Overview SmartCard

Overview

Like most computer hardware, the price of smart cards is steadily decreasing, while performance and capacity are improving all the time. You can now buy a fully-functional computer, the size of your thumb-nail, for just a euro or two. However, before the BasicCard arrived, the cost of developing software for smart cards was out of all proportion to the cost of the hardware. A typical development project might take six months and cost a quarter of a million euros. This was a major barrier to the widespread use and acceptance of smart cards.

But now you can program your own smart card in an afternoon, with no previous experience required. If you can program in Basic, you can design and implement a custom smart card application. With ZeitControl’s BasicCard, the development cycle of writing code, downloading, and testing takes a few minutes instead of weeks.

The Smart Card Environment

Obviously, programming a smart card is not the same as programming a desktop computer. It has no keyboard or screen, for a start. So how does a smart card receive its input and communicate its output? It talks to the outside world through its bi-directional I/O contact. Communication takes place at 9600 baud or more, according to the T=0 and T=1 protocols defined in ISO/IEC standards 7816-3 and 7816-4. But this is completely invisible to the Basic programmer – all you have to do is define a command in the card, and program it like an ordinary Basic procedure. Then you can call this command from a ZC-Basic program running on the PC. Again, the command is called as if it was an ordinary procedure.

The BasicCard operating system takes care of all the communications for you. It will even encrypt and decrypt the commands and responds if you ask it to. All you have to do is specify a different two-byte ID for each command that you define. (If you are familiar with ISO/IEC 7816-4: Interindustry commands for interchange, you will know these two bytes as CLA and INS, for Class and Instruction.)

Here is a simple example. Suppose you run a discount warehouse, and you are issuing the BasicCard to members to store pre-paid credits. You will want a command that returns the number of credits left in the card. So you might define the command GetCustomerCredits, and give it an ID of &H20 &H01 (&H is the hexadecimal prefix):

Eeprom CustomerCredits ‘ Declare a permanent Integer variableCommand &H20 &H01 GetCustomerCredits (Credits)Credits = CustomerCredits

End Command

You can call this command from the PC with the following code:

Const swCommandOK = &H9000Declare Command &H20 &H01 GetCustomerCredits (Credits)Status = GetCustomerCredits (Credits)

If Status <> swCommandOK Then GoTo CancelTransaction

The value &H9000 is defined in ISO/IEC 7816-4 as the status code for a successful command. This value is automatically returned to the caller unless the ZC-Basic code specifies otherwise. The return value from a command should always be checked, even if the command itself has no error conditions – for instance, the card may have been removed from the reader.

It’s as simple as that. Of course, there is a lot more going on below the surface, but you don’t have to know about it to write a BasicCard application.

Technical Summary

All BasicCard families (Compact, Enhanced, and Professional) contain:

• a full implementation of the T=1 block-level communications protocol defined in ISO/IEC 7816-3: Electronic signals and transmission protocols, including chaining, retries, and WTX requests;
• a command dispatcher built around the structures defined in ISO/IEC 7816-4: Interindustry commands for interchange (CLA INS P1 P2 [Lc IDATA] [Le] );
• built-in commands for loading EEPROM, enabling encryption, etc.;
• a Virtual Machine for the execution of ZeitControl’s P-Code;
• code for the automatic encryption and decryption of commands and responses, using the AES, DES, or SG-LFSR symmetric-key algorithm.

Enhanced and Professional BasicCards contain in addition:

• a directory-based, DOS-like file system;
• IEEE-compatible floating-point arithmetic.

The functionality of the Enhanced BasicCard family can be further extended using Plug-In Libraries.

Professional BasicCards contain in addition:

• a Public-Key algorithm (RSA or EC);
• a full implementation of the T=0 byte-level communications protocol defined in ISO/IEC 7816-3: Electronic signals and transmission protocols;

• the SHA-1 Secure Hash Algorithm.

The data sheet on the next page contains details of available BasicCards versions, and the cryptographic algorithms that they support.

