644 The Smart Card Life Cycle delivered data sets cannot be used if any of the chips are faulty, since the defective chips are no longer available. If this method is used, the personalizer must always report back to the party that generated the data to inform them which chips have actually been processed. This is not necessary with the personalization methods that are presently in common use, since it is easy to reproduce a faulty card. Incidentally, this is also why the personalization facilities of card producers are always secure areas. Unfortunately, the cryptographic procedures and security measures used in the realm of per- sonalization are largely secret, so it is not possible for us to describe any specific application. However, Figure 10.63 shows an example of an initialization process followed by a person- alization process, as seen from a cryptographic perspective. For the cryptographic protection to be effective, these two production steps must take place in separate rooms using separate personnel. The illustrated procedure works as follows. During initialization, a card-specific key (KD) is derived in a security module using a unique chip number and a master key (KM). This key is sent as plaintext to the card, where it is stored. Naturally, a lot of other data must be written to the smart card during the initialization, but generating and storing the card-specific key KD is the only cryptographically relevant step. Following this, the card is personalized. This can be done immediately following the ini- tialization, but it may also be done several weeks later. The important factor is that personal- ization must be completely separate from initialization, in order to prevent a KD that has been illicitly acquired during initialization from being used during personalization to decrypt the card-specific data. In the personalization process, the personalization data that have been encrypted using a shared key are decrypted for each individual card by the security module. This is necessary because the producer of the personalization data does not know the individual chip numbers, which are independently generated by the semiconductor manufacturer. The security module then computes the card-specific key (KD) from the card number that it receives from the smart card and the master key (KM). Now the security module and the smart card have a shared secret in the form of KD. This is used to encrypt the personalization data, which are then transferred in encrypted form to the smart card, where they are decrypted and written to the appropriate locations in the EEPROM. This process provides complete cryptographic protection of the personalization procedure. It protects the data to be used for personalization against being spied out, as long as the key (KD) that is written to the card during the initialization remains secret. Figure 10.64 shows an alternative method for securing loading data into smart cards, in which the first step consists of having the smart card and the terminal agree on a common secret key by means of a Diffie–Hellmann key exchange. After this, the data are transmitted to the smart card in encrypted form using this key. The major advantage of this method is that it never involves transmitting a secret key in non-encrypted form. At the conclusion of the personalization process, the personalization machine runs several quality control tests on the finished smart card. In the latest machines, for example, each card is scanned by a camera and the visual personalization is evaluated by a computer and checked against a production database. In case of an error, the card is ejected into a faulty-card bin and a new copy of the card is automatically produced. Normally, the personalization data in the microcontroller are also checked. However, this is technically difficult to do, since read 10.4 Phase 3 of the Life Cycle in Detail 645 Terminal card number KD (card-specific key) enc (KD; personalization data) card number Smart Card Security Module KM (master key) KD KD personalization data in plaintext store KD database with encrypted, card-specific personalization data personalization data in plaintext (data and key) KM key for personalization data Figure 10.63 Schematic representation of a typical initialization and personalization procedure using cryptographically secured transmission of data and keys. ‘KM’ designates the master key, which is used to derive the card-specific keys (KD). Only the cryptographically relevant processes are shown access to many of the files is no longer allowed. Consequently, special security modules for these tests are frequently present in personalization machines. These modules contain secret master keys with which the personalized keys in the smart cards can be tested for correctness, possibly via an authentication. Another approach is to provide the personalizer with command strings and corresponding response strings for each individual card. The personalizer then sends these commands in the 646 The Smart Card Life Cycle Terminal enc (KD; personalization data) card number Smart Card Security Module KD KD personalization data in plaintext