Previous | Table of Contents | Next |
Listing 11.3 is the new and improved E-Bucks section of the FlexCash smart card program that implements the E-Bucks e-cash protocol. For the sake of clarity, the Java code doesnt use any encryption.
Listing 11.3. E-Bucks e-cash card-side code.
case EBUCKS: if(Array[0] == (byte)0xE2) { // Get EBucks Transaction Number _OS.ReadBinaryFile((short)5, (byte)1, EBucks); if(Array[1] == (byte)0x02) { // Request Debit EBucks[0]++; EBucks[1] = CHALLENGE; Status = _OS.WriteBinaryFile((short)5, (byte)1, EBucks); _OS.SendMessage(Ack, (byte)1); _OS.SendMessage(EBucks, (byte)2); _OS.SendStatus(Status); continue; } if(Array[1] == (byte)0x04) { // Make Debit _OS.GetMessage(Array, (byte) 0x04, Ack[0]); if(Array[0] == EBucks[0] && // Transaction Number Array[1] == CHALLENGE && Array[2] == DEBITFLAG) { EBucks[1] = CREDITFLAG; EBucks[2] = Array[3]; // Amount Value[2] = Ack[0] = (byte)(Value[2]-Array[3]); Status = _OS.WriteBinaryFile((short)2,(byte)1, Ack); _OS.SendStatus(Status); continue; } else { _OS.SendStatus((byte)0x30); continue; } } if(Array[1] == (byte)0x06) { // Request Credit if(EBucks[1] == CREDITFLAG) { Array[0] = Array[2]; // Transaction Number Array[1] = Array[3]; // Challenge Array[2] = EBucks[2]; // Amount Array[3] = CREDITFLAG; EBucks[1] = 0; _OS.SendMessage(Ack, (byte)1); _OS.SendMessage(Array, (byte)4); _OS.SendStatus((byte)0x00); continue; } else { _OS.SendStatus((byte)0x30); continue; } } } else { // Unknown E-Bucks command _OS.Execute((short)0,(byte)0); _OS.SendStatus((byte)0x95); continue; } break;
To complete our story, Listing 11.4 is a Windows PC program that might run on a vending machine that accepts E-Bucks e-cash cards.
Listing 11.4. E-Bucks e-cash host-side code.
#define DEBITFLAG 1 void CSmartCashDlg::OnSpendebucks() { DWORD dwAmount; BYTE bpRequestDebit[] = {0xE2, 0x02, 0x00, 0x00}; BYTE bpMakeDebit[] = {0xE2, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; BYTE bpRequestCredit[] = {0xE2, 0x06, 0x00, 0x00, 0x00}; m_EBucks.GetWindowText(cString); sscanf((LPCTSTR)cString, "%2d", &dwAmount); hresult = ExchangeCardMessage(bpRequestDebit, (BYTE)0x04, bpReply, 0x02); GetSW(&wSW); bpMakeDebit[4] = bpReply[0]; bpMakeDebit[5] = bpReply[1]; bpMakeDebit[6] = DEBITFLAG; bpMakeDebit[7] = (BYTE)dwAmount; hresult = SendCardMessage(bpMakeDebit, (BYTE)0x08); GetSW(&wSW); hresult = ExchangeCardMessage(bpRequestCredit, (BYTE)0x04, bpReply, 0x04); if (FAILED(hresult)) throw (hresult); else { GetSW(&wSW); sprintf(string, "[%04x] %02x %02x %02x %02x", wSW, bpReply[0], bpReply[1], bpReply[2], bpReply[3]); m_editScardStatus.SetWindowText(string); } }
In this chapter, we consider a simple e-commerce smart card application that illustrates writing code to run on a smart card together with some basic security considerations in moving value from the card to the host. Be assured that the protocol used by real e-cash cards such as VisaCash, Mondex, and Proton is much more complicated than this one. But if you are just running a frequent buyer points program for Joes Fish Store, then the preceding e-cash protocol would probably provide sufficient security to move Pisces Points between Joes cash register and the smart card.
Previous | Table of Contents | Next |