`for Smart Ulrds
`
`Architecture and Programmer's
`Guide
`
`Foreword by Patrice Peyret
`
`�
`�
`�
`]AVA
`
`c<
`<-=SC:
`
`_,
`
`IPR2022-00412
`Apple EX1051 Page 1
`
`
`
`Java Card™ Technology
`for Smart Cards
`Architecture and Programmer's Guide
`
`•
`
`j.'
`
`. .. = . ... ,
`'
`
`t,,
`
`'
`
`. \.
`
`'• •. ·.
`
`IPR2022-00412
`Apple EX1051 Page 2
`
`
`
`Copyright © 2000 Sun Microsystems, Inc.
`901 San Antonio Road, Palo Alto, California 94303 U.S.A.
`All rights reserved.
`
`RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the United States Government is subject to the
`restrictions set forth in DFARS 252.227-7013 (c)(l)(ii) and FAR 52.227-19.
`
`The release described in this manual may be protected by one or more U.S. patents, foreign patents, or pending appli(cid:173)
`cations.
`
`Sun Microsystems, Inc. (SUN) hereby grants to you a fully-paid, nonexclusive, nontransferable, perpetual, worldwide
`limited license (without the right to sublicense) under SUN's intellectual property rights that are essential to practice
`this specification. This license allows and is limited to the creation and distribution of clean room implementations of
`this specification that: (i) include a complete implementation of the current version of this specification without subset(cid:173)
`ting or supersetting; (ii) implement all the interfaces and functionality of the standard java. * packages as defined by
`SUN, without subsetting or supersetting; (iii) do not add any additional packages, classes or methods to the java.*
`packages; (iv) pass all test suites relating to the most recent published version of this specification that are available
`from SUN six (6) months prior to any beta release of the clean room implementation or upgrade thereto; (v) do not
`• derive from SUN source code or binary materials; and (vi) do not include any SUN binary materials without an appro(cid:173)
`priate and separate license from SUN.
`
`Sun, Sun Microsystems, the Sun logo, Java, Java Software, Java Card, Java SOK, Java 2 Standard Edtition, and Java 2,
`Enterprise Edition, are trademarks or registered trademarks of Sun Microsystems, Inc. UNIX* is a registered trade(cid:173)
`mark in the United States and other countries, exclusively licensed through X/Open Cornapny, Ltd. All other product
`names mentioned herein are the trademarks of their respective owners.
`
`THIS PUBLICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
`IMPLIED, INCLUDING, BUT NITT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,
`FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
`
`THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS.
`CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE
`IN NEW EDffiONS OF THE PUBLICATION. SUN MICROSYSTEMS, INC. MAY MAKE
`INCORPORATED
`IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN
`THIS PUBLICATION AT ANY TIME.
`
`Library of Congress Cataloging-in-Publication Data
`Chen,Zhiqun, 1969-
`Java Card technology for smart cards: architecture and programmer's guide /Zhiqun Chen.
`p. cm. -(The
`Java series)
`Includes bibliographical references and index.
`ISBN 0-201-70329-7 (alk. paper)
`I. Java (Computer program language) 2. Smart cards.
`QA76.73.J38 C478 2000
`l
`005 .13 '3-dc2
`
`I. Title. Il. Series.
`
`00-036360
`
`The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please
`contact:
`Pearson Education Corporate Sales Division
`One Lake Street
`Reading, Massachusetts 01867
`(800) 382-3419
`corpsales@pearsontechg.roup.com
`Visit us on the Web at www.awl.com/cseng
`
`Text printed on recycled and acid-free paper.
`
`ISBN 0201703297
`
`IPR2022-00412
`Apple EX1051 Page 3
`
`
`
`Contents
`
`Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
`Pref ace . . . . . . . . . . . . . ..................................
`xix
`
`Part 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
`1 From the Beginning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
`1.1 Smart Cards .............................................
`3
`1.1.1 Brief History .......................................
`3
`1.1.2 Benefits ...........................................
`4
`1.1.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
`1.2 Challenges in the Development of Smart Card Applications ........
