Smart cards in Russia

Geek Speak, Way back

In February 1995 I flew to Perm in eastern Russia as part of a two-man team installing a smartcard system for a local bank. I was responsible for designing and implementing the card production system that was being used.

For a marketing view of the system that we installed, visit Interlink’s Smart Bank pages. For a personal view, stay tuned…

The other member of the team, David Steed, worked on the overall design and the integration of the system into Interlink’s standard transaction processing system. The project was behind schedule and we were expected to finish the work on-site. Then we installed the product at three locations with the aid of our local business partners, ASIT. David and I did the installations in Perm and Berezniki and ASIT did the Gubakha installation.

The technology

The cards used for the system were GemPlus PCos cards. These cards were specifically designed for use as an electronic purse - where money is stored securely on the chip and can be used in appropriately equipped terminals to purchase goods. Our system consisted of two purses on each card. One purse was protected by a PIN (in the same way that use of a debit card would be PIN protected) and the second was designed for low-value transactions and was not protected. The low-value purse was intended for purchasing newspapers and other every-day things where the addition of a PIN entry phase would unduly slow the transaction. The cards issued had these twin purses with money stored in them in Roubles. The design allowed for multiple pairs of purses per card where each purse could store money in a different currency. The cards were “hybrid” in that they also had a magnetic stripe on the back which would store standard mag stripe data for using the card in a cash machine without smartcard functionality.

Point of sale terminals were sourced from Thyron and programmed by ASIT. They could either connect to the transaction processing system at the bank to upload transactions, or, for the areas where telephone communications were really bad, could download all transactions onto a “merchant smartcard” for uploading at a bank branch.

A second type of card was required for the merchant smartcards. These required none of the sophistication of the electronic purse cards but needed more memory to store transactions. OKI Oscar cards were chosen for this purpose.

Designing and coding a card production system

The card production software that I designed was based on Interlink’s existing magnetic stripe card production software, CardMaster. This was written in C and ran under MS-DOS.

The smartcards we used both conformed to ISO 7816, a common card standard. This meant that both accepted commands in a similar format, though each card supported “non standard” functions to access proprietary features. I decided that if I had a standard way to send these commands to the cards then I could have OKI and PCos specific card creation modules which both talked via the same interface to the devices that allowed us to communicate with the cards.

The first thing I did was get the system talking to these devices. We had several machines that to interface with: two smartcard “personalisers” and a magnetic swipe for writing the stripe on the back of the card. These were all fairly straightforward serial devices. Each with its own simple serial protocol. Although the existing software already supported many different kinds of magnetic stripe devices it was difficult to extend as each new card production device had just been hacked in. Since the smartcard interface was considerably different to the mag stripe devices I decided to work around much of the existing device support and made sure that it was easy to add support for new devices when required.

Though the code was to be in C, I used many C++ idioms when I designed the card production machine interface. At the design’s core was a structure storing function pointers, much like a virtual function table. Each device driver initialised this function pointer table and from then on all calls to the device were through wrapper functions that eventually called via the function pointers stored in the device driver structure. This structure was passed to each function call that operated on a device. It was only at the point of driver creation that you needed to be aware which driver it was you wanted to initialise. From then on all devices were treated the same. This worked very well and allowed me to add support for an additional device very late into the development, with very little difficulty.

Once the device support was in place it was relatively easy to write a common library of ISO 7816 smartcard functionality and then augment it for each specific card. Adding device drivers was easy because the smartcard specific code only communicated with the device drivers via a clearly defined interface. Adding support for new kinds of smartcard was easy since most of the code was in the ISO 7816 standard library and card specific changes could be written to extend this. The code turned out to be robust and easy to modify.

The trip

The trip was an eventful experience, certainly something I’ll never forget. Moscow airport was probably the most oppressive place I have ever been. It was like something from a Bond movie. Due to delivery problems with the smartcards I was carrying 12,000 cards in my hand luggage. I was supposed to be meeting ASIT’s managing director, Don Scott, at customs and he would have all of the correct paperwork. However it seemed that business in Russia didn’t operate like that. I presume Don had the paperwork incase it was required. It wasn’t required.

Being driven around Moscow in the rain in a crumbly Lada gives the impression that Moscow is hell. I was due to stay one night in Moscow and a hotel was deemed to be unnecessary as Don had a spare room. Don’s flat was a palace by Russian standards but a not much compared to what I was used to in the UK. The bullet-proof steel door is essential, apparently.