database with encrypted, card-specific personalization data personalization data in plaintext (data and key) KM key for personalization data X, g, n Y Y = g y mod n X = g x mod n K = Y x mod n K = X y mod n Figure 10.64 Schematic representation of a possible procedure for personalization using cryptograph- ically secured transmission of data and keys. In this special procedure, the keys for loading the data in encrypted form are negotiated in advance using a Diffie–Hellman key exchange. This eliminates the need to transmit a previously stored symmetric personalization key to the smart card in cleartext in a separate step. Only the cryptographically relevant processes are shown correct sequence to the smart card and compares the responses received from the card with the responses accompanying the commands. If they do not match, the smart card is not behaving as expected and a personalization error must have occurred. With this method, it is not necessary to have a special security module for the tests in the personalization machine. Once a smart card has been personalized, it is generally not possible to reverse the pro- cess, which means that an incorrectly personalized smart card is worthless. Of the various 10.4 Phase 3 of the Life Cycle in Detail 647 processes, electrical personalization is the most prone to errors, and any errors that occur in the personalization of a large batch of cards would result in major financial losses and delays. Con- sequently, there are a few smart card operating systems that allow the complete personalization to be fully deleted following a suitable authentication. With regard to the operating system, the smart card afterwards behaves the same as after semiconductor fabrication or completion. This capability is sometimes used for test cards, since it makes it possible to modify the software in the card instead of scrapping the card every time the software changes. Occasionally, such smart card operating system mechanisms are enabled for regular cards, thus allowing cards to be depersonalized if necessary. 0 cards/h 50 cards/h 100 cards/h 150 cards/h 200 cards/h 250 cards/h 300 cards/h 0 kB 2 kB 4 kB 6 kB 8 kB 10 kB 12 kB 14 kB 16 kB 18 kB 20 kB no printing one side printed both sides printed amount of personalization data throughput Figure 10.65 Throughput diagram for electrical personalization with single-sided and double-sided card printing using a desktop personalization machine Generally speaking, smart card personalization is not performed for quantities less than (typically) 10,000 cards. However, many applications require the ability to reproduce individ- ual, customer-specific smart cards. For instance, it must be possible to replace a defective or lost Eurocheque smart card within a few days, since otherwise the cardholder will no longer be able to obtain money from cash dispensers. With an increasing level of customer friendliness, there is an increasing demand for this sort of just-in-time personalization equipment. It is usually installed alongside the mass-production personalization equipment, receives card data via data telecommunications and uses smart cards that have already been initialized and held as partly-finished products. With this sort of card production, provision of a replacement card to the end user (the cardholder) within 24 hours can be guaranteed, should this be necessary. Such equipment, which is designed for fast turnaround, is naturally not suitable for the mass production of smart cards. 648 The Smart Card Life Cycle Figure 10.66 Example of a desktop personalization machine for electrical personalization and double- sided color printing with a resolution of 300 dpi. The input stack of cards is located on the right-hand side, while the stacks of good and rejected cards are located on the left (Source: F + D) Envelope stuffing and shipping The final processingstep in the production of smart cards is packing and shipping the cards. This is not necessary with some types of cards, such as pre-paid phone cards, which are frequently supplied en masse to the card issuer. However, with more sophisticated and expensive cards it is common for the cardholder to receive a personalized letter containing his or her new card. With some applications, such as credit cards, the cardholder also receives a letter with the PIN. For reasons of security, this is sent separately and a few days later than the card. The area in which all of these activities take place is often called the lettershop. The envelope of the PIN letter is made with a carbon-paper coating on the inside. This allows a slip of paper inside the envelope to be printed from the outside using a dot-matrix impact printer. The envelope is constructed such that an unauthorized person cannot read the printed PIN code without visibly damaging the envelope. These measures ensure that it is not possible for someone to spy out PIN codes without being noticed, even while the PIN letters are being generated. High-performance printing systems for PIN letters can print up to 34,000 documents per hour. For posting the cards, the personal information (such as the cardholder’s