Overview

Like most computer hardware, the price of smart cards is steadily decreasing, while performance and capacity are improving all the time. You can now buy a fully-functional computer, the size of your thumb-nail, for just a euro or two. However, before the BasicCard arrived, the cost of developing software for smart cards was out of all proportion to the cost of the hardware. A typical development project might take six months and cost a quarter of a million euros. This was a major barrier to the widespread use and acceptance of smart cards.

But now you can program your own smart card in an afternoon, with no previous experience required. If you can program in Basic, you can design and implement a custom smart card application. With ZeitControl’s BasicCard, the development cycle of writing code, downloading, and testing takes a few minutes instead of weeks.

The Smart Card Environment

Obviously, programming a smart card is not the same as programming a desktop computer. It has no keyboard or screen, for a start. So how does a smart card receive its input and communicate its output? It talks to the outside world through its bi-directional I/O contact. Communication takes place at 9600 baud or more, according to the T=0 and T=1 protocols defined in ISO/IEC standards 7816-3 and 7816-4. But this is completely invisible to the Basic programmer – all you have to do is define a command in the card, and program it like an ordinary Basic procedure. Then you can call this command from a ZC-Basic program running on the PC. Again, the command is called as if it was an ordinary procedure.

The BasicCard operating system takes care of all the communications for you. It will even encrypt and decrypt the commands and responds if you ask it to. All you have to do is specify a different two-byte ID for each command that you define. (If you are familiar with ISO/IEC 7816-4: Interindustry commands for interchange, you will know these two bytes as CLA and INS, for Class and Instruction.)

Here is a simple example. Suppose you run a discount warehouse, and you are issuing the BasicCard to members to store pre-paid credits. You will want a command that returns the number of credits left in the card. So you might define the command GetCustomerCredits, and give it an ID of &H20 &H01 (&H is the hexadecimal prefix):

  • Eeprom CustomerCredits ' Declare a permanent Integer variable

    Command &H20 &H01 GetCustomerCredits (Credits)

    Credits = CustomerCredits

    End Command

    •

    • You can call this command from the PC with the following code:

  • Const swCommandOK = &H9000

    Declare Command &H20 &H01 GetCustomerCredits (Credits)

    Status = GetCustomerCredits (Credits)

    If Status <> swCommandOK Then GoTo CancelTransaction

    •

    • The value &H9000 is defined in ISO/IEC 7816-4 as the status code for a successful command. This value is automatically returned to the caller unless the ZC-Basic code specifies otherwise. The return value from a command should always be checked, even if the command itself has no error conditions – for instance, the card may have been removed from the reader.

    It’s as simple as that. Of course, there is a lot more going on below the surface, but you don’t have to know about it to write a BasicCard application.

    Technical Summary

    All BasicCard families (Compact, Enhanced, and Professional) contain:

    • a full implementation of the T=1 block-level communications protocol defined in ISO/IEC 7816-3: Electronic signals and transmission protocols, including chaining, retries, and WTX requests;
    • a command dispatcher built around the structures defined in ISO/IEC 7816-4: Interindustry commands for interchange (CLA INS P1 P2 [Lc IDATA] [Le] );
    • built-in commands for loading EEPROM, enabling encryption, etc.;
    • a Virtual Machine for the execution of ZeitControl’s P-Code;
    • code for the automatic encryption and decryption of commands and responses, using the AES, DES, or SG-LFSR symmetric-key algorithm.

    Enhanced and Professional BasicCards contain in addition:

    • a directory-based, DOS-like file system;
    • IEEE-compatible floating-point arithmetic.

    The functionality of the Enhanced BasicCard family can be further extended using Plug-In Libraries.

    Professional BasicCards contain in addition:

    • a Public-Key algorithm (RSA or EC);
    • a full implementation of the T=0 byte-level communications protocol defined in ISO/IEC 7816-3: Electronic signals and transmission protocols;
    • the SHA-1 Secure Hash Algorithm.

    The data sheet on the next page contains details of available BasicCards versions, and the cryptographic algorithms that they support.

    Development Software

    The ZeitControl MultiDebugger software support package consists of:

    • ZCPDE, the Professional Development Environment;
    • ZCMDTERM and ZCMDCARD, debuggers for Terminal programs and BasicCard programs;
    • ZCMBASIC, the compiler for the ZC-Basic language;
    • ZCMSIM, for low-level simulation of Terminal and BasicCard programs;
    • BCLOAD, for downloading P-Code to the BasicCard;
    • KEYGEN, a program that generates random keys for use in encryption;
    • BCKEYS, for downloading cryptographic keys to the Compact and Enhanced BasicCards.

