1, CPU card and operating system COS
The CPU card is an IC card with a microprocessor in an integrated circuit of the IC card. The hardware of the CPU card is mainly composed of a microprocessor (CPU), a program memory (ROM), a temporary working memory (RAM), a user memory (EEPROM), an input/output interface, a security logic, and an encryption and decryption operation coprocessor (ACE). As can be seen from Figure 1, the hardware of the smart IC card is a small microprocessor system, but there are more designs in terms of security; and the software system monitoring program or operating system is the key to realize the security of the smart IC card. .
Figure 1 CPU card hardware structure Like a normal computer, the CPU card has its own operating system, usually called the chip card operating system COS (ChipOperatingSystem). DOS for PCs is an open operating system, while COS is very secure. COS usually has its own security system. The safety performance of COS is usually an important technical indicator for measuring COS.
COS consists of five functional modules: security management, command interpretation, resource management, file management, and communication management. COS is the user interface between the application and the card; it is the master dispatcher of the hardware (RAM, PROM, EEPROM) in the card; it is the security guard of the card; it is the basis for realizing all relevant international standards.
2. Technical Features of Tianyu TYCOS Tianyu TYCOS is an operating system of CPU card chip with independent copyright developed by Tianyu Information Industry Co., Ltd., which is in line with China Financial Integrated Circuit (IC) Card Specification and China Financial Integration. Circuit (IC) Card Application Specification and "China Financial IC Card Pilot PSAM Application Specification" and ISO7816 series standards, and passed the inspection by the Bank of China's Bank Card Testing Center. Tianyu TYCOS is developed in the C language environment, has a good module structure, the system is easy to update and transplant, TYCOS has the following characteristics:
â— Support user program code download, put some key programs and password algorithms into EEPROM, and ensure that the program and information data are not completely obtained by the chip manufacturer from the system mode;
â— Support single DES, 3DES encryption algorithm;
â— Support RSA algorithm and digital signature on SLE66CX chip;
â— Support line encryption and line protection functions;
â— Support one card for multiple uses (multiple directories can be built), and firewalls are installed between applications;
â— Support e-wallet function;
â— Support 2K, 4K, 8K, 16K, 32K capacity;
â— Support ISO7816T=0, T=1 (optional) communication protocol.
Tianyu TYCOS can be widely used in smart card applications such as finance, insurance, traffic management, social security, security certification and encryption, medical care, public utility charges, e-commerce, and electronic licenses.
3, Tianyu TYCOS file structure (1) File logical structure File system is the key to the development of the chip operating system COS, directly affecting the performance of the operating system. Tianyu TYCOS file system is organized on the basis of "China Financial Integrated Circuit IC Card Specification and Application Specification" and ISO7816-4. It adopts a linked list structure, which consists of MasterFile, DedicicateFile and Basic. The file (ElementaryFile) is composed. The original version of TYCOS v2.0 can only build a second-level directory. At present, TYCOS can build any directory under the condition of card capacity, and the basic files (binary files, record files, KEY files) support line encryption, line protection, files. The hierarchical structure is shown in Figure 2:
â—MF file:
The MF file is a special DF file, which is the root of the file system. It exists only in the card. The file identifier is 3F00, which is equivalent to the root directory of DOS. DF and EF files can be built under MF, and the card is automatically selected after reset.
â—DF file:
The DF file is equivalent to a subdirectory of DOS. Each DF can build its own EF file, and can also build a subdirectory DDF. Any DF is physically and logically independent, and has its own complete mechanism, that is, a firewall between multiple applications.
â— EF file:
The basic file EF stores data and management information for various applications, which exist under MF and DF. EF is divided into two categories from the storage content: internal basic files and working basic files.
The internal basic file is used to store the key (KEY file, RSA public key, RSA private key, etc.), and the internal basic file cannot be read by the outside world, but the password operation can be modified or performed when the permission of the license is satisfied.
