eecs 598-2:smartcards
lecture 5

peter honeyman
citi

T=1
  o  I-block: information
     o  application layer data transparency
  o  R-block: reception and acknowledgement
     o  alternating bit
     o  ack or nak
  o  S-block: system
     o  protocol control

T=1

T=1
  o  NAD: node address
     o  SAD: three bit source address
     o  DAD: three bit destination address
     o  for multichannel applications
     o  other bits vestigial
  o  PCB: protocol control byte
     o  signals {I,R,S}-block
     o  alternating bit
     o  R-block: ack/nak

T=1
  o  LEN: 0 to 254
  o  APDU: CLA, INS, P{1,2,3}, ... 
  o  EDC: two-byte crc or one-byte xor
  o  chaining is defined, but not generally used

error control
  o  T=0
     o  quick and dirty
  o  T=1
     o  supports secure messaging
     o  good layer separation

iso 7816-4
  o  command APDU
     o  CLA, INS, P1, P2, body
        o  Lc, data, Le
  o  response APDU
     o  body
        o  length: Le
     o  SW1: error category
     o  SW2: command specific field

SW1, SW2

iso 7816-4
  o  file system api
  o  security api

let's talk about security
  o  kerberos+smartcard

smartcard kerberos client
  o  key is not exposed to user, workstation, or network
  o  no password