Elements of Smart Card Architecture
Smart Cards are thin cards with an embedded chip, and this automatically poses its own unique challenges of architectural design. However, it turns out that the solutions tend to be a scaling down of conventional chips rather than inventing an all-new chip.
Central Processing Unit
Traditionally this is an 8-bit microcontroller but increasingly more powerful 16 and 32-bit chips are being used. However, none have multi-threading and other powerful features that are common in standard computers. Smart Card CPUs execute machine instructions at a speed of approximately 1 MIPS. A coprocessor is often included to improve the speed of encryption computations.
There are three main types of memory on cards:
RAM. 1K. This is needed for fast computation and response. Only a tiny amount is available.
EEPROM (Electrically Erasable PROM). Between 1 to 24K. Unlike RAM, its contents are not lost when power is. Applications can run off and write to it, but it is very slow and one can only read/write to it so many (100 000) times.
ROM. Between 8 to 24K. The Operating System and other basic software like encryption algorithms are stored here.
This is via a single I/O port that is controlled by the processor to ensure that communications are standardized, in the form of APDUs (A Protocol Data Unit).
Interface Devices (IFDs)
Smart Cards need power and a clock signal to run programs, but carry neither. Instead, these are supplied by the Interface Device - usually a Smart Card Reader - in contact with the card. This obviously means that a Smart Card is nothing more than a storage device while being warmed in your pocket.
In addition to providing the power and clock signals, the reader is responsible for opening a communication channel between application software on the computer and the operating system on the card. Nearly all Smart Card readers are actually reader/writers, that is, they allow an application to write to the card as well as read from it.
The communication channel to a Smart Card is half-duplex. This means that data can either flow from the IFD to the card or from the card to the IFD but data cannot flow in both directions at the same time. The receiver is required to sample the signal on the serial line at the same rate as the transmitter sends it in order for the correct data to be received. This rate is known as the bit rate or baud rate. Data received by and transmitted from a Smart Card is stored in a buffer in the Smart Card's RAM. As there isn't very much RAM, relatively small packets (10 - 100 bytes) of data are moved in each message.
Here is a selection of parameters from some of the smart cards on the market today. They are neither the biggest nor the fastest; that is reserved for Java cards. The reason for this is price --- smart cards like these are programmed in assembly language and do not need much in the way of resources. To keep down costs, they don't get resources.
|Smart Card||Word size||ROM||EEPROM||RAM||Voltage||Clock||Write/erase cycles||Transmission rate|
|Infineon SLE 44C10S||8-bit||9K||1K||256b||2.7 - 5.5V||5 MHz||500 000||9600 baud|
|Orga ICC4||8-bit||6K||3K||128b||4.7 - 5.3V||10 000|
|GemCombi||8-bit||5K||4.5 - 5.5V||13.6 MHz||100 000||106 kbaud|
|DNP Risona||8-bit||1K||5V||3.5 MHz||9600 baud|
|AmaTech Contactless||8-bit||1K||5V||13.6 MHz||100 000 cycles|
|Schlumberger Cyberflex||8/16-bit||8K||16K||256b||5V||1-5 MHz||100 000 cycles||9600 baud|
The operating system found on the majority of Smart Cards implements a standard set of commands (usually 20 - 30) to which the Smart Card responds. Smart Card standards such as ISO 7816 and CEN 726 describe a range of commands that Smart Cards can implement. Most Smart Card manufacturers offer cards with operating systems that implement some or all of these standard commands (and possibly extensions and additions). The relationship between the Smart Card reader and the Smart Card is a master/slave relationship. The reader sends a command to the Smart Card, the card executes the command and returns the result (if any) to the reader and waits for another command.
Microsoft released a miniaturized version of Windows for Smart Cards in late 1998, and early versions of a Gnu O/S have been released.
Most operating systems also support a simple file system based on the ISO 7816 standard. A Smart Card file is actually just a contiguous block. Files are organized in a hierarchical tree format. Once a file is allocated, it cannot be extended and so files must be created to be the maximum size that they are expected to be. Each file has a list of which parties are authorized to perform which operations on it. There are different types of files: linear, cyclic, transparent, SIM, etc. The usual create, delete, read, write and update file operations can be performed on all of them. Certain other operations are supported only on particular types of files.
|Linear||seek||credit card account table|
|Cyclic||read next, read previous||transaction log|
|Transparent||read and write binary||picture|
|SIM file||encrypt, decrypt||cellular telephone|
Smart Cards are either Soft-Mask or Hard-Mask, depending on whether most of the application is in EEPROM or ROM. Hard-Mask cards are more expensive. Some application-specific data/instructions always needs to be stored on EEPROM. Cards do not as a rule run anything off RAM.
When programming a Smart Card, it is standard practice to get the program running on a simulator first for debugging, since EEPROM can only be written to a finite number of times in its lifetime.
Test-running also happens on a different level: banks commonly use a soft mask card for pilot testing new applications and then to move on to more customer-resistant hard mask cards for larger deployments. However, some applications have limited deployments that are never taken to hard mask, as hard masking is expensive in both time and money. Hard masks also may not be justified for some applications, such as an employee identification card for small companies.
Most SmartCards are currently programmed in low-level languages based on proprietary SmartCard operating systems. Some of the programming has been done in the chip's native instruction set (generally Motorola 6805, Intel 8051, or Hitachi H8). Not many programmers are capable of this.
In 1998- 2000, a new type of card has shown up, sometimes called a re-configurable card. These have a more robust operating system that permits the addition or deletion of application code after the card is issued. Such cards are generally programmed in Java and are therefore called Java Cards. Other relatively popular languages relate to Windows for SmartCards or MEL (the Multos programming language) or even Basic. Although memory-efficient programming will still be essential, this greatly increases the pool of programmers capable of creating software for Smart Cards.