Previous | Table of Contents | Next |
The computer on a smart card is a single integrated circuit chip that includes the central processing unit (CPU), the memory system, and the input/output lines. A single chip is used in order to make tapping into information flows inside the computer more difficult. If more than one chip were used to implement the smart card computer, the connections between the chips would be obvious points of attack.
Smart cards have a memory architecture that will be unfamiliar, if not downright bizarre, to most mainstream programmers. Programmers typically think in terms of having available large amounts of homogeneous random access memory (RAM) that is freely available for reading and writing. This is definitely not the case on a smart card. There are, in fact, three kinds of memory on a smart card: read-only memory (ROM), nonvolatile memory (NVM), and a relatively tiny amount of random access memory (RAM).
Read-only memory is where the smart card operating system is stored and is of interest only to assembly language programmers. General-purpose smart cards have between 8 KB and 32 KB of ROM. Here, one finds various utility routines such as those for doing communication and for maintaining an on-card file system along with encryption routines and special-purpose arithmetic routines. Code and data are placed in read-only memory when the card is manufactured and cannot be changed; this information is hardwired into the card.
NVM is where the cards variable datasuch as account numbers, number of loyalty points, or amount of e-cashis stored. NVM can be read and written by application programs, but it doesnt act like and cannot be used like RAM. NVM gets its name from the fact that it retains its contents when power is removed from the card; data written to NVM, if not overwritten, will last 10 years. NVM presents two problems:
The typical programmer is not familiar with either of these two problems, but must take them into account when writing smart card software.
There is some familiar RAM on a smart card, but not very muchusually only 1,000 bytes or less. This is unquestionably the most precious resource on the smart card from the card software developers point of view. Even when using a high-level language on the smart card, the programmer is acutely aware of the need to economize on the use of temporary variables. Furthermore, the RAM is not only used by the programmers application, but also by all the utility routines, so a programmer has to be aware not only of how much RAM he is using, but how much is needed by the routines he calls.
The central processing unit in a smart card chip is an 8-bit microcontroller, typically using the Motorola 6805 or Intel 8051 instruction set. Hitachis H8 smart card chip is a notable exception. These instruction sets have the usual complement of memory and register manipulations, addressing modes, and input/output operations. Some chip manufacturers have extended these basic instruction sets with additional instructions that are of particular use on smart cards. Smart card CPUs execute machine instructions at the rate of about 400,000 instructions per second (400 KIP), although speeds of up to 1 million instructions per second (1 MIP) are becoming available on the latest chips.
The demand for stronger encryption in smart cards has outstripped the ability of software for these modest computers to generate results in a reasonable amount of time. Typically 1 to 3 seconds is all that a transaction involving a smart card should take; however, a 1024-bit key RSA encryption can take 10-20 seconds on a typical smart card processor. As a result, some smart card chips include coprocessors to accelerate specifically the computations done in strong encryption.
A smart card CPU will not necessarily execute code from all parts of the smart card memory system. Most smart card chips, for example, will not execute code stored in RAM. Furthermore, some chips make it possible to reconfigure sections of NVM so that a program loaded into NVM cannot be overwritten (essentially turning the NVM into ROM) or so that the CPU wont take instructions and therefore execute code from this part of memory.
The input/output channel on a smart card is a unidirectional serial channel. This means that it passes data 1 bit and hence 1 byte at a time, and that data can flow in only one direction at a time. The smart card hardware can handle data at up to 115,200 bps, but smart card readers typically communicate with the card at speeds far below this.
The communication protocol between the host and the smart card is based on a master (host) and slave (smart card) relationship. The host sends commands to the card and listens for a reply. The smart card never sends data to the host except in response to a command from the host.
Smart card operating systems support either character or block transfers, but usually this level of detail is hidden from the smart card programmer.
Previous | Table of Contents | Next |