Depending on the type of chip embedded, IC cards can be divided into the following three types:
Memory card: an integrated circuit on a card that is an electrically erased, programmable read-only memory called EEPROM.The card itself does not provide hardware encryption, can only store data encrypted through the system, is easy to crack.
Logic encryption card: the integrated circuit inside the card includes the encryption logic circuit and the programmable read-only memory EEPROM. The encryption logic circuit protects the card and the data in the card to a certain extent, but only the low-level protection, unable to prevent malicious attacks.
CPU card: CPU card is also called smart card. The integrated circuit in the card includes CPU of central processing unit (CPU), programmable read-only memory (EEPROM), random access memory (RAM), COS (Chip Operating System) and read-only memory (ROM).The card is equivalent to a microcomputer without a monitor and keyboard. The data in the card is divided into two parts: external reading and internal processing to ensure the security and reliability of the data in the card. Due to the high security, can be offline operation, can calculate the outstanding advantages of programming, financial IC card is used CPU card.
Generally speaking, memory card and logic encryption card operation, the use of contact IC card with reader; Use the CPU card reader on the CPU card. The so-called "universal card reader" means that it can operate on most popular memory cards and logically-encrypted cards.As the CPU card has ISO/IEC 7816.3/4 specification, its communication protocol, command format are compatible, is regarded as a card. Of course, there are also real contact universal card readers that combine the "universal card reader" with the CPU card reader. PC IC card application software programming, the key is to understand the card data structure and call card reader function. In this respect, non-CPU cards and CPU CARDS have a significant difference.
A non-CPU card must be familiar with the card's storage structure and be able to identify the manufacturer area, the cipher area, the data control area, the data area (application area)...;CPU card, do not need to care about the address of the data, just focus on the structure of the file system: the main file (MF, equivalent to the DOS file system root directory), dedicated files (DF, equivalent to the DOS file system directory, can have multiple layers), basic files (EF, equivalent to the DOS file system file).The basic file types of CPU cards are only transparent (binary) files, (fixed and variable length) linear recording files and circular recording files, but due to the needs of COS internal control, some specific "variants" are derived -- reset response files, password files, key files, DIR files, SFI files
Pure memory cards are free to read; Access control for non-CPU logically encrypted cards requires mastery of password control, authentication control, specific data control flag bytes, and card fuses for a particular card (not necessarily all of these controls on a card).The CPU card access control, is defined in the creation of the file, read, write, change respectively whether to authenticate, with which key, whether to password, whether to MAC authentication, and so on. Note that the format of the create file command varies with the COS, so you need to be familiar with its COS manual.
About the card operation, non-CPU card access is generally through the call function directly completed, the big deal needs to be familiar with the call parameters. In addition to the CPU card device command (test card, power up and down, select card, etc.) and card reset command, all card commands are executed through a general command function, so you need to be familiar with the command of the COS manual. The COS card operation command has a uniform format: CLA (command Class), INS (command Instruction), P1 (parameter 1), P2 (parameter 2), Lc (command Data field length), Data and Le (response Data field length).Except for Data, the command fields are all 1-byte hexadecimal Numbers. Data fields are hexadecimal strings of Numbers, which can be binary Numbers, BCD codes, ASCII codes of text, and so on. It's kind of like assembly language. When calling the command function, the command string can be substituted into the corresponding parameters.
