Previous Table of Contents Next


From the point of view of a smart card system designer, if you put a key file in the directory of a particular application, that key file defines the keys needed to access the files for that directory and all its subdirectories. If you don’t provide key files in an application’s directory, the key files in the directories above the application define the keys needed to access the application’s files. In other words, your Multiflex card implements hierarchical access control.

In a typical scenario, there will be one PIN file in the master file that establishes cardholder authentication and access privileges throughout the card. Then there are external authentication files with each application that govern who can read data gathered by the application and the parameters of running the application.

Tracking EEPROM Usage

Nonvolatile memory (NVM) is a precious resource on a smart card and you will find yourself keeping track of every byte. Each file in NVM takes up some extra administrative bytes besides the bytes you actually use. These overhead bytes describe the file, including its size, its type, and its access conditions. Furthermore, each record in a record file also contains some overhead “green bytes.” Table 5.15 gives the size of these per-file and per-record overheads:

Table 5.15. EEPROM usage in Schlumberger’s 3K Multiflex card.
File Type File Type Byte File Header Overhead Per Record Overhead

Directory file 3816 24 bytes
Transparent file 0116 16 bytes
Record file with fixed-length records 0216 16 bytes 4 bytes
Record file with variable-length records 0416 16 bytes 4 bytes
Cyclic file 0616 16 bytes 4 bytes

The information we received back from selecting the master file said that there were 2,832 unused bytes on what is advertised as a 3,008 byte Multiflex card. Where are the 176 missing bytes? The numbers in Table 5.16 and a little extra knowledge of the Multiflex operating system give a full accounting of the missing 176 bytes.

Table 5.16 Overhead bytes in the virgin 3k Multiflex card.
Description Overhead

Operating system 26 bytes
Header information for master file (3F00) 24 bytes
Header information for serial number file (0002) 16 bytes
Contents of serial number file (0002) 8 bytes
Header information for protection key file (0011) 16 bytes
Contents of transport key file 38 bytes
Flags, testing, random number generator, ATR 48 bytes
Total 176 bytes

Summary

This chapter is by no means a substitute for complete documentation of the 3K Multiflex card. Complete documentation would cover every bit of every command, in every file and every card state, condition, and response. Here we have merely tried to give you a first-hand sense for the mind-set of a smart card by considering in detail a few selected features of one real one. Above all, observe that a smart card is very suspicious. Its basic attitude is to trust no one and to always assume that there are hostile forces out there trying to trick it.

Your task as a smart card application programmer is to mold this suspicious attitude to your particular situation; to allow the card to trust just enough to get the job done but no more. Initially, you will probably err on the side of trusting too much; of not putting in enough protection; of not tailoring the access conditions carefully enough. It is a lot easier to think about how to get a job done than it is to think about how to prevent somebody from not doing the job correctly. After you’ve designed your smart card application, it will be a good idea to give it to a cantankerous friend and challenge them to break it.


Previous Table of Contents Next