Security and Privacy on the U3 Platform

Be Smart with U3

The PC/SC Specification – What and What about???

The objective behind these components was to provide a standard model for interfacing smart-card readers and cards with computers. This approach eased developing smart card enabled applications because it provided device independent APIs for accessing and manipulating smart cards, familiar tools for software development like Visual Studio, and easy integration with all Windows platforms.

Apart from these facilities for the developers, this also made it economic to develop and deploy smart card enabled solutions by:

• Enforcing interoperability among cards and readers from different manufacturers
• Insulating differences between current and future implementations
• Avoiding application obsolescence due to underlying hardware changes
These components were developed in accordance with the specification released by the PC/SC workgroup, of which Microsoft is a member. The PC/SC specifications were released specifically to improve upon the ISO 7816 standards for smart cards and are compatible with both the EMV (Euro pay, MasterCard, Visa) and GSM (Global Standard for Mobile) specifications.
As expected, this gained broad industry support. These were just the initial steps towards standardization of the PC smart card interface and synchronization, and define guidelines for both smart card manufacturers and application developers.

The PC/SC specifications continues to grow toward becoming independent standards in the future with its v2 release.

-The Editor (

October 31, 2006 Posted by | Uncategorized | Leave a comment

Microsoft’s Smart Card Strategy

A smart card is essentially a simple plastic card, like a credit card, that is fabricated with a computer chip capable of storing information and supporting cryptographic operations to secure the data access.
These cards find a lot of consumer and industrial uses because they can store data and, more importantly, can act on that data. Smart cards were first adopted in Europe, and gained quick popularity soon after their introduction.
It appeared this market never took off in the United States, but the new security wave that started taking shape soon after the release of the Microsoft Windows 95 gave the smart card and the embedded industry a new direction.
In the mid-90’s. Microsoft Corporation endorsed development in the field of smart cards. The smart card industry looked to be the next big thing and today it is! Let’s take a look at the events and developments in this smart stream, both as a technology savvy developer and as anaive user of it. Did you know that the SIM in your mobile phone is a smart card?
As a part of its smart card strategy, Microsoft announced Smart Card Base Components for Windows 95 for integrating Smart Cards and Personal Computers in the last quarter of 1996.These components were also provided as a separate install on the Windows 98 CD ROM and Windows 2000 contains these components inbox (bundled with the installer).
These components included a set of DLL’s and COM servers that exposed either raw APIs to access Smart cards attached to a PC or a high level interface to them. SCardSvr.exe is one such COM server that runs as a service on Win2000. On Windows 2000 and higher versions of the OS, these components support public key services such as secure logon.
thats for today,
read up more in the next post!!!
-The Editor (

October 30, 2006 Posted by | Uncategorized | Leave a comment

Writing a Smart Card Library

In the next few posts we are going to develop a Smart Card Library that will ease the development of Smart Card Applications using the Win32 SDK and/or MFC.

This assumes that you’re familiar with Win32 and MFC. The library builds upon the available support for Smart Cards in Windows by providing an Object Oriented wrapper over the WinSCard API. One advantage of using this library is the layered approach, which isolates the core API’s available to non-Win32 conformant languages like

to access this library through JNI (Java Native Interfaces). If you’ve already developed some applications using the APIs exposed by WinSCard.dll then you’ll be well aware of the complexities involved and here is an attempt to ease them.

You might like to download the code before you read the rest of the article form the downloads page on

Microsoft has provided several enhancements toward the use of PCSC conformant Smart Cards with the operating systems releases made after Windows 2000.There is available a COM wrapper and Smart Card Base Components provided as a part of this enhancements.
The heart of this Subsystem is the WinSCard.dll which exposes raw APIs for managing and accessing PCSC compliant Smart Card readers. In order to take a quick look at what it exposes, you can just use the Dependency Walker.

Below is a Snapshot of the same.

Figure 1: The API exports by WinSCard.dll

There are around 60 exports from this DLL and cover most parts of the PCSC specification. Here we would try encapsulating some of the core APIs to develop an object-oriented wrapper that we can use to develop MFC applications that use Smart Cards.

until next blog,
– Editor (

October 30, 2006 Posted by | Uncategorized | Leave a comment

A little background on Smart Cards

Smart Cards might sound to you like a invention from the modern world ……. but its not actually!!!

The smart card – is a term coined by the French publicist Roy Bright in the 1980s—was invented in 1968 by two German engineers – Jürgen Dethloff and Helmut Gröttrupp.

The inventors filed for a German patent for their invention in February 1969 and were finally granted the patent DE 19 45 777 C3, titled “Identifikanden/Identifikationsschalter,” in the year 1982.

An independent researcher, Kunitaka Arimura of the Arimura Technology Institute in Japan filed for a smart card , patent in Japan in March 1970. In the next year, May 1971, Paul Castrucci of IBM filed an American patent titled simply “Information Card” and on November 7, 1972, was issued U.S. Patent 3,702,464. Between 1974 and 1979 Roland Moréno, a French journalist, filed 47 smart card–related patent applications in 11 countries and founded the French company Innovatron to license this legal tour de force.

This seems to be a misty description but one thing is certain, these people found it to be a invention worth of being patented when nobody expected that it would find some viable market share in security arena.

