Previous Table of Contents Next


The E-Bucks Card-Side Code

Listing 11.3 is the new and improved E-Bucks section of the FlexCash smart card program that implements the E-Bucks e-cash protocol. For the sake of clarity, the Java code doesn’t use any encryption.

Listing 11.3. E-Bucks e-cash card-side code.

  case EBUCKS:
    if(Array[0] == (byte)0xE2) {
        // Get EBucks Transaction Number
        _OS.ReadBinaryFile((short)5, (byte)1, EBucks);
        if(Array[1] == (byte)0x02) { // Request Debit
            EBucks[0]++;
            EBucks[1] = CHALLENGE;
            Status =
                     _OS.WriteBinaryFile((short)5, (byte)1, EBucks);
            _OS.SendMessage(Ack, (byte)1);
            _OS.SendMessage(EBucks, (byte)2);
            _OS.SendStatus(Status);
            continue;
        }
        if(Array[1] == (byte)0x04) { // Make Debit
          _OS.GetMessage(Array, (byte) 0x04, Ack[0]);
          if(Array[0] == EBucks[0] && // Transaction Number
             Array[1] == CHALLENGE &&
             Array[2] == DEBITFLAG) {
               EBucks[1] = CREDITFLAG;
               EBucks[2] = Array[3]; // Amount
               Value[2] = Ack[0] = (byte)(Value[2]-Array[3]);
               Status = _OS.WriteBinaryFile((short)2,(byte)1, Ack);
               _OS.SendStatus(Status);
               continue;
          } else {
               _OS.SendStatus((byte)0x30);
               continue;
          }
          }
        if(Array[1] == (byte)0x06) { // Request Credit
          if(EBucks[1] == CREDITFLAG) {
             Array[0] = Array[2];  // Transaction Number
             Array[1] = Array[3];  // Challenge
             Array[2] = EBucks[2]; // Amount
             Array[3] = CREDITFLAG;
             EBucks[1] = 0;
            _OS.SendMessage(Ack, (byte)1);
            _OS.SendMessage(Array, (byte)4);
            _OS.SendStatus((byte)0x00);
            continue;
          } else {
            _OS.SendStatus((byte)0x30);
            continue;
          }
        }
    } else { // Unknown E-Bucks command
    _OS.Execute((short)0,(byte)0);
    _OS.SendStatus((byte)0x95);
    continue;
    }
break;

The E-Bucks Reader-Side Code

To complete our story, Listing 11.4 is a Windows PC program that might run on a vending machine that accepts E-Bucks e-cash cards.

Listing 11.4. E-Bucks e-cash host-side code.

#define DEBITFLAG 1
void CSmartCashDlg::OnSpendebucks()
{
    DWORD dwAmount;

    BYTE bpRequestDebit[]  = {0xE2, 0x02, 0x00, 0x00};
    BYTE bpMakeDebit[]     = {0xE2, 0x04, 0x00, 0x00,
                                0x00, 0x00, 0x00, 0x00};
    BYTE bpRequestCredit[] = {0xE2, 0x06, 0x00, 0x00, 0x00};

    m_EBucks.GetWindowText(cString);
    sscanf((LPCTSTR)cString, "%2d", &dwAmount);

    hresult =
        ExchangeCardMessage(bpRequestDebit, (BYTE)0x04, bpReply, 0x02);
    GetSW(&wSW);

    bpMakeDebit[4] = bpReply[0];
    bpMakeDebit[5] = bpReply[1];
    bpMakeDebit[6] = DEBITFLAG;
    bpMakeDebit[7] = (BYTE)dwAmount;
    hresult = SendCardMessage(bpMakeDebit, (BYTE)0x08);
    GetSW(&wSW);

    hresult =
        ExchangeCardMessage(bpRequestCredit, (BYTE)0x04, bpReply, 0x04);

    if (FAILED(hresult))
        throw (hresult);
    else {
        GetSW(&wSW);
        sprintf(string, "[%04x] %02x %02x %02x %02x",
            wSW, bpReply[0], bpReply[1], bpReply[2], bpReply[3]);
            m_editScardStatus.SetWindowText(string);
    }
}

Summary

In this chapter, we consider a simple e-commerce smart card application that illustrates writing code to run on a smart card together with some basic security considerations in moving value from the card to the host. Be assured that the protocol used by real e-cash cards such as VisaCash, Mondex, and Proton is much more complicated than this one. But if you are just running a frequent buyer points program for Joe’s Fish Store, then the preceding e-cash protocol would probably provide sufficient security to move Pisces Points between Joe’s cash register and the smart card.


Previous Table of Contents Next