Part 4_Chip and OS.PDF
Transcript of Part 4_Chip and OS.PDF
-
7/29/2019 Part 4_Chip and OS.PDF
1/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (1)
Core of smartCore of smart
cards:cards:
The ChipThe Chip
-
7/29/2019 Part 4_Chip and OS.PDF
2/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (2)
Main featuresMain features
n Millions of basic electronic components
n Contains memory
Erasable or not
Protected or not
-
7/29/2019 Part 4_Chip and OS.PDF
3/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (3)
Inside the SiliconInside the Silicon
-
7/29/2019 Part 4_Chip and OS.PDF
4/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (4)
Inside the ChipInside the Chip
n A chip is formed of a series of transistors
Groups transistors are interconnected to provide a
function
There are several outputs from the chip
Each output occupies a pad on the edge of the chip
The pad receives a pre-defined current and voltage,
thus determining the chips behavior
The electronic circuit is determined by the functional
chip type
n Each chip is implemented on a silicon wafer
-
7/29/2019 Part 4_Chip and OS.PDF
5/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (5)
A Look Inside the ChipA Look Inside the Chip
Electronic circuit
A pad
Silicon wafer
A Chip
-
7/29/2019 Part 4_Chip and OS.PDF
6/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (6)
Smart Card ChipsSmart Card Chips
n Silicon Technology for smart card Ics :
Memory chips
Microprocessor-based Smart Card ICs
Contactless Memory Card ICs
Smart CombiCard ICs
At the heart of competition !
-
7/29/2019 Part 4_Chip and OS.PDF
7/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (7)
Silicon Manufacturers / Smart cardsSilicon Manufacturers / Smart cards
n ST Microelectronics (ex-SGS Thomson)
n Infineon (ex-Siemens)
nPhilips
n ATMEL (ex-Motorola)
n Hitachi
n NEC, OKI, SAMSUNG, MEM, MIKRON, XICOR, ATMEL
nNew players : small companies with design resourcesand close relationship with silicon manufacturers sub
contractors (ex : ATMI, Hyperstone)
-
7/29/2019 Part 4_Chip and OS.PDF
8/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (8)
Silicon TechnologySilicon Technology
n A custom technology for smart cards : EEPROM technology
Buried ROM layer or metal shield layer
Security sensors (HVI, LVI, Temp Sensors)
Scrambled buses Glued Logic
Other security modules (current scramblers,...)
Low-power
n Current chips are using 0.25 to 0.8 technologies
n 6 to 8 Wafers
-
7/29/2019 Part 4_Chip and OS.PDF
9/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (9)
Silicon Technology (cont.)Silicon Technology (cont.)
n Future evolution :
More Flash / Less ROM (Open OS)
FRAM (contactless) More powerful core (32bit RISC)
Advanced security features
-
7/29/2019 Part 4_Chip and OS.PDF
10/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (10)
Microprocessor chipsMicroprocessor chips
for smart cardsfor smart cards
The state of the art & flexible technology
-
7/29/2019 Part 4_Chip and OS.PDF
11/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (11)
Microprocessor architectureMicroprocessor architecture
Security +
Sleep Mode
Logic
RAM
CPU
ECO 2000
Non Volatile Memory
ROM PROM EEPROM
ACE
CLK
RES
I/O
ROM XRAM
RNG
Interrupt
Module
Bus
Co-proc
-
7/29/2019 Part 4_Chip and OS.PDF
12/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (12)
The ChipThe Chip
Different memory blocks
pad
Silicon wafer
A Chip
-
7/29/2019 Part 4_Chip and OS.PDF
13/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (13)
CloseClose--up view...up view...
-
7/29/2019 Part 4_Chip and OS.PDF
14/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (14)
n ROM : CPU only NO ACCESS !
used for embedded Operating System
nEPROM : Write once, read FOR EVER ! Used for initialization area (eg. Lock bytes)
n EEPROM : Write, erase, read FLEXIBLE !
used to store applicative data or added functionnalities
n RAM : Write, erase, read TEMPORARY !
used during power on sessions only
Different Types of Memory ...Different Types of Memory ...
