1、 ETSI TR 102 242 V3.0.0 (2003-06)Technical Report Smart Cards;Terminal - card interface;Considerations on robustness improvementsETSI ETSI TR 102 242 V3.0.0 (2003-06) 2 Reference DTR/SCP-010287 Keywords EMC, smart card ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 9
2、2 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available
3、in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a speci
4、fic network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors
5、in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights
6、 reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of
7、the 3GPP Organizational Partners. ETSI ETSI TR 102 242 V3.0.0 (2003-06) 3 Contents Intellectual Property Rights4 Foreword.4 Introduction 4 1 Scope 5 2 References 5 3 Definitions and abbreviations.5 3.1 Definitions5 3.2 Abbreviations .5 4 Failure mechanisms and applicable countermeasures6 4.1 Mechani
8、cal failures 6 4.1.1 RST pin.6 4.1.2 CLK pin 7 4.1.3 I/O pin.7 4.2 Interference from external signals 7 4.2.1 Consequences of interference on the I/O pin 7 4.2.2 Design recommendations to limit interference effect .7 4.2.2.1 I/O routines and error detection 7 4.2.2.2 Terminal design.8 4.2.2.2.1 RF c
9、onductivity from transmitter to card 8 4.2.2.2.2 RF power level causing transmission problems 9 4.2.2.3 Card silicon design10 5 Further improvement to the interface robustness .10 5.1 Decreasing the suggested pull-up resistor value.10 5.2 Using a low impedance driver on the high side: Push-pull driv
10、er on the I/O line11 5.3 Using different voltages for bus and card operation.11 5.4 Using differential data signals 11 6 Summary of failure mechanisms and countermeasures .12 7 Conclusion12 History 14 ETSI ETSI TR 102 242 V3.0.0 (2003-06) 4 Intellectual Property Rights IPRs essential or potentially
11、essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs n
12、otified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
13、 can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Project Smart Card Platform (SCP). Introduct
14、ion Extensive use of the GSM specifications has revealed a potential weakness of the communication interface between card and terminal. The evaluation has shown that radiated RF bursts could generate significant I/O line voltage drops that could lead to major communication interference. It was also
15、noticed that the I/O voltage drop did not depend on voltage supply but on RF emission power and the technology used in the card and card reader implementation, thus making the interface more sensitive to RF radiation when operating at the lower voltage classes. In addition, the present document iden
16、tifies other potential weaknesses of the currently specified terminal-card interface, lists existing mechanisms and identifies countermeasures and enhancements that may improve the interface robustness. Some of the identified countermeasures do not require any change in the current standards. These
17、should be applied in Terminals and SIM/UICC silicon design in order to reduce the risk of having interface malfunction especially at low voltage operation. Other countermeasures have been outlined that would provide further improvement of the operation. They would require changes in the standards th
18、at will be studied and proposed in further documents. ETSI ETSI TR 102 242 V3.0.0 (2003-06) 5 1 Scope The present document describes: the failure mechanisms that could potentially generate major operating issues between the terminal and the card; the countermeasures that should be applied within the
19、 current specifications; the enhancements that may further increase the interface robustness. 2 References For the purposes of this Technical Report (TR), the following references apply: 1 ISO/IEC 7816-3: “Information technology - Identification cards - Integrated circuit(s) cards with contacts - Pa
20、rt 3: Electronic signals and transmission protocols“. 2 ETSI TS 102 221: “Smart cards; UICC-Terminal interface; Physical and logical characteristics“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: Answer To Reset
21、(ATR): string of characters sent by the card following a reset sequence card: smart card, SIM or UICC clock: clock provided by the terminal to the card terminal: handset, ME or UE reader: hardware used to connect the card to the terminal printed circuit board 3.2 Abbreviations For the purposes of th
22、e present document, the following abbreviations apply: ATR Answer To Reset CLK Clock signal provided by the terminal to the card I/O bi-directional communication line between the terminal and the card ME Mobile Equipment MF Master File PCB Printed Circuit Board RST Reset signal provided by the termi
23、nal T=0, T=1 Communications protocols defined in ISO/IEC 7816 standards TDMA Time Division Multiple Access ETSI ETSI TR 102 242 V3.0.0 (2003-06) 6 4 Failure mechanisms and applicable countermeasures There are basically two main categories. One is the contact problem that can occur between the reader
24、 and the card. The card is connected to terminal using a reader with spring contacts. In particular in a mobile application the terminal is subject to vibration and drop, the conformance requirements is that the terminal shall withstand certain vibration and free fall. The mechanical stress is propa
25、gated through the mechanics of the terminal to the card reader causing bending and contact problems. Another source for contact problems is dust and wear of the contacts surfaces in general. The card is seldom removed from the reader and depending upon the reader design removing the card may not hav
26、e a cleaning effect on the contacts. Also the problem with excessive wear on the contact plating due to frequent removal or improper reader design may on a long term cause contact problems. Another failure mechanism is interference caused by external sources. These problems are seen as increased noi
27、se level on the signals between the card and the terminal. The sensitivity or immunity against external interference is depending upon the impedance of the electrical signals and the way the connection has been implemented. The immunity to interference is also depending upon how the interface is ope
28、rated. The two categories are described hereafter, together with the already specified or recommended countermeasures. 4.1 Mechanical failures These failures are considered as momentary disconnection of a contact. The way this happens is of no importance. Contact failures on some contacts will be ca