`7
`1.3 Applying Java to Smart Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
`1.3.1 Benefits of Java Card Technology ......................
`8
`1.3.2 Brief History of Java Card Technology ..................
`9
`
`2 Smart Card Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
`2.1 Overview of Smart Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
`2.2 Basic Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
`2.2.1 Memory Cards versus Microprocessor Cards . . . . . . . . . . . . 12
`2.2.2 Contact Cards versus Contactless Cards . . . . . . . . . . . . . . . . 13
`2.3 Smart Card Hardware ............................
`: ........
`14
`2.3.1 Smart Card Contact Points ...........................
`14
`2.3.2 Smart Card Central Processing Unit ...................
`15
`2.3.3 Smart Card Coprocessors ............................
`15
`2.3.4 Smart Card Memory System .........................
`16
`
`ix
`
`IPR2022-00412
`Apple EX1051 Page 4
`
`
`
`X
`
`CONTENTS
`
`2.4 Smart Card Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
`2.4.1 Card Acceptance Device and Host Applications ..........
`17
`2.4.2 Smart Card Communication Model . . . . . . . . . . . . . . . . . . . . 17
`2.4.3 APDU Protocol ...................................
`18
`2.4.4 TPDU Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
`2.4.5 ATR ............................................
`20
`2.5 Smart Card Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
`2.5.1 Smart Card File Systems ............................
`21
`2.5.2 Master File .......................................
`22
`2.5 .3 Dedicated File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
`2.5.4 Elementary File ...................................
`22
`2.6 Smart Card Systems ......................................
`23
`2.7 Smart Card Standards and Specifications ......................
`24
`ISO 7816 Standards ................................
`2.7.1
`24
`2.7.2 GSM ............................................
`25
`2.7.3 EMV ............................................
`25
`2. 7.4 Open Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
`2.7.5 OpenCard Framework ..............................
`26
`2.7.6 PC/SC ...........................................
`26
`
`Part 2 Java Card Technology . . . . . . . . . . . . . . . . . . . . . . . . . . 27
`3 Java Card Technology Overview . ..........................
`29
`3.1 Architecture Overview ...................................
`29
`3.2 Java Card Language Subset ................................
`30
`3.3 Java Card Virtual Machine .................................
`31
`3.3.1 CAP File and Export File ............................
`32
`3.3.2 Java Card Converter ................................
`33
`3.3.3 Java Card Interpreter ...............................
`34
`3.4 Java Card Installer and Off-Card Installation Program ...........
`34
`3.5 Java Card Runtime Environment ............................
`36
`3.5.1 JCRE Lifetime ....................................
`37
`3.5.2 How Does the JCRE Operate during a CAD Session? ..... 38
`3.5.3 Java Card Runtime Features ..........................
`39
`3.6 Java Card APis ..........................................
`40
`3.6.1
`java. lang Package ................................
`40
`3.6.2
`javacard. framework Package ......................
`• 41
`3.6.3
`j avacard. security Package .................
`; ...... 41
`javacardx. crypto Package .........................
`42
`3.6.4
`
`IPR2022-00412
`Apple EX1051 Page 5
`
`
`
`CONTENTS Xl
`
`42
`3.7 Java Card Applets ........................................
`43
`3.8 Package and Applet Naming Convention ......................
`44
`3.9 Applet Development Process ...............................
`3 .10 Applet Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
`3.10.l ROM Applets .....................................
`46
`3.10.2 Preissuance or Postissuance Applets ...................
`46
`3.10.3 Postissuance Applet Installation .......................
`46
`3.10.4 Error Recovery during Applet Installation ...............
`47
`3.10.5 Installation Constraints ..............................
`48
`4 Java Card Objects . .....................................
`49
`4.1 Java Card Memory Model .................................
`49
`4.2 Persistent Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
`4.3 Transient Objects ........................................
`51
`4.3.l Properties of Transient Objects .......................
`52
`4.3.2 Transient Object Types ..............................
`52
`4.3.3 Creating Transient Objects ...........................
