Smart Cards and Standards:What Makes Them Secure

Smart Cards and Standards: What Makes Them Secure Presented by Gilles Lisimaque, Sr VP and Co-Founder

Co-Chair - Smart Card Alliance Educational Institute June 4, 2002 AgendaAgenda

••Primary Primary standardsstandards && specifications:specifications: –– ISO ISO 7816,7816, PCSC,PCSC, X509X509 –– Open Open CardCard platformsplatforms (Javacard(Javacard & & Multos)Multos) ••Security Security standardsstandards andand theirtheir challengeschallenges –– FIPS FIPS 140,140, CommonCommon CriteriaCriteria ••Specifications Specifications forfor interoperabilityinteroperability –– Global Global PlatformPlatform –– GSA GSA specificationspecification ••Industry Industry SpecificationsSpecifications –– GSM GSM (presented(presented inin anotheranother EI201EI201 Session)Session) –EMV–EMV ••References References forfor useuse withwith RFPs RFPs

SmartSmart CardCard andand StandardsStandards 2 WhereWhere dodo thesethese standardsstandards applyapply ISO 7816 -Interface between the card & the terminal PC/SC -Common driver interface for all smart card readers connected under Windows X509 -Digital Signature format & associated certificates Open OS -In the smart card only, allows a common application development platform for in-card applications FIPS 140 -Tamper resistance of a cryptographic device Common Criteria -Threat evaluations and secure application protections GSA specification -Common way to find data files in cards & common application structures for US Government applications Global Platform -Card application management and issuance in the card as well as in the back-end EMV -Hardware specifications for smart cards and terminals -Multi application selection for smart cards -Credit & Debit: commands and related transaction flow

SmartSmart CardCard andand StandardsStandards 3 ISOISO 78167816 –– The The CardCard ToolTool BoxBox

••Consists Consists ofof 1212 parts,parts, allall fullfull ofof optionsoptions allowingallowing nearlynearly allall cardscards toto claimclaim theythey areare inin compliancecompliance ••Designed Designed toto bebe usedused asas buildingbuilding materialmaterial byby eacheach industryindustry (or(or eveneven aa givengiven application)application) toto selectselect whatwhat oneone wantswants forfor itsits cardscards andand terminalsterminals ••ISO ISO 78167816 doesdoes notnot promotepromote oror eveneven suggestssuggests anyany kindkind ofof interoperabilityinteroperability

ISO 7816 SmartSmart CardCard andand StandardsStandards 4 To be Or ISOISO 78167816 –– The The philosophyphilosophy Not to be

••“Defines “Defines thethe cardcard asas seenseen atat thethe interface”interface” ••Does Does notnot definedefine whatwhat isis insideinside thethe cardcard butbut onlyonly thethe “logical“logical view”view” ofof thethe commandscommands andand datadata structuresstructures whenwhen theythey crosscross thethe cardcard interfaceinterface ••Does Does notnot definedefine oror proposepropose anyany cardcard applicationapplication functionsfunctions andand doesdoes notnot linklink commandscommands inin coherentcoherent proceduresprocedures

ISO 7816 SmartSmart CardCard andand StandardsStandards 5 ISOISO 78167816 –– What What toto referencereference (1/2)(1/2)

•• PartsParts 11 && 2:2: TheThe cardcard physicalphysical formform factorfactor andand thethe locationlocation ofof thethe contactscontacts isis toto bebe observedobserved •• PartPart 3:3: TheThe answeranswer toto resetreset andand thethe transmissiontransmission protocolprotocol isis toto bebe chosenchosen fromfrom aa listlist ofof optionsoptions •• PartPart 4,4, 88 && 9:9: AA standardstandard commandcommand formatformat isis available,available, somesome basicbasic commandscommands cancan bebe chosenchosen (e.g.(e.g. Select)Select) butbut thethe datadata structurestructure isis toto bebe defineddefined byby eacheach applicationapplication (Files(Files and/orand/or datadata elementselements and/orand/or datadata objectsobjects oror eveneven relationalrelational datadata basebase SQLSQL like).like). ItIt isis upup toto eacheach applicationapplication (or(or industry)industry) toto pickpick upup itsits ownown subsetsubset fromfrom allall thethe availableavailable options.options.