    Compact BasicCard

    Version

    EEPROM

    RAM

    Protocol

    Encryption

    Floating-Point Support

    File System

    ZC1.1

    1K

    256 bytes

    T=1

    SG-LFSR

    None

    No

    Enhanced BasicCard

    Version

    EEPROM

    RAM

    Protocol

    Encryption

    Extras

    FP Support

    File System

    ZC3.1

    2K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    ZC3.2

    4K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    ZC3.3

    8K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    ZC3.4

    16K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    ZC3.5

    6K

    256 bytes

    T=1

    DES

    EC-FSA1

    Full

    Yes

    ZC3.6

    14K

    256 bytes

    T=1

    DES

    EC-FSA1

    Full

    Yes

    ZC3.7

    2K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    ZC3.8

    4K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    ZC3.9

    8K

    256 bytes

    T=1

    DES

    		  

    Full

    Yes

    1 EC-FSA: Fast Signature Algorithm for Elliptic Curve Cryptography

    Plug-In Libraries for the Enhanced BasicCard: EC-161, AES, SHA-1, IDEA

    Professional BasicCard

    Version

    PK Algorithm

    EEPROM

    RAM

    Protocol

    Encryption

    Extras

    FP Support

    File System

    ZC4.5A

    RSA

    30K

    1K

    T=0, T=1

    AES

    SHA-1

    Partial1

    Yes

    ZC4.5D

    RSA

    30K

    1K

    T=0, T=1

    DES

    SHA-1

    Partial1

    Yes

    ZC5.4

    EC-167

    16K

    1K

    T=0, T=1

    AES & DES

    SHA-1

    Full

    Yes

    ZC5.5

    EC-167

    31K

    1.7K

    T=0, T=1

    EAX/OMAC/
    AES/ DES

    SHA-1

    Full

    Yes

    1 Single-to-String conversion not supported

    MultiApplication BasicCard

    Version

    PK Algorithm

    EEPROM

    RAM

    Protocol

    Encryption

    Extras

    FP Support

    File System

    ZC6.5

    EC-167

    31K

    1.7K

    T=0, T=1

    EAX/OMAC/
    AES/ DES

    SHA-1

    Full

    Yes

    Public-Key Algorithms

    Name Description Key size Reference
    RSA Rivest-Shamir-Adleman algorithm 1024 bits IEEE P1363: Standard Specifications for Public Key Cryptography
    EC-167 Elliptic Curve Cryptography over the field
    GF(2167 )    		 167 bits
    EC-161 Elliptic Curve Cryptography over the field
    GF(2168 )    		 161 bits

    Symmetric-Key Algorithms

    Name Description Key size Reference
    EAX Encryption with Authentication for Transfer (using AES) 128/192/
    256 bits    		 EAX: A Conventional Authenticated-Encryption Mode1
    M. Bellare, P. Rogaway, D. Wagner
    OMAC One-Key CBC-MAC (using AES) 128/192/
    256 bits    		 OMAC: One-Key CBC MAC1
    Tetsu Iwata and Kaoru Kurosawa
    Department of Computer and Information Sciences, Ibaraki University
    4–12–1 Nakanarusawa, Hitachi,
    Ibaraki 316-8511, Japan
    AES Advanced Encryption Standard 128/192/
    256 bits    		 Federal Information Processing Standard FIPS 197
    DES Data Encryption Standard 56/112 bits ANSI X3.92-1981: Data Encryption Algorithm
    SG-LFSR Shrinking Generator – Linear Feedback Shift Register 64 bits D. Coppersmith, H. Krawczyk, and Y. Mansour, The Shrinking Generator, Advances in Cryptology – CRYPTO ’93 Proceedings, Springer-Verlag, 1994
    IDEA International Data Encryption Algorithm 128 bits X. Lai, On the Design and Security of Block Ciphers, ETH Series in Information Processing, v. 1, Konstanz: Hartung-Gorre Verlag, 1992

    1 These documents are available at http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/

    Data Hashing Algorithms

    Name Description Reference
    SHA-1 Secure Hash Algorithm,
    revision 1    		 Federal Information Processing Standard FIPS 180-1

    Communication Protocols

    Name Description Reference
    T=0 Byte-level transmission protocol ISO/IEC 7816-3: Electronic signals and transmission protocols
    T=1 Block-level transmission protocol

    Download Development Software

    mailtoContact: Sales@basiccard.com

    This page was last changed on: 08/07/2004, 15:00 UTC
    PDF Get the FREE Adobe® Acrobat Reader for PDF-Documents