`53
`4.3.4 Querying Transient Objects ..........................
`54
`4.4 A Few Words about Object Creation and Deletion ...............
`54
`5 Atomicity and Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
`5.1 Atomicity ..............................................
`57
`5.2 Block Data Updates in an Array .............................
`58
`5.3 Transactions ............................................
`59
`5.3.l Commit Transaction ................................
`59
`5.3.2 Abort Transaction ..................................
`59
`5.3.3 Nested Transaction .................................
`60
`5.3.4 Commit Capacity ..................................
`60
`5.3.5 Transacti onExcepti on .............................
`61
`5.3.6 Local Variables and Transient Objects during
`a Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
`6 Java Card Exceptions and Exception Handling. . . . . . . . . . . . . . 65
`6.1 Exceptions in the j ava. l ang Package ........................
`65
`6.2 Java Card Exceptions .....................................
`66
`6.2.l
`Java Card Exception Reason Code .....................
`67
`6.2.2 Throwing an Exception in the Java Card Platfonn .........
`68
`6.2.3
`IS0Excepti on ....................................
`69
`6.2.4 UserExcepti on ...................................
`69
`
`IPR2022-00412
`Apple EX1051 Page 6
`
`
`
`xii
`
`CONTENTS
`
`7 .4
`
`71
`7 Java Card Applets ......................................
`7 .1 Applet Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
`7 .1.1 Applet Installation and Execution .....................
`71
`7.1.2 Applet Communication .............................
`72
`7.2 Class javacard.framework.Applet
`.........................
`73
`7.3
`install Method .........................................
`74
`7.3.1 Creating Objects in the Applet's Constructor .............
`76
`7.3.2 Registering the Applet Instance with the JCRE ...........
`76
`7.3.3 Processing the Installation Parameters ..................
`77
`7.3.4 Further Applet Initialization ..........................
`79
`select Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
`7.4.1 SELECT APDU Format and Processing ................
`80
`7.4.2 Default Applet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
`7.5 deselect Method ........................................
`82
`7.6 process Method .........................................
`82
`7.7 Other Methods in the Class javacard. framework.Applet .......
`83
`8 Working with APDUs . ...................................
`85
`8.1 APDU Class ..............................................
`85
`8.1.1 APDU Object. ....................................
`86
`8.1.2 APDU Buffer Size .................................
`86
`Interface !S07816 ........................................
`8.2
`87
`8.3 Working with APDUs in Applets ............................
`87
`8.3.1 Retrieve the APDU Buffer ...........................
`87
`8.3.2 Examine the Command APDU Header .................
`88
`8.3.3 Receive APDU Command Data .......................
`89
`8.3.3.1 Receiving Long Command Data ..............
`90
`8.3.4 Process the APDU Command and Generate the
`Response Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
`8.3.5 Return APDU Response Data ........................
`92
`95
`8.3.5.l
`Sending Data from Other Locations ............
`95
`8.3.5.2 Sending a Long Response ...................
`8.3.6 Return the Status Word .............................
`97
`8.4 Protocol-Specific APDU Processing .........................
`98
`8.4.l Method getProtocol
`...............................
`98
`8.4.2 Method getinBl ockSi ze ............................
`98
`99
`8.4.3 Method get0utBl ockSi ze ...........................
`8.4.4 Method set0utgoi ngNoChai ni ng ....................
`101
`
`' l
`
`IPR2022-00412
`Apple EX1051 Page 7
`
`
`
`CONTENTS Xlll
`
`8.4.5 Method getNAD ...................................
`8.4.6 Method wai tExtensi on ............................
`8.5 Summary ..............................................
`
`101
`101
`102
`
`9 Applet Firewall and Object Sharing . . . . . . . . . . . . . . . . . . . . . . 105
`9 .1 Applet Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
`9.1.1 Contexts ........................................
`106
`9 .1.2 Object Ownership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
`9 .1.3 Object Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
`9 .1.4 Transient Array and Context . . . . . . . . . . . . . . . . . . . . . . . . 108
`9.1.5 Static Fields and Methods ..........................