ISO 7816 SmartSmart CardCard andand StandardsStandards 6 ISOISO 78167816 –– What What toto referencereference (2/2)(2/2)

•• PartPart 5:5: ApplicationApplication namesnames inin thethe cardcard shouldshould complycomply withwith thethe internationalinternational namingnaming registrationregistration toto avoidavoid collisions.collisions. BackwardBackward compatiblecompatible withwith Credit/DebitCredit/Debit cardscards •• PartPart 6:6: IfIf thethe applicationapplication usesuses datadata elementselements theirtheir tagtag structurestructure andand valuesvalues shouldshould complycomply withwith thisthis partpart

••Part Part 77 is is forfor RelationalRelational datadata basesbases inin cardscards (SQL)(SQL) ••Part Part 1010 is is forfor nonnon microprocessormicroprocessor cardscards (memory)(memory) •• PartPart 1111 will will definedefine cardcard biometricbiometric commandscommands •• PartPart 1515 will will definedefine PKCS#15PKCS#15 cryptographiccryptographic datadata structuresstructures && commandscommands

ISO 7816 SmartSmart CardCard andand StandardsStandards 7 PersonalPersonal ComputersComputers andand SmartSmart CardsCards

••PC/SC PC/SC allowsallows applicationsapplications toto bebe independentindependent ofof thethe smartsmart cardcard readerreader (Windows(Windows driversdrivers structurestructure forfor hardware)hardware) ••Microsoft Microsoft CryptoCrypto APIAPI allowsallows applicationsapplications toto useuse cryptocrypto servicesservices ofof variousvarious cryptocrypto devicesdevices ••Do Do notnot addressaddress (yet)(yet) aa standardstandard mechanismmechanism toto launchlaunch anan applicationapplication whenwhen aa givengiven smartsmart cardcard isis insertedinserted inin readerreader PCPC

PC/SC SmartSmart CardCard andand StandardsStandards 8 PC/SC Architecture

User Applications SmartSmart CardCard AwareAware AppsApps

CommonCommon CryptoAPI SCSPSCSP DialogDialog DLLs SCCPSCCP

ResourceResource ManagerManager System Services

Software Smart Card Reader Driver Library

Software Smart Card Reader Driver Library Drivers Driver Driver Driver

Reader “Interface” PC/SC Card Hardware Hardware

SmartSmart CardCard andand StandardsStandards 9 ComponentComponent relationshiprelationship

Service Providers

Smart Card Base Components Part of Windows

Each card Each requires at Driver reader least requires a one service device provider Reader driver “Interface” Smart Card PC/SC SmartSmart CardCard andand StandardsStandards 10 SmartSmart CardCard CryptoCrypto ProviderProvider ! Application calls Smart Card Base Provider Smart Card Aware Application using CryptoAPI

CryptoAPI " Smart Card Base Provider verifies signature of SCCP before loading it Base Smart Card CSP

# SCCP calls the Resource Manager to establish a connection to a card and reader SCCP

Smart Card Resource Manager PC/SC SmartSmart CardCard andand StandardsStandards 11 DigitalDigital CertificatesCertificates –– X509 X509 standardstandard

••Electronically Electronically certifiescertifies aa digitaldigital informationinformation (equivalent(equivalent toto aa publicpublic notarynotary signature)signature) ••Signed Signed byby aa trustedtrusted authorityauthority (CA)(CA) ••Digitally Digitally bindsbinds thethe ownerowner ofof thethe publicpublic keykey

The following Public Key 5E F8 87 32 AF 7E C9 7A 76 1E 49 belongs to John Doe at [email protected] Signed: Real Trust Certification Authority Valid until January 1st,2003 Seal

X509 SmartSmart CardCard andand StandardsStandards 12 WhatWhat areare certificatescertificates forfor ?? ••They They bindbind aa “user”“user” oror anan “information”“information” toto aa keykey pairpair (public-(public- private)private) ••Helps Helps to:to: –– prevent prevent spoofingspoofing –– distribute distribute publicpublic keyskeys –– establish establish trusttrust ••Are Are usedused asas electronicelectronic identificationsidentifications forfor –– people people –– Devices Devices –– Data Data elementselements ••Provide Provide meansmeans toto verifyverify inin anan off-lineoff-line environmentenvironment thethe authenticityauthenticity ofof aa piecepiece ofof datadata (similar(similar toto aa publicpublic notarynotary certificatecertificate forfor papers)papers) –– Biometric Biometric templatetemplate referencereference –– Identification Identification numbernumber

X509 SmartSmart CardCard andand StandardsStandards 13 CACA thethe CApstoneCApstone …...…... OfOf PKIPKI CA Digital Certificates Public Key Technology Digital Signature Public Key Private Key Protocols IPSEC SET SSL x509 S/MIME Applications Browsers E-Mail Customers and Market

