home *** CD-ROM | disk | FTP | other *** search
- From: sguthery@tiac.net (Scott Guthery)
- Newsgroups: alt.answers,news.answers
- Subject: alt.technology.smartcards FAQ
- Followup-To: alt.technology.smartcards
- Date: Sun, 21 Jun 1998 10:36:20 -0400
- Organization: Smart Commerce Solutions
- Lines: 470
- Sender: sguthery@tiac.net (Scott Guthery)
- Approved: news-answers-request@MIT.EDU
- Expires: 20 July 1998
- Message-ID: <MPG.ff6e46e80e24b27989680@news.tiac.net>
- Reply-To: sguthery@tiac.net (Scott Guthery)
- NNTP-Posting-Host: www.scdk.com
- Keywords: smartcards
- X-Newsreader: MicroPlanet Gravity v2.10.980
- Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!hecate.umd.edu!dailyplanet.wam.umd.edu!haven.umd.edu!news.cs.jhu.edu!news4.his.com!news.lightlink.com!newsroute.bconnex.ca!feed.nntp.acc.ca!news.idt.net!news-peer-east.sprintlink.net!news-peer.sprintlink.net!news.sprintlink.net!cpk-news-hub1.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news-feed1.tiac.net!posterchild2!news@tiac.net
- Xref: senator-bedfellow.mit.edu alt.answers:34892 news.answers:132959
-
- Archive-name: technology/smartcards/faq
- Posting-Frequency: monthly to alt.technology.smartcards,alt.answers,
- news.answers
- Last-modified: 1998/06/12
- Version: 2.0
- URL: http://www.scdk.com/atsfaq.htm
- Maintainer: Scott Guthery <sguthery@tiac.net>
-
- Frequently Asked Questions (FAQ) for news:alt.technology.smartcards
-
- This is the second version of the FAQ for alt.technology.smartcards. It
- is an evolution and updating of the first version
- (www.ioc.ee/atsc/faq.html) of the FAQ created by Jaan Priisaluof
- (jean@ioc.ee) the Estonian Institute of Cybernetics
-
- Comments and suggestions for improvement of the a.t.s. FAQ should be sent
- to Scott Guthery at sguthery@tiac.net. The current edition of the FAQ is
- available at www.scdk.com/atsfaq.htm.
-
- CONTENTS
- 1. Purpose of alt.technology.smartcards
- 2. General Questions
- 3. Standards and Specifications
- 4. Programmable Smart Cards
- 5. Resources
- 6. Credits
-
- 1. Purpose of alt.technology.smartcards
-
- The purpose of alt.technology.smartcards is to provide an unmoderated
- forum for the discussion of technology, applications and issues
- associated with smart cards. It will serve as a resource for people to:
-
- Engage in discussion and debate about technical and public policy issues
- including the security, privacy, legal, regulatory and economic impact of
- smart card applications.
-
- Educate and inform others about the strength, weaknesses and general use
- of smart cards; share ideas, information and specific experience about
- smart cards, both in technology:
-
- Find information and have questions answered by people in the smart card
- community.
-
- 2. General Questions
-
- 2.1. What is a smart card?
-
- A smart card is a credit-card-sized plastic card that contains a general-
- purpose microprocessor, typically an 8-bit microcontroller such as a
- Motorola 6805 or an Intel 8051. The microprocessor is underneath a gold
- contact pad located on one side of the card.
-
- 2.2. Where did the phrase "smart card" come from?
-
- Smart cards were independently invented in Germany (1967), Japan (1970),
- the United States(1972), and France (1974). In 1980, when France began a
- major campaign to export the technology, the Roy Bright of the
- government's marketing organization Intelimatique coined the word "Smart
- Card."
-
- 2.3 Is it "smart card" or "smartcard"?
-
- Most English dictionaries use "smart card" but you'll see both in use.
-
- 2.4. Is a.t.s archived somewhere?
-
- No. But it would be nice if it were.
-
- 2.5. Is a.t.s the right place for information about satellite card
- analysis, emulation and hacking?
-
- Only for TECHNICAL information. Please do not post here satellite card
- advertisment, channel keys, channel frequencies. Post here only
- information about algorithms, protocols, security breaches, ECMs.
-
- 2.6. Is a.t.s the right place for satellite card and other satellite
- equipment advertisment?
-
- alt.satellite.tv.crypt.forsale would probably generate more sales.
