Previous Table of Contents Next


The ISO 7816-4 Standard

Unquestionably the most widely talked-about smart card API is that set forth in the ISO 7816-4 standard, which is discussed at length in Chapter 4, “Smart Card Commands.” There are 18 basic interindustry commands on this API:

ReadBinary(byte fileId, short offset, byte buffer[])
WriteBinary(byte fileId, short offset, byte buffer[])
UpdateBinary(byte fileId, short offset, byte buffer[])
EraseBinary(byte fileId, byte offset)
ReadRecord(byte record_number, byte mode, byte buffer[])
WriteRecord(byte record_number, byte mode, byte buffer[])
AppendRecord(byte record_number, byte mode, byte buffer[])
UpdateRecord(byte record_number, byte mode, byte buffer[])
GetData(short mode, byte buffer[])
PutData(short mode, byte buffer[])
SelectFile(byte mode, byte info, byte name[])
Verify(byte mode, byte key[])
InternalAuthenticate(byte algorithm, byte mode, byte challenge[])
ExternalAuthenticate(byte algorithm, byte mode, byte response[])
GetChallenge(byte challenge[])
ManageChannel(byte operation, byte channel_number)
GetResponse(byte response[]);
Envelope(byte buffer[])

As far as we know, there is no smart card on the market—nor has there ever been—that implements all the ISO 7816-4 commands with all the generality and capability written into the standard. Nevertheless, the ISO 7816-4 commands have served as a reference model for smart card interfacing and have to at least some degree enabled card interoperability. Many off-the-shelf smart cards implement some variant of most of these commands.

The GSM 11.14 Standard

A subscriber interface module (SIM) is a smart card that is inserted into a GSM (Groupe Spécial Mobile/Global System for Mobile Communication) cellular telephone. As its name implies, a SIM carries, among other things, the subscriber’s account information. The European Telecommunications Standards Institute (ETSI) has published a number of standards covering SIMs and their relationship to the GSM phone.

Unlike the master/slave relationship between terminal and card mandated by ISO 7816-4, GSM 11.14—the ETSI standard describing the interface between the phone and the card—allows for the SIM to initiate communication to the phone. Thus the code running in a SIM card has two APIs: one looking inward to services on the card itself and one looking outward to services on the phone.

The inward-looking API on a SIM card is similar to but not identical to ISO 7816-4. What distinguishes a SIM card from other smart cards is the file system and the encryption algorithms used to authenticate keys.

The outward-looking API on a SIM card contains the following functions:

  DisplayText—Displays text on the phone’s display window
  GetInKey—Gets one key hit from the phone’s keypad
  GetInput—Gets a string of characters from the phone’s keypad
  MoreTime—Prevents phone timeout by asking for more processing time
  PlayTone—Plays an audio tone in the earpiece and on the phone line
  PollInterval—Sets time between STATUS commands from phone
  Reset—Notifies the phone of changes in the SIM
  SelectItem—Sends a selection list to the phone to get user selection
  SendShortMessage—Sends a short message to the network
  SendSS—Sends a supplementary service request to the phone
  SendUSSD—(Not currently defined)
  SetUpCalls—Sets up a call on the network
  SetUpMenu—Sends a user-selection menu to the phone, which displays it

Notice that the outward-looking API enables the smart card to contact an arbitrary node on the telephone network by using PlayTone to communicate with it.

The Vendor APIs

Because card-side programming is still very new, most of the card-side APIs are vendor specific, although most of them include the same fuctionality found on the standards-based APIs. All necessarily support loading of applications onto the card after the card has been manufactured and personalized. MULTOS, DKCCOS, and SPYCOS support secure loading schemes.

Schlumberger’s Customer-Oriented System

The operating system in Schlumberger’s Multiflex smart card includes the ability to load machine code into and execute machine code from the card’s EEPROM memory. This executable code can extend or replace executable code in the Multiflex ROM. Schlumberger calls this functionality the Schlumberger Customer Oriented System (SCOS). Due to security considerations, primarily the fear of the creation of counterfeit cards, the Multiflex card included in this book has had the SCOS capability deactivated.

SCOS is a very powerful capability. It lets you create a custom smart card of your own design without incurring the time, expense, or risk of making a ROM mask, manufacturing the chips, and embedding the chips into cards.


Previous Table of Contents Next