X509 SmartSmart CardCard andand StandardsStandards 14 PKIPKI basedbased cardcard issuanceissuance Smart Card Chip Vendor Cert/Key Included Masked Card Issuing Entity Card Chips Order Card End User User Card Issuance Manufacturing Data Info. Management Perso. Requir. Information Processes & Initialization

High-Volume Initialized Certification Card/Chip Smart Cards Authority Personalization System

Smart Card Card Issuing Entity Cert/Key Issues Low-Volume Included Key Generation Root Key Registration Card/Chip End User’s Local/Remote Issuance Authority Personalization Smart Card Card Issuance Logistics System X509 SmartSmart CardCard andand StandardsStandards 15 JavaCardJavaCard && MultosMultos –– Open Open OSOS

••The The proprietaryproprietary smartsmart cardcard OperatingOperating SystemsSystems ofof thethe ninetiesnineties areare beingbeing replacedreplaced byby openopen specificationsspecifications usingusing VirtualVirtual MachinesMachines suchsuch asas JavaCardJavaCard and and Multos.Multos. ••It It allowsallows cardcard andand applicationapplication IssuersIssuers toto bebe moremore independentindependent ofof thethe cardcard manufacturersmanufacturers (Open(Open offer)offer) ••It It allowsallows applicationapplication developersdevelopers toto hithit thethe marketmarket fasterfaster byby deployingdeploying softwaresoftware onlyonly andand notnot thethe cardscards ••When When usedused inin conjunctionconjunction withwith aa securesecure cardcard applicationapplication managementmanagement itit allowsallows truetrue multimulti issuersissuers ••The The useuse ofof anan interpreterinterpreter inin thethe cardcard allowsallows aa securesecure firewallfirewall betweenbetween appletsapplets comingcoming fromfrom differentdifferent sourcessources

Open Card OS SmartSmart CardCard andand StandardsStandards 16 JavaCard Architecture - Matches the application in On-Card components the terminal (and the Card/Reader interface network) Card Applet GSM WG10WG10 application xyz Java management Language In card API APIs Virtual Machine Native Functions & Assembler System Resources code

Hardware

Open Card OS SmartSmart CardCard andand StandardsStandards 17 MULTOS Architecture - MULTOS Architecture - Matches the On-CardOn-Card componentscomponents application in the terminal (and the Card/Reader interface network)

MONDEX GSM Applet EMVEMV MEL Language MC Management MC In card API JAVA Translator Virtual Machine Security Manager Assembler ICC Processor Facilities code

Processor

Open Card OS SmartSmart CardCard andand StandardsStandards 18 ComparisonComparison JavaCardJavaCard && MultosMultos

••JavaCard: JavaCard: aa standard,standard, ••MULTOS: MULTOS: aa turnturn keykey flexibleflexible tooltool boxbox systemsystem ••A A knownknown languagelanguage andand ••Comes Comes asas aa completecomplete anan easyeasy tooltool forfor appletapplet packagepackage forfor cardscards issuers,issuers, developersdevelopers inin cardscards withwith itsits certificationcertification ••Requires Requires thethe additionaddition ofof authority,authority, language,language, toolstools GlobalGlobal PlatformPlatform (or(or andand personalizationpersonalization similar)similar) toto managemanage thethe processprocess cardcard andand itsits appletsapplets ••Global Global platformplatform isis possiblepossible

Open Card OS SmartSmart CardCard andand StandardsStandards 19 SplitSplit VMVM ArchitectureArchitecture forfor developmentdevelopment

PC JCVM

Off card CAD On card .class .cap Converter Interpreter ••The The converterconverter (off-card)(off-card) Card –– Class Class loading,loading, linkinglinking andand namename resolutionresolution –– Verification Verification –– Bytecode Bytecode optimizationoptimization andand conversionconversion ••The The interpreterinterpreter (on-card)(on-card) –– Bytecode Bytecode executionexecution andand securitysecurity enforcementenforcement

Open Card OS SmartSmart CardCard andand StandardsStandards 20 RequirementsRequirements forfor IssuersIssuers

••Java Java CardCard inin itselfitself isis notnot sufficientsufficient –– It It definesdefines interoperabilityinteroperability atat thethe developerdeveloper levellevel (API(API inin cardcard butbut notnot atat thethe interface)interface) –– It It doesdoes notnot helphelp thethe cardcard issuerissuer toto reallyreally managemanage thethe applicationsapplications inin thethe cardcard ••Issuers Issuers havehave specificspecific requirementsrequirements –– Interoperable Interoperable applicationapplication managementmanagement –– Clear Clear definitiondefinition ofof lifelife cyclescycles forfor openopen cardscards –– Issuer Issuer applicationapplication domainsdomains enforcedenforced onon thethe cardcard –– Multiple Multiple applicationapplication providersproviders onon aa singlesingle cardcard Global Platform addresses these issues