-
- 2.7. Is a.t.s the right place for smart card collectors?
-
- The rec.collecting hierarchy is probably a better selection.
-
- 3. Standards and Specifications
-
- 3.1. Are smart cards standardized?
-
- There are all sorts of smart card standards. The physical and mechanical
- standards are observed more uniformly than the software standards.
- ISO/IEC JTC1 Information technology SC 17 Identification cards and
- related devices(www.iso.ch/meme/JTC1SC17.html)is interested in common
- smart card issues. The list of some standards:
-
- ISO 7810 Identification cards -- Physical characteristics.
-
- ISO/IEC 7812 Identification cards -- Identification of issuers.
-
- ISO/IEC 7816 Identification cards -- Integrated circuit(s) with contacts.
- Parts 1-3 define the communication of cards with contacts for both memory
- and processor cards. Parts 4-6 are related to specification of processor
- card operating system and are by their nature contact independent. Parts
- 7 and 8 will be the extensions of parts 4 and 6.
-
- ISO/IEC 10536 Identification cards -- Contactless integrated circuit(s)
- cards. The standard specifies close coupling (slot and surface) cards
- communication (parts 1-3)
-
- ISO/IEC 10373 Identification cards -- Test methods.
-
- ISO/IEC 14443 Remote coupling communication cards.
-
- ISO TC 68 Banking and related financial services SC 6
- (www.iso.ch/meme/TC68SC6.html) Financial transaction cards, related media
- and operations is representing interest of smart payment card issuers and
- is developing the standard series ISO 10202 Financial transaction cards -
- - Security architecture of financial transaction systems using integrated
- circuit cards (parts 1-8).
-
- CEN/CENELEC and ETSI are interested in telecommunications.
-
- EN 742 Identification cards: location of contacts for cards and devices
- used in Europe. New edition specifies the format ID-000 used for GSM
- Subscriber Identity Module (SIM).
-
- EN 726 Terminal Equipment (TE); Requirements for IC cards and terminals
- for telecommunication use. The standard is the technical basis for
- smartcards in Europe.
-
- ETSI specified also the GSM SIM. The standard have two names: GSM 11.11
- and I-ETSI 300045.
-
- In the U.S., the National Institute of Standards and Technology (NIST at
- http://csrc.ncsl.nist.gov/) has published FIPS 140-1
- (http://csrc.ncsl.nist.gov/fips/fip140-1.txt) , "Security Requirements
- for Cryptographic Modules" concerns physical security of smart card IC-s
- as they are one kind of cryptographic modules.
-
- The Swedish government is standardising a smart card for use by its
- citizens called the Secure Electronic Information in Society (SEIS at
- www.seis.se/arkivUK.html) card.
-
- 3.2. Where do I get the ISO standards?
-
- The ISO standards must be purchased from the ISO catalog at
- www.iso.ch/welcome.html.
-
- 3.3. What is ISO 7816 all about?
-
- The formal title of ISO 7816 is Integrated Circuit Cards with Electrical
- Contacts. It is the most widely used and referenced smart card standard.
- ISO 7816 is the international standard for integrated-circuit cards
- (commonly known as smart cards) that use electrical contacts. Anyone
- interested in obtaining a technical understanding of smart cards needs to
- become familiar with ISO 7816.
- ISO 7816 currently has nine parts. Some have been completed, some have
- been ammended and others are just in draft stage.
-
- 3.3.1. Part 1: Physical characteristics
- ISO 7816-1:1987 defines the physical dimensions of contact smart cards
- and their resistance to static electricity, electromagnetic radiation and
- mechanical stress. It also prescribe the physical location of a IC card's
- magnetic stripe and embossing area.
-
- 3.3.2. Part 2: Dimensions and Location of Contacts
- ISO 7816-2:1988 Defines the location, purpose and electrical
- characteristics of the card's metallic contacts:
-
- 3.3.3. Part 3: Electronic Signals and Transmission Protocols
- ISO 7816-3:1989 defines the voltage and current requirements for the
- electrical contacts defined in Part 2 and asynchronous half-duplex
- character transmission protocol (T=0).
- Smart cards that use a proprietary transmission protocol carry the
- designation, T=14. In practical terms, that means the card is not
- compatible with ISO 7816. Proprietary protocol is used in German health
- care cards.
- Amendment 1:1992 Protocol type T=1, asynchronous half duplex block
- transmission protocol.