Development Software

The ZeitControl MultiDebugger software support package consists of:

• ZCPDE, the Professional Development Environment;
• ZCMDTERM and ZCMDCARD, debuggers for Terminal programs and BasicCard programs;
• ZCMBASIC, the compiler for the ZC-Basic language;
• ZCMSIM, for low-level simulation of Terminal and BasicCard programs;
• BCLOAD, for downloading P-Code to the BasicCard;
• KEYGEN, a program that generates random keys for use in encryption;
• BCKEYS, for downloading cryptographic keys to the Compact and Enhanced BasicCards.

Compact BasicCard

Version	EEPROM	RAM	Protocol	Encryption	Floating-Point Support	File System
ZC1.1	1K	256 bytes	T=1	SG-LFSR	None	No

Enhanced BasicCard

Version	EEPROM	RAM	Protocol	Encryption	Extras	FP Support	File System
ZC3.1	2K	256 bytes	T=1	DES		Full	Yes
ZC3.2	4K	256 bytes	T=1	DES		Full	Yes
ZC3.3	8K	256 bytes	T=1	DES		Full	Yes
ZC3.4	16K	256 bytes	T=1	DES		Full	Yes
ZC3.5	6K	256 bytes	T=1	DES	EC-FSA1	Full	Yes
ZC3.6	14K	256 bytes	T=1	DES	EC-FSA1	Full	Yes
ZC3.7	2K	256 bytes	T=1	DES		Full	Yes
ZC3.8	4K	256 bytes	T=1	DES		Full	Yes
ZC3.9	8K	256 bytes	T=1	DES		Full	Yes

¹ EC-FSA: Fast Signature Algorithm for Elliptic Curve Cryptography

Plug-In Libraries for the Enhanced BasicCard: EC-161, AES, SHA-1, IDEA

Professional BasicCard

Version	PK Algorithm	EEPROM	RAM	Protocol	Encryption	Extras	FP Support	File System
ZC4.5A	RSA	30K	1K	T=0, T=1	AES	SHA-1	Partial1	Yes
ZC4.5D	RSA	30K	1K	T=0, T=1	DES	SHA-1	Partial1	Yes
ZC5.4	EC-167	16K	1K	T=0, T=1	AES & DES	SHA-1	Full	Yes
ZC5.5	EC-167	31K	1.7K	T=0, T=1	EAX/OMAC/ AES/ DES	SHA-1	Full	Yes

¹ Single-to-String conversion not supported

MultiApplication BasicCard

Version	PK Algorithm	EEPROM	RAM	Protocol	Encryption	Extras	FP Support	File System
ZC6.5	EC-167	31K	1.7K	T=0, T=1	EAX/OMAC/ AES/ DES	SHA-1	Full	Yes

Public-Key Algorithms

Name	Description	Key size	Reference
RSA	Rivest-Shamir-Adleman algorithm	1024 bits	IEEE P1363: Standard Specifications for Public Key Cryptography
EC-167	Elliptic Curve Cryptography over the field GF(2167 )	167 bits
EC-161	Elliptic Curve Cryptography over the field GF(2168 )	161 bits

Symmetric-Key Algorithms

Name	Description	Key size	Reference
EAX	Encryption with Authentication for Transfer (using AES)	128/192/ 256 bits	EAX: A Conventional Authenticated-Encryption Mode1 M. Bellare, P. Rogaway, D. Wagner
OMAC	One-Key CBC-MAC (using AES)	128/192/ 256 bits	OMAC: One-Key CBC MAC1 Tetsu Iwata and Kaoru Kurosawa Department of Computer and Information Sciences, Ibaraki University 4–12–1 Nakanarusawa, Hitachi, Ibaraki 316-8511, Japan
AES	Advanced Encryption Standard	128/192/ 256 bits	Federal Information Processing Standard FIPS 197
DES	Data Encryption Standard	56/112 bits	ANSI X3.92-1981: Data Encryption Algorithm
SG-LFSR	Shrinking Generator – Linear Feedback Shift Register	64 bits	D. Coppersmith, H. Krawczyk, and Y. Mansour, The Shrinking Generator, Advances in Cryptology – CRYPTO ’93 Proceedings, Springer-Verlag, 1994
IDEA	International Data Encryption Algorithm	128 bits	X. Lai, On the Design and Security of Block Ciphers, ETH Series in Information Processing, v. 1, Konstanz: Hartung-Gorre Verlag, 1992

