Smartcard Devices
The term “smartcard” herein denotes any device which may be conveniently carried upon one's person and which contains an active internal logic device capable of securely interfacing with and exchanging data with specifically authorized external devices. Smartcards are sometimes referred to as “integrated circuit cards” or “chip cards”. Generally, smartcards contain memory, a microcontroller with its associated logic memory, and executable code.
One salient feature of many smartcard devices is that their stored data can be protected against unauthorized access and manipulation by restricting access to an interface that is controlled by an operating system and security logic. Confidential data can thus be written to a smartcard and stored in a manner that prevents the data from ever being read by a device external to the smartcard.
The International Standard Organization (ISO) publishes mechanical and electrical specifications for smartcards such as the ISO 7816 group of standards. Smartcards based on the standards for integrated circuit cards generally conform thereto, where applicable, but also include features not necessarily described therein. Smartcards are generally differentiated by the amount of included memory, the Integrated Circuit (IC), capability of handling complex processing, cryptographic scheme, electrical interface, and mechanical layout.
Purposes to which smartcards may be applied include, but are not limited to, public telephony cards, bank cards used in Point-of-Sale (POS) terminals and Automatic Teller Machines (ATMs), Pay TV in set-top boxes, and wireless telecom operators implementing Subscriber Identity Module (SIM) cards in Global System for Mobile (GSM) terminals. SIM cards are of particular interest because of (a) their small form factor, (b) they are put in place only once with the power off, and (c) their commercial importance. With the introduction of the Universal Mobile Telecommunication System (UMTS) as the third-generation (3G) European mobile phone technology, a new version of the SIM card called USIM (UMTS Subscriber Identity Module or Universal Subscriber Identity Module) has been introduced for the UMTS mobile network. USIM cards contain relevant information for enabling access to a UMTS-subscribed operator network. Both the SIM card and the USIM card fall within the smartcard category.
The use of smartcards with mobile telephones has been especially significant in promoting the international proliferation of smartcards. GSM phones utilize smartcards as an access medium in part because smartcards allow a high degree of security to be achieved when accessing the mobile telephone network, and also because they provide new possibilities and thus major advantages in marketing mobile telephones, since they enable network operators and service providers to sell telephones and services separately.
FIG. 1 illustrates an example of a prior art smartcard architecture. The card (4) includes a set of pins (1) defined by the ISO standard for connecting to a host system including clock, data signal for data transfer, reset signal, and power pins. A CPU (3) is connected to the pins(1) via a bus interface (2). The CPU (3) has access to an area of ROM (7) that stores executable code, to RAM (5), and an EEPROM component (6) used mainly for storing configurable data (e.g. private encryption keys). For supporting large amounts of data and/or demanding applications, enhanced memory capacity in the form of flash memory may also be provided.
FIG. 2A illustrates the mechanical layout of a prior art ISO-compatible smartcard (41) and the set of eight terminals (40) used to interface with the card. The ISO standard defines only five pins, while the three additional pins are reserved for future use.
FIG. 2B illustrates the physical form factor of a prior art SIM or USIM card.
Besides the ISO interface, other smartcards interfaces have been defined. These additional interfaces usually provide high-speed data transfer, and are mainly for use with high-capacity memory cards. Typical smartcard interfaces include but are not limited to Secure Digital (SD), Multi Media Card (MMC), and wireless/contactless interface. Lately, Universal Serial Bus (USB) has been suggested as another potential interface for smartcards. New interfaces either use the reserved ISO pins or define a new set of pins in addition to or instead of the ISO-standard pins.
FIG. 3 illustrates an exemplary architecture of a prior art advanced smartcard. In this example, two internal buses (14) and (15) allow independent access to the CPU (13) via a standard ISO interface (10), and to a flash memory module (18) using a secondary USB interface (11). The ROM (9) is used for storing the operating system and application code.
The separate bus interfaces (16) and (17) allow independent access to the card resources. Two separate applications can access the card independently under this architecture. For example, a mobile phone with integrated MP3 player can access the internal flash memory via the USB bus (11) to access music data, while a cellular roaming application can access roaming-related information from a SIM function using the ISO bus (10).
Modern smartcard operating systems allow new applications to be uploaded to the card after the card has been issued to the user. The term “issuer” herein denotes any entity which distributes smartcards for a particular purpose or set of purposes. The term “user” herein denotes any person using, or attempting to use, a specific smartcard. The term “authorized user” herein denotes a person who has been given permission, or is “authorized”, to use that smartcard for a specific purpose or set of purposes. In many cases, the authorized user of a smartcard is the owner thereof, but the owner and authorized user need not be the same.
The new flexibility afforded by these modern smartcard operating systems opens up completely new application areas. For example, personal security modules, which are indispensable in Internet commerce and payments, are made trustworthy through the use of smartcards. These security modules can securely store personal keys and execute high-performance cryptographic algorithms. Security-related tasks can be performed in an elegant manner by a microprocessor with a cryptographic coprocessor.
The amount of memory provided within smartcards is increasing as new technologies are introduced enabling the production of high-capacity memory on a small die. Memory technology enhancements enable smartcards to support more applications by incorporating high-capacity flash memory on the card itself.
As mobile handsets with increased multimedia capabilities become available, and as service providers begin implementing broadband mobile services, the need for secure, scalable, and configurable high-capacity storage is becoming acute. One example of an enhanced large-capacity (U)SIM card is M-Systems' (Newark, Calif.) MegaSIM™ card module. With MegaSIM, (U)SIM card vendors can provide their mobile operator customers with a (U)SIM card enabling a variety of advanced mobile services, such as downloading MMS, MP3, and video clips, full Personal Information Management (PIM) functionality, and high-resolution picture storage.
With the emergence of new applications demanding large amounts of memory, high-end mobile phones have started providing a dedicated interface for memory cards to hold the data required by these applications. Typical applications include integrated cameras that require a large amount of memory to store still pictures and/or video clips, MP3 files, and Multi-Media Messaging Service (MMS) messages. Up until now, memory cards offered megabytes (MB) of memory and (U)SIM cards only kilobytes (KB). With the introduction of MegaSIM containing megabytes of memory, enhanced applications can utilize a (U)SIM card for both legacy use and to store large amounts of data for multimedia devices and applications.
In summary, the emergence of advanced operating systems running on smartcards, and multimedia applications such as digital stills or video pictures(MPEG files), music (MP3 files), games, and the need for higher memory capacity on smartcards opens up a variety of new opportunities to mobile network operators and service providers.
Execution of Executable Code Using Smartcard Devices
In many high-capacity memory cards, most of the memory provided is non-eXecute In Place (XIP) flash memory, which is based on NAND flash technology. This type of memory is much cheaper and denser than the typical non-volatile XIP memory based on EEPROM or NOR flash technology, and provides higher write/erase performance.
Currently, executable code is stored in ROM, or on embedded flash memory based on NOR flash technology, both of which are capable of directly executing code. Thus, the use of non-XIP flash memory prevents the on-board processor from executing code directly from internal mass memory storage based on NAND flash technology. In order to run an application that resides in this memory storage area, the application code must be copied from the non-XIP flash memory area to the XIP memory area. Moving the code requires an external copying through an external device or host device, where the external device reads the code and writes the code back to the executable memory area within the smartcard. This copying mechanism transfers the data via the smartcard interface(s), which, unfortunately, implies relatively slow performance. In addition, the above-described mechanism exposes the executable code on an external smartcard interface, subjecting the code to monitoring and/or copying while it is being transferred from non-XIP memory to XIP memory.
There is an ongoing need for high performance and secure smartcard devices for executing executable code stored non-volatile memory of the smartcard device.