Open Card OS SmartSmart CardCard andand StandardsStandards 21 FIPSFIPS 140140

$Specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system $Requirements –– Cryptographic Cryptographic modulesmodules –– Software Software SecuritySecurity –– Module Module interfacesinterfaces –– Cryptographic Cryptographic KeyKey ManagementManagement –– Roles Roles && ServiceService –– Cryptographic Cryptographic algorithmsalgorithms –– Finite Finite statestate machinesmachines –– EMI/EMC EMI/EMC –– Physical Physical SecuritySecurity –Self-tests–Self-tests

FIPS 140 SmartSmart CardCard andand StandardsStandards 22 FourFour IncrementalIncremental SecuritySecurity LevelsLevels

–– “Formal “Formal models”models” andand “proofs”“proofs” Level 4 –– Strong Strong physicalphysical securitysecurity (intrusion(intrusion detection,detection, tampertamper resistantresistant coating,coating, environmentalenvironmental fluctuations)fluctuations)

–– Identity Identity basedbased AuthenticationAuthentication Level 3 –– Enhanced Enhanced physicalphysical securitysecurity (critical(critical securitysecurity parameterparameter I/O,I/O, zero-izationzero-ization of of senssensitiveitive datadata onon intrusionintrusion detection)detection)

Level 2 –– Device Device authenticationauthentication –– Improved Improved physicalphysical securitysecurity (e.g.(e.g. tampertamper evidentevident coating)coating) Level 1 –– No No PhysicalPhysical SecuritySecurity MechanismMechanism –– Basic Basic requirementsrequirements forfor aa cryptographiccryptographic modulemodule (e.g.(e.g. thethe encryptionencryption algorithmalgorithm mumustst bebe approvedapproved byby FIPS)FIPS) FIPS 140 SmartSmart CardCard andand StandardsStandards 23 FIPSFIPS 140140 && SmartSmart CardsCards

••Smart Smart CardsCards areare moremore thanthan justjust aa cryptographiccryptographic devicedevice andand theythey comparecompare moremore toto portableportable computerscomputers securitysecurity forfor manymany applicationsapplications

••FIPS FIPS 140140 addressesaddresses ONLYONLY cryptographiccryptographic devicesdevices andand itit isis notnot easyeasy toto isolateisolate thethe cryptographiccryptographic hardwarehardware && functionsfunctions ofof aa smartsmart card.card.

FIPS 140 SmartSmart CardCard andand StandardsStandards 24 CommonCommon CriteriaCriteria SecuritySecurity StandardsStandards

••Common Common CriteriaCriteria forfor InformationInformation TechnologyTechnology SecuritySecurity EvaluationEvaluation ••ISO ISO StandardStandard 1540815408 (version(version 2.1)2.1) ••Single Single (common)(common) ITIT product/systemproduct/system securitysecurity criteriacriteria ••Mutual Mutual recognitionrecognition ofof productproduct evaluationsevaluations ••Better Better availabilityavailability ofof ITIT security-capablesecurity-capable productsproducts

Common Criteria SmartSmart CardCard andand StandardsStandards 25 CommonCommon CriteriaCriteria ModelModel

••Not Not aa “to“to do”do” listlist asas FIPSFIPS 140140 butbut usesuses aa threat/vulnerabilities/countermeasurethreat/vulnerabilities/countermeasure modelmodel –– Requires Requires moremore workwork fromfrom thethe applicationapplication

••AnAn industryindustryindustry establishesestablishes aa listlist ofof threatsthreatsthreats ••TheThe applicationapplicationapplication addressesaddresses itsits vulnerabilitiesvulnerabilitiesvulnerabilities ••TheThe productproductproduct showsshows itsits countermeasurescountermeasurescountermeasures

••The The productproduct shootsshoots forfor aa ““SecuritySecurity TargetTarget”” inin thethe ““ProtectionProtection ProfileProfile”” ofof itsits applicationapplication field.field.

