Previous Table of Contents Next


Host Software

Most smart card software is host software. It is written for personal computers and workstation servers, accesses existing smart cards and incorporates these cards into larger systems. Host software will typically include end-user application software, system-level software that supports the attachment of smart card readers to the host platform, and system-level software that supports the use of the specific smart cards needed to support the end-user application. In addition, host software includes application and utility software necessary to support the administration of the smart card infrastructure.

Host software is usually written in one of the high-level programming languages found on personal computers and workstations—C, C++, Java, BASIC, COBOL, Pascal, or FORTRAN—and linked with commercially available libraries and device drivers to access smart card readers and smart cards inserted into them. In constrast, card software is usually written in a safe computing language such as Java, machine-level language such as Forth, or assembly language.

Card Software

Card software is the software that runs on the smart card itself. It is usually classified as operating system, utility, and application software, much as is the case with host software. For many applications, rather generic smart cards with their general on-card software will suffice; special software for the card is not required. Where application-specific card software is required, it is typically written either in assembly language for the chip architecture of the microprocessor found embedded in the smart card or in a higher-level language that can be interpreted directly on the card or compiled into card assembly language and loaded onto the card.

It is useful to occasionally further categorize smart card software into application software or system software. Application software uses the computational and data storage capabilities of a smart card as if they were those of any other computer and is relatively unaware of the data integrity and data security properties of the smart card. These are of more concern to the person using the card than to the application software accessing it. System software, on the other hand, explicitly uses and may contribute to and enhance the data integrity and data security properties of the smart card.

Host application software substitutes the smart card for an alternative implementation of the same functionality (for example, when an encryption key or a medical record is kept on a smart card rather than on a hard disk file on the local computer or in a central database on a server). Host system software harnesses the unique and intrinsic computing and data storage capabilities of the smart card by sending data and commands to it and by retrieving data and results from it.

Card application software is typically used to customize an existing off-the-shelf smart card for a particular application (see Table1.1) and amounts to moving some functionality from host application software onto the card itself. This may be done in the interest of efficiency—in order to speed up the interaction between the host and the card—or security—in order to protect a proprietary part of the system. Card system software is written in a low-level machine language for a particular smart card chip and is used to extend or replace basic functions on the smart card.

Table 1.1. Types of smart card software with sample applications.
Software Type Application System

Host Digital signature Electronic purse
Card Lottery game Encryption algorithm

Host and Card Software Integration

Both kinds of smart card software—host software outside the card looking in and card software inside the card looking out—are treated in this book, but they are fundamentally different in their orientation and outlook. Card software focuses on the contents of a particular card. Card software provides computational services for applications in accessing these contents, and protects these contents from many applications which might try to access them incorrectly. Host software, on the other hand, might make use of many different cards. Host software is typically aware of many cardholders and possibly many card issuers as well as many different kinds of cards.

Card software implements the data and process security properties and policies of a particular smart card. For example, a program running on the card might not provide an account number stored on the card unless presented with a correct personal identification number (PIN). Or a program running on the card might compute a digital signature using a private key stored on the smart card, but it would under no condition release the private key itself. Software running on a smart card provides secure, authorized access to the data stored on the smart card. It is only aware of the contents of a particular smart card and entities “out there”—people, computers, terminals, game consoles, set-top boxes, and so on—trying to get at these contents.

Host software connects the smart cards and the users carrying them to larger systems. For example, software running in an automatic teller machine (ATM) uses the smart cards inserted by the bank’s customers to identify the customer and to connect the customers with their bank accounts. Or software running in a soda machine verifies that the card inserted into the card reader is a valid cash card and decrements the amount of cash on the card before triggering the release of a can of soda. Host software is aware of many smart cards and tailors its response based on the particular smart card presented.

Unlike most computer software, which relies on supporting services from its surrounding context, smart card software begins with the assumption that the context in which it finds itself is hostile and is not to be trusted. Until presented with convincing evidence to the contrary, smart cards don’t trust the hosts they are inserted into and smart card hosts don’t trust cards that are inserted into them. A smart card program only trusts itself. Everything outside the program has to prove itself trustworthy before the program will interact with it.


Previous Table of Contents Next