In this article we will discuss a currently popular smart card: JAVA smart card. We will introduce the basic concepts of JAVA cards and how to use it to develop some simple applications. Our goal is to make some readers with a preliminary knowledge of the JAVA language understand the smart card, understand the JAVA smart card, and develop some simple applications with the JAVA card. We will discuss some of the smart card aspects before discussing the JAVA card and its APPLET.
Smart card and security
This chapter focuses on the basics of smart cards and the security features of smart cards. The introduction of the basic knowledge of smart cards mainly focuses on two parts: the concept of smart cards and the communication between smart cards and the outside world. Among the concepts of smart cards, we will introduce the definition, type and some simple applications of smart cards. In discussing the communication between the smart card and the outside world, we will introduce the international standard ISO7816 of the contact smart card to understand the communication method and protocol of the smart card and the card reader, the file system of the smart card, and the command system (APDU) for the operation of the smart card. Regarding the security features of smart cards, we will introduce the security of the smart card usage and the supported security algorithms.
Overview
Speaking of smart cards, I believe everyone has seen or used them. For example, an IC card for an IC phone, a SIM card for a mobile phone, an IC bank card for a bank, and the like. So what is a smart card? In simple terms, a smart card is a chip card, and the computing chip is embedded in a business card-sized plastic card to complete the storage and calculation of data. The data in the smart card can be accessed by a device called a card reader. Then why use a smart card? Because today's systems that use smart cards, such as banking, communications, transportation, etc., use the features of smart cards to gain security and flexibility that no other system has.
Why use a smart card?
It is due to the two most prominent features of smart cards in today's network system applications: personal identity and ciphertext. The emergence of smart cards has greatly improved the convenience and security of transactions.
Personal identity means that a smart card can indicate the identity of the cardholder. In today's various transactions, the identity of the counterparty is ultimately confirmed. For example, if you owe a debt to write an owe, the creditor can ask you to sign it to indicate that it is your owe, or you can draw it to show that it is your owe. Now the smart card can easily indicate your identity by storing an ID number in the card. It is simple and safe.
Ciphertext means that a smart card can store certain data in the form of cipher text. Some smart cards can also use their own microprocessor for dynamic data addition and subtraction.
By making full use of the personal identity and ciphertext of the smart card, it can provide security for data transmission and identity authentication of any type of network, which can greatly improve the security and convenience of the current system.
In addition, smart cards also have the characteristics of large capacity, stability, portability and compatibility.
Smart card application
Smart cards now play an important role in the following industries:
The most famous applications of the smart card in the telecommunications industry are: SIM cards in GSM, and IC cards in IC phones.
The SIM card is a personal identity module in the GSM network, that is, the SIM card has an ID to uniquely determine the identity of the card. This ID number will be used by the GSM authentication center, billing center, etc.
The amount of the remaining credit is stored in the IC card in the IC telephone. The IC telephone opportunity deducts the amount stored in the IC card based on the call time and the rate of the call.
Banking banking is another stage for smart cards to showcase their talents. Offline trading is a big selling point for smart cards. Through the complex addition and subtraction algorithm, and the perfect key management system, the POS terminal performs offline transaction processing on the bank smart card without dialing the MODEM to the background database for query every time.
Transportation and transportation are another stage of smart cards. A smart card called a contactless card plays a major role in this field. For example, the "Octopus" card of the Hong Kong MTR, when users enter the subway station, as long as the "Octopus" card is shaken on a device in the population department, the door of the subway population will automatically open, and the storage on the "Octopus" card The balance will be less. When the stored balance on the Octopus card becomes zero, the user needs to recharge the card.
Type of smart card
According to the type of embedded chip, smart cards can be divided into the following categories:
Contact card This type of card requires a device called a card reader for reading and writing information. Unlike a tape on a credit card, the surface of the card is inlaid with a small piece of metal. When the card is inserted into the card reader, the small piece of metal is in contact with an electronic connector. Read and write data. From the structure of the card, contact cards are mainly divided into the following two types of cards:
Memory card memory cards do not contain complex processors, and they cannot manage files dynamically. The communication between the memory card and the card reader is synchronous communication. The IC card in the IC phone is a memory card.