Common Criteria SmartSmart CardCard andand StandardsStandards 26 CommonCommon CriteriaCriteria SecuritySecurity StandardsStandards

••Description Description ofof requirementsrequirements –– Protection Protection profileprofile andand securitysecurity targettarget –– Catalog Catalog ofof securitysecurity functionalfunctional requirementsrequirements ••Evaluation Evaluation ofof securitysecurity featuresfeatures –– Catalog Catalog ofof assuranceassurance requirementsrequirements –– Seven Seven EvaluationEvaluation AssuranceAssurance LevelsLevels (EAL)(EAL) •• EAL1 EAL1 toto EAL7EAL7 increasingincreasing securitysecurity •• EAL EAL 55 andand overover isis notnot “cross“cross border”border” equivalentequivalent •• Closely Closely relatedrelated toto TCSECTCSEC OrangeOrange BookBook

Common Criteria SmartSmart CardCard andand StandardsStandards 27 ProtectionProtection ProfilesProfiles forfor SmartSmart CardsCards

••SCSUG SCSUG SmartSmart CardCard ProtectionProtection ProfileProfile V3.0V3.0 (US)(US) –– Work Work fromfrom thethe 66 majormajor paymentpayment associationsassociations –– Addresses Addresses 2323 threatsthreats mostmost ofof whichwhich areare orientedoriented towardstowards thethe cardcard issuerissuer && thethe end-userend-user ••European European ProtectionProtection ProfilesProfiles forfor SmartSmart Cards:Cards: (a(a RussianRussian dolldoll approach)approach) –– PP/9806PP/9806 -- Smartcard Smartcard Integrated Integrated CircuitCircuit ProtectionProtection ProfileProfile v2.0v2.0 –– PP/9810PP/9810 -- Smartcard Smartcard Embedded Embedded SoftwareSoftware ProtectionProtection ProfileProfile v1.2v1.2 –– CPP/9911CPP/9911 -- Smart Smart CardCard IntegratedIntegrated CiCircuitrcuit withwith EmbeddedEmbedded SoftwareSoftware v2.0v2.0

•• InformationInformation at:at: http://csrc.nist.gov/cc/http://csrc.nist.gov/cc/

Common Criteria SmartSmart CardCard andand StandardsStandards 28 WhatWhat doesdoes thethe SCUGSCUG PPPP address?address?

••Defines Defines thethe smartsmart cardcard lifelife cyclecycle phasesphases ••Identifies Identifies thethe phasesphases associatedassociated withwith thethe ICIC manufacturersmanufacturers andand withwith otherother authoritiesauthorities inin thethe lifelife cyclecycle ••Identifies Identifies thethe needsneeds ofof thethe phasesphases ••Identifies Identifies thethe SecuritySecurity AdministratorsAdministrators andand UsersUsers forfor eacheach phasephase inin thethe lifelife cyclecycle

Common Criteria SmartSmart CardCard andand StandardsStandards 29 SmartSmart CardCard LifeLife CycleCycle

1.1.Embedded Embedded softwaresoftware developmentdevelopment 2.2.IC IC developmentdevelopment 3.3.IC IC manufacturingmanufacturing andand testingtesting 4.4.IC IC PackagingPackaging andand testingtesting 5.5.Smart Smart cardcard productproduct finishingfinishing processprocess 6.6.Smart Smart cardcard initializationinitialization && personalizationpersonalization 7.7.Smart Smart cardcard issuanceissuance andand useuse

Common Criteria SmartSmart CardCard andand StandardsStandards 30 ConclusionConclusion onon SecuritySecurity StandardsStandards

••FIPS FIPS 140140 givesgives aa genericgeneric levellevel ofof securitysecurity insuranceinsurance forfor aa givengiven cryptographiccryptographic productproduct butbut withwith nono guaranteeguarantee thethe applicationapplication willwill useuse itit correctlycorrectly andand willwill globallyglobally bebe securesecure inin anyany way.way.

••Common Common CriteriaCriteria forcesforces thethe applicationapplication toto workwork onon itsits specificspecific riskrisk assessmentassessment andand definedefine thethe levellevel ofof securitysecurity requiredrequired inin allall aspectsaspects ofof itsits system.system.

