BasicCard

Web sites:
http://www.ZeitControl.de
http://www.BasicCard.com

Like most computer hardware, the price of smart cards is steadily decreasing, while performance and capacity are improving all the time. You can now buy a fully-functional computer, the size of your thumb-nail, for just a euro or two. However, before the BasicCard arrived, the cost of developing software for smart cards was out of all proportion to the cost of the hardware. A typical development project might take six months and cost a quarter of a million euros. This was a major barrier to the widespread use and acceptance of smart cards. But now you can program your own smart card in an afternoon, with no previous experience required. If you can program in Basic, you can design and implement a custom smart card application. With ZeitControl’s BasicCard, the development cycle of writing code, downloading, and testing takes a few minutes instead of weeks. This document describes ZeitControl’s BasicCard family: the Compact BasicCard, the Enhanced BasicCard, and Professional BasicCard, and the MultiApplication BasicCard. A BasicCard contains 256-1768 bytes of RAM, and 1-31 kilobytes of user-programmable EEPROM. The EEPROM contains the user’s Basic code, compiled into a virtual machine language known as P-Code (the Java programming language uses the same technology). The user’s permanent data is also stored in EEPROM, either as Basic variables, or in the BasicCard’s directory-based file system. The RAM contains run-time data and the P-Code stack. The smallest BasicCard, the Compact BasicCard, contains 1 kilobyte of EEPROM. How much Basic code can you squeeze into this card? While no exact figure can be given, our experience suggests a ratio of about 10-20 bytes of P-Code to every statement of Basic code. Assuming on average one statement every two lines (for comments and blank lines), this works out at 100-200 lines of source code. Some Professional BasicCards contain over 30 times as much EEPROM. The MultiApplication BasicCard contains 31 kilobytes of EEPROM, allowing several sizeable Applications in a single card. To create P-Code and download it to the BasicCard, you need ZeitControl’s BasicCard support software. This software is free of charge, and can be downloaded at any time from ZeitControl’s BasicCard page on the Internet (www.BasicCard.com). The support software runs under Microsoft® Windows® 98 or later. With this support package, you can test your software even if you don’t have a card reader, by simulating the BasicCard in the PC. The package contains a fully-functional Multiple Debugger, that can run Terminal and BasicCard programs simultaneously. So you can try out your idea for a smart card application without it costing you a cent.

The Smart Card Environment
Obviously, programming a smart card is not the same as programming a desktop computer. It has no keyboard or screen, for a start. So how does a smart card receive its input and communicate its output? It talks to the outside world through its bi-directional I/O contact. Communication takes place at 9600 baud or more, according to the T=0 and T=1 protocols defined in ISO/IEC standards 7816-3 and 7816-4. But this is completely invisible to the Basic programmer – all you have to do is define a command in the card, and program it like an ordinary Basic procedure. Then you can call this command from a ZCBasic program running on the PC. Again, the command is called as if it was an ordinary procedure. The BasicCard operating system takes care of all the communications for you. It will even encrypt and decrypt the commands and responses if you ask it to. All you have to do is specify a different two-byte ID for each command that you define. (If you are familiar with ISO/IEC 7816-4: Interindustry commands for interchange, you will know these two bytes as CLA and INS, for Class and Instruction.) Here is a simple example. Suppose you run a discount warehouse, and you are issuing the BasicCard to members to store pre-paid credits. You will want a command that returns the number of credits left in the card. So you might define the command GetCustomerCredits, and give it an ID of &H20 &H02 (&H is the hexadecimal prefix):

Eeprom CustomerCredits ′ Declare a permanent Integer variable
Command &H20 &H02 GetCustomerCredits (Credits)
Credits = CustomerCredits
End Command
You can call this command from the PC with the following code:
Const swCommandOK = &H9000
Declare Command &H20 &H02 GetCustomerCredits (Credits)
Status = GetCustomerCredits (Credits)
If Status <> swCommandOK Then GoTo CancelTransaction

The value &H9000 is defined in ISO/IEC 7816-4 as the status code for a successful command. This value is automatically returned to the caller unless the ZC-Basic code specifies otherwise. The return value from a command should always be checked, even if the command itself has no error conditions – for instance, the card may have been removed from the reader. It’s as simple as that. Of course, there is a lot more going on below the surface, but you don’t have to know about it to write a BasicCard application.

Technical Summary
All BasicCard families (Compact, Enhanced, Professional, and MultiApplication) contain:
a full implementation of the T=1 block-level communications protocol defined in ISO/IEC
7816-3: Electronic signals and transmission protocols, including chaining, retries, and WTX
requests;
a command dispatcher built around the structures defined in ISO/IEC 7816-4: Interindustry commands for interchange (CLA INS P1 P2 [Lc IDATA] [Le] );
built-in commands for loading EEPROM, enabling encryption, etc.;
a Virtual Machine for the execution of ZeitControl’s P-Code;
code for the automatic encryption and decryption of commands and responses, using the AES, DES, or SG-LFSR symmetric-key algorithm.

Enhanced BasicCards contain in addition:
a directory-based, DOS-like file system;
IEEE-compatible floating-point arithmetic.

The functionality of the Enhanced BasicCard family can be further extended using Plug-In Libraries.