The microprocessor card microprocessor card is the main discussion here. The biggest difference between her and the memory card is that she has the ability to process data dynamically. The system structure of the microprocessor card is like a PC. She also has ROM, RAM, CPU and EEPROM. The following discussion, unless otherwise noted, is the subject of a microprocessor card. Like SIM cards, bank cards, etc. are all microprocessor cards.
The contactless card is a contactless smart card that looks similar to a normal plastic credit card, but has an antenna and a microelectronic chip embedded in the card body when it is placed close to the card reader. When the antennas are connected, an information exchange can be completed between them. This allows it to exchange information with the coupling sensor without any contact, and the processing time is extremely short. This feature makes the contactless smart card in places that require large quantities of ultra-fast operation like highway toll stations. Become the ideal solution.
International standard
Smart cards can be promoted around the world, playing her role in different systems, and the development of international norms is essential. For example, the size of a smart card is specified by the ISO7810 standard. The ISO7816 standard specifies some of the physical properties of plastics for cards, including temperature range, flexibility, position of electrical contacts, and the way in which the built-in microchip and the outside world exchange information.
For example, according to the smart card specification (ISO7816.1), the contact smart card has a total of 8 contacts, as defined below. It is through the eight contacts that the smart card communicates with the outside world. Contact definition contact definition
C1 Vcc supply voltage C5 GND ground
C2 RST reset signal C6 Vpp programming voltage
C3 CLK clock signal C7 I/O data input / output
C4 retains C8 reservation
ISO7816 is the international standard that contact card smart cards must follow. At present, ISO7816 has released 9 parts:
ISO7816-1: Physical characteristics of contact card smart cards
ISO7816-2: Size and position of contact card smart card contacts
ISO7816-3: Electrical signal and transmission protocol for contact card smart cards
ISO7816-4: Interface between the contact card smart card and the outside world
ISO7816-5: Naming and registration system for contact card smart card applications
ISO7816-6: Data objects that the contact card smart card interacts with the outside world
ISO7816-7: Structured query statement for contact card smart card
ISO7816-8: Contact card smart card and safety related instructions
ISO7816-9: Contact Card Smart Card Additional Commands and Security Parameters From the development of the ISO7816 specification, we can clearly see the development trajectory of contact smart cards from simple to complex. ISO7816 is the basis for researching contact smart cards. If you are interested in contact smart cards, ISO7816 is an indispensable material.
For a number of special applications, such as digital cellular mobile phones, credit cards (like Europay cards, Mastercard cards and Visa cards), electronic wallets (like Visacash, Multos and Proton) have also developed a series of corresponding standards. For example, SIM cards in the most widely used GSM systems in China must follow a series of specifications such as GSM11.11, GSM11.14, GSM03.40.
The JAVA card we discussed this time, she first followed the ISO7816 specification, in addition, she also followed some specifications of the JAVA card:
Java Card 2.1.1 Runtime Environment Specification
Java Card 2.1.1 Virtual Machine Specification
Java Card 2.1.1 Application Programming Interfaces Specification
Card reader and terminal
Before discussing the card reader, let's figure out the concept of "card reader". Broadly speaking, "reader" refers to all devices that can read and write to a card. However, in the smart card industry, a "card reader" refers to a device that must be connected to a computer and that accepts a computer command to control the operation of the card. The device corresponding to the "card reader" is called "terminal". “Terminal†refers to a device that can operate the card independently without the help of a computer. Both the card reader and the terminal can read and write to the smart card.
