|
Overview
Like
most computer hardware, the price of smart cards is steadily
decreasing, while performance and capacity are improving all the time.
You can now buy a fully-functional computer, the size of your
thumb-nail, for just a euro or two. However, before the BasicCard
arrived, the cost of developing software for smart cards was out of all
proportion to the cost of the hardware. A typical development project
might take six months and cost a quarter of a million euros. This was a
major barrier to the widespread use and acceptance of smart cards.
But
now you can program your own smart card in an afternoon, with no
previous experience required. If you can program in Basic, you can
design and implement a custom smart card application. With
ZeitControl’s BasicCard, the development cycle of writing code,
downloading, and testing takes a few minutes instead of weeks.
The
Smart Card Environment
Obviously,
programming a smart card is not the same as programming a desktop
computer. It has no keyboard or screen, for a start. So how does a
smart card receive its input and communicate its output? It talks to
the outside world through its bi-directional I/O contact. Communication
takes place at 9600 baud or more, according to the T=0 and T=1
protocols defined in ISO/IEC standards 7816-3 and 7816-4. (The latest
cards also implement the contactless ISO14443 protocol.) But this is
completely invisible to the Basic programmer – all you have to do is
define a command in the card, and program it like an ordinary Basic
procedure. Then you can call this command from a ZC-Basic program
running on the PC. Again, the command is called as if it was an
ordinary procedure.
The
BasicCard operating system takes care of all the communications for
you. It will even encrypt and decrypt the commands and responds if you
ask it to. All you have to do is specify a different two-byte ID for
each command that you define. (If you are familiar with ISO/IEC
7816-4: Interindustry commands for interchange,
you will know these two bytes as CLA and INS,
for Class and Instruction.)
Here
is a simple example. Suppose you run a discount warehouse, and you are
issuing the BasicCard to members to store pre-paid credits. You will
want a command that returns the number of credits left in the card. So
you might define the command GetCustomerCredits, and give it an ID of
&H20 &H01 (&H is the hexadecimal prefix):
Eeprom CustomerCredits ' Declare a
permanent Integer variable
Command
&H20 &H01 GetCustomerCredits (Credits)
Credits
= CustomerCredits
End
Command
You
can call this command from the PC with the following code:
Const swCommandOK = &H9000
Declare
Command &H20 &H01 GetCustomerCredits (Credits)
Status
= GetCustomerCredits (Credits)
If
Status <> swCommandOK Then GoTo CancelTransaction
The
value &H9000 is defined in ISO/IEC 7816-4
as the status code for a successful command. This value is
automatically returned to the caller unless the ZC-Basic code specifies
otherwise. The return value from a command should always be checked,
even if the command itself has no error conditions – for instance, the
card may have been removed from the reader.
It’s
as simple as that. Of course, there is a lot more going on below the
surface, but you don’t have to know about it to write a BasicCard
application.
Technical
Summary
All
BasicCard families (Enhanced, Professional, and
MultiApplication) contain:
-
a
full implementation of the T=1 block-level
communication protocol defined in ISO/IEC 7816-3: Electronic
signals and transmission protocols, including chaining,
retries, and WTX requests;
-
a
command dispatcher built around the structures defined in ISO/IEC
7816-4: Interindustry commands for interchange
(CLA INS P1 P2 [Lc IDATA] [Le]
);
-
built-in
commands for loading EEPROM, enabling encryption, etc.;
-
a
Virtual Machine for the execution of ZeitControl’s P-Code;
-
code
for the automatic encryption and decryption of commands and responses,
using the AES or DES symmetric-key
algorithm;
The
functionality of the Enhanced BasicCard family can be further
extended using Plug-In Libraries.
Professional
BasicCards contain all the above, plus:
-
the
SHA-1 Secure Hash Algorithm;
-
support
for extended Lc/Le, allowing commands and
responses up to 2048 bytes long (Series 7 Professional BasicCards only);
-
T=CL
Type A contactless
protocol, as defined in ISO/IEC 14443: Proximity Cards (Series 7 Professional
BasicCards only).
The
MultiApplication BasicCard (and most
Professional
BasicCards) contain all the above, plus cryptographic algorithms EAX
(for Authenticated Encryption) and OMAC (for
Message
Authentication) and the SHA-256 Secure Hash
Algorithm.
The
following text contains details of all currently available
BasicCards versions, and the cryptographic algorithms that they
support.
Development Software
The
ZeitControl MultiDebugger software
support package consists of:
- ZCPDE,
the Professional Development Environment;
- ZCMDTERM
and ZCMDCARD, debuggers
for Terminal programs and BasicCard programs;
- ZCMBASIC,
the compiler for the ZC-Basic language;
- ZCMSIM,
for low-level simulation of Terminal and BasicCard programs;
- BCLOAD,
for downloading P-Code to the BasicCard;
- KEYGEN,
a program that generates random keys for use in encryption;
- BCKEYS,
for downloading cryptographic keys to the Compact and Enhanced
BasicCards.
