Smart Card Guy

Smart Card / Java Card, Cyber Security, IoT Device Security, Root of Trust, 標準化等

洋書 - Smart Card Programming

書籍・雑誌 Java Card GlobalPlatform

Smart Card Programming

Smart Card Programming

感想

  • 発売日は2014年だが、中身はかなり古い(最新情報が足りない)?
  • Card側及びPC/SC仕様など、バランスよく網羅されている。

目次

1. Smart Cards

2. Technical Basis

2.1 Smart Card
2.1.1 Memory Cards
2.1.2 Microprocessor-based Cards
2.1.3 Contact, Contactless and Dual Interface Smart Card
2.1.4 USB Token
2.2 Microchip Architecture
2.3 Smart Card Manufacturing
2.4 Operating System
2.5 Smart Cards and Data Protection
2.6 Smart Card Selection Criteria

3. ISO 7816 Specification

3.1 Standard Technical Specifications
  • ISO 7816は全部で10 parts。* 2019/09時点でもう少し増えてる。
  • Part 1 - Part 3はH/W関連なので、ほとんどChipベンダーがMUSTで準拠する部分
  • Part 4 - Part 8はSmart Cardのデータフォーマット、OSコマンドなど
  • Part 1: Cards with contacts—Physical characteristics
  • Part 2: Cards with contacts—Dimensions and location of the contacts
  • Part 3: Cards with contacts—Electrical interface and transmission protocols
  • Part 4: Organization, security and commands for interchange
  • Part 5: Registration of application providers
  • Part 6: Interindustry data elements for interchange
  • Part 7: Interindustry commands for Structured Card Query Language (SCQL)
  • Part 8: Commands and mechanisms for security operations
  • Part 9: Commands for card management
  • Part 10: Electronic signals and answer to reset for synchronous cards
  • Part 11: Personal verification through biometric methods
  • Part 12: Cards with contacts—USB electrical interface and operating procedures
  • Part 13: Commands for application management in a multi-application environment
  • Part 15: Cryptographic information application
3.2 Physical and Electrical Characteristics
  • Part 3. ATR(Answer to Reset)プロトコル定義
3.3 ATR
  • ATR: Answer to Reset。RESETする際、Chipから送る33 character
3.4 Transmission Protocols
3.4.1 T=0 Protocol
  • Single byte. Half-duplex transmission of asynch char.
3.4.2 T=1 Protocol
  • block of bytes. Half-duplex transmission of asynch blocks.
  • T=1がmulti application smart cardでは主流
3.4.3 T=CL Protocol
  • for ContactLess
3.4.4 Synchronous Protocols
  • T=0, 1より下層レイヤーのSynchronous protocol。Wire Link Protocol.
3.5 Structure and Format of EEPROM-Stored Data
3.5.1 File System
3.5.2 File Types and Formats
3.5.3 File Access Permissions
3.5.4 Secure Messaging
3.6 Command Set
3.6.1 Command APDU
3.6.2 Response APDU
3.6.3 TPDU
3.6.4 Basic Commands
3.6.5 Advanced Command Set
3.7 Smart Card Console and Emulator

4. Memory Cards

4.1 Memory Card Types
4.1.1 Free Access Memory Card (I2C)
4.1.2 Count-Down
4.1.3 Count-Down with Authentication Memory Card
4.1.4 Protected Memory
4.2 Memory Card Integration

5. Contactless Cards

5.1 Brief History
5.2 Technology
5.2.1 ISO/IEC 14443
5.2.2 MIFARE
5.2.3 Near Field Communication (NFC)
5.3 Programming with Contactless Cards
5.3.1 MIFARE Command Set

6. PC/SC Specifications

6.1 PC/SC Architecture
6.1.1 IC Card
6.1.2 The Interface Device
6.1.3 The Interface Device Handler
6.1.4 The Resource Manager
6.1.5 The Service Provider
6.2 The Resource Manager Service
6.2.1 Windows
6.2.2 Linux/UNIX
6.3 The Resource Manager API
6.4 C/C++
6.5 The Service Provider
6.6 Visual Basic 6
6.7 .NET Smart Card API

7. Opencard Framework

7.1 OpenCard Framework Architecture
7.1.1 CardTerminal
7.1.2 CardService
7.1.3 CardTerminal Events
7.2 Programming in Java
7.2.1 Installing and Configuring OCF
7.2.2 Sending Command APDU Sample Application
7.3 Digital Signature Application with OCF
7.3.1 Initialization
7.3.2 Events Handling
7.3.3 Reading the "UserInfo" file
7.3.4 Compute a digital signature
7.3.5 OCF Closing

8. Java Smart Card I/O API

  • Java Smart Card I/O API
    • JDK 1.6 (Java SE 6)には入っていたが、Java SE 7/SE 8にはもう入っていない・・・
    • javax.smartcardioパッケージ: Link
    • PC/SCとOCFからのコンセプトを踏襲
    • APIはざっくりPC/SC specのResource Manager APIとほぼ同等
  • [注] または、2019/09時点では、Java Card Development Kitの中に提供されているlib/tools.jarに下記のようなものが使える
8.1 Send Command APDU Sample Application