name and address) is either read from the card or retrieved from the production database, depending on the card type. This information is printed on a ‘card carrier’, which is a pre-printed letter, using a high- throughput laser printer. The letter may have two punched slots to hold the corners of the card. Alternatively, a strip of easily removable adhesive material is often used to attach the card to the letter. Following this, the card carrier is folded and inserted into an envelope. After the envelope has been franked, the smart card with the personalized letter is ready to be posted to the cardholder. High-performance envelope stuffing machines have a throughput of around 7000 letters per hour. The final quality control step is to automatically weigh the finished letters containing the cards. The weight of the card, which is around 6 grams, is easily sufficient to ensure reliable verification that each envelope actually contains a card. 10.4 Phase 3 of the Life Cycle in Detail 649 Figure 10.67 A system for attaching cards to their associated letters, which are then stuffed into envelopes along with any necessary attachments. This machine can prepare and stuff up to 7000 envelopes per hour (Source: B¨owe Systec) In order to minimize postage costs, it is common to presort the letters by postal code before handing them over to the post office. This optimization is most easily realized by producing the cards in the order necessary to satisfy the postal sorting criteria (such as a regional code followed by a local code). Practical experience with even such simple things as sending cards by post repeatedly brings new and interesting problems to light. For instance, one time a major producer of smart cards was confronted with sudden failures in smart cards sent by post. When the cause of these failures was investigated, it was discovered that the responsible postal distribution center had changed the arrangement of the feed rollers in the sorting machine. With the new arrangement, the letters containing the smart cards were bent so severely during sorting that the chips inside the modules broke in some of the cards. The problem was solved by shifting the position of the card on the carrier by a few centimeters. For this and other, similar reasons, a few hundred test letters are often posted in the target region and then analyzed prior to a Table 10.5 Summary of the relative cost factors for two types of smart cards containing microcontrollers with different memory capacities Component or production step Smart card with: Smart card with: ≈6kBROM ≈16 kB ROM ≈1 kB EEPROM ≈8 kB EEPROM ≈128 bytes RAM ≈256 bytes RAM Die: 50.0 % 65.0 % Module: 25.0 % 15.0 % Card body: 12.5 % 10.0 % Initialization and personalization: 12.5 % 10.0 % 650 The Smart Card Life Cycle major mailing, in order to ensure that the smart cards will not be damaged during transport or sorting. The production steps and phases that have been described thus far represent a mass produc- tion process, which is standard for cards such as GSM cards and credit cards with chips. Other applications or card issuers may have other basic requirements with regard to card production. For example, some GSM smart cards are personalized ‘on site’ in the shop and then handed directly to the customer. The customer naturally receives a favorable impression of the com- petence and capability of the shop if he or she can receive a personalized card immediately after subscribing and paying. However, this depends very strongly on the marketing policy and security requirements of the card issuer. In contrast to this example, producing card bodies and modules is basically independent of the ultimate card issuer or his marketing aspects, and thus largely the same for all applications. 10.5 PHASE 4 OF THE LIFE CYCLE IN DETAIL Phase 4 ofthe life cycle of asmart card is well known tonormal card users from daily experience with their own cards. New applications can be downloaded or activated, and applications already present in the card can be deactivated if necessary. Since the majority of this book addresses this phase, itis not described any further here, withthe exception of cardmanagement systems. Card management systems Administrative systems for cards have been used by a variety of card issuers for many years already. However, up to now the emphasis has primarily been on inventory management and associating cards with specific persons. With the increasingly widespread use of smart cards that support modifying, downloading and deleting applications, the functions of card manage- ment systems have been fundamentally altered, since they must also deal with the aspects of card-specific applications. Such systems are called card management systems (CMS), applet management systems (AMS) or sometimes file management systems (FMS). The term ‘card management system’ is used here. A functional card management system first requires a high-performance database system containing all necessary information about issued cards, as well as at least occasional on- line connections to the cards to be managed. For these reasons, existing smart cards used in