-
7/29/2019 Part 4_Chip and OS.PDF
15/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (15)
What Does It Stand For?What Does It Stand For?
n ROM
Read Only Memory
n EPROM
Electrically Programmable R O Mn EEPROM
Electrically Erasable Programmable R O M
n RAM
RandomAccess Memory
-
7/29/2019 Part 4_Chip and OS.PDF
16/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (16)
Evolution of memory capacityEvolution of memory capacity
16Ko
32Ko
32Ko
64Ko
70Ko
8Ko 1
6Ko
16Ko
32Ko
64Ko
0,2
56
1K
o
2K
o
4Ko
4Ko
0Ko10Ko
20Ko
30Ko
40Ko
50Ko
60Ko
70Ko
80Ko
1996 1997 1998 1999 2000
ROM
EEPROM
RAM
Memory trends: * 2 every 2 years
-
7/29/2019 Part 4_Chip and OS.PDF
17/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (17)
CPUCPU
n Dedicated CPU for Smart Cards :
Enhanced security : same operation codes, but core is different,dedicated compilers
8 bits CISC
n Evolution to higher speed & performance (32 bits RISC)
-
7/29/2019 Part 4_Chip and OS.PDF
18/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (18)
MicroprocessorMicroprocessor--based Smart Card ICsbased Smart Card ICs
n Microprocessor Core CISC 8-bit core
Mainly 8051 or 6805
Area: 1 to 2 mm2 with current techno
n ROM matrix
Size: 6K - 64K Bytes
Area: 5 to 20m2/ cell
Area: 1 to 2 mm2 for 16Kbytes
n EEPROM for application data
Size: 1K - 32K Bytes
Area: 30 to 120m2/ cell
Area: 2 to 8 mm2 for 8Kbytes
-
7/29/2019 Part 4_Chip and OS.PDF
19/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (19)
MicroprocessorMicroprocessor--based Smart Card ICsbased Smart Card ICs
n RAM Size: 128 - 2K Bytes
Area: 150m2 to 300m2/ cell
Total Area: about 0.5mm2 for 256 bytes
n Pads ISO7816-2
Antenna pads
test pins
Total Area: 6 - 25 mm2
-
7/29/2019 Part 4_Chip and OS.PDF
20/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (20)
MicroprocessorMicroprocessor--based Smart Card ICsbased Smart Card ICs
EEPROM(1 to 10 mm2)
P CORE
(1 to 2 mm2)
RAM
(0.3 to 1 mm2)
ROM(1 to 3 mm2)
RNG
(0.3 to 1 mm2)
-
7/29/2019 Part 4_Chip and OS.PDF
21/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (21)
Smart cardSmart cardoperating systemsoperating systems
-
7/29/2019 Part 4_Chip and OS.PDF
22/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (22)
Smart Card Operating System (COS)Smart Card Operating System (COS)
n Why a COS?
Main OS families
n ISO/IEC 7816
communication protocols data organization (file structure)
commands
n The trend towards Open OS
nContactless smart card OS constraints
n Security
-
7/29/2019 Part 4_Chip and OS.PDF
23/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (23)
An Operating SystemAn Operating System
Inside the Chip !Inside the Chip !
nn What is an OS?What is an OS?
A software specific to each
smart card manufacturerLoaded and protected in the
chip ROM by the chip
manufacturer
a MASK is created
ROM R
AM
CPU E
EP
R
O
MSECURITY
OS
Chip Organisation
E
PR
O
M
Designed by GemplusLoaded by chip manufacturers
-
7/29/2019 Part 4_Chip and OS.PDF
24/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (24)
Card OS role ?Card OS role ?
n Operating systems are the core of smart cards
n An operating system handles :
file systems
security I/O
command sets
APIs, applications...
