The anti-tearing: concept and mechanisms
Tearing and Anti-tearing
A contactless smart card is an electronic object without its own power source. It operates only when it is remote-powered by the RF field of the reader.
But the user holding the card can at any time move it away from the reader. This is called tearing. The power source that operates the chip is inherently weak because the user can make it disappear at any time. If the power source disappears while the chip is writing in a non-volatile memory (