File attributes
Within its object-oriented definition, every EF has special attributes that define supplementary properties of the file. However, this depends on the operating system and the application area of the smart card. These attributes define properties of EFs that are primarily related to the EEPROM, and they arise from the potential uncertainty of the file contents and the possibility of write errors in EEPROM operations. These attributes are defined when the file is created and usually cannot be changed afterwards.

WORM attribute
One of the attributes based on the EEPROM storage medium is called WORM (write once, read multiple). If a file has this attribute, data can be written to the file one time only, but they can be read an unlimited number of times. This attribute can be implemented either in the hardware of the EEPROM or as a software function. The WORM attribute can be used, for example, to write a serial number in a file once and forever. This attribute is also used with personalization, in which information such as the cardholder’s name and the expiry date are permanently written to the card. This attribute is intended to be used to protect sensitive data against being overwritten. The best possible protection is provided if WORM access is possible at the hardware level, which means that the EEPROM has hardware protection that allows data to be written only once. However, even a software implementation provides much better protection than other comparable mechanisms.

Frequent writing attribute (‘high update activity’)
An attribute that is primarily defined and used in the GMS realm is a flag for ‘high update activity’. The only reason that this attribute exists is because an EEPROMhas a limited number of write/erase cycles. A file having this attribute can be written very often without having its data content be affected by write errors. This can be achieved by storing multiple copies when writing the data and using a majority vote when reading the data. Triple parallel storage is commonly used for writing, with a 2-of-3 majority vote for reading. An alternative mechanism is to switch from one copy of a multiple data set to another copy if a read error or checksum error occurs, fully transparent to the outside world.

EDC utilization attribute
An attribute that provides special protection for the user data in a file by means of an error detection code (EDC) is used for particularly sensitive data. This allows the ‘flipping’ of bits in the EEPROM to at least be detected. If multiple storage is used together with EDC protection, it is also possible to correct flipped bits. This ECC (error correction code) attribute is primarily used for electronic purses. Here the flipping of a memory cell amounts to the actual loss of money, since the current amount of money in the purse is stored in the file. The EDC and ECC file attributes are thus used to minimize the effects of bit flipping.

Atomic write access attribute
Recent smart card operating systems often include a mechanism that ensures that when a file is accessed for writing, the writing operation is executed either completely or not at all.5 Since this mechanism more than doubles the write access time for a file, it should in principle not be used for all files. A separate attribute allows this writing mechanism to be selectively applied to each file.

Concurrent access attribute
Smart card operating systems that support several logical channels often have a special file attribute for concurrent access. This attribute explicitly allows a file to be accessed for reading or writing by two or more commands at the same time if the smart card receives these commands via different logical channels that are concurrently open. It is important for this attribute to be specifically marked for the file, since with parallel access via different channels it is possible for data to be modified via one channel immediately before or after they are read via another channel. If the two processes are not synchronized, the data that are read will vary depending on when the commands reach the smart card. Consequently, concurrent access is generally not allowed, and access by any other channel is temporarily blocked when a file has been selected. Only after the file has been deselected is it possible for it to be accessed by another channel. The concurrent access attribute disables this block for a particular file. In this case, the relevant applications in the terminal are responsible for synchronizing parallel read and write processes. Of course, there is no problem if they only access the file for reading.

Data transmission selection attribute
The file management systems of smart cards that have both contact and contactless interfaces sometimes include a file attribute that determines which of the two interfaces may be used for accessing the file. This makes it possible to specify for each individual file whether commands may access a file via the contact interface and/or the contactless interface. With an electronic purse, for example, this attribute makes it very easy to allow purchases to be made only via the contact interface and the card to be loaded only via the contactless interface.