Smart Card Applications
- General Architecture of Applications
- Infrastructure
- Security
- Security Mechanisms
- Access Conditions
- Interindustry Smart Card Commands (ISO 7816-4)
- Summary
Smart cards provide a personal component of applications, whatever the complete purpose of the application might be. The smart card is carried by an individual and is periodically utilized in various equipment configurations to achieve the results or obtain the services provided by those configurations. The most common feature of smart cards in an application is to establish or authenticate the identity of the cardholder and the cardholderÕs right (permission) to access and use the application in question. In other cases, besides authenticating identity, the smart card may carry additional information needed by the application. For example, in financial debit and credit applications, the smart card may carry an account number (or numbers), which are to be accessed in backend servers involved in the application.
A common aspect to virtually all smart cardÐenabled applications is that they involve establishing a communication channel between the smart card and some other computer processor acting as the general controller for the application. This translates into a situation of two application-level programs running on peer-level computers needing to communicate with each other. This is exactly the scenario of the International Standards Organization (ISO) Reference Model for communication protocols illustrated in Figure 4.1.
Figure 4.1 ISO 7-Layer Reference Model.
Essentially, all of the layers described in the ISO Reference Model are found in the communication channel between an off-card application and the corresponding application on the smart card. WeÕll look at a more detailed comparison in Chapter 7 where weÕll recognize that the layering in the smart card environment is not quite what was envisioned in the ISO Reference Model, but the sum total of the layers is pretty well there.
The smart card protocols do present some rather eccentric characteristics relative to a true peer-to-peer communication protocol. Most noteworthy, perhaps, is the fact that the host and the smart card actually operate in a master-slave mode. The host requests an operation of the card and the card performs the operation and tells the host the results.
General Architecture of Applications
The earliest smart cards were designed from scratch with the larger application in mind and the function of the smart card well established from the beginning. A command set was implemented on the card to provide the necessary functionality for the application. This approach, of course, tended to argue against having multiple smart card (and other equipment) vendors provide components for the application. In an effort to provide some commonality among applications, an interindustry command set was ratified by the ISO organization and published as the ISO/IEC 7816-4 standard.
The ISO 7816 standard makes an assumption for the basic paradigm of smart cardaware applications; that is, the smart card provides information storage in the form of an abbreviated file system, accessed through a command set comparable to that used on a general-purpose computer system. It is further assumed that the smart card provides a relatively secure platform on which to store information. Consequently, a general protocol for authenticating identities and then authorizing operations based on those identities was defined. Finally, because true general transaction operations were extremely difficult to provide, a reduced form of transaction operation was defined that would allow simple operations to be performed on smart card files in a highly secure and reliable fashion.