Previous | Table of Contents | Next |
Unquestionably the most widely talked-about smart card API is that set forth in the ISO 7816-4 standard, which is discussed at length in Chapter 4, Smart Card Commands. There are 18 basic interindustry commands on this API:
ReadBinary(byte fileId, short offset, byte buffer[]) WriteBinary(byte fileId, short offset, byte buffer[]) UpdateBinary(byte fileId, short offset, byte buffer[]) EraseBinary(byte fileId, byte offset) ReadRecord(byte record_number, byte mode, byte buffer[]) WriteRecord(byte record_number, byte mode, byte buffer[]) AppendRecord(byte record_number, byte mode, byte buffer[]) UpdateRecord(byte record_number, byte mode, byte buffer[]) GetData(short mode, byte buffer[]) PutData(short mode, byte buffer[]) SelectFile(byte mode, byte info, byte name[]) Verify(byte mode, byte key[]) InternalAuthenticate(byte algorithm, byte mode, byte challenge[]) ExternalAuthenticate(byte algorithm, byte mode, byte response[]) GetChallenge(byte challenge[]) ManageChannel(byte operation, byte channel_number) GetResponse(byte response[]); Envelope(byte buffer[])
As far as we know, there is no smart card on the marketnor has there ever beenthat implements all the ISO 7816-4 commands with all the generality and capability written into the standard. Nevertheless, the ISO 7816-4 commands have served as a reference model for smart card interfacing and have to at least some degree enabled card interoperability. Many off-the-shelf smart cards implement some variant of most of these commands.
A subscriber interface module (SIM) is a smart card that is inserted into a GSM (Groupe Spécial Mobile/Global System for Mobile Communication) cellular telephone. As its name implies, a SIM carries, among other things, the subscribers account information. The European Telecommunications Standards Institute (ETSI) has published a number of standards covering SIMs and their relationship to the GSM phone.
Unlike the master/slave relationship between terminal and card mandated by ISO 7816-4, GSM 11.14the ETSI standard describing the interface between the phone and the cardallows for the SIM to initiate communication to the phone. Thus the code running in a SIM card has two APIs: one looking inward to services on the card itself and one looking outward to services on the phone.
The inward-looking API on a SIM card is similar to but not identical to ISO 7816-4. What distinguishes a SIM card from other smart cards is the file system and the encryption algorithms used to authenticate keys.
The outward-looking API on a SIM card contains the following functions:
Notice that the outward-looking API enables the smart card to contact an arbitrary node on the telephone network by using PlayTone to communicate with it.
Because card-side programming is still very new, most of the card-side APIs are vendor specific, although most of them include the same fuctionality found on the standards-based APIs. All necessarily support loading of applications onto the card after the card has been manufactured and personalized. MULTOS, DKCCOS, and SPYCOS support secure loading schemes.
The operating system in Schlumbergers Multiflex smart card includes the ability to load machine code into and execute machine code from the cards EEPROM memory. This executable code can extend or replace executable code in the Multiflex ROM. Schlumberger calls this functionality the Schlumberger Customer Oriented System (SCOS). Due to security considerations, primarily the fear of the creation of counterfeit cards, the Multiflex card included in this book has had the SCOS capability deactivated.
SCOS is a very powerful capability. It lets you create a custom smart card of your own design without incurring the time, expense, or risk of making a ROM mask, manufacturing the chips, and embedding the chips into cards.
Previous | Table of Contents | Next |