- Amendment 2:1994 Revision of protocol type selection
-
- 3.3.4. Part 4: Inter-industry Commands for Interchange
- ISO 7816-4 is a Draft International Standard that will establish a set of
- commands across all industries to provide access, security and
- transmission of card data. Within this basic kernel, for example, are
- commands to read, write and update records.
-
- 3.3.5. Part 5: Numbering System and Registration Procedure for
- Application Identifiers
- ISO 7816-5:1994 establishes standards for Application Identifiers (AIDs).
- An AID has two parts. The first is a Registered Application Provider
- Identifier (RID) of five bytes that is unique to the vendor. The second
- part is a variable length field of up to 11 bytes that RIDs can use to
- identify specific applications.
-
- 3.3.6. Part 6: Inter-industry data elements (draft)
- Describes encoding rules for data needed in many applications e.g. name
- and photograph of owner, his preference of languages etc.
-
- 3.3.7 Part 7: Interindustry commands for Structured Card Query Language
- (SCQL) (draft)
- Defines how to treat the data on the card as an SQL database.
-
- 3.3.8 Part 8: Inter-industry security architecture (draft)
-
- 3.3.9 Part 9: Card functions for multi-application use (draft)
- The beginnings of a definition of a multi-application card. Now largely
- superceeded by the EMV, Multos and Java Card specifications.
-
- 3.4 What about industry specifications?
-
- In addition to standards formulated by recognized standards bodies, there
- are a number of specifications created by companies, industrial consortia
- and ad hoc users groups. These specifications are typically formulated to
- advantage certain interests in the smart card marketplace at the expense
- of others.
-
- Europay, MasterCard and Visa formed working group to create their
- Integrated Circuit Card Specifications for Payment Systems, commonly
- called "EMV'96" or just "EMV" (www.mastercard.com/emv/emvspecs02.html).
- The specification was intended to create common technical basis to
- compete with the Mondex specifications.
-
- The Java Card Forum (www.javacardforum.org) and JavaSoft
- (www.javasoft.com) maintain specifications for the Java Card.
-
- Microsoft lead a group of smart card manufacturers to produce a
- specification for the use of smart cards on personal computers and
- workstations called PC/SC for Personal Computer/Smart Card
- (www.smartcardsys.com/doc/content.html).
-
- The SET (Secure Electronic Transactions at
- www.mastercard.com/set/specs.html) and C-SET (Card Secured Electronic
- Transactions at wwwusers.imaginet.fr/~cb-mail/) specifications include
- descriptions of the smart cards they use.
-
- Visa is very active in the smart card area and has published
- specifications for Visa Cash and the Visa Integrated Circuit Card
- (www.visa.com/cgi-bin/vee/nt/chip/visdownload.html).
-
- 4. Programmable Smart Cards
-
- Perhaps the most revolutionary event in the history of smart cards over
- the last 25 years is the recent emergence of programmable smart cards.
- Rather than freezing the program that runs in the smart card in read-only
- memory at the time the card is manufactured, programmable smart cards let
- you add executable code to the smart card at time in its lifetime. The
- primary intended use of programmable smart cards is to create multi-
- application smart cards on which applications can be added and deleted at
- will. Thus you might decide to get rid of the Koffee Klub Frequent
- Drinker program and add the Budapest Transport System ticket program.
-
- There are a number of programmable smart cards on the market. Some can be
- programmed in high-level languages, some can be programmed in virtual
- assembly language and some can only be programmed in the assembly
- language of the chip on the smart card.
-
- The Basic Card from Zeitcontrol (www.zeitcontrol.com/) can be programmed
- in Basic. Zeitcontrol has done a excellent job of integrating the
- development of the program on the smart card with the development of the
- program on the host or terminal that is using it.
-
- The MULTOS (www.multos.com/) smart card is a smart card defined by
- MAOSCO, a spin-off of MONDEX and MasterCard. The MULTOS card can be
- programmed in C and in MEL (MAOS Executable Language), which is the
- assembly language for the virtual machine on the card.
-
- Keycorp (www.keycorp.com.au) is marketing a smart card called OSSCA
- (Operating System for Smart Card Applications) which you can program in
- the Forth language.
-
- A number of card manufacturers have announced cards which can be
- programmed in Java but only Schlumberger(www.cyberflex.austin.et.slb.com)
- has production cards on the market. Gemplus (www.gemplus.com) is making
- available 32-bit experimental cards that run Java.