Enhanced BasicCard
Version
|
EEPROM
|
RAM
|
Protocol
|
Encryption
|
ZC3.14
|
2K
|
256 bytes
|
T=1
|
DES1
|
ZC3.34
|
8K
|
256 bytes
|
T=1
|
DES1
|
ZC3.44
|
16K
|
256 bytes
|
T=1
|
DES1
|
ZC3.54
|
32K
|
256 bytes
|
T=1
|
DES1
|
Plug-In Libraries for the Enhanced BasicCard: EC-161,
AES, SHA-1
1 DES
with 56 or 112 bit key size only, 168 bit key size is not supported in
Enhanced BasicCard
Professional
BasicCard
Version
|
PK Algorithm
|
EEPROM
|
RAM
|
Protocol
|
Encryption
|
Extras
|
ZC5.4
|
EC-167, EC-211
|
16K
|
1.8K
|
T=0, T=1
|
EAX/OMAC/
AES/ DES
|
SHA-256
|
ZC5.5
|
EC-167, EC-211
|
32K
|
1.8K
|
T=0, T=1
|
EAX/OMAC/
AES/ DES
|
SHA-256
|
ZC5.6 |
EC-167, EC-211 |
60.5K |
1.8K |
T=0, T=1
|
EAX/OMAC/
AES/ DES |
SHA-256 |
ZC7.5 |
RSA, EC-p |
32K |
4K |
T=0, T=1, T=CL2
|
EAX/OMAC/
AES/ DES |
SHA-256 |
ZC7.6 |
RSA, EC-p |
72K |
4K |
T=0, T=1, T=CL2 | EAX/OMAC/
AES/ DES | SHA-256 |
2 T=CL
is supported in ZC7.5 Combi or RFID subtype only
MultiApplication
BasicCard
Version
|
PK Algorithm
|
EEPROM
|
RAM
|
Protocol
|
Encryption
|
Extras
|
ZC6.5
|
EC-167, EC-211
|
31K
|
1.5K
|
T=0, T=1
|
EAX/OMAC/
AES/ DES
|
SHA-256
|
ZC8.5 |
RSA, EC-p |
32K |
4K |
T=0, T=1, T=CL2 |
EAX/OMAC/ AES/ DES |
SHA-256 |
ZC8.6 |
RSA, EC-p |
72K |
4K |
T=0, T=1, T=CL2 |
EAX/OMAC/ AES/ DES |
SHA-256 |
Public-Key
Algorithms
Name |
Description |
Key size |
Reference |
RSA |
Rivest-Shamir-Adleman algorithm |
up to 4096 bits |
IEEE
P1363: Standard Specifications for Public Key Cryptography |
EC-p |
Elliptic
Curve Cryptography over the field
GF(p) |
up
to
512 bits |
EC-211 |
Elliptic
Curve Cryptography over the field
GF(2211 ) |
211
bits |
EC-167 |
Elliptic Curve Cryptography
over the field
GF(2167 ) |
167 bits |
EC-161 |
Elliptic Curve Cryptography
over the field
GF(2168 ) |
161 bits |
Symmetric-Key
Algorithms
Name |
Description |
Key size |
Reference |
EAX |
Encryption with Authentication
for Transfer (using AES) |
128/192/
256 bits |
EAX: A Conventional
Authenticated-Encryption Mode1
M. Bellare, P. Rogaway, D. Wagner |
OMAC |
One-Key CBC-MAC (using AES) |
128/192/
256 bits |
OMAC: One-Key CBC MAC1
Tetsu Iwata and Kaoru Kurosawa
Department of Computer and Information Sciences, Ibaraki University
4–12–1 Nakanarusawa, Hitachi,
Ibaraki 316-8511, Japan |
AES |
Advanced Encryption Standard |
128/192/
256 bits |
Federal Information Processing
Standard FIPS 197 |
DES |
Data Encryption Standard |
56/112/168 bits |
ANSI X3.92-1981: Data
Encryption Algorithm |
1
These documents are available at http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/
Data Hashing Algorithms
Name |
Description |
Reference |
SHA-256 |
Secure
Hash Standard |
Federal
Information Processing
Standard FIPS 180-1 |
SHA-1 |
Secure Hash Algorithm,
revision 1 |
Communication
Protocols
Name |
Description |
Reference |
T=0 |
Byte-level transmission protocol |
ISO/IEC
7816-3: Electronic signals and transmission protocols |
T=1 |
Block-level transmission
protocol |
T=CL |
Contactless
transmission
protocol |
ISO/IEC
14443-4: Transmission protocol |
Download Development Software
Contact: Sales@basiccard.com
This page was last changed on: 2013-04-29
|