Moscow’s internal airport was like something from a time warp. You had to listen for someone saying “Perm”, quietly, and then follow them onto a ropy old bus which took you to a ropy old plane. Ah the wonders of internal Russian flights. I buried my head in a book and tried not to think of all the regulations that the “plane” wasn’t complying with. An hour or so later we were at Perm airport. A tarmac road with a shed next to it. It was cold but not amazingly so… Vladimir, ASIT’s representative in Perm, met me and we got the luggage, eventually…

David had been in Perm for a week prior to my arrival. It had been colder then, -20 at times where now it was only -8 or so. He’d sent requests for food parcels, I’d brought chocolate, nuts and various treats. The first night I was there we went to a local ice hockey match. It was amazing. The atmosphere was brilliant. It was the local team. They won…

Midway through the trip, recovering from shocking hangovers, we staggered into work to find that the ASIT office had been broken into. We gave finger prints to dodgy looking policemen and were thankful that the thieves had been disturbed and that our development machine was sitting in the middle of the floor with all its cables wrapped neatly around it. Due to problems with the machine’s tape drive, we had no source backup at that point. If the machine had been stolen we would have lost the lot…

After some time in Perm we took a train to Berezniki. The software was still not finished. The train took 9 hours to travel around 70 miles. Still, at least we had a lockable sleeping compartment… Berezniki was as bad as we had imagined. The sights near the train station were unbelievable. The place was a rusting, industrial, hell. The “apartment hotel” wasn’t too bad, in fact it was probably better than the Hotel Ural in Perm… The bank in Berezniki was still being built. The toilets were interesting. No lights. No windows. Very little running water. One evening, the people from the bank did us a real “home cooked” Russian meal, complete with a local delicacy, smoked fat… Luckily there was lots of vodka. There was always lots of vodka.

The boys from ASIT showed us a good time. Russian style. It was like being in a surreal film that you didn’t really want to watch. Quote of the day, “Be careful when you go to the toilet in the restaurant as most of the robberies that take place there happen in the toilet…” The taxi was driven around the snowy roads by a would be rally driver. We finally got to the restaurant. We were the first foreigners ever to visit. We ate in the special room and the food was OK though the pasta starter was a little hard to keep down, but then most of the Russian food was like that.

We eventually got the system working and installed. It looked like they would let us leave… We had a provisional booking for a car to take us to Perm at 5 in the evening. The driver wouldn’t guarantee a delivery time of under 6 hours due to the weather… We might miss our flight. It was still snowing and it wasn’t cute anymore. Vladimir took our tickets so that he could book us a plane for later in the week incase the Perm to Moscow plane was cancelled…

We made some last minute fixes and were finally ready to leave for Perm at around 7… The bank seem quite pleased with what we have done… There followed a nightmare drive from hell. The roads were dirt tracks covered in snow, with holes bigger than cars. Four hours driving with two feet of snow either side. Broken down vehicles, things that are so big that they shouldn’t have been on the tiny roads at all. We had taken the “winter road” since it should be quicker so we ended up driving over a frozen river… I never thought I’d be pleased to see Perm. Back to Vladimir’s place to pick up the cases and then on to Sergae’s place for food and sleep. We washed in freezing water, the hot water stopped a few months ago and nobody had found out why. Food courtesy of Sergae, nice try… We couldn’t stomach it.

A flight to Moscow? Please say it’s a flight to Moscow… The weather in Perm was better than Berezniki. The flight was still on.

We were up at 5.00 am and had no breakfast. Sergae had offered us some, but it looked like it would be the cold remains of the night before’s meal… Into a taxi and off to the airport. The bad luck that had plagued the trip struck again as David’s ticket was for the night flight and mine was for the morning one. Some fast talking by Sergae and 10,000 Roubles and we got David’s changed. The luggage was weighed and the excess paid, almost all of our Roubles were gone but we had around 3k US Dollars left and we would have spent it all to get home…

We finally got onto the plane. The scary thing was that wasn’t scary.. It was just Russian, and actually seemed reasonably good for something that was Russian. My seat was near the front, next to a stereotypical U-boat captain and David’s was at the rear, with the animals… The flight was uneventful and we landed at Moscow internal airport and were met by a taxi driver. The luggage failed to materialise and we eventually found out that since we were foreign it went somewhere else. We trecked across the runway to the “international hall” and, much to our surprise, there it was. We didn’t really care, we would have happily gone on with out it.

Moscow rush-hour on a Friday morning. Cars coming at you from all angles and swerving around the holes in the road. Another scary thing that wasn’t scary. We had adapted to Russia while we were in Berezniki and now Moscow seemed nice and the horrors seemed normal. We both agreed that we preferred it when it all seemed disturbing… We arrived at the ASIT offices, they were very plush, by Russian standards.

We did the tourist thing in Red Square. A quick look around the shops. We stopped off to have some food at the Moosehead, a Canadian bar. It was nice food. It was real food, the first for a long time. We stuffed ourselves silly. Then it was back in the taxi and off to Moscow International… Two hours to check in, the staff were on a go slow. Finally we were there, on a real plane, flying to a real country. Almost 24hrs since we left Perm. Stockholm. Euroclass lounge. Mineral water. We were so sick of coke and rusty coloured water. Half an hour delay, but who cared. It was the last leg of a 36hour journey… London. Heathrow. The real world. Home…