`108
`9 .2 Object Sharing across Contexts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
`9.2.1 Context Switch ...................................
`109
`9.2.2
`JCRE Privileges ..................................
`110
`9.2.3
`JCRE Entry Point Objects ..........................
`110
`9.2.4 Global Arrays ....................................
`111
`9.2.5 Object Shareable Interface Mechanism ................
`112
`9.2.5.1 Shareable Interface ........................
`112
`9.2.5.2 Shareable Interface Object ..................
`113
`9.2.5.3 Thoughts behind the Shareable Interface
`Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
`9.2.5.4 An Example of Object Sharing between
`Applets .................................
`9.2.5.5 Create a Shareable Interface Object. ..........
`9.2.5.6 Request a Shareable Interface Object. .........
`9.2.5.7 Use a Shareable Interface Object .............
`9.2.5.8 Context Switches during Object Sharing .......
`9.2.5.9 Parameter Types and Return Types in Shareable
`Interface Methods .........................
`121
`9.2.5.10 Authenticate a Client Applet. ................
`122
`9.2.5.11 getPrevi ousContextAID Method ............
`126
`9.2.5.12 Summary ................................
`127
`10 Programming Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
`10 .1 Quick Tour of Cryptography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
`10.1.1 Encryption and Decryption .........................
`130
`10.1.2 Message Digest ..................................
`133
`10.1.3 Digital Signature .................................
`134
`10.1.4 Random Data ....................................
`135
`
`114
`115
`116
`118
`120
`
`IPR2022-00412
`Apple EX1051 Page 8
`
`
`
`xiv
`
`CONTENTS
`
`135
`10.2 Cryptographic Practice in Smart Card Applications ............
`135
`10.2.1 Ensuring Application Security .......................
`136
`10.2.2 Functioning as a Secure Token .......................
`137
`10.2.3 Summary .......................................
`137
`10.3 Java Card Cryptography APis .............................
`137
`10.3.1 Design Principles .................................
`138
`10.3.2 Architecture .....................................
`139
`10.3.3 Package Structure .................................
`141
`10.4 Code Examples .........................................
`141
`10.4.1 Compute a Message Digest .........................
`143
`10.4.2 Build a Cryptographic Key .........................
`145
`10.4.3 Sign and Verify a Signature .........................
`147
`10.4.4 Encrypt and Decrypt Data ..........................
`148
`10.4.5 Generate Random Data ............................
`151
`11 Java Card Platform Security . ............................
`151
`11.1 Java Card Platform Security Features ........................
`152
`11.1.1 Java Language Security ............................
`11.1.2 Additional Security Features of the Java Card Platform . . . 152
`11.2 Java Card Platform Security Mechanisms ....................
`153
`11.2.1 Compile-Time Checking ...........................
`154
`11.2.2 Class File Verification and Subset Checking . . . . . . . . . . . . 154
`11.2.3 CAP File and Export File Verification .................
`156
`11.2.4 Installation Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
`11.2.5 Cryptographically Enforced Chain Trust ...............
`160
`11.2.6 Runtime Security Enforcement ......................
`160
`11.2.7 Java Card Cryptographic Support ....................
`162
`11.3 Applet Security .........................................
`162
`
`Part 3 Programming Guide and Tips . ..................
`12 Step-by-Step Applet Development Guide . ..................
`
`12.l Design the Applet .......................................
`12.1.l Specify the Functions of the Applet. ..................
`12.1.2 Specify AIDs for the Applet. ........................
`12.1.3 Define the Class Structure and Method Functions
`of the Applet .....................................
`12.1.4 Define the Interface between the Applet
`and Its Host Application ............................
`12.1.4.1 SELECT APDU ..........................
`12.1.4.2 VERIFY APDU ..........................
`
`. 165
`167
`
`167
`167
`168
`
`169
`
`170
`171
`171
`
`IPR2022-00412
`Apple EX1051 Page 9
`
`
`
`CONTENTS
`
`XV
`
`172
`12.1.4.3 CREDIT APDU ..........................
