CardOS V5.3 offers the following general features:
` ISO/IEC 7816 compatible commands
` Compatibility with the most important international standards providing long-term security for integration in standardized environments (readers, applications, etc.)
` Expandability of the operating system with the subsequent addition of software packages
` Integrity protection of all active software packages preventing the use of corrupt software
` “Command chaining” in accordance with ISO/IEC 7816-4
` A dynamic, flexible file system based on ISO/IEC 7816-4 with the following characteristics:
– Number of files and folders with any depth of nesting
– Support of Short File IDs
– Dynamic memory management for optimal utilization of the available EEPROM
– Protection mechanisms against EEPROM defects, power failure and card tearing
– Flexible Memory Management for RAM and EEPROM
` Support of CV (card verifiable) certificates
– Extraction and use of the public key directly from the certificate
– Verification of certificates and certificate chains
CardOS V5.3 provides a large number of cryptographic functions and algorithms, such as:
` Symmetric Algorithms
– Triple DES (CBC) with ISO padding
– DES MAC3 and Retail MAC with ISO or ANSI padding
– AES (CBC) with key length 128, 192, 256 bit
– AES CMAC with ISO padding
` Asymmetric algorithms
– RSA based on CRT with an arbitrary public exponent with key length up to 4096 bit
– PKCS#1-BT1 or PKCS#1-BT2 padding
– PSS Padding according to PKCS#1 V2.1
– Elliptic Curve Cryptography based on GF(p) with key length up to 512 bit
` Calculation of cryptographic hash values with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
` Creation and verification of digital signatures with RSA and ECDSA
` Internal and external key generation for RSA and EC keys
` Secured key import with Secure Messaging
` Key Agreement with EC-Diffie-Hellmann (ECDH), EC Key Agreement of ElGamal Type (EC-KAEG)
` Flexible derivation of session keys
` True random number generator.
Transmission protocol according to ISO/IEC 7816-3
` T=1 protocol
` Support of extended length APDUs according to ISO/IEC 7816-4
` Up to four logical channels
` Support of protocol parameter selection (PPS)
` Support of WTX (Waiting Time eXtension)
` Fast, selectable card communication with up to 436 kbaud.
CardOS 5.3 is based on the innovative digital security technology ‘Integrity Guard’ from Infineon and is implemented on the SLE78 next generation security controller platform using SOLID FLASHTM 1 . SOLID FLASHTM products offer significant value add like increased logistic flexibility and faster time to market. CardOS V5.3 is available on the chip SLE78CFX3000P providing 96 kByte user memory. Certification covers also the derivates SLE78CFX2400P and SLE78CFX4000P, which are available on request depending on the memory needs of the application. CardOS5.3 is available as smart card in ID-1, ID-000 or Micro SIM format.
CardOS V5.3 is certified according to Common Criteria EAL4+ in compliance with:
` SSCD-PP Type 3 (CWA 14169)
` German signature law/ordinance on electronic signatures (SigG/SigV) with respective signature applications.
Initialization and Personalization
The partly patented personalization and initialization procedures facilitate cost-efficient mass production of the CardOS V5.3 cards as well as high performance, highly secure modification of existing applications and the addition of new applications in the field.
` Support of independent personalization for individual applications
` Integrated security concept for initialization and personalization.
CardOS V5.3 provides support for contact based eID features according to ICAO DOC9303 and BSI TR-03110
` Basic Access Control (BAC)
` Extended Access Control (EACv1)
– Chip Authentication (CA) with ECDH
– Terminal Authentication (TA) with ECDSA
` Restricted Identification (RI) with ECDH.