29、tastrophic and can not be rescued as is the case with contacts related to the communication and control interface (CLK, RST, I/O). A contact failure on the power and ground cannot be encountered for except in a situation where the power consumption is very low and there is an energy storage on the c
30、ard, as an example a capacitor on the card between power and ground. In this case a contact failure on the power and ground may to some extent be covered up for. As a general conclusion contact problems on power and ground signals cannot be covered up. Contact problems on the communication and contr
31、ol contacts can be covered up so that they do not affect the system or the state of the card. In order to find out what is needed as study of the behaviour of each contact is needed and to identify the state which these signals are in most of the time. The interface has an idle state which it is in
32、when there is no activity on the interface. In a telecom application the idle state may be the state in which the card is in most of the time, which means that a contact problem is more likely to occur in this state. In the analysis the assumption is that only that contact is disconnected from the t
33、erminal, other combinations may occur. 4.1.1 RST pin The Reset signal is in the physical high state except during the start up sequence on the card. In order to prevent uncontrolled reset of the card due to contact problems having a weak pull-up on the card inside would not cause any change in the s
34、tate of this signal on the card side if the connection on this side is momentarily disconnected. Having a pull-down in the card on this signal inside the card would cause an automatic reset of the card. Once the contact to the terminal is established the reset is pulled high and if the clock is runn
35、ing the card would return the ATR which would cause confusion. Depending upon the implementation in the card if the clock is not running when this failure would occur the ATR may not be transmitted until the clock is started. When the terminal starts the clock it means that a command will be sent. T
36、his command will collide with the ATR and the terminal will not get the response to the transmitted command and the ATR sent by the card would be lost. The state of the card would be that the MF is selected as after a normal successful ATR. This would lead to a situation where the ME has different i
37、nformation regarding the current directory, where the pointers are in the card. This will lead to a mismatch in the commands sent to the terminal with respect to the current state of the card. The outcome of the scenarios is that in order to minimize the impact on contact problems on the reset conta
38、ct the card should contain a weak pull-up in order not to cause unexpected ATRs to be transmitted upon a contact failure on the RST line. ETSI ETSI TR 102 242 V3.0.0 (2003-06) 7 4.1.2 CLK pin A connection problem on the CLK contact is a problem when the clock is running. In case the clock is stopped
39、 if a resistor is connected to the corresponding level of the clock stop the problem can be covered up for. The card should indicate the relevant preferred clock stop level. 4.1.3 I/O pin The natural level of the I/O signal is high. Therefore including a weak pull-up in the card on the I/O line woul
40、d cover up for contact failures during sleep or idle when the I/O line is in its high state. 4.2 Interference from external signals Due to the nature of the buffer used for the signal generation, not all of the card pins are equally subject to this kind of interference. As a matter of fact, the high
41、 impedance nature of the I/O pin at the high logical level makes it more sensitive. Thus, only interference on I/O pin is part of this analysis. 4.2.1 Consequences of interference on the I/O pin As expressed before, only the “high“ level of the I/O can suffer from interference as the signal is asser
42、ted through a pull up resistor. A strong interference can generate a parasitic pulse on the I/O that could have different effects depending upon the card state: The card is in Idle mode, the clock is running: Depending on the pulse duration, it could be ignored (not long enough to be recognized as a
43、 start bit), or processed as a start bit, leading to a communication error (parity error regardless of the convention) followed by a retransmit request from the receiver(s) (both terminal and card could potentially see the pulse). The card is in Idle mode, the clock is stopped: If the I/O signal is
44、not clock edge sampled, the card can enter an undefined mode, that could lead to a locked state. A communication is on going on the interface: The pulse can corrupt the received byte, leading to communication error. A well designed communication error processing routine should reduce the effect of s
45、uch case. 4.2.2 Design recommendations to limit interference effect There are basic design recommendations within the current ISO/IEC 7816-3 1 and TS 102 221 2 specifications that exist to limit the identified potential issues that would at least create severe communication problems and in worst cas
46、e lead to the card becoming mute to the terminal requests. These could be split in two categories, interference limitation by the terminal design and interference resistance by the card/silicon design. 4.2.2.1 I/O routines and error detection From previously identified effects of interference on the
47、 I/O pin, it could be concluded that communication errors have to be carefully taken into account for the I/O routines design: Parity checking and retransmission request in T=0 have to be handled on both sides; The terminal and the card could potentially receive unexpected characters and should disc
48、ard them; Even if all care is taken, the terminal and card may not detect all communication corruption, as current parity check do not cover multiple bit value corruption. The last point is the most critical, as it is highly impossible to protect against it when using T=0 protocol. T=1 protocol impl
49、ements redundancy checking on blocks (LRC or CRC) and provides a better fault detection. From that aspect, T=1 may then be preferable to increase communication robustness. ETSI ETSI TR 102 242 V3.0.0 (2003-06) 8 However corrupted bytes could still be processed by the card. The terminal should then be tolerant to error messages such as for example class not supported or instruction code not recognized. In this case, the terminal should perform retries rather than consider the card as faulty. 4.2.2.2 Terminal design The major source of interference
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1