EMV communication protocols

Information exchange between the card and terminal applications from a communication point of view is carried out in accordance with the seven level Reference model of interaction of open systems (EMBOS). EMBOS describes the General communication interaction between two objects, introducing the concept of seven different Protocol levels placed on top of each other. The EMBOS Protocol Suite provides a reliable mechanism for information exchange between two applications that are generally supported on different hardware and software platforms....

read more

Initial installation of the EMV Protocol card

The dialog between the reader and the card takes place in several consecutive stages: connecting and activating card contacts (switching the card to an idle state); initial installation (reinstalling the card); data exchange between the card and the reader; disabling (deactivating) the card. When entering the card into the reader, the terminal does not supply power to the card. This is due to the fact that the card chip can be seriously damaged if the voltage is applied to an unintended card contact. The power supply is not applied until the...

read more

Typical values of EMV operations from the RSA algorithm

Consider the execution times of various RSA operations on the Crypto@1408Bit cryptoprocessor used in Infineon’s SLE88CFX1M00P and SLE88CFX8002P chips . The crypto processor has a private memory of size 880 bytes. Note that the speed of RSA operations depends linearly on the clock frequency of the cryptoprocessor. The RSA key generation time is a random variable (see the description of the algorithm in app. C), so the table shows the average values of this indicator. Finally, note that the public key exponent value F_4 = 216+ 1 = 65,537...

read more

The architecture of the Java Card standard ЕМV

The Java Card EMV The Java Card EMV architecture of the standard contactless card uses electromagnetic waves to provide information exchange between the card and the terminal. Interaction between the card and the terminal is based on the protocols described in ISO 14443, ISO 15693, ISO 18000, ISO 18092, ISO 10536, and others. in banking technologies, the IS014443 a&B standard is most often used, which is accepted by the leading payment systems VISA and MasterCard as the base for implementing financial applications of these systems. ISO...

read more