Previous | Table of Contents | Next |
From the point of view of a smart card system designer, if you put a key file in the directory of a particular application, that key file defines the keys needed to access the files for that directory and all its subdirectories. If you dont provide key files in an applications directory, the key files in the directories above the application define the keys needed to access the applications files. In other words, your Multiflex card implements hierarchical access control.
In a typical scenario, there will be one PIN file in the master file that establishes cardholder authentication and access privileges throughout the card. Then there are external authentication files with each application that govern who can read data gathered by the application and the parameters of running the application.
Nonvolatile memory (NVM) is a precious resource on a smart card and you will find yourself keeping track of every byte. Each file in NVM takes up some extra administrative bytes besides the bytes you actually use. These overhead bytes describe the file, including its size, its type, and its access conditions. Furthermore, each record in a record file also contains some overhead green bytes. Table 5.15 gives the size of these per-file and per-record overheads:
File Type | File Type Byte | File Header Overhead | Per Record Overhead |
---|---|---|---|
Directory file | 3816 | 24 bytes | |
Transparent file | 0116 | 16 bytes | |
Record file with fixed-length records | 0216 | 16 bytes | 4 bytes |
Record file with variable-length records | 0416 | 16 bytes | 4 bytes |
Cyclic file | 0616 | 16 bytes | 4 bytes |
The information we received back from selecting the master file said that there were 2,832 unused bytes on what is advertised as a 3,008 byte Multiflex card. Where are the 176 missing bytes? The numbers in Table 5.16 and a little extra knowledge of the Multiflex operating system give a full accounting of the missing 176 bytes.
Description | Overhead |
---|---|
Operating system | 26 bytes |
Header information for master file (3F00) | 24 bytes |
Header information for serial number file (0002) | 16 bytes |
Contents of serial number file (0002) | 8 bytes |
Header information for protection key file (0011) | 16 bytes |
Contents of transport key file | 38 bytes |
Flags, testing, random number generator, ATR | 48 bytes |
Total | 176 bytes |
This chapter is by no means a substitute for complete documentation of the 3K Multiflex card. Complete documentation would cover every bit of every command, in every file and every card state, condition, and response. Here we have merely tried to give you a first-hand sense for the mind-set of a smart card by considering in detail a few selected features of one real one. Above all, observe that a smart card is very suspicious. Its basic attitude is to trust no one and to always assume that there are hostile forces out there trying to trick it.
Your task as a smart card application programmer is to mold this suspicious attitude to your particular situation; to allow the card to trust just enough to get the job done but no more. Initially, you will probably err on the side of trusting too much; of not putting in enough protection; of not tailoring the access conditions carefully enough. It is a lot easier to think about how to get a job done than it is to think about how to prevent somebody from not doing the job correctly. After youve designed your smart card application, it will be a good idea to give it to a cantankerous friend and challenge them to break it.
Previous | Table of Contents | Next |