Since the reader is more computer dependent than the terminal, she has more flexibility than the terminal. The easiest way to use a card reader is to connect to a PC. General PC can get in touch with the card reader through RS232 serial port, USB interface, PCMCIA interface, floppy disk interface, parallel port, infrared port and so on. The PC sends an ISO command to the card reader through these interfaces. After the card reader receives the command, the PC reads and writes the command command to the card. After the card completes the read and write operation, the card returns a correct command to the card reader. Correspondingly, the card reader tells the PC after receiving the corresponding card, and the PC then performs the next ISO instruction according to the corresponding result. For details on the operation instructions of the smart card, refer to [Interface Protocol of Smart Card]. Generally, we program smart cards, and most of them use card readers to complete the card operation.
One of the most common terminals is the POS machines used in shopping malls and hotels. Her biggest feature: has its own operating platform and development system, can read and write cards independently, with Modem function and print transaction function. Generally there is a magnetic card reading and writing function.
Smart card file system
The file system of the smart card has a tree file system like DOS. According to ISO7816.4, the files of the smart card are divided into: DF (Dedicated File) and EF (Elementary File). The DF contains some control information, which can be the parent file of the EF or DF. This is like a directory file in DOS. EF is a collection of data units that cannot be the parent of any file. This is like a TXT file in DOS.
In general, the smart card file system has a required root file (ROOT). It is a DF file. It is usually called MF (Master File main file).
Each file (including DF and EF) has a file ID (two bytes). For example, the ID of ROOT is generally "3F00". To read or write a file, you must first select the ID of the file with the "Select" command.
The file types of EF are: transparent EF, linear fixed length EF, linear variable length EF, and cyclic EF. The operation of the last three EF files is done by manipulating the records they contain. If you are interested in learning more about the file structure of your smart card, please refer to ISO7816.
Smart card interface protocol
In general, the smart card itself has no power, display, keyboard, how does it communicate with the outside world? In the above article, we already know that a smart card communicates with a card reader through its eight contacts. So how do they communicate? We know that when two PCs communicate, they must obey a certain communication protocol when they exchange data. The same is true for card and card reader communication. According to ISO7816.4, the communication data interface between the smart card and the outside world is: APDU (Application Protocol Data Units). The APDU has both a command format and a response format. In the field of cards, the card is always in the position of "servant" in the "master servant" relationship, that is, the smart card can only wait for the card reader or terminal to send an APDU to it, and after receiving the APDU, the smart card executes the command in the APDU. Then return the APDU response. Through the APDU command and its response, the card completes communication with the reader or terminal. The following is the format of the APDU:
Command APDU (APDU command)
Mandatory Header (mandatory part) Conditional Body (non-mandatory part)
CLA INS P1 P2 Lc Data field Le
The "mandatory part" indicates that this is the part that the APDU command must include, including: class (CLA)-, instruction (INS), and parameters 1 and 2 (P1 and P2). Each part has one byte. The "non-mandatory part" indicates that not all APDUs have these parts.
The meanings of their fields are:
CLA - Class Byte for identifying applets
INS - Instruction Byte , the instruction to the applet
P1 - first instruction parameter
P2 - the second command parameter (P1, P2 has different meanings depending on the INS)
Lc - the length of the Data Field
Data Field - Data Field
Le - the length of the returned data
Response APDU (APDU Response)
Conditional Body Mandatory Trailer (forced part)
Data field SW1 SW2
The meanings of their fields are:
Data Field - return data field
SW1 - Execution Status Parameter 1 (1 byte)
SW2 - Execution Status Parameter 2 (1 byte)
Normal SW1 + SW2 = "9000" indicates that the instruction was executed successfully.
one example:
If we want to select the ROOT file of the SIM card, the format of the APDU command is as follows:
CLA INS P1 P2 Lc Data
A0 A4 00 00 02 3F00
A0 means that this is the SIM card, A4 means that this is the Select command, P1, P2 is not used in the Select command, Lc indicates that the length of the Data is 2 bytes, Data=3F00, which is the file ID of the ROOT.