-
- Both Syprus (www.spyrus.com) and Datakey (www.datakey.com) have cards in
- development that let you add programs written in native assembler. The
- operating system on the Spyrus card is called SPYCOS and the operating
- system on the Data key card is called DKCCOS.
-
- The HOST operating system from Oberthur (www.oberthurkirk.com) is also
- advertised as supporting the field loading of native code applications.
-
- 5. Resources
-
- 5.1. Newsgroups
-
- Besides news:alt.technology.smartcards, there are other newsgroups that
- while not devoted exclusively to smart cards carry information relevant
- to smart cards.
-
- news:sci.crypt - Different methods of data en/decryption.
-
- news:sci.crypt.research - Cryptography, cryptanalysis, and related
- issues. (Moderated)
-
- news:comp.security.misc - Security issues of computers and networks.
-
- news:alt.security - Security issues on computer systems.
-
- news:alt.stellite.tv.europe - Europe satellite TV watchers' forum,
- contains info about smart card operated video descrambling.
-
- news:alt.satellite.tv.crypt - Satellite TV payment systems security.
-
- 5.2. Pointer Farms
-
- There are far too many smart card resources on the Web and they change so
- quickly that it would be futile to try to list them all here. There are
- however a number of people who have built wonderful pages of pointers to
- smart card resources Therefore rather than listing the original
- resources, we just include pointers to these pages of pointers here.
- Please let the FAQ maintainer (sguthery@tiac.net) know about your
- favorites.
-
- Smart Card Resources on the Web -
- http://www.dice.ucl.ac.be/crypto/card.html
-
- ISO-7816 - http://ctl77.nectec.or.th/~nopporn/smartcard/iso7816.html
-
- Smart Card News - http://www.smartcard.co.uk/index.html
-
- Smart Card Manufacturers and Services -
- http://www.smartcard.co.uk/links.html
-
- Yahoo Search - "smart card" - http://search.yahoo.com/search?p=smart+card
-
-
- Smart Card Security Information Page -
- http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
-
- HIP Smart Card - http://cuba.xs4all.nl/~hip/
-
- General Smart Card Information - http://www.cryptsoft.com/scard/
-
- Smart Card Security News
- http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
-
- The Smart Card Cybershow - http://www.cardshow.com/
-
- The Smart Card Club - http://www.smartcardclub.co.uk/
-
- 5.3. Smart Card Associations
-
- Card Europe (www.gold.net/users/ct96/), The Association For Smart Cards
- Across Europe, Director - Alan Leibert (alan@cardeurope.cityscape.co.uk)
- is maintaining
- a Smart Card Database (www.gold.net/users/ct96/scdb.htm). 146 Valley Road
- Rickmansworth Herts WO3 4BP United Kingdom, tel: 44-1923-897477, fax: 44-
- 1923- 897414.
-
-
- Smart Card Industry Association (SCIA at www.scia.org/) offers SmartFax
- Fax Back System. To use the system call 800- 405-SCIA (US Only) or 202-
- 789-0407 (Overseas).
-
- Smart Card Forum (www.smartcrd.com/). Catherine Allen or Linette
- Leatherwood, 3030 N. Rocky Point Drive W., Suite 670, Tampa, Florida
- 33607, USA ; Tel: +1 813 286 2339; Fax: +1 813 281 8752, Bob Gilson,
- Executive Director
-
- ACT Canada 7 Iles Street Ajax, Ontario L1T 3V7 CANADA tel: +1 905-683-
- 1442 fax: +1 905-683- 0071 Cathy Johnson, Executive Director
-
- AIM USA 634 Alpha Drive Pittsburgh, PA 15238-2802 tel: +1 412-963-8588
- fax: +1 412-963-8753 e- mail: adc@aimusa.org Larry Roberts, Acting
- President
-
- Electronic Funds Transfer Association (EFTA) 950 Herndon Parkway, Suite
- 390 Herndon, VA 22070 tel: +1 703-435-9800 fax: +1 703-435-7157 Lisa
- Eyler, Director of Marketing
-
- Federal Smart Card Users Group 3700 East-West Highway, Room 10020
- Hyattsville, MD 20782 tel: +1 202-874-8859 fax: +1 202-874-8861 John
- Moore, Chairman
- International Card Manufacturers Association 34-C Washington Road
- Princeton Junction, NJ 08550 tel: +1 609-799-4900 fax: +1 609-799-7032
- Mary Kay Metcalf, Communications Manager
-
- National Association of Campus Card Users, Inc. 308 Woodbourne Avenue
- Baltimore, MD 21212-3825 tel: +1 410-433-3688 fax: +1 410-435-6125 J.
