SLE5542,SLE5542 Contact Smart Cards,SLE4442 Contact Smart Cards,Memory Overview SLE 4442,

Memory Overview SLE 554242
SLE5542,SLE5542 Contact Smart Cards,SLE4442 Contact Smart Cards,Package Outlines Wire-Bonded Module M3,  

When a file is to be accessed by a command, the following procedure is used. First, the operating system tests whether the explicitly or implicitly referenced EFARR and the appropriate record are present. If they are not, access is denied. Next, the EFARR is searched for an access mode (AM) data object for the requested access. If this data object is found, the specified security condition (SC) is tested; otherwise access is again denied. If the security condition is met, access to the file with the corresponding command is allowed. To help clarify the information provided in the above tables, some typical examples of entries in an EFARR are shown in Tables 5.18 through 5.20, coded using both expanded and compact formats. In summary, it can be noted with regard to access rules in accordance with ISO/IEC 7816-9 that although this system is quite powerful and highly flexible, it also demands a certain price from the smart card operating system in the form of additional memory space. Furthermore, in practice it is nearly impossible to manually code the access conditions for even simple smart card applications using these rule-based access conditions without the assistance of suitable software tools. Nevertheless, this concept for access to the resources of a smart card will come to prevail throughout the world, since the advantages of flexibility and standardization are highly important.




The access control principle is relatively simple. The resource to be protected is assigned a reference (which may be explicit or implicit) to one or more security attributes. These attributes consist of one or more access rules (ARs), which in turn are composed of access modes (AMs) and security conditions (SCs). Each access mode specifies the type of access, such as read or write, while the security conditions specify the security mechanisms (SMs) needed to allow the access conditions to be satisfied. An additional object that may be incorporated into the security rules is the current security environment (SE). All ISO/IEC 7816-9 security attributes are stored either in ‘compact format’ (to save memory space) or as regular TLV-coded data objects in the ‘expanded format’. Each of these formats provides similar access protection functionality, but the expanded format offers significantly more flexibility. For instance, with this format it is possible to generate a detailed specification of commands and associated parameters for accessing resources. The access rules are stored in one or more EFs with linear variable structure. Such EFs can be internal EFs (EFIs) or working EFs (EFWs), and they are given the name EFARR (access rule reference EF). The file identifier (FID) of such an EF can be freely chosen. If an EFI is used to store access rules, an implicit access to this EF is made via the operating system every time an access condition occurs. In the case of an EFW, the card resource to be protected contains a reference to the FID of the EFARR. In both cases, the card resource to be protected references the number of the record in the EFARR that contains the appropriate access rule. The advantage of a selectable EFARR (that is, an EFW) is primarily that its content can be modified using normal commands and corresponding access conditions. This creates enormous flexibility, since the access conditions for the resources of the smart card can be modified whenever so desired. It is important to mention that it is naturally not necessary to store a record in the EFARR for every EF. It is fully sufficient to store a single record for all EFs having identical access conditions and then reference this record from these EFs. This considerably reduces the number of records needed in the EFARR. The link between the EF and the EFARR exists in only one direction, rather than possibly being bidirectional. It is therefore not possible to determine which EF or EFs reference a particular record in the EFARR from within that record. This is important with regard to file management, since when an EF is deleted, it is not allowed to also delete the associated record in the EFARR, as it may be referenced by one or more other EFs.

Package Outlines Wire-Bonded Module M3


The allowed types of access to files can be specified using state-oriented or command-oriented access conditions.With state-oriented access conditions, the current security state is compared to the relevant access condition by means of a logical comparison operation. There are two types of current security state, which are the global security state (the security state of the smart card as a whole) and the local security state (the security state of the currently selected directory). By contrast, with command-oriented access conditions the access table in the file contains information about the commands that must be successfully executed prior to each type of access. Both types of access conditions (state-oriented and command-oriented) have been and will continue to be supported in various forms by commercial smart card operating systems. Until recently, the biggest problem has been the large variety of implementations and approaches that have been taken. The objective of the ISO/IEC 7816-9 standard is to define a uniform approach to accessing resources in smart cards, and it includes a section specifically devoted to this subject that specifies a very powerful model for access conditions for files as well as commands and data objects. Unfortunately, this model is also complicated. This universal access model unifies both state- and command-oriented access conditions, and to this it adds the possibility of specifying specific command sequences. Furthermore, ISO/IEC 7816-9 also allows the possibility of using specific data object tags to specify a state machine for the accesses. The concept is fully based on TLV-coded data objects, which as is well known, can be used very flexibly to create elegant IT structures. ISO/IEC 7816-9 defines ‘security attributes’ (SAs) that can be used to govern accesses and non-accesses and attain specific security states in the smart card. These security attributes control accesses to card resources such as files, commands and data objects, as well as SCQL tables and views.