Smart Card Standards and Specifications

ISO 7816 standards

The ISO 7816 document “Identification cards – contact cards with an integrated microprocessor” is published by the International Organization for Standardization (ISO). It contains the main standards defining the characteristics of microprocessor cards with electrical contacts [6]. The ISO 7816 standard regulates various parameters of smart cards:
· Section 1 – Physical characteristics
· Section 2 – Card sizes and location of contacts
· Section 3 – Electronic signals and transmission protocols
· Section 4 – Information exchange commands for cross-industry interaction
· Section 5 – Application identifiers
· Section 6 – Cross-industry data elements
· Section 7 – Cross-industry SCQL commands

GSM standards

The European Telecommunication Standardization Institute (ETSI) has published a set of standards regulating the use of smart cards in public and cellular telephony [8]. The Global System for Mobile Communications (GSM) is an international standard for land–based cellular communications. This specification initially covered several Central European countries, but soon became an international standard for mobile telephony. There are several GSM standards related to smart cards, in particular:
· GSM 11.11 – specification of the interface of mobile equipment based on SIM cards
· GSM 11.14 – specification of application development tools for mobile equipment based on SIM cards
· GSM 03.48 – Application security mechanisms for SIM-based mobile equipment
· GSM 03.19 is a software interface for the Java Card platform. This standard is based on the GSM 11.11 and GSM 11.14 specifications. It defines an API for developing GSM applications that run on the Java Card platform. This API is an extension of the Java Card 2.1 programming interface.

EMV Specification

The EMV specification was developed by Europay, MasterCard and Visa. It is based on ISO 7816 standards and includes a description of additional functionality that is designed to solve specialized tasks specific to the financial industry. The latest edition of these specifications, EMV 96 version 3.1.1, was published in May 1998. It consists of three parts:
· EMV ’96 specification – cards with integrated microprocessor
· EMV ’96 specification – Card terminals with integrated microprocessor
· EMV ’96 Specification – Applications for cards with integrated microprocessor

Open Platform Specifications

The Open Platform (OP) specifications define an integrated environment for the development and operation of multifunctional smart card systems [9]. The Open Platform includes the specification of cards and the specification of terminals. The card specification regulates universal cross-industry requirements for the implementation of Open Platform cards. It covers issues of communication with terminals and management of client applications that work in cards. The terminal specification defines the architecture of applications that run in terminals. This specification also sets out the terminal parameters necessary to ensure compatibility with ISO and EMV standards.
The Open Platform specifications were originally developed by Visa. Now their support is provided by the organization GlobalPlatform, which promotes the global intersectoral infrastructure of smart cards.

Integrated OpenCard Framework

The Integrated OpenCard Framework (OCF) was originally developed by IBM. Currently, the rights to it belong to the OpenCard consortium, which includes key players in the smart card industry [5]. OCF is an integrated host application environment that provides a standard interface for interaction between smart card readers and client applications. The OCF architecture is a structured interaction model that defines the division of functions between terminal manufacturers, smart card OS developers and issuers. The goal of such an architecture is to reduce dependence on all these parties, as well as on platform vendors.
The OCF environment is focused on network applications of smart cards, so it is in good agreement with the Java programming language.

PC/SC Specifications

The development and support of PC/SC specifications (Specifications for the functional compatibility of smart cards and personal computers) is carried out by the tea group PC/SC Workgroup. This is an industry consortium, which includes leading organizations whose activities are related to smart cards [7]. The PC/SC specifications define a universal architecture for the use of smart cards in personal computing systems.

This architecture provides compatibility of smartcard host applications with various service providers and resource managers. Service providers are high–level programming interfaces that allow you to hide specific programming features of various smart card models. Resource managers are the means for interacting reader devices with various modifications of smart cards.
PC/SC and OCF specifications have a lot in common. For example, a special PC/SC resource manager is provided for Windows platforms, which provides interaction with card readers that comply with the OCF specification.

Root directory (Master File)
Master File (MF) is the root directory of the file system. MF can contain links to directories and data files. The smart card file system has only one root directory.

Directory (Dedicated File)
Dedicated File (DF) is the smart card directory. It may include links to other directories and data files. The root directory is a special type of directory.

Data File (Elementary File)
Elementary File (EF) – data file. It cannot contain links to other files. Depending on the structure, four types of data files are distinguished (Fig. 2.6). A transparent file is a sequence of information bytes. The other three types of data files are a sequence of records of a certain structure. These are linear files with fixed-length records, linear files with variable-length records, and cyclic files with fixed-length records organized in a ring.
In a cyclic file, the entries are numbered in the order opposite to the sequence of addition to the file. The last added record has the number 1. After filling in the file, the next addition operation will put the data in the place of the oldest record and it will be assigned the number 1.

The software for smart cards embodies the concept of distributed systems and is divided into two groups. Host applications are stored and run on the computer to which the reader is connected, or in a terminal. The smartcard OS and client applications are stored and run on the card itself.
Most of the smart card support software, including system and application programs, runs on the host side. The system software is designed to identify a specific smart card and organize communication between the application software and the card. The system software also supports the smart card infrastructure – card management (release and operation), data protection and key management. The application programs have functions for working with specific types of cards or with client applications on cards. A simple application program can control the exchange of APDU blocks with a card, but usually such programs have a more developed set of functions. For example, an application that works at an ATM performs user authentication and transaction processing. Such applications have a friendly user interface that simplifies access to ATM functions. Host applications are usually written in high-level programming languages: Java, C, C++, etc.

Card software is software that runs directly on smart cards. These are system and application programs. The system software usually includes OS and utilities that manage memory, organize data exchange between the smart card and the host application, ensure data integrity and protection, support the ISO file system (if necessary), and also provide system functions to client applications. Client applications contain data and additional functions for data processing. For example, the e-wallet application monitors the card balance and includes functions for updating it. However, when developing traditional smart card applications, a set of instructions that is supported at the system level is often sufficient. At the same time, you do not need to create special application software. The card software can be written either in the assembly language of the smart card microprocessor, or in a high-level programming language. In the first case, the microprocessor directly executes the program code, and in the second case, an interpreter program is needed.

Thus, smart card programs are created by developing and establishing interaction between card software and host applications. Therefore, it is necessary to constantly cooperate with operating system manufacturers, terminal vendors, application developers (for cards and host systems) and smart card issuers. Usually all these parties represent different companies. To ensure the compatibility of all solutions, industry consortia are organized, such as Open Platform and OpenCard Framework. Their goal is to create an integrated environment for the development and operation of a smart card infrastructure that combines software components from various manufacturers. Java Card technology is a universal platform. Client applications written in the Java programming language will work with any smart cards that support the Java Card runtime environment.

Over the past 15 years, many smartcard standards and specifications have been adopted to ensure the compatibility of smart cards, reader devices and applications from various vendors. This section lists some well-known standards and specifications in this area.