telecommunications applications are quite suitable for use with card management systems, since they are continuouslyconnected online to the background system whilein use. In payment systems that operate partially offline, it is still possible to utilize temporary online connections to the background system, such as when a card is used with a cash dispenser or merchant terminal. An essential prerequisite for any sort of online connection is a secure end-to-end connection between the smart card and the management system. A card management system can have a very broad range of functions. The simplest function is updating the contents of files in specific smart cards, using standard smart card commands that are sent to the cards via secure channels. A somewhat more complicated function is file management, which means deleting existing files and creating new files, using mechanisms 10.5 Phase 4 of the Life Cycle in Detail 651 that are similar to those used for updating file contents. All of these operations on files are referred to as ‘remote file management’ (RFM). Significantly larger data volumes are involved in storing a new application in a smart card. If the application is file-based, all of the corresponding files must be created in the smart card and then filled with data. If the new application is program-code based, the program must be loaded into the smart card. In the case of Java Card, this is primarily done using the OP loader. 12 However, it can sometimes be necessary to replace an application by a different application or a new version of the same application. In preparation for this, the data for applications present in the smart card must be secured. Following this, the application in question must be deleted and the new application must be created in the smart card. Finally, the secured data must be loaded into the application, which may involve converting the data to a different format. The card management systems described above relate to the period after the smart card has been issued to the end user. However, the functions of a card management system can be significantly expanded to cover the entire life cycle of the smart card. This is referred to as life-cycle management. It begins with the completion of the smart card operating system and extends over the initialization and personalization of the smart card through its actual use and any subsequent deactivation of the card that may be necessary at some time, including transferring the data to a new smart card. Naturally, this manifold of functions causes card management systems to be quite complex. Furthermore, it should be noted that it is extremely rare for the set of smart cards being managed to be homogeneous. The most common situation is a highly heterogeneous hodge-podge of different smart card operating systems in various versions running on a variety of hardware platforms with different memory sizes. The applications to be managed will also have a certain range of versions. As an example that illustrates the resulting complexity, we can consider the situation of an operator of a telecommunications network using SIMs having three different versions of the operating system running on three different hardware platforms with three different versions of the application. In the worst case, the card management system will have to perform 27 (= 3 3 ) different types of access to the application. The card user, by contrast, sees all of these 27 variants as only a single application in his SIM. Besides the large number of variants that can quite easily arise, another consideration is that the smart cards to be managed must meet certain general conditions. In principle, the entire administrative process must be performed in an atomic manner by the card management system, since if it is somehow possible to prevent administration operations from being fully completed by means of some sort of interruption to the process, it must be possible to restore the original state. For example, consider downloading a Java applet into a SIM via the air interface. If the connection is broken, for instance because there is a coverage gap in a tunnel, this must not be allowed to have any sort of technical consequences for the existing functionality of the SIM. All of this can be technically achieved using existing mechanisms and procedures, but it requires substantial effort. There are commercially available card management systems that can provide several of the previously described functions. However, if smart cards are used on a large scale in a system in 12 See also Section 5.11, ‘Open Platform’ 652 The Smart Card Life Cycle which it isnecessary to dynamicallymanage applications, major extensions to certainaspects of existing card management systems will be necessary, regardless of the nature of the functions. 