9. GlobalPlatform

9.1 GlobalPlatform Specifications
9.1.1 Card Specification
9.1.2 Device Specification
9.1.3 Systems Specification
9.2 Card Architecture
9.2.1 Security Domains
9.2.2 Global Services Applications
9.2.3 Runtime Environment
9.2.4 Trusted Framework
9.2.5 GlobalPlatform Environment (OPEN)
9.2.6 GlobalPlatform API
9.2.7 Card Content
9.2.8 Card Manager
9.3 Card Life Cycle
9.3.1 Card Life Cycle States
9.4 Executable Load File/ Executable Module Life Cycle
9.4.1 Executable Load File Life Cycle
9.4.2 Executable Module File Life Cycle
9.4.3 Application Life Cycle States
9.5 Card Content Loading, Installation and Make Selectable
9.6 Content Removal
9.7 Mutual Authentication and Negotiated Security Level
9.8 Delegated Management
9.9 DAP Verification and Mandated DAP Verification
9.10 Key Management
9.10.1 PUT KEY
9.10.2 Viewing Key Information
9.10.3 DELETE [KEY]
9.11 Card Data
9.11.1 GET DATA
9.11.2 PUT DATA
9.12 Command Reference

10. Java Card Framework

10.1 Java Card Platform
10.2 Java Card Runtime Environment
  • Java Card Runtime Environment (JCRE)のコンポーネント
    • Java Card VM (JCVM): Java bytecodeの実行
    • a package of Java Card Application Framework(Java Card API) classes
    • a package of system classes: OSによって行われるoperation。Memory allocation/deallocation, I/O handling, etc.
    • a package of vendor-specific classes (optional)
    • an installer to install new applets in memory
10.3 JCRE Insights
  • CAD: Card Acceptance Device。カードリーダーなど。
  • JCRE: Single-thread, Multi-application
10.3.1 JCRE Special Features
  • Feature 1. 2種類のobject
    • persistent objects: persistent memory (EEPROM)に格納。違いCADセッション(要はカードをCADから抜いて、また挿しても)でも利用可能
    • transient objects: temporary memory (RAM)に格納。現行CADセッションが終わったらなくなる(カードをCADから抜いたら終わり)
  • Feature 2. atomic operation, transaction commit/rollback
  • Feature 3. persistent memory allocation
    • JCRE set up a firewall enforcing each applet to work in a dedicated persistent memory.
10.3.2 JCRE Life Cycle
  • AID: Application Identifier。各アプレットはAID(12バイト)により識別。AIDはもともとISO7816にて定義
  • JCREはAPDUコマンドを受け取ったら、
    1) 指定されたアプレットを選択するか
    2) 前のステップで選択されたアプレットにAPUDコマンドを送る
  • 選択されたアプレットはそのAPUDコマンドを実行する
10.3.3 Applet Life Cycle
10.4 Java Card Virtual Machine
  • Java CardのJCVMは2つの実行パターン: Smart Card上のVM、開発環境上のVM
    1. Smart Card上のVM
    2. 1) Compact bytecode interpreter executing applets
    3. 2) An installer allowing loading applets in memory
    1. 開発環境上のVM
    2. Converterを含む: ClassファイルをCAPファイルへ変換
10.4.1 Java Card Converter
10.4.2 Java Card Installer
10.4.3 Java Card Interpreter
10.4.4 Java Card Framework
10.4.5 Guidelines for Java Card Development
10.5 Java Card Applets
10.5.1 Applet Identification
10.5.2 Communicating with an Applet
10.6 Implementing the Applet
10.6.1 The install Method
10.6.2 Object's Creation
10.6.3 The select Method
10.6.4 The deselect Method
10.6.5 The process Method
10.7 Features and Constraints of the Framework
10.8 Java Card Development Environment
10.8.1 Setting Up the Dev Environment
10.8.2 Eclipse JCDE
  • cref: JCRE Reference Implementation written in C-language.
  • [注] Java Card 3.1では、Java Card Simulatorの中に入っている(cref.bat)。

11. PKCS#11 Specifications

11.1 Cryptoki
11.1.1 Architecture
11.2 Programming Paradigm
11.3 .NET PKCS#11 - NCryptoki
11.4 Java PKCS#11

Appendix A: EMV

A.1 Differences and Benefits of EMV
A.2 EMV Commands
A.3 EMV Transaction Flow

Appendix B: The SIM Card

B.1 SIM Card
B.2 GSM11.11 and ETSI TS 102221
B.3 The SIM's File System
B.4 SIM's Commands
B.5 Reading from the SIM
B.5.1 Reading ICCID
B.5.2 Reading SMS Stored in the SIM

Appendix C: Cryptography

C.1 Terms
C.2 Cryptography
C.3 Private Key Algorithms
C.4 Public Key Algorithms
C.5 Adopted Technique in Practice for Encryption
C.6 Digital Signature
C.7 Hashing Algorithms

Appendix D: Virtual Smart Card Reference Manual