But i have more to say on this,

Keep reading,

-The Editor (

October 27, 2006 Posted by | Uncategorized | Leave a comment

Target applications of Smart Cards

Smart Card applications, unlike most software applications that we use in our daily chores, are typically deployed over a large network or in a community so to speak of which you are a part. In short Smart Card Applications target public systems.
This essentially means that smart cards are used in settings and situations where using a computer is not the feasible and/or affordable ; mobility is another part.
Moreover, the smart cards computer must fit seamlessly in any existing system and be compatible with upcoming new systems. The idea is flexibility and ease of operation/use and mobilty on top of the security Smart Cards provide.
Paying at a grossory store with electronic money on a smart card should practically be a very similar process as paying in cash.
but there is more to it,
Lets talk more later,
-The Editor (

October 27, 2006 Posted by | Uncategorized | Leave a comment

Price Vs Ease – Smart Cards

Smart cards as well as Memory Cards usually cost between $1 and $20, depending on the size of the memory in the card and the software functionality (the card operating system and other features) included.

Smart card software (burned on the chip in ROM or loaded thereafter), depending on the specific card, can range from a very basic ROM (Read-Only-Memory) based operating system with a decent file system, I/O communication, authorization, encryption, as well as access control primitives built into it. Advanced cards offer much more sophisticated on-board operating system supporting the use of advanced languages (Like .NET languages or even BASIC as in BasicCard) or traditional interpreted and/or interpretted languages (such as C, Java) to add new applications and functions to the cards even after they have been issued for use by the cardholder.

Smart cards are specially useful components of IT and IT Enabled systems that need to address CIA (Confidentiality + Integrity + Authentication) kind of security, personal privacy as well as mobility requirements.

Smart card programming is at core characterized by its focus on two critical aspects

  1. Data security, and
  2. Data integrity

Data security implies that a given data value that is present on the card can be accessed by those entities that are authorized to access it, and not by anyone else.

Data integrity, on the other hand, implies that the information stored on the card can not be modofied by unauthorized entities or be corrupted in anyway in normal course of usage.

Did you find this post useful?

Do write back,

-The Editor (

October 27, 2006 Posted by | Uncategorized | Leave a comment

Introduction to Programming Smart Cards

Factually speaking, a smart card is a micro computer, though it does not include the keyboard and display screen (most Smart Card readers do provide it to facilitate operation), it does have all the other essential elements which a general-purpose computing platform would have.

As far as appearance is concerned, it looks like similar to a ATM or Credit card with a small chip contacts on one face. These contacts are essentially the electrical interface for a very small and very highly integrated computer which is embedded in the card.

This micro-computer includes a 8 to 32 bit CPU and some kind of memory depending on the purpose of the card. A few specialized cards even includes an auxiliary processor (a cryptographic co processor or something similar) that helps the main CPU perform a dedicated or specialized computations. Effectively, though it has significantly less power than a desktop, it does offer something very valuable; it indeed is a proven secure computing platform.

Sumarrizing it, we may say that a smart card is a portable, tamper-resistant computer with a well organized data storage in the form of a file system on the embedded memory. It has the exact shape and size of a regular credit/debit card, can hold varying amout of data or sensitive information, and can do a limited amount of data processing as well, and can be coupled to specialized co processors to perfrom heavy number crunching.

The central processing unit (CPU) in a smart card is typically an 8-bit microcontroller (Offered by several vendors like Atmel© )that has the computing power measured in MIPS; however, 32-bit processors are now commonplace in the smart card world. However, you do need a Smart Card reader to let a computer and a smart card communicate, you place the card in or near (in the case of contactless smart cards) the smart card reader, which is connected to the computer via a serial or USB interface.

until next blog,

– Editor (

October 27, 2006 Posted by | Uncategorized | Leave a comment

Where to get Smart Card Subsembly?

You may try Subsembly for free by downloading it from the Subsembly website. It also contains other, similar products that you might be interested in.

Just visit for a download of the trial version.

You can download the professional edition, and it doesn’t have a time limit for trial.
But I’m sure once you get used to it, you’ll soon be deploying all your Smart Card enabled applications using Subsembly.
-The Editor (

October 27, 2006 Posted by | Subsembly | Leave a comment

Are there any deployment issues with Smart Card Subsembly?

I mentioned earlier that you’re free to distribute the binary versions of the Subsembly Assemblies with your product without paying anything once you’ve obtained a license for Subsembly. It’s royalty free, and free email support is provided as a bonus.
With the copy and paste approach of .Net deployment, the Subsembly works fine. But you may choose to deploy it in the GAC if you’re shipping several applications that use these assemblies.
-The Editor (

October 27, 2006 Posted by | Subsembly | Leave a comment

How much does Subsembly Cost?

As explained above, a lot of flavors of Subsembly are available and can be purchased to match your requirements and budget. Personally I believe the prices are nominal for a quality product like Subsembly. Below are the versions offered with their pricing details:

Smartcard Subsembly for .NET

  1. Smartcard Subsembly (Professional) Development Kit EUR 198,00

  2. Smartcard Subsembly (PC/SC Edition) EUR 98,00

  3. Smartcard Subsembly (CT-API Edition) EUR 98,00

Now i have heard that the prices are reduced and there is a discount as well 🙂

So why not grab a copy,

-The Editor (

October 27, 2006 Posted by | Subsembly | Leave a comment