- Paul Melanson, President
-
- Personal Computer Memory Card Industry Association 1030 East Duane
- Avenue, Suite G Sunnyvale, CA 94086 tel: +1 408-720-0107 fax: +1 408-720-
- 9416 Bill Lempesis, Executive Director
-
- 5.4. Conferences
-
- A schedule of upcoming smart card conferences is maintained by the Smart
- Card Club (www.smartcardclub.co.uk/conferences.html). Notable are:
-
- European Smart Card Application and Technology, held regularly in the
- beginning of September.
-
- Cards UK Exhibition & Conference. Annual fall conference in London.
-
- CARDIS. Primarily academic and research center presentations. No "floor
- show". Every eighteen months.
-
- Cartes. The annual smart card show in Paris.
-
- Cards Australia. Annual show down-under.
-
- Asia Card Technology. New but rapidly growing show.
-
- CardTech/SecurTech (www.ctst.com/) conferences in the U.S. The
- Proceedings from these shows are particularly useful.
-
- 5.5. Books
-
- Smart Cards: Seizing Strategic Business Opportunities by Catherine Allen
- and William Barr (eds.) ... $26.25 at
- www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/
-
- Smart Cards: A Guide to Building and Managing Smart Card Applications by
- Henry Dreifus and Thomas Monk ... $31.99 at
- www.amazon.com/exec/obidos/ISBN=0471157481/smartcarddevelopA/
-
- Smart Card Developers Kit (including a CD-ROM and a working smart card)
- by Scott Guthery and Tim Jurgensen ... $79.95 at
- www.amazon.com/exec/obidos/ISBN=1578700272/smartcarddevelopA/
-
- Smart Card Security and Applications by Mike Hendry ... $65.00 at
- www.amazon.com/exec/obidos/ISBN=0890069530/smartcarddevelopA/
-
- Smart Cards: The Global Information Passport: Managing a Successful Smart
- Card Program by Kaplan ... $44.95 at
- www.amazon.com/exec/obidos/ISBN=0786311088/smartcarddevelopA/
-
- Smart Card Handbook by Wolfgang Rankl and Wolfgang Effing ... $79.95 at
- www.amazon.com/exec/obidos/ISBN=0471967203/smartcarddevelopA/
-
- Smart Cards by Jose Luis Zoreda and Jose Manuel Oton ... $67.00 at
- www.amazon.com/exec/obidos/quicksearch-query/002-6898337-
- 4117866/smartdevelopA/
-
- 5.6 Newsletters
-
- Personal Identification Newsletter (PIN), Warfel & Miller Publishing,
- monthly, US$345 per year. 12300 Twinbrook Parkway #300, Rockville, MD,
- 20852 (301) 881-6668 fax (301) 881-2554. Cardsmarts@aol.com
-
- Mr. Stephan Seidman, Editor & Publisher, Smart Card Monthly, P.O. Box
- 548, Lopez Island, WA 98261, tel: +1 360-468-3570, fax: +1 360-468-3571
-
- Mr. Jerome Svigals, Publisher, Smart Cards and Comments, 221 Yarborough
- Lane, Redwood City, CA 94061, tel: +1 415-365-5920, fax: +1 415-363-2198
-
- Mr. H. Spencer Nilson , Publisher, The Nilson Report, P.O. Box 49936
- (Barrington Station), Los Angeles, CA 90049, tel: +1 310-396-0615, fax:
- +1 805-983-0792
-
- Ms. Jane Adams, International Managing Editor, World Card Technology,
- European Office: 42 Phoenix Court, Hawkins Road, Colchester, Essex CO2
- 8JY, tel: 44-31-337-3311, fax: 44-31-337-7739
-
- 6. Credits
-
- The following folks help maintain the alt.technology.smartcards FAQ:
-
- Folkert van Heusden (mailto:f.v.heusden@ftr.nl)
- Bo Lavare (mailto:bolavare@geocities.com)
- Ben Miller(mailto:ben_miller@faulknergray.com)
- Hunter Trumbo (mailto:trumbh@smartdynamics.com)
-
- Send in your suggestions and join the team.
-
-