Professional BasicCards contain all the above, plus:
a Public-Key algorithm (RSA or EC);
a full implementation of the T=0 byte-level communications protocol defined in ISO/IEC
7816-3: Electronic signals and transmission protocols;
the SHA-1 Secure Hash Algorithm.

The MultiApplication BasicCard (and some Professional BasicCards) contain all the above, plus cryptographic algorithms EAX (for Authenticated Encryption) and OMAC (for Message Authentication) and the SHA-256 Secure Hash Algorithm. The data sheet on the next two pages contains details of available BasicCards versions, and the cryptographic algorithms that they support.

Development Software
The ZeitControl MultiDebugger software support package consists of:
ZCPDE, the Professional Development Environment;
ZCMDTERM and ZCMDCARD, debuggers for Terminal programs and BasicCard programs;
ZCMBASIC, the compiler for the ZC-Basic language;
ZCMSIM, for low-level simulation of Terminal and BasicCard programs;
BCLOAD, for downloading P-Code to the BasicCard;
KEYGEN, a program that generates random keys for use in encryption;
BCKEYS, for downloading cryptographic keys to the Compact and Enhanced BasicCards.
BasicCard Versions

Compact BasicCard
Version EEPROM RAM Protocol Encryption Floating-Point Support File System
ZC1.1 1K 256 bytes T=1 SG-LFSR None No
Enhanced BasicCard
Version EEPROM RAM Protocol Encryption Extras FP Support File System
ZC3.1 2K 256 bytes T=1 DES Full Yes
ZC3.2 4K 256 bytes T=1 DES Full Yes
ZC3.3 18K 256 bytes T=1 DES Full Yes
ZC3.4 16K 256 bytes T=1 DES Full Yes
ZC3.5 6K 256 bytes T=1 DES EC-FSA1 Full Yes
ZC3.6 14K 256 bytes T=1 DES EC-FSA1 Full Yes
ZC3.7 2K 256 bytes T=1 DES Full Yes
ZC3.8 4K 256 bytes T=1 DES Full Yes
ZC3.9 8K 256 bytes T=1 DES Full Yes
1 EC-FSA: Fast Signature Algorithm for Elliptic Curve Cryptography
Plug-In Libraries for the Enhanced BasicCard: EC-161, AES, SHA-1, IDEA
Professional BasicCard1
Version PKAlgorithm EEPROM RAM Protocol Encryption Extras FP Support File System
ZC4.5A RSA 30K 1K T=0, T=1 AES SHA-1 Partial2 Yes
ZC4.5D RSA 30K 1K T=0, T=1 DES SHA-1 Partial2 Yes
ZC5.4 EC-167 16K 1K T=0, T=1 AES & DES SHA-1 Full Yes
ZC5.5 EC-211 31K 1.7K T=0, T=1 EAX/OMAC/AES/DES SHA-256 Full Yes
1 See Professional and MultiApplication BasicCard Datasheet for more information
2 Single-to-String conversion not supported

MultiApplication BasicCard1
Version PK Algorithm EEPROM RAM Protocol Encryption Extras FP Support File System
ZC6.5 EC-211 31K 1.7K T=0, T=1 EAX/OMAC/AES/DES SHA-256 Full Yes
1 See Professional and MultiApplication BasicCard Datasheet for more information

Algorithms and Protocols

Public-Key Algorithms
Name Description Key size Reference
RSA Rivest-Shamir-Adleman algorithm 1024 bits
EC-211 Elliptic Curve Cryptography over the field GF(2211 ) 211 bits
EC-167 Elliptic Curve Cryptography over the field GF(2167 ) 167 bits
EC-161 Elliptic Curve Cryptography over the field GF(2168 ) 161 bits IEEE P1363: Standard
Specifications for Public
Key Cryptography

Symmetric-Key Algorithms
Name Description Key size Reference

EAX Encryption with Authentication for Transfer (using AES) 128/192/256 bits EAX: A Conventional Authenticated-Encryption Mode1 M. Bellare, P. Rogaway, D. Wagner
OMAC One-Key CBC-MAC (using AES) 128/192/
256 bits OMAC: One-Key CBC MAC1 Tetsu Iwata and Kaoru Kurosawa Department of Computer and Information Sciences, Ibaraki University 4–12–1 Nakanarusawa, Hitachi, Ibaraki 316-8511, Japan
AES Advanced Encryption Standard 128/192/ 256 bits Federal Information Processing Standard FIPS 197 DES Data Encryption Standard 56/112/168 bits ANSI X3.92-1981: Data Encryption Algorithm
SG-LFSR Shrinking Generator – Linear Feedback Shift Register 64 bits D. Coppersmith, H. Krawczyk, and Y. Mansour, The Shrinking Generator, Advances in Cryptology – CRYPTO ’93 Proceedings, Springer-Verlag, 1994
IDEA International Data Encryption Algorithm 128 bits X. Lai, On the Design and Security of Block Ciphers, ETH Series in Information Processing, v. 1, Konstanz:
Hartung-Gorre Verlag, 1992 1 These documents are available at

http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/

Data Hashing Algorithms
Name Description Reference
SHA-256 Secure Hash Standard Federal Information Processing Standard FIPS 180-2
SHA-1 Secure Hash Algorithm, revision 1

Communication Protocols
Name Description Reference
T=0 Byte-level transmission protocol
T=1 Block-level transmission protocol ISO/IEC 7816-3: Electronic signals and transmission protocols