Production of the chip and the generation of OS smart card
Smart Card Application Layer Protocols
The ISO/IEC 7816-4 standard defines the functions directly applied by smart card applications. It describes two classes of functions:
- a set of functions covering the application programming interface (API) through which application programs in the channel on the reader side can access files and information in these files inside the file system. The file system is considered as a fully defined hierarchical structure;
- security features that can be applied to restrict access to card application programs or to files with their information inside the card file system.
The application software uses a protocol to exchange control signals and information between the reader and the card. Smart card readers can be integrated into ATMs, into working monoblocks for keeping track of employees ‘ working hours, as well as into various equipment that allows you to exchange data with the reader. The operation of this protocol is based on the use of the APDU block structure. APDU blocks are exchanged using the T = 0 and T = 1 channel layer protocols. The APDU Manager, which is a software component of the card, interprets the APDU blocks and performs the operations defined by them.
The APDU structure defined by the ISO 7816-4 standard is similar to the TPDU structure defined by the ISO 7816-3 standard for the T = 0 protocol. When the APDU structure is moved by the T = 0 protocol, the APDU elements are directly superimposed on the TPDU elements. The APDU structure in ISO 7816-4 is:
- independent of the link layer protocol;
- defined for the application layer.
An ARDU command is a structured message that carries a command (and possibly data).) from the reader to the card. An ARDU response is a structured message that carries the response (and possibly data) from the card back to the reader. Smart card and data reader applications use APDU blocks, the structure of which is defined by the ISO 7816-4 standard. The T = 1 protocol is more modern and therefore more difficult to implement when compared to the byte protocol.
In the case of the T = 0 protocol, its effectiveness is confirmed by the fact that in the T = 1 protocol, the use of the CRC code gives a 100% chance to detect all possible errors of odd multiplicity. Much more effective is the procedure for notifying the transmitting party of errors in the transmitted block. The T = 1 protocol makes it possible to create several logical channels between the smart card and the reader, as well as to transmit several commands at once in one data block.
According to the ISO 7816-4 standard, a logical channel is defined as a separate communication channel with a specific directory of the smart card file system. The reader can set up to 4 logical communication channels with the smart card. The channel number from 0 to 3 is encoded by the special bits b1 and b2 of the CLA command byte. At the logical level, data transmission over any 2 channels occurs independently of each other.
The production of the chip and the generation of OS smart card
The production of a smart card includes the following steps::
- the design of the chip;
- generation of the smart card operating system;
- manufacturing of chips and modules;
- production of the card case;
- embedding the module in the card case.
The main parameters for the chip specification are as follows:
- type of microcontroller (for example, 6805, 8051 and others);
- ROM volume;
- RAM;
- type of non-volatile memory;
- the amount of non-volatile memory;
- clock speed;
- electrical parameters (voltage and current);
- the communication settings;
- the mechanism of installation in the initial state;
- standby mode (low current mode);
- coprocessor (for example, public key cryptography).
All production begins with the formulation of the application requirements. Based on this specification of the application requirements, individual specifications are generated for the electronic components and chip, the operating system of the card and case, as well as for the application software. The software and OS are transferred to the chip manufacturer. Application software loading and data personalization is usually performed by the card manufacturer using special industrial equipment in automatic mode. A fundamental aspect of smart card manufacturing is security, which is inherent in the entire manufacturing process. In the integrated circuit specification for a smart card, there are a number of factors that require a decision.
In practice, integrated circuit manufacturers produce a number of products in which the above parameters are predefined. Therefore, the task of the developer is related to the selection of the appropriate product for a particular application. As mentioned earlier, an important aspect for the application is security, and accordingly, there may be special requirements for the physical and logical security provided by the chip. Naturally, the recommendations of the fundamentally important ISO 7816 standard should be taken into account. Part 3 “Electronic signals and transmission protocols”.
ROM specification. The ROM contains the smart card operating system. It is more concerned with managing data files, but can also optionally include additional features such as working with cryptographic algorithms (for example, DES). This part of the smart card standards is still poorly developed, because early applications used smart cards as a means of storing data with some simple security features, such as checking the PIN code. An important part of the ISO standards is standard 7816-4 (commands). For multiapplication cards, the most important challenge is to ensure that applications are safely separated in a single chip. The developed program code is transmitted to the chip manufacturer, who uses this data in the chip manufacturing process.
Specification FOR the application. This part of the card development process is particularly application-specific. The application code could be designed as part of the ROM code, but it is more rational to design the application software and place it in the non-volatile memory of the EEPROM. This provides a more flexible approach, as the application can be loaded into the chip after it is manufactured. Moreover, when using the EEPROM, this code can be changed. The production of a chip using ready-made ROM code takes an average of three months. The application code can be downloaded to the EEPROM in a few minutes without contacting the chip manufacturer.
Map specification. The card specification includes parameters that are common to many existing applications that use a card with ISO ID-1 parameters. The main parameters to specify are listed below:
- the dimensions of the card;
- the location of the chip (for contact cards);
- card material;
- requirements for print;
- magnetic stripe (optional);
- stripe signature (not mandatory);
- hologram or a photo (optional);
- embossment (optional);
- environmental parameters.
The characteristics of the smart card are described in Parts 1 and 2 of the ISO 7816 standard.