FIPS 140 & Common Criteria SmartSmart CardCard andand StandardsStandards 31 GSAGSA SpecificationSpecification SmartSmart CardCard InteroperabilityInteroperability SpecSpec ••Provides Provides SolutionsSolutions toto InteroperabilityInteroperability IssuesIssues –– Client Client ApplicationsApplications andand SmartSmart CardCard CommunicationCommunication –– Tight Tight CouplingCoupling betweenbetween ClientClient ApplicationApplication andand SCSC APDUAPDU SetsSets –– Evolving Evolving “Card“Card Edge”Edge” InterfaceInterface andand CardCard DataData StructureStructure –– Works Works forfor BothBoth FileFile SystemSystem andand VirtualVirtual MachineMachine CardsCards ••Defines Defines ArchitecturalArchitectural ModelModel forfor InteroperabilityInteroperability –– Basic Basic ServicesServices InterfaceInterface (BSI)(BSI) forfor ClientClient ApplicationsApplications –– Virtual Virtual “Card“Card Edge”Edge” InterfaceInterface (VCEI)(VCEI) asas InteroperabilityInteroperability MechanismMechanism forfor incompatibleincompatible existingexisting cardscards –– Common Common DataData ModelModel (CDM)(CDM) StructureStructure withwith CardCard CapabilityCapability ContainerContainer (CCC)(CCC) inin SCISSCIS CompliantCompliant SmartSmart CardCard

GSA Specification SmartSmart CardCard andand StandardsStandards 32 GSAGSA -- SCIS SCIS ImplementationImplementation

••Implemented Implemented inin thethe clientclient (PC)(PC) byby SmartSmart CardCard ServiceService ProviderProvider ModulesModules (SCSPM)(SCSPM) –– Basic Basic ServicesServices InterfaceInterface (BSI)(BSI) •• API API forfor applicationsapplications thatthat callcall SCSPMSCSPM –– Virtual Virtual CardCard EdgeEdge InterfaceInterface (VCEI)(VCEI) •• API API forfor SCSPMSCSPM toto communicatecommunicate withwith cardscards ••Implemented Implemented inin thethe cardcard byby –– Common Common DataData ModelModel (CDM)(CDM) –– Card Card CapabilitiesCapabilities ContainerContainer (CCC)(CCC)

GSA Specification SmartSmart CardCard andand StandardsStandards 33 GSAGSA –– SCIS SCIS CardCard modelmodel

••Common Common DataData ModelModel (CDM)(CDM) StructureStructure –– General General InformationInformation codedcoded usingusing TLVTLV objectsobjects –– Includes Includes aa CardCard CapabilitiesCapabilities ContainerContainer (CCC)(CCC) –– Protected Protected PersonalPersonal andand CardCard InformationInformation suchsuch asas BiometricBiometric andand DigitalDigital SignatureSignature CertificatesCertificates –– Data Data structuresstructures forfor LoginLogin && AccessAccess controlcontrol applicationsapplications ••Card Card CapabilityCapability ContainerContainer (CCC)(CCC) –– Mechanism Mechanism forfor translatingtranslating APDUAPDU setssets –– Describes Describes howhow aa givengiven cardcard differsdiffers fromfrom VirtualVirtual CardCard EdgeEdge InterfaceInterface (VCEI)(VCEI) –– Maps: Maps: cardcard APDUs APDUs <-> <-> VirtualVirtual APDUs APDUs –– Grammar Grammar forfor translationtranslation rulesrules (CCG)(CCG)

GSA Specification SmartSmart CardCard andand StandardsStandards 34 GlobalGlobal PlatformPlatform

••Global Global PlatformPlatform specificationsspecifications definedefine aa standardstandard forfor CardCard IssuersIssuers toto createcreate multi-applicatimulti-applicationon chipchip cardcard systems.systems. ItIt definesdefines cardcard components,components, commandcommand interfaces,interfaces, transactiontransaction sequences,sequences, andand interfaces,interfaces, whichwhich cancan bebe commoncommon acrossacross manymany differentdifferent industries.industries. ••The The GlobalGlobal PlatformPlatform givesgives CardCard IssuersIssuers thethe powerpower toto managemanage andand changechange thethe contentcontent ofof theirtheir cardscards whilewhile alsoalso offeringoffering thethe ultimateultimate inin flexibilityflexibility byby enablingenabling themthem toto shareshare controlcontrol ofof somesome ofof theirtheir cardcard spacespace withwith businebusinessss partners.partners. TheThe ultimateultimate controlcontrol alwaysalways restsrests withwith thethe CardCard Issuer,Issuer, butbut throughthrough thethe GlobalGlobal Platform,Platform, thethe businessbusiness partnerspartners ofof aa CardCard IssuerIssuer cancan bebe allowedallowed toto managemanage theirtheir ownown applicationsapplications onon thethe CardCard Issuer’sIssuer’s cardscards asas appropriate.appropriate. ExtractedExtracted fromfrom OpenOpen PlatformPlatform CardCard SpecificationSpecification 2.0.12.0.1 –– April April 20002000