10.6 PHASE 5 OF THE LIFE CYCLE IN DETAIL Phase 5 of the life cycle of smart cards according to the ISO 10202-1 standard defines all measures relating to terminating the use of the card. Specifically, these measures consist of deactivating the application(s) in the smart card, followed by deactivating the smart card itself. However, both of these processes are purely theoretical with most smart cards. In practice, cards are either thrown into the trash or carefully labeled and filed away by collectors for some indeterminate length of time. Generally speaking, it is quite rare for cards to be returned to the card issuer. Nevertheless, there are commands that can be used to deactivate individual applications and the complete smart card. The ISO/IEC 7816-9 commands DELETE FILE, DEACTIVATE FILE, TERMINATE DF and TERMINATE CARD USAGE are explicitly intended to be used to herald the final stage of the life cycle of an application. 13 These commands are primarily essential for managing individual applications in multiap- plication cards, but they are rarely used with present-day smart cards, which mostly incorporate more or less only one application. The easiest way to end the life of a smart card is to simply cut it into pieces using a pair of scissors. Anyone can do this, and some card issuers recommend this method for ‘terminating’ smart cards. Nevertheless, in some cases it would certainly be justified for reasons of security to return smart cards to their issuer. Some of them still contain valid secret keys, and if a potential attacker could manage to acquire several hundred or even a thousand cards, he would have a significantly larger pool of data for analyzing the hardware and software of the smart cards than if he had only a few cards. Statistical investigations based on a large number of cards will always yield more information than those based on individual cards. For this reason, as well as well-known environmental considerations, some card issuers collect expired cardswhen they issue newcards. In addition,collection bins for empty telephone cards are often placed next to card phones. Effective recycling of cards is only possible after the cards have first been collected. Recycling We must honestly admit that little progress has been made in the recycling of smart cards. For one thing, presently there are simply not enough cards collected for a proper recycling process, and the amount of material to be recycled is anyhow not all that large. In 1997, approximately 40,000 metric tons of plastic were used in the whole world for the production of smart cards. Even under the fully idealistic assumption that an equal weight of cards could be separately collected and fed back into a recycling process, this is a vanishingly small amount compared with the total amount of plastics produced worldwide, which for PVC alone amounted to approximately 13 million metric tons in the same year. 13 See also Section 7.8, ‘File Management Commands’ 10.6 Phase 5 of the Life Cycle in Detail 653 Nevertheless, this will change with the increasingly widespread use of cards. Recycling smart cards is a particularly difficult problem. The card body, which is laminated from several layers of various types of plastic, is a highly heterogeneous material. In addition, the cards are printed with several different kinds of ink and contain holograms, signature panels and magnetic stripes, all of which add to the number of different materials in the mix. Highly homogeneous materials can only be accumulated during card production, for instance as scrap resulting from punching cards from single-layer sheets. It is relatively easy to reuse these materials, and many card manufacturers already do so. In the case of discarded smart cards, on the other hand, it is currently practically impossible to separate the cards into homogeneous sorts of material. The presently proposed recycling method is to punch the modules out of the cards and then shred the rest of the card bodies. The plastic shreddings can be used to produce low-quality plastic items (garden ornaments are a typical example of this type of recycling). The modules can also be finely ground, and the metals that they contain can be recovered using electrolytic processes. However, such methods are presently not used anywhere on a large scale. In addition, it is not entirely clear that this sort of complex recycling truly protects the environment better than simple incineration or burial. In the case of contactless smart cards with coils of copper wire or conductive ink embedded in the card body, it is effectively impossible to separate the material of the card into individual types of plastic. Particularly in the case of multilayer cards, the only practical approach is high-temperature incineration, which some people rather arrogantly refer to as ‘energy recycling’. If the temper- ature is sufficiently high, relatively few harmful materials are released. It remains to be seen whether this solution will be considered to be acceptable in the long term. In any case, even though a single smart card weighs only 6 grams, the net weight of one million such cards is still 6 metric tons. Table 10.6 Summary of the major components of smart cards, in terms of weight Component Material Weight card body various plastics (e.g. PVC, PC, ABS) 4.400 g inks on the card body resins and pigments very low magnetic stripe iron oxide and similar materials, ink and adhesive very low hologram aluminum and adhesive very low microcontroller (10 mm 2 ) silicon with various doping elements 0.009 g bonding wires gold or aluminum very low encapsulation blob for the microcontroller epoxy resin 0.010 g adhesive to hold the module in the card body epoxy resin very low module with six contacts epoxy resin, glass fibers, nickel, aluminum, gold 0.170 g module with eight contacts epoxy resin, glass fibers, nickel, aluminum, gold 0.180 g [...]