`172
`12.1.4.4 DEBIT APDU ............................
`12.1.4.5 GET BALANCE APDU. . . . . . . . . . . . . . . . . . . . 173
`12.2 Construct the Applet Code ...............................
`173
`12.2.1 Wallet Applet Code .. .. . .. .. .. . .. . .. . .. . .. . . .. . .. . .. . 17 4
`12.2.2 Implement Error Checking ............................
`180
`12.3 What's the Next Step? ...................................
`181
`13 Applet Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
`13.1 Optimizing an Applet's Overall Design .....................
`183
`13.2 On-Card Execution Time ................................
`184
`13.3 Method Invocations .....................................
`184
`13.4 Creating Objects in Applets ..............................
`185
`13.5 Reusing Objects .......................................
`185
`13.6 Eliminating Redundant Code .............................
`186
`13.7 Accessing Arrays ......................................
`187
`13.8 The switch Statement versus the if-else Statement ..........
`189
`13.9 Arithmetic Statements ..................................
`191
`13.10 Optimizing Variables in Applets ...........................
`191
`14 Working with int Data Type ............................
`195
`14.1 32-Bit Arithmetic Operations .............................
`195
`14.2 Array Size and Array Index ..............................
`206
`14.3 Storing and Computing int Values .........................
`207
`14.4 Summary .............................................
`213
`
`215
`Part 4 Appendices ...................................
`A Java Card Language Subset. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
`
`B Java Card 2.1 Application Programming Interface. . . . . . . . . . 224
`
`Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
`Bibliography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
`Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
`
`IPR2022-00412
`Apple EX1051 Page 10
`
`
`
`PART 1.
`Introduction
`
`• i
`' \
`
`~; ·.'
`~-~ --· ,,
`
`IPR2022-00412
`Apple EX1051 Page 11
`
`
`
`CHAPTER 1
`From the Beginning
`
`The explosion of the Internet and of wireless digital communication has rapidly
`changed the way we connect with other people. As the world has become more con(cid:173)
`nected, the business model has evolved from the traditional face-to-face in-store
`transaction to the on-line transaction conducted with a few mouse clicks in our
`home or office. The rapid emergence of electronic business opens not only new ave(cid:173)
`nues for commerce but also vast opportunities for an industry to reach out to its cus(cid:173)
`tomers and to introduce value-added services.
`The success of the electronic business market relies on the same level of trust
`that companies have built up over years of doing business face to face and relies
`on technology to help handle business easily. The security and portability of smart
`cards provide a safe, reliable, convenient, and effective way to ensure secure
`e-business and to enable a broad range of new applications.
`
`1.1 Smart Cards
`
`The same size as a credit card, a smart card (Figure 1.1) stores and processes
`information through the electronic circuits embedded in silicon in the plastic
`substrate of its body. A smart card is a portable and tamper-resistant computer.
`Unlike magnetic stripe cards, smart cards carry both processing power and infor(cid:173)
`mation. Therefore, they do not require access to remote databases at the time of a
`transaction.
`
`1.1.1 Brief History
`
`The idea of incorporating an integrated circuit into a plastic card was first introduced
`by two German inventors, Jurgen Dethloff and Helmut Grotrupp, in 1968. Later they
`filed a German patent on their invention. Independently, Kunitaka Arimura of the
`
`3
`
`IPR2022-00412
`Apple EX1051 Page 12
`
`
`
`4
`
`CHAPTER 1 FROM THE BEG/NNJNG
`
`t
`
`plastic substrate-----H-►
`
`smart card chip-----►
`
`Figure 1.1 Smart card
`
`Arimura Technology Institute in Japan filed a patent on the smart card in 1970.
`However, real progress came with Roland Moreno's 47 smart card-related patents
`filed in 11 countries between 1974 and 1979[1]. In the late 1970s, CII-Honeywell(cid:173)
`Bull (now Groupe Bull) first commercialized smart card technology and introduced
`microprocessor cards.
