Main »
2011 » Март » 16 » How does the smart card
12:35 How does the smart card |
For a long time working with smart cards, I've had no very clear idea about their insides. That got a document that describes the structure and scheme of the smart card sharing this information.
Smart card with a USB controller or USB-key can be represented as a scheme (by and large USB-key is different from the smart card only in the presence / absence of bus controller USB):
As can be seen in the smart card contains 3 sections of memory:
- System memory - contains a file system and operating system. It stores the data necessary to validate the input PIN-code and password.
- Open memory - contains data that can be read without a PIN-code. The name of the smart card, ID, smart cards, and others.
- Closed memory - contains the data to which access is only possible on the PIN-code.
Accordingly, the processor is working with these three areas of memory, it is possible to read and write in all the above memory areas.
To work with the processor at a low level is used APDU (Application Protocol Data Unit) commands. By using APDU commands can even access the file system smart card, although to do so is not recommended.
The most interesting component is the chip smart card, which provides:
- Storing information in an internal storage chip smart card. Moreover, it should be noted that information from this store impossible to remove. Chip smart card does not contain a command to retrieve data from storage. This store private keys are digital certificates (many illiterate phrase, but the essence Hoping understandable).
- Generate the key pair. The chip smart card contains a random number (do not know why in the Soviet literature this is called a sensor, I'm at school used to call a random number generator). After generating the key pair's private key falls into the storage chip smart card and never goes beyond the chip smart cards, public key is transmitted processor, which generates a certificate request and sends it out of the smart card (certificate authority).
- Hardware implementation of symmetric encryption algorithms. However, due to limited resources, the symmetric encryption chip in the smart card process is very long. In this connection, not recommended symmetric encryption of large amounts of information via a smart card chip.
- Hardware implementation of hashing algorithms.
- Hardware implementation of asymmetric algorithms.
Features smart cards differ from the manufacturers, but these differences are insignificant. Differences related to the algorithm the hardware implementation of encryption algorithms and hashing algorithms, different manufacturers implement different algorithms. But such algorithms as RSA (asymmetric encryption), DES (symmetric encryption) and SHA-1 (hash), I think realized in virtually all smart card chips.
Since the main purpose of the smart card is working with digital certificates, then this work can be summarized as follows:
- The processor receives a command from the external environment generate the key pair.
- The processor translates this command into the chip smart card.
- The smart card chip random number generator generates a key pair, the private key which is placed in the storage chip smart card and public key is transmitted processor.
- The processor generates a certificate request (in PKCS # 10), which contains the public key of the generated key pair.
- The processor transmits the generated request to the external environment. This request falls into the center of the issuance of certificates on the basis of this request shall issue a certificate that is returned by the smart card.
- After receiving the certificate processor writes it into a closed storage area.
P.S. This topic has been written on the basis of the company Aladdin. If someone has a technical description of the hardware component of keys from other manufacturers share, please be very grateful.
|
Views: 444 |
Added by: w1zard
| Rating: 0.0/0 |