... terminal 2 (IFD) terminal n (IFD) smart card 1 (ICC) smart card 2 (ICC) smart card n (ICC) Figure 11.9 Overview of the software architecture of the PC/SC specification for linking smart cards to PC operating systems 670 Smart Card Terminals ICC-aware application This is an application that runs on a PC and that wishes to use the functions and data of one or more smart cards It can also be an application... interfaces between a smart card and a computer The only prerequisite for using a PC -card terminal is a PC card slot, which must be either a type I slot (3.3 mm high) or type II slot (5 mm high), depending on the manufacturer Some PC -card smart card terminals contain expansion memory for the smart card and coprocessor ICs for mass data encryption and decryption, in addition to the smart card interface These... Terminals can also be classified by their user 1 The terms card reader’ and smart card reader’ should not be understood to mean that data can only be read from the card using such devices Write accesses are naturally also possible Smart Card Handbook, Third Edition W Rankl and W Effing C 2004 John Wiley & Sons, Ltd ISBN: 0- 470 -85668-8 656 Smart Card Terminals interfaces Portable devices in particular... constructions, partly due to lack of experience The consequence of this was that smart card microcontrollers were frequently damaged and thus failed Smart Card Terminals 659 Figure 11.4 A typical smart card terminal in PC -card format (Gemplus model GPR400) Figure 11.5 A smart card terminal in the form of a USB plug, for use with cards in the ID-000 (plug-in) format prematurely Since then, most terminal manufacturers... equipped with a dial-up modem 658 Smart Card Terminals Figure 11.3 Example of a portable smart card terminal for electronic payments using credit cards, debit cards and electronic purses (Giesecke & Devrient model ZVT 900) This terminal has an integrated security module and a printer, and it can be used offline Smart card terminals in the form of PC cards (formerly called PCMCIA cards) do not readily fit into... (integrated chip card) Microprocessor smart cards that are compatible with the ISO/IEC 78 16-1/2/3 standards are required to be supported by the PC/SC specification Memory cards that comply with the ISO/IEC 78 16-10 standard may also be used, if this is allowed by the terminal 11.4.2 OCF The Open Card Initiative [OCF] was founded in 19 97 by a group of more than 10 companies active in the smart card and PC... the form of smart cards 12.1 PAYMENT TRANSACTIONS USING CARDS The simplest approach to using cards for payment transactions is to use magnetic-stripe cards holding data for online authorization After the user’s card has been checked against the blacklist and solvency has been verified, funds can be transferred directly from the cardholder’s bank account to that of the merchant With smart cards, the scenario... before).2 These models are described below, as well as a variation on them Payment cards credit cards debit cards electronic purse cards Figure 12.1 Classification of payment cards Credit cards The original idea of using a plastic card to pay for goods or services comes from credit cards The principle is simple: you pay using the card, and the corresponding amount is later debited from your account The cost... developed by third parties MUSCLE defines a Linux API that allows smart cards to be accessed in a relatively uncomplicated manner using a connected terminal 12 Smart Cards in Payment Systems The original primary application of smart cards with microcontrollers was user identification in the telecommunications sector In recent years, however, smart cards have established themselves in another market sector,... will choose other means 1 As of the summer of 2002 Smart Card Handbook, Third Edition W Rankl and W Effing C 2004 John Wiley & Sons, Ltd ISBN: 0- 470 -85668-8 674 Smart Cards in Payment Systems of payment After all, an electronic purse is just a new means of payment that complements rather than replaces other existing means of payment, such as credit cards and cash There is no reason to fear that these . mechanisms are enabled for regular cards, thus allowing cards to be depersonalized if necessary. 0 cards/h 50 cards/h 100 cards/h 150 cards/h 200 cards/h 250 cards/h 300 cards/h 0 kB 2 kB 4 kB 6 kB. smart card microcontrollers were frequently damaged and thus failed Smart Card Terminals 659 Figure 11.4 A typical smart card terminal in PC -card format (Gemplus model GPR400) Figure 11.5 A smart. application(s) in the smart card, followed by deactivating the smart card itself. However, both of these processes are purely theoretical with most smart cards. In practice, cards are either thrown