`The initial smart card trials took place in France and Germany in the early
`1980s using smart cards as prepaid phone cards and secure debit/credit bank
`cards. These successful trials proved the potential of smart cards against tamper(cid:173)
`ing and flexibility.
`Recently, with advances in chip technology and modem cryptography, smart
`cards have become more powerlul. They are now used to store electronic cash,
`replacing paper money, to store and secure personal medical records, to prevent
`unauthorized access to cable and satellite broadcasts, and to improve wireless tele(cid:173)
`phone security.
`Already very common in Europe and Asia because of the widespread use of
`applications such as GSM and banking cards, smart cards began to make signifi(cid:173)
`cant entries into the U.S. market in the late 1990s with the growing demand for
`security technologies in the e-business arena.
`
`1.1.2 Benefits
`
`The interest in smart cards is a result of the benefits they provide. One benefit, of
`course, is their built-in computational power. Security, portability, and ease of use
`are the other key advantages of smart cards.
`The processor, memory, and I/0 support of a smart card are packaged in a sin(cid:173)
`gle integrated circuit embedded in a plastic card. A smart card is resistant to attack
`because it does not need to depend on potentially vulnerable external resources.
`Probing infonnation in a smart card requires the physical possession of the card,
`
`IPR2022-00412
`Apple EX1051 Page 13
`
`
`
`SMART CARDS 5
`
`intimate knowledge of the smart card hardware and software, and additional equip(cid:173)
`ment. The security features in smart cards are further strengthened by cryptographic
`functions. Data stored in the card can be encrypted to safeguard its privacy in the
`physical memory, and data exchanged between the card and the outside world can
`be signed and encrypted. In addition, accessing a smart card usually requires the
`card holder to enter a PIN (personal identification number), which prevents the card
`from being used by an unauthorized person. Overall, it would be much more diffi(cid:173)
`cult to crack into a smart card than into a traditional desktop computer.
`Another benefit of smart cards is their inherent portability. You can carry a
`smart card in your wallet in the same way you carry credit cards. Because of this
`characteristic, smart cards keep data available wherever needed, as the card holder
`moves from one location to another.
`Smart cards are also very convenient to use. To begin a transaction, you insert
`the card into a card acceptance device, and you remove the card from the device
`when the job is done.
`
`1.1.3 Applications
`
`Smart cards are often used for secure data storage and to authenticate and ensure
`security of transactions. This section provides examples of applications for using
`smart cards.
`In ·the telecommunication industry, prepaid phone cards offer a cash-free,
`low-maintenance, and antifraud mechanism for accessing public phones. Today,
`the wireless telecommunication industry is the largest market using smart cards
`for security. The most notable example is GSM (global system for mobile com(cid:173)
`munication). A GSM wireless phone has a subscriber identity module (SIM) card,
`which is a smart card with a much smaller plastic substrate, that fits into a slot
`inside the phone. The SIM card identifies the user and provides encryption keys
`for digital voice transmission. It is very difficult to intercept telephone numbers
`and illegally program them into wireless phones. The key generated by the SIM
`card for encryption is temporary and is changed with each use. Therefore, even if
`a GSM transmission could be decrypted, it would be useless for the next transmis(cid:173)
`sion. Because the user's identity is programmed into the SIM card, the user can
`use not just one phone but any GSM-compatible phones that accept the SIM card.
`A subscriber gets a SIM card from the service provider and inserts it into a phone
`that can be purchased or leased separately.
`As wireless communication gains wide acceptance, the role of wireless
`phones is going much further than voice transmission. To retain a competitive
`edge, telcom operators are competing to provide value-added services, such as
`
`IPR2022-00412
`Apple EX1051 Page 14
`
`
`
`6
`
`CHAPTER I FROM THE BEGINNING
`
`mobile banking, mobile commerce, Web access, and so on, which all rely on sman
`cards to verify the subscriber's identity and ensure security in data transmissions.
`In the payment and banking industries, smart cards are used as secure credit or
`debit bank cards. Their functions are similar to magnetic stripe cards. But because
`of the on-board computing power of smart cards, they can handle off-line transac(cid:173)
`tions and verifications. Unlike magnetic stripe cards, data in a smart card cannot be
`easily copied and then misused. Smart card-based credit cards help to prevent credit
`card fraud that costs banks around the world billions of dollars a year.