¹ These documents are available at http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/Data Hashing Algorithms

Name	Description	Reference
SHA-1	Secure Hash Algorithm, revision 1	Federal Information Processing Standard FIPS 180-1

Communication Protocols

Name	Description	Reference
T=0	Byte-level transmission protocol	ISO/IEC 7816-3: Electronic signals and transmission protocols
T=1	Block-level transmission protocol

How BasicCard Works

There exist two types of so called chip cards. While one type of cards (memory cards) are just a bunch of E²Prom storage, second type of cards like BasicCard is more like a small computer. It includes a microcontroller with RAM for operation, ROM for holding the BasicCard OS and E²Prom for holding your data and your program. It communicates with the outer world through its chip contacts by use of a bi-directional serial interface. This interface and most other SmartCard related facts are standardized by the International Organization for Standardization (ISO) in ISO 7816 standard.

Having a microcontroller inside a Smartcard is an advantage of this technology. This is because only the microcontroller is in control of all other parts (communication, RAM, ROM and E²Prom). This means only the program executed by the microcontroller has access to data stored in E²Prom and so your program decides which data is exchanged with the outer world and which conditions are required before this data can be exchanged.

In the past it was very difficult and expensive to create programs for smart cards, but now with BasicCard you can do it your self. Start here by downloading the development manual, the BasicCard development software or by ordering the complete development kit.

Development Software and Manual Download

• BasicCard Developer Manual Manual V5.22 about 1.2 MB (01/03/2005)
  Note: Manual is also included within BasicCard Development Software.

• Datasheet the Professional and MultiApplication BasicCard V3.10 about 50 kB (02/03/2005)
  Overview of functions available within each Professional and MultiApplication BasicCard type.

• BasicCard Development Software V5.22 (21/03/2005)
  This software is required for all BasicCard developments!

• BasicCard API/OCX Development Software V4.36 (26/02/2003)
  This API allows you to use the BasicCard from C/C++, Visual Basic or Delphi programs.

• BasicCard Java Library V0.95 beta (2005-04-04)
  Using this class library you can access BasicCards from Java applications.

• BasicCard .Net Library V0.7 beta (2005-07-25)
  Using this class library you can access BasicCards from .Net applications. Such the BasicCard .Net Library supports Visual Basic .Net, C#, Visual C/C++ .Net and any other .Net developing language. BasicCard .Net Library will replace BasicCard API/OCX.

• Order Online the complete BasicCard Toolkit

Additional Tools, Examples and Information

• BasicCard FAQ (16/02/2000)
  Frequently asked questions.

• BasicCard User Forum
  Here you may find answers and place questions regarding BasicCard.

• Old BasicCard Development Software V3.21 about 3.5 MB (14/03/2001) or
  BasicCard Development Software V4.52 about 6.5 MB (18/06/2003)
  just in case you need an older version of BasicCard development software.

• Driver Download
  for CyberMouse card reader as included with BasicCard Toolkit.
  Note: For serial CyberMouse the driver installation is optional and not required.

• Paper work about BasicCard
  Our advertising flyer as PDF file.

• ISO7816-4 Command Set Example (18/06/2003)
  Example implementation of an ISO file system card. Requires BasicCard ZC5.x

• Application Example, Elliptic Curve Encryption about 3 MB (18/06/2003)
  An example application (including source code) created by use of Visual Basic, showing how to use Elliptic Curve encryption with BasicCard ZC5.x.

Third Party Tools, Examples and Demos

• CHZ-Soft download page, containing
  

  • BasicCard Delphi Class Interface (DCI), provides object-oriented and easier access to many functions of Zeitcontrol’s BasicCard API.

  • BasicCard API for Linux, an open source implementation of ZeitControl BasicCard API.
    
• BasicSIM BasicCard image files for article in Elektor electronic magazine and Patrick Gueulles’ Book “TELEPHONES PORTABLES ET PC” (2nd edition), to be released in summer 2002 (see http://www.dunod.com). Elektor acrticle is published in following Elektor releases: German, May 2002, Number 377; France, April 2002, Number 286; United Kingdom, May 2002, Number 310. (08/04/2002)