The working basic file contains the actual data of the application. When the EF is read or modified, the content can be read and modified. The basic working files can be divided into binary files, fixed length recording files, circular recording files, variable length recording files, and wallet (passbook) files.
(2) Spatial structure of the file The format of each file stored in the EEPROM is as follows:
File header (13 bytes)
(file type, file identifier, file linked list information, space size, permissions)
The file space of the main body of the document TYCOS is divided as follows:
When you have finished building the MF, TYCOS automatically assigns the entire EEPROM space to it. The file header length of the MF is 13 bytes + the file name length (5-16 bytes).
The space occupied by each DF = DF file header space (equivalent to MF) + the sum of all file spaces under DF.
The space of the binary structure file = file header space (13 bytes) + the space requested by EF.
The space of the fixed length record and the loop fixed length record file = file header space (13 bytes) + number of records × record length.
Space for variable length record structure file = file header space (13 bytes) + space for application at build time.
Space of secure basic file = file header space (13 bytes) + number of keys × (25 bytes).
The space of the wallet file = file header (13 bytes) + file body (17 bytes).
The space of the passbook file = file header (13 bytes) + file body (20 bytes).
4. Development Strategy of Tianyu TYCOS Tianyu Information Industry Co., Ltd. relies on the advantages of science and technology and talents of Huazhong University of Science and Technology. The company regards the security issues in the information field as the research focus in smart cards, and is committed to the fields of finance, telecommunications, public information security, etc. The research and development of smart card related products, tracking the latest specifications of the world's advanced technology and smart cards, combined with China's national conditions, continuous development and innovation, and efforts to revitalize the national information industry.
(1) Development of bank application card operating system Tianyu's bank application IC card operating system is based on the following specifications, which combines security and adaptability to continuously improve products.
â—ISO7816 Specification â— China Financial Integrated Circuit (IC) Card Specification â— China Financial Integrated Circuit (IC) Card Application Specification â— China Financial IC Card PSAM Card Application Specification (2) Communication Application Card Operating System Development In recent years, with China's economy With the acceleration of globalization and informationization, GSM networks are rapidly spreading. China has the world's largest GSM network, and CDMA is also constantly developing under the promotion of China Unicom. As the only means of personalization of mobile stations in any cellular network, SIM cards have great market prospects in China. Tianyu Information Industry Co., Ltd. is about to launch TYCOS/SIM. Its features are:
â— Support A3 and A8 algorithms.
â— Support download function, provide download capability of A3 and A8 algorithms.
â— Support line encryption and line protection.
â— Support for implementing multiple different applications on a single card.
â— Support multiple communication rates.
â— Supports controllable clock frequency selection.
â— Supports a variety of capacity options, including 4K, 8K, 16K, 32K bytes of EEPROM.
â— Meet the requirements of ETSI specifications such as GSM02.17, 09.91, 11.11, 11.12, and 11.14 (optional).
Meet the special needs of value-added services, provide application development kits (STK), and develop appropriate applications for specific needs.
(3) Development of information security card operating system In the development boom of Internet and e-commerce, network (information) security is the most important problem to be solved. In the security aspect of ensuring the confidentiality and integrity of information transmission, the non-repudiation of sending information, and the certainty of the identity of the trader, most of them are now solved by means of digital certificates and security certification. Nowadays, the operating system of the PC generally has security problems. The private key, public key and digital certificate used for security authentication are highly vulnerable to attack and destruction in the PC. With its own superiority, smart cards have become an internationally recognized network security user terminal solution. Tianyu's TYCOS/RSA not only can store public keys, private keys and digital certificates in the card, but also can quickly complete signature, authentication, encryption, decryption and other operations in the card, which is an ideal information security guard. In order to achieve a more organic combination of smart cards and PCs, smart cards and the Internet, smart cards and e-commerce, Tianyu continues to track world standards (PC/SC, Javaard, OpenCard) and develop more advanced information security card operating systems.
Ningbo XISXI E-commerce Co., Ltd , https://www.petspetsdoggze.com