`Recently, the newer trends in the payment and banking area include the
`e-purse (ore-wallet) applications. The card stores electronic money, and the bal(cid:173)
`ance can be increased or decreased. Smart card-based electronic purses can
`reduce the cost of handling paper money; in particular, they provide an ideal pay(cid:173)
`ment mechanism for on-line microtransactions, where the overhead in using regu(cid:173)
`lar credit cards is too high for low-value transactions.
`In a retail loyalty scheme, the card can help to promote cobranded retailer
`partnership and increase sales and customer satisfaction. The card stores loyalty
`points that are accumulated when the card holder purchases items from sponsor(cid:173)
`ing retailers. The card holder can use the points for point-of-sale discounts, air
`miles, or other gifts. The data captured when the card is used can also help retail(cid:173)
`ers to understand the customer's purchase preferences and behavior.
`In a mass-transit system, smart cards can replace tokens and tickets. In the field
`of automotive transportation, smart cards can replace coins for parking and toll, in a
`way that is similar to the function of prepaid phone cards. The smart card solution
`provides many benefits in collecting fares, managing huge numbers of small trans(cid:173)
`actions, and attracting customers with user-friendly and faster transactions.
`In the health care sector, smart cards can help to reduce the complexity of
`managing information concerning patients' insurance coverage and medical histo(cid:173)
`ries. The card can store administration data to manage a patient's eligibility for
`benefits and to process claims. The card can also store a patient's medical records,
`providing up-to-date and reliable medical information and enabling the sharing of
`information among physicians, hospitals, and pharmacies.
`On the Internet, user authentication and access control is an important moti(cid:173)
`vation for choosing smart cards. There is increasing use of smart cards in the pub(cid:173)
`lic key infrastructure. A smart card carries the card holder's private key and digital
`certificate-two components that verify the card holder's identity to the electronic
`world. In the public key encryption scheme, the private key, known only to you, is
`paired with a public key that is made widely available. The private key is used in
`conjunction with the public key to support digital signature signing and verifica-
`
`IPR2022-00412
`Apple EX1051 Page 15
`
`
`
`CHALLENGES IN THE DEVELOPMENT OF SMART CARD APPLICATIONS 7
`
`tion. The digital certificate is issued by a certificate authority that testifies to the
`authenticity of a public key. Applications using smart cards for authentication
`include Web site access control, digital signing of e-mail messages, and secure
`on-line transactions. Many other Internet applications can be envisioned.
`In a closed environment, such as a corporation or a university, multiapplica(cid:173)
`tion smart cards can provide physical entrance to buildings and computer facili(cid:173)
`ties, grant levels of network access to internal Web sites and servers, store and
`process administration data, and enable various financial transactions (paying for
`meals, purchasing snacks at vending machines, ATM withdrawals and deposits,
`and so on).
`As smart card technology gains wider acceptance, smart cards are finding
`their way into everyone's wallet.
`
`1.2 Challenges in the Development of Smart Card Applications
`
`Developing a smart card application traditionally has been a lengthy and difficult
`process. Although the cards are standardized in size, shape, and communication pro(cid:173)
`tocol, the inner workings differ widely from one manufacturer to another. Most
`smart card development tools are built by the smart card manufacturers using
`generic assembly language tools and dedicated hardware emulators obtained from
`silicon chip vendors. It has been virtually impossible for third parties to develop
`applications independently and sell them to issuers. Therefore, developing smart
`card applications has been limited to a group of highly skilled and specialized pro(cid:173)
`grammers who have intimate knowledge of the specific smart card hardware and
`software.
`Because there are no standardized high-level application interfaces available
`in smart cards, application developers need to deal with very low-level communi(cid:173)
`cation protocols, memory management, and other minute details dictated by the
`specific hardware of the smart card. Most smart card applications in use today
`have been custom developed from the grou