Smart Cards – A Brief Introduction

Gemalto

Introduction

A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits.  Nowadays, smart cards are found everywhere, the SIM inside your mobile phone (GSM Smart card), your Bank cards (VISA & Mastercard), your Sky/Cable Set-Top-Box, or even your company ID card additionally used for computer authentication.

Because the chips in financial cards are the same as those used in subscriber identity modules (SIMs) in mobile phones, programmed differently and embedded in a different piece of PVC, chip manufacturers are building to the more demanding GSM/3G standards. So, for example, although the EMV standard allows a chip card to draw 50 mA from its terminal, cards are normally well below the telephone industry’s 6 mA limit. This allows smaller and cheaper financial card terminals.

This post is a brief introduction into the hardware and software used to read/write smart cards.

Brief History of EMV

EMV-compliant cards and equipment are widespread except in a few countries such as the UK and USA.   Typically, a country’s national payment association, in coordination with MasterCard International, Visa International, American Express and JCB, jointly plan and implement EMV systems.

Historically, in 1993 several international payment companies agreed to develop smart-card specifications for debit and credit cards. The original brands were MasterCardVisa, and Europay.

The first version of the EMV system was released in 1994. In 1998 the specifications became stable.

EMVCo maintains these specifications. EMVco’s purpose is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version. EMVco upgraded the specifications in 2000 and 2004.

Smart Card Protocols

Communication protocols for contact smart cards include;

  • T=0 (character-level transmission protocol, defined in ISO/IEC 7816-3)
  • T=1 (block-level transmission protocol, defined in ISO/IEC 7816-3).

Clearly the IC card and the interface device must operate with a common protocol. This is where Answer-To-Reset (ATR) comes in real handy, it effectivily tells the smart card to reset its state, and print an introductory header.  This header gives us a small introduction about its configuration, capabilities and importantly what language (or rather protocol) it speaks.

ATR Response Example:

0000  3B FF 18 00 FF 81 31 FE 45 65 63 0D 02 50 02 80  ;.....1.Eec..P..
0010  00 08 37 70 20 10 05 00 B2                       ..7p ....

The first byte of the string is the initial character “TS”. It defines which of the two transmission technique, “direct convention (3B)” or “indirect convention (3F)”, should be used. In our case we have the byte 3B and a direct convention.

The second byte is the format character T0. Here we obtain the length of the historical characters. In our ATR the last 15 bytes are the historical characters. They contain some information e.g. the card’s features and operating system version.

The bytes 6 & 7 (0x81 0x31) denote the Protocol, in the example above they both mean T=1.

Now a simple example of talking to a EMV card is below, using the stated hardware and software.

Hardware

Gemalto Smart Card Reader

These devices are relatively cheap and cost under £20(GBP) in the UK, you can easily pick them up from Amazon or Ebay.

Software

Smart Card Shell

Website: http://www.openscdp.org

The Smart Card Shell 3 (SCS-3) is an interactive development and scripting tool that allows easy access to smart cards on an APDU level as well as on a file system level. It can be used to develop and test smart card applications, in particular applications integrated into a Public Key Infrastructure (PKI).

It is a Java application using the OpenCard Framework supporting most smart cards compliant with ISO7816-4. The Smart Card Shell uses JavaScript as command and script language provided by the Mozilla Rhino Engine. It has support for classes defined in theGlobal Platform Scripting specification and defines additional classes to support ASN.1/TLV encoding, X509 certificates, OCSP, LDAP and SOAP. The scripting engine supports E4X for simple XML processing.

Links:

Application – http://www.openscdp.org/scsh3/download.html

Script Collection – http://www.openscdp.org/scripts/scripts-20130326.zip

Example:

The above links make it extremely easy to access and read the chip on your VISA card.

Smart cards can have Applications, often denoted as AIDs (Application IDs) and sometimes more than one (depending on the size of the card) can be installed on a given smart card.  VISA has an Application called “1PAY.SYS.DDF01“, which is essentially the main application, and within this application are four sub applications:

  1. Self Service
  2. Link
  3. Visa
  4. Visa Rem Auth

Below is an example of the reademv script, presenting us with this information:

>load("C:/Program Files (x86)/CardContact/Smart Card Shell 3/scripts/emv/reademv.js");
FCP returned in SELECT: 6F [ APPLICATION 15 ] IMPLICIT SEQUENCE SIZE( 21 )
84 [ CONTEXT 4 ] SIZE( 14 )
0000 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 1PAY.SYS.DDF01
A5 [ CONTEXT 5 ] IMPLICIT SEQUENCE SIZE( 3 )
88 [ CONTEXT 8 ] SIZE( 1 )
0000 01 .

SFI 1 record #1
70 [ APPLICATION 16 ] IMPLICIT SEQUENCE SIZE( 31 )
61 [ APPLICATION 1 ] IMPLICIT SEQUENCE SIZE( 29 )
4F [ APPLICATION 15 ] SIZE( 6 )
0000 A0 00 00 00 24 01 ....$.
50 [ APPLICATION 16 ] SIZE( 16 )
0000 53 65 6C 66 20 53 65 72 76 69 63 65 20 20 20 20 Self Service
87 [ CONTEXT 7 ] SIZE( 1 )
0000 01 .

SFI 1 record #2
70 [ APPLICATION 16 ] IMPLICIT SEQUENCE SIZE( 32 )
61 [ APPLICATION 1 ] IMPLICIT SEQUENCE SIZE( 30 )
4F [ APPLICATION 15 ] SIZE( 7 )
0000 A0 00 00 00 29 10 10 ....)..
50 [ APPLICATION 16 ] SIZE( 16 )
0000 4C 69 6E 6B 20 20 20 20 20 20 20 20 20 20 20 20 Link
87 [ CONTEXT 7 ] SIZE( 1 )
0000 02 .

SFI 1 record #3
70 [ APPLICATION 16 ] IMPLICIT SEQUENCE SIZE( 32 )
61 [ APPLICATION 1 ] IMPLICIT SEQUENCE SIZE( 30 )
4F [ APPLICATION 15 ] SIZE( 7 )
0000 A0 00 00 00 03 10 10 .......
50 [ APPLICATION 16 ] SIZE( 16 )
0000 56 69 73 61 20 20 20 20 20 20 20 20 20 20 20 20 Visa
87 [ CONTEXT 7 ] SIZE( 1 )
0000 03 .SFI 1 record #4
70 [ APPLICATION 16 ] IMPLICIT SEQUENCE SIZE( 32 )
61 [ APPLICATION 1 ] IMPLICIT SEQUENCE SIZE( 30 )
4F [ APPLICATION 15 ] SIZE( 7 )
0000 A0 00 00 00 03 80 02 .......
50 [ APPLICATION 16 ] SIZE( 16 )
0000 56 69 73 61 20 52 65 6D 20 41 75 74 68 65 6E 20 Visa Rem Authen
87 [ CONTEXT 7 ] SIZE( 1 )
0000 04

The SCS-3 has a number of pre-programmed scripts in their “collection download“, which really gives you a massive head-start in playing around with the different smart cards, and an introduction into the different types of APDU commands needed to interrogate any smart cards you may own.