A Protocol for Programmable Smart Cards

This paper presents an open protocol for interoperability across multi-vendor programmable smart cards. It allows exposition of on-card storage and cryptographic services to host applications in a unified, card-independent way. Its design, inspired by the standardization of on-card Java language and cryptographic API, has been kept as generic and modular as possible. The protocol security model has been designed with the aim of allowing multiple applications to use the services exposed by a same card, with either a cooperative or a no-interference approach, depending on application requirements. Existing protocols for smart card interoperability define powerful and sophisticated card services, intended to be hard-coded into the device hardware. The presented protocol, instead, is intended to be implemented in software on programmable smart cards. By defining simple functionalities, it allows to achieve a small management code that, once loaded onto a card, leaves enough free memory for application data, cryptographic keys or further programs. A card-side implementation of the protocol has been developed as an open source Applet for Java Card 2.1.x compliant cards. On the host-side, the protocol has been implemented into an open-source, modular smart card middleware, portable among Unix like platforms, that exposes a new smart card API to the upper software layers. Various open source programs have been developed using the new middleware, including digital signature, console login, remote terminal, and card management tools, proving effectiveness of the new protocol in the context of widely used applications, despite its reduced functionalities.