Smart card interaction with EMV Software

The global concept of smart technology development is based on multi-functionality, which implies that several independent applications can be stored on a smart card: personal information (similar to a passport), driver’s license, etc., financial, identification, transport and other applications. With the growing role of the Internet in the global economy, the attention of leading technology and financial organizations to the standardization of smart cards and personal computers, as well as the procedures for their interaction, is understandable.

The problem is particularly relevant for the so-called open systems of commercial use, which process restricted access information that does not contain state secrets, and are rapidly developing all over the world and, in particular, in our country. An open system is usually understood as a set of computing and telecommunications equipment of different production, the joint operation of which is ensured by its compliance with international standards. So, this month we completed a pilot project on the basis of smart cards of the integrated security system of the office building of the company “Compressor-Center”, which offers refrigeration equipment and receiver units of various capacities.A characteristic feature of the implemented system is the nuance that the protective mechanisms of applications of employee identification smart cards are based on the corresponding mechanisms of the operating system and hardware.

The application depends on the boundaries in which these two lower system levels perform their protection functions, since the application cannot fix any errors in the hardware or operating system. To effectively protect an application from attacks, you need to design the application’s defense mechanisms as simple as possible. Following this basic principle simplifies the implementation and subsequent verification of the correct functioning and effectiveness of protective mechanisms.

On the contrary, the use of sophisticated processes and protection mechanisms usually leads to the fact that developers or users forget or miss some points, and this makes it easier for attacking attackers. In addition, the application must always use the operating system’s security mechanisms. These mechanisms are tested for reliability, and the protection they provide is performed at a lower software level than that of the application.

It is advisable to combine the implementation of the “make it easier” principle with the implementation of the following rule: observe strict restrictions on granting access rights to files and smart card commands. As a rule, this access should be denied and allowed only when it is absolutely necessary. This approach reduces the likelihood of unauthorized access to important data and programs.

Comprehensive approach to smart card security

Modern advances in crystal manufacturing technology allow the chip of the previous size to additionally accommodate RSA and Triple-DES cryptoprocessors, a timer, a UART port, a CRC counting module, noise generators, additional RAM, two I/O interfaces simultaneously – pin and contactless, as well as to increase the bit rate of processors from 8 to 16 bits, ROM memory sizes – up to 64 Kb, and EEPROM – up to 32 Kb. The modern microprocessor chip of a smart card has several levels of protection against unauthorized access to the information stored in it: software, hardware and technological.

The software layer is implemented by means of the operating system, which use the following methods and methods of protection:

  1. assigning individual file attributes and individual file access rights;
  2. access to files according to predefined rules (PIN verification and authentication);
  3. lock files, directories, or cards;
  4. protection of the PIN code with counteraction to its selection;
  5. mutual authentication between the card and the terminal;
  6. encryption of commands and data;
  7. encryption of internal data;
  8. encryption of the card exchange channel with the terminal;
  9. using session keys for all cryptographic conversions;
  10. protection against unauthorized and unintended use of files.

Security systems designed on the basis of smart cards have reliability and flexibility to expand functionality. For example, control signals from such a security system can be applied to a voice warning system or horn sounders. The combination of software, hardware and technological measures used to restrict access, as well as cryptographic protection of information using algorithms of guaranteed durability, exclude the possibility of gaining access to the data stored on the smart card, reliably protect the electronic smart card from copying, emulation and unauthorized reuse.

The hardware level of protection is supported by a chip resource designed by the manufacturer. For this purpose, special sensors, devices and elements are implemented in the chip:

  1. low and high voltage power supply detector;
  2. low and high clock frequency detector;
  3. low and high temperature detector;
  4. erasing the RAM area when the sensors are reset or triggered;
  5. self-testing of the chip structure;
  6. high frequency interference protection;
  7. random waiting clock generator;
  8. internal tire scrambling;
  9. Transparent encryption of RAM, ROM, EEPROM;
  10. Hardware protection of reading areas of ROM, EEPROM, PPZU;
  11. unique crystal identification number;
  12. protection against use in abnormal operating modes;
  13. protection against accumulation of statistics on command execution time and power consumption;
  14. unique encryption or scrambling characteristics of internal RAM and EEPROM;
  15. probe connection protection.

At various stages of crystal production, technological techniques are also used that make it difficult to reproduce the structure of the chip and extract secret information. Multi-layer crystal structures (up to 22 layers) are created, the critical parts of the circuit (ROM and ESP memory) are placed inside, and additional layers of metallization are introduced. Internal tension and external metallization protect the crystal from optical and electronic scanning, ensuring its destruction during layer-by-layer cutting. The lack of a common bus and the mixing of the structure of the functional blocks (CPU, RAM, ROM, and EEPROM) create great difficulties in determining the structure of the chip.