Global Platform SmartSmart CardCard andand StandardsStandards 35 GlobalGlobal PlatformPlatform FeaturesFeatures

••Complete Complete CardCard LifeLife CycleCycle ManagementManagement –– defines defines requirementsrequirements andand rolesroles ofof everyevery partyparty involvedinvolved withwith cardscards andand applicationsapplications –– separates separates applicationapplication managementmanagement ••Defines Defines SmartSmart CardCard ManagementManagement SystemSystem (SCMS)(SCMS) andand itsits functionsfunctions ••Provides Provides aa SecureSecure InstallInstall mechanismmechanism –– applet applet deliverydelivery controlledcontrolled byby thethe CardCard IssuerIssuer –– applet applet deliverydelivery performedperformed byby anan AppletApplet Provider:Provider: wellwell adaptedadapted toto InternetInternet ••Velocity Velocity CheckingChecking SecuritySecurity mechanismmechanism –– refines refines thethe securitysecurity policiespolicies

Global Platform SmartSmart CardCard andand StandardsStandards 36 Global Platform Global Platform ••Provides Provides cardcard globalglobal CardCard DomainDomain services:services: –– management management ofof appletsapplets (life(life cycle,cycle, install,install, etc)etc) Management Management –– access access andand managementmanagement Command Life Cycle Dispatch Security

Secure ofof globalglobal cardcard datadata (ICC(ICC Install SerialSerial number,number, personalizationpersonalization information,information, etc)etc) –– management management ofof cardcard lifelife cyclecycle (blocking,(blocking, auditing,auditing, ..)..) Card Registry –– management management ofof thethe ofof aa mappingmapping betweenbetween securitysecurity domainsdomains andand appletsapplets Acts as the security domain manager. The card registry is controlled by the card issuer

Global Platform SmartSmart CardCard andand StandardsStandards 37 GlobalGlobal PlatformPlatform ApplicationApplication lifelife cyclecycle

INSTALLED

SELECTABLE

PERSONALIZED

LOGICALLY BLOCKED LOCKED DELETED

Global Platform SmartSmart CardCard andand StandardsStandards 38 EMVEMV –– Europay Europay MastercardMastercard VisaVisa

••First First publicationpublication inin 19961996 ••Current Current version:version: EMVEMV 20002000 versionversion 4.04.0 ••FourFour volumesvolumes –– Physical Physical andand electricalelectrical characteristicscharacteristics ofof thethe cardcard –– Organization Organization ofof applicationsapplications withinwithin thethe cardcard andand thethe setset ofof commandscommands –– Transaction Transaction flowflow allowingallowing aa purchasepurchase processprocess –– Terminal Terminal SpecificationSpecification

•• http://www.emvco.comhttp://www.emvco.com

EMV SmartSmart CardCard andand StandardsStandards 39 EMV Specification

EMV Part 3/4 ISO 7816 – 1/2/3

ISO 7816-4 to 9

EMV Part1 EMV Part 2

Physical Characteristics Transaction Electrical Characteristics Command Set Process Communication Protocol

EMV SmartSmart CardCard andand StandardsStandards 40 WhatWhat isis EMVEMV for?for?

••Allows Allows toto designdesign worldworld widewide acceptedaccepted CreditCredit andand DebitDebit applicationsapplications inin smartsmart cardscards ••Three Three layerslayers ofof interoperabilityinteroperability –– Basic Basic commoncommon layerlayer betweenbetween paymentpayment systemssystems –– Same Same paymentpayment systemsystem betweenbetween cardcard && terminalterminal –– Same Same financialfinancial institutioninstitution forfor cardcard && terminalterminal ••Allows Allows multiplemultiple applicationapplication cardscards toto bebe usedused inin multi-multi- applicationapplication terminalsterminals (standard(standard selectionselection mechanism)mechanism)

EMV SmartSmart CardCard andand StandardsStandards 41 EMVEMV Context Risk Management Context Risk Management Same Financial Institution than EMV the card’s Issuer Compliant Terminal Same Payment Association than

Issuer Specific the Card issuer’s

Payment Association Specific Any Payment Europay or MasterCard or Visa Association back EMV Core or Common Specifications end system compliant with Card Operating System EMV

EMV SmartSmart CardCard andand StandardsStandards 42 EMV Risk Management:

• Unlike the magnetic stripe card, the smart card takes decision to: - Accept, -Deny, or -Ask for an on-line authorization to the card Issuer bank. • Decision taken according to – the "Risk Management" rules stored within the card at personalization stage by the Issuer – The level of knowledge the card issuer and the merchant financial institution have about each other (e.g. revocation lists) • Parameter of decision can be: – Purchase amount – Cumulative amount – Number of consecutive off-line transactions – Random security check EMV SmartSmart CardCard andand StandardsStandards 43 Card Risk Management The card, and the terminal decide if it is Bank issuer worth the time and the cost of going online 3 Do you accept $30 Transaction Yes, I accept it Card Risk Management 4 ==> Decision Do you accept this 30$ Transaction 1 On-line issuer rules: Over 20$ No, please ask my bank issuer or every 3 times ( amount of 30$m is higher than the limit) 2 Deny rules: 5 Give me the signature Over 3000 $ Digital Signature EMV Terminal 6 The risk management rules are defined by each issuer and managed by the card. EMV SmartSmart CardCard andand StandardsStandards 44 Conclusion:Conclusion: WhatWhat aboutabout InteroperabilityInteroperability ?? ••There There areare differentdifferent aspectsaspects toto interoperabilityinteroperability ••Solutions Solutions availableavailable –– Development Development inin thethe cardscards havehave beenbeen simplifiedsimplified thanksthanks toto JavaJava –– Hardware Hardware terminalterminal specificatspecificationsions areare clarifiedclarified withwith EMVEMV –– Multi Multi applicationapplication selectionselection isis popossiblessible forfor cardscards andand applicationsapplications compatiblecompatible withwith thethe EMVEMV SelectionSelection mechanismmechanism –– Multi Multi applicationapplication managementmanagement withwith GlobalGlobal PlatformPlatform ••Issues Issues stillstill pendingpending –– No No standardstandard wayway forfor aa PCPC toto findfind (or(or launch)launch) anan applicationapplication onon thethe networknetwork byby lookinglooking atat thethe cardcard insertedinserted –– No No browserbrowser equivalentequivalent inin smartsmart cacards.rds. CardCard applicationapplication elementelement (applet)(applet) tiedtied tightlytightly withwith thethe applicapplicationsations inin thethe terminalterminal asas wellwell asas thethe backback endend systemssystems

SmartSmart CardCard andand StandardsStandards 45 SpecificationsSpecifications && applicationapplication layerslayers Global Platform GSA - SCIS PC/SC

Applications Applications Card Manager BSI XSI Card Configuration SCSP CSP Personalization SPS Resource Applet Download Virtual Card Manager Edge Interface Card/Application Reader Reader Maintenance Driver Driver

SC Reader SC Reader SC Reader

GP GP API Card Applets CDM CCC Smart Card Manager RTE API Run Time Env (RTE) SmartSmart CardCard andand StandardsStandards 46 ReferencesReferences toto StandardsStandards andand SpecificationsSpecifications forfor RFPsRFPs

••Primary Primary standardsstandards && specifications:specifications: –– ISO ISO 78167816 ANSI ANSI oror ISOISO –– PC/SC PC/SC Microsoft Microsoft –– PKCS PKCS RSA RSA LabsLabs –– X509 X509 ANSI/NCITS ANSI/NCITS ••Industry Industry SpecificationsSpecifications –– GSM GSM ETSI ETSI –– EMV EMV EMVCO EMVCO

SmartSmart CardCard andand StandardsStandards 47 ReferencesReferences toto StandardsStandards andand SpecificationsSpecifications forfor RFPsRFPs

••Card Card OperatingOperating SystemsSystems –– Proprietary Proprietary Card Card vendorsvendors –– JAVACard JAVACard Javacard Javacard forum forum –– MULTOS MULTOS MASCO MASCO ••Specifications Specifications forfor interoperabilityinteroperability –– Global Global platformplatform –– GSA GSA specificationspecification GSA/NIST GSA/NIST ••Security Security standardsstandards –– PKCS PKCS RSA RSA LabsLabs –– FIPS FIPS 140140 NIST NIST –– Common Common CriteriaCriteria ISO/NIST ISO/NIST

SmartSmart CardCard andand StandardsStandards 48 ContactContact InformationInformation

JimJim F.F. “Jim”“Jim” RussellRussell GillesGilles M.M. LisimaqueLisimaque DirectorDirector SeniorSenior ViceVice PresidentPresident MasterCardMasterCard InternationalInternational GemplusGemplus CorporationCorporation

Http://www.Mastercardintl.comHttp://www.Mastercardintl.com Http://www.Gemplus.comHttp://www.Gemplus.com [email protected][email protected] [email protected]@Gemplus.com

SmartSmart CardCard andand StandardsStandards 49