The APDU response is: 9F1A, indicating that the instruction is successfully completed, and you can use the Get Response command to get 1A length of response data. For the operation of the SIM card, please refer to the GSM11.11 document.
Smart card security
Since the smart card adopts different security mechanisms, this security mechanism is mainly embodied in the following two aspects: the use of the microprocessor card is more complicated than that for the read-only memory card.
Control from the reading of information on the card:
There are some smart cards that limit the range of smart card users. Anyone can read the information on the card, such as a medical card that records the patient's name and blood type. This smart card generally does not have a password. Anyone who has the card can read the information on the card. At this time, the card body itself is a kind of protection.
For smart cards that only allow cardholders to read information, a PIN (Personal Identification Number) password is usually used to protect the information on the card. The general PIN consists of 4 to 8 digits and is input to the card reader via the keyboard. Allow the cardholder to enter the password three times. If the three times are not correct, the card will be locked. Only the PIN code is correct, and the user can operate the card. There are also some more advanced forms of passwords in development.
For smart cards that only allow third parties to read information, only the card issuer can read the information on the card. (For example, only the issuing bank can rewrite the information on the electronic wallet). These smart cards are now protected by a 16-32 digit password.
Limit the way you read smart card information (read-only, addable, modifiable, or rewritable). The information stored on the smart card is generally divided into several parts:
Read-only information can only be added to information that can only be updated. Information that cannot be read. Some password information can be stored in an unreadable storage area.
From the structure of the card and the supported encryption algorithm to control as described above, only the person who knows the password can use the smart card, but if the information on the card needs to be transmitted to the other place via radio or telephone line, additional protection must be provided. means.
One of the means of protection is encryption, which is like translating the information to be transmitted into a foreign language that no one can understand. The microprocessor smart card has the function of encrypting and decrypting (rewriting the unreadable things) so that the information stored on the card can be transmitted without fear of leaking.
By encrypting, a smart card can translate information into hundreds of millions of "foreign languages" and, when it is necessary to communicate, can randomly select one. This prevention mechanism ensures that both the card and the computer used are authentic and effective, making it almost impossible to steal the transmitted information halfway.
Security algorithm
Encryption technology can be divided into two types according to whether the key is public or not: a symmetric key algorithm and a public key algorithm (also known as an asymmetric encryption algorithm). The difference between the symmetric key algorithm and the public key algorithm is: whether the encryption key is consistent or not.
Symmetric key algorithm, where the encryption key and the decryption key are the same. For security, the keys have to change periodically. Symmetric algorithms are fast, so they are widely used when processing large amounts of data. The key is to ensure the security of the keys.
The public key algorithm has a public key and a private key respectively, the public key is public, and the private key is kept secret. The public key and the private key have a one-to-one correspondence. The data encrypted by the public key can be unlocked only by the private key, and the efficiency is lower than that of the symmetric key algorithm. The two most famous ones are DES (Symmetric Key Algorithm) and RSA (Public Key Encryption Algorithm). The specific implementation process of the DES algorithm and the RSA algorithm is not the content of this discussion. Please refer to the relevant information yourself. At present, microprocessor smart cards can generally support DES algorithm and RSA algorithm, such as Gemplus GPK card, Schlumberger's CryptoFlex.
Attachment: Digital Signature - An Application of the RSA Algorithm
The digital signature uses the RSA algorithm. The data sender encrypts the data with its own private key, and the receiver decrypts it with the sender's public key. Due to the strict correspondence between the private key and the public key, one of them can only be solved by another. This ensures that the sender can't rely on the data sent, completely simulating the signature in life.
Because the microprocessor smart card has a microprocessor and supports symmetric key algorithm and public key algorithm, and its size is very convenient to carry, it must become an excellent security module for network data transmission and identity authentication. The specific application of the microprocessor smart card will be discussed in detail later.
self balancing electric scooter,electric scooter,Ninebot minipro electric scooter
Shandong Number One Intelligent Technology Co.,Ltd , http://www.onewowboards.com