Similar to the OS of PCs with less memory
-
7/29/2019 Part 4_Chip and OS.PDF
25/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (25)
To Add FeaturesTo Add Features
n A FILTER adds new features to an existing OSSoftware routine stored in the EEPROM
Only accessible by the OS
n Transition to a new product
n Applets are com ing up
ROM RA
M
CPU EE
P
R
O
MSECURITY
COS
Filter
Chip Organisation
-
7/29/2019 Part 4_Chip and OS.PDF
26/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (26)
Main OS FamiliesMain OS Families
n SIM (Subsc r iber ID module) cards
GSM 11.11 (TE9), 11.14, OTA 03.48
n Debit/Credit
EMV, VISA
n Electronic Purse
WG10, MPCOS, CEPS
n DataBase
7816-7
n Loyal ty
Simple with counters & rules
n Publ ic Keyfor IT...
-
7/29/2019 Part 4_Chip and OS.PDF
27/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (27)
Major standardsMajor standards
n ISO 7810 : plastic cards, dimensionsn ISO 7811 parts 1-6 : ID Cards
n ISO 7816 parts 1-8 : contact integrated circuit cards
n ISO 10536 parts 1-4 : close coupling cards
n ISO 14443 parts 1-4 : remote coupling cards
n US standards :
FIPS-46 : Data encryption standards
FIPS-81 : DES modes of operation
FIPS-180-1 : secure hash standards FIPS-186 : Digital Signature Standards
n GSM, EMV (Europay, Mastercard, VISA), PC/SC, CCITT...
-
7/29/2019 Part 4_Chip and OS.PDF
28/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (28)
StandardsStandards
ISO7816 for Contact Cards
7816-1 : Card Bod y
7816-2 : Electr ical Module
7816-3 : Electr ical Signals &
Protocols
7816-4 : Inter-Industry
Commands
7816-7 : Database
7816-8 : Security mechanisms
ISO14443 for contactless cards
14443-1 (Completed)
Card Body
14443-2 (Approved CD)
RF power & signal interface
14443-3 (1st CD)
In i t ial ization & Ant iCol l is ion
14443-4 (Proposals)
Protocol
-
7/29/2019 Part 4_Chip and OS.PDF
29/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (29)
The ISO 7816...The ISO 7816...
-
7/29/2019 Part 4_Chip and OS.PDF
30/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (30)
Includes Transmission Includes Transmission
ProtocolProtocol
n The ISO 7816-3 describes
The way the card and the reader communicate
n 2 communication protocols are standardized
T=0
T=1
T=0
T=1
Almost all currently available cards follow T=0
-
7/29/2019 Part 4_Chip and OS.PDF
31/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (31)
...Includes Card...Includes Card
ArchitectureArchitecture
n The card is organized into files
MF (Master File) : root of the structure. Seen as a
main directory.
DF (Dedicated File) : Seen as a directory. Each DF will
behave like an independent card.
EF (Elementary File) : contains data
MFMF
DFDF DFDF DFDF EF EF
EFEF EF EF EF
-
7/29/2019 Part 4_Chip and OS.PDF
32/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (32)
The MultiThe Multi--Application ConceptApplication Concept
n security and data
management specific to
each application
Root
E-Purse
Data File
Data File
Data File
. . .Loyalty
. . .
Example
-
7/29/2019 Part 4_Chip and OS.PDF
33/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (33)
Data FilesData Files
n There are different file structures adapted to differentneeds
Security files : for secret codes and keys
Purse file : for electronic money
Loyalty counter ...
Purse File Identity File
Key File Secret Code
File
Purse
application
Loyalty
application
Root
-
7/29/2019 Part 4_Chip and OS.PDF
34/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (34)
File OrganizationFile Organization
n Each file is made of
File descriptor
Contains all information for file & security
management
File bodyContains the data stored in the EF
Descri tor
Body
ACsACs
-
7/29/2019 Part 4_Chip and OS.PDF
35/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (35)
Access ConditionsAccess Conditions
n Access conditions define rights that must be granted
before actions can be performed on files
n Actions protected
For DFs : Create, Delete Files ...
For EFs : read, write and update of data
ReadWriteUpdate
EF
#1
EF
#2
EF
#3
Dedicated File Create EFs
-
7/29/2019 Part 4_Chip and OS.PDF
36/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (36)
...Includes Command sets...Includes Command sets
n File management commands
read, write, update
n Authentication commands
external authenticate, internal authenticate...
n Access condition management
verify code
n Personalization commands...
-
7/29/2019 Part 4_Chip and OS.PDF
37/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (37)
The ISO 7816The ISO 7816
command setcommand set
-
7/29/2019 Part 4_Chip and OS.PDF
38/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (38)
ISO7816ISO7816--4 Command Set4 Command Set
n Read Binaryn Read Record
n Write Binary
n Write Record
n Update Binary
n Update Recordn Erase Binary
n Log Record
n Get Data
n Put Data (TLV)
n Select File
n Verify
n Internal Authenticaten External Authenticate
n Manage Channel
n Get Response
n ATR
n APDU command format
-
7/29/2019 Part 4_Chip and OS.PDF
39/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (39)
Commands: Example (1/3)Commands: Example (1/3)
Command CLA INS P1 P2 Lc Le
Select File 00h A4h 00h
Child EF, using File Identifier 02h 02h 0Ch
DF or MF, using DF Name 04h var var
Read Binary 00h B0h ofs var
Direct Selection ofs
Implicit Selection sfi
Update Binary (Standard) 00h D6h ofs var
Direct Selection ofs
Implicit Selection sfi
Read Record 00h B2h rec var
Direct Selection 04hImplicit Selection sfi
-
7/29/2019 Part 4_Chip and OS.PDF
40/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (40)
Commands: Example (2/3)Commands: Example (2/3)
Create File (Standard) 80h E0h 00h 00h var
Verify Secret Code 00h 20h 00h 00h
Present a Secret Code 08h
Read the number of Retries
Internal Authenticate 00h 88h 00h 08h 0AhGlobal level key/transaction number 00h
Local level key/transaction number 80h
Set Access Conditions (Standard) 80h 16h AC
Current EF, AC1 (Update) 00h
Current EF, AC2 (Read) 01h
Current DF, AC1 (Update) 02h
Current DF, AC2 (Tamperproof) 03h
-
7/29/2019 Part 4_Chip and OS.PDF
41/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (41)
Commands: Example (3/3)Commands: Example (3/3)
Secure Messaging Command CLA INS P1 P2 Lc Le
Update Binary (Secure Messaging) 04h D6h ofs var 03h
Direct Selection ofs
Implicit Selection sfi
Update Record (Secure Messaging) 04h DCh rec var 03h
Direct Selection 04hImplicit Selection sfi
Append Record (Secure Messaging) 04h E2h rec var 03h
Direct Selection 00h
Implicit Selection sfi
Create File (Secure Messaging) 84h E0h 00h 00h var 03h
Set Access Conditions (Secure Messaging) 84h 16h ac 03h 03h
Current EF, AC1 (Update) 00hCurrent EF, AC2 (Read) 01h
Current DF, AC1 (Update) 02h
Current DF, AC2 (Tamperproof) 03h
-
7/29/2019 Part 4_Chip and OS.PDF
42/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (42)
ISO7816ISO7816--4: Card Responses4: Card Responses
SW1 - SW2
Process Completed Process Aborted
Warnings Normal ExecutionChecking
'90 00'
'61 00'
'62 XX' '63 XX' '64 XX' '65 XX''67 XX -'
'6F XX'
-
7/29/2019 Part 4_Chip and OS.PDF
43/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (43)
Today's MultiToday's Multi--application Cardapplication Card
ExampleExample
PSE
ADF 1 ADF 2 ADF3DIR EF
AEF AEF AEF AEF AEF AEFAEF
Loyal tyLoyal ty
Access ControlAccess Control
n Dedicated PaymentFunction in OS
n Dedicated Data File
n ISO 7816-4 Data Files
n Generic Access functions in
read, Update and Write
n Cryptographic security
n ISO 7816-4
Data Files
n Access in read
only
-
7/29/2019 Part 4_Chip and OS.PDF
44/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (44)
Evolution of theEvolution of the
Smart CardSmart Card
TechnologyTechnology
-
7/29/2019 Part 4_Chip and OS.PDF
45/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (45)
ISO 7816: the traditional OSISO 7816: the traditional OS
standard for Smart Cardsstandard for Smart Cards
n Mult i-applic at ions are in reali ty
one exe code + mult ip le f ile systems
EXECUTABLE
ISO 7816-4
FILE SYSTEMPSE
ADF 1 ADF 2 ADF3DIR EF
AEF AEF AEF AEF AEF AEFAEF
Chip Resources
Operating S.
Ap
plication
Data1
Application
D
ata2
Ap
plication
Data3
-
7/29/2019 Part 4_Chip and OS.PDF
46/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (46)
Evolution of the Smart CardEvolution of the Smart Card
TechnologyTechnology
Monoapp l icat ion cards
Dedicated OS
n All the benefits ofsmart cards
n Optimized chip size/
cost effective cards
u Hard business case
u limited marketing tool
u very limited flexibility
for scheme evolutions
Mul tiapp l icat ion cards
Multi-use OS
n facilitate thebusiness case
n new valuable
services to
customers
u Scheme finalized
before issuance
u limited flexibility for
evolutions
Mul tiapp l ica tion p lat fo rms
Open OS
n very flexible platforms
n can support new
applications after issuance
of the card
n No infrastructure upgrade
u not available as of today
for operation
yesterdayyesterday todaytoday tomorrowtomorrow
-
7/29/2019 Part 4_Chip and OS.PDF
47/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (47)
MultiMulti--applicationapplication
in the future:in the future:
OpenOpenOpenOpen Operating SystemsOperating Systems
-
7/29/2019 Part 4_Chip and OS.PDF
48/53
-
7/29/2019 Part 4_Chip and OS.PDF
49/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (49)
Requirements for anRequirements for an
Open Operating SystemOpen Operating System
n Provide chip independence among multiple
hardware targets (chips)
n Provide isolation and separation between Multiple
Applications and System
Write
Siemens
Thomson
Motorola
Hitachi
-
7/29/2019 Part 4_Chip and OS.PDF
50/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (50)
Chip Resources
What is an Open Operating System?What is an Open Operating System?
Operating System (OS)
Virtual Machine
API
Ap
plication
a
Ap
plication
b
Ap
plication
c
Ap
plication
...
Chip Resources
Operating S.
Application
Data1
Application
Data2
Application
Data3
T r adi t ional OS Open OS
-
7/29/2019 Part 4_Chip and OS.PDF
51/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (51)
What is an Application in a OpenWhat is an Application in a Open
OS Card?OS Card?
Application
a=
EXECUTABLE
FILE SYSTEM
PSE
ADF 1DIR EF
AEF AEF AEF
-
7/29/2019 Part 4_Chip and OS.PDF
52/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (52)
JavaCardJavaCard ArchitectureArchitecture --
OnOn--Card componentsCard components
Native Functions &System Resources
Card
Executive
Virtual Machine
APIs
GEM
WG10
GEM
WG10
MPCOS GSM
Hardware
Java
Language
Assembler
1234 45678901
9/98
-
7/29/2019 Part 4_Chip and OS.PDF
53/53
Chip and Operating System Nicolas SMAYRABull & Innovatron PatentsAugust 2001 (53)
ThankThank
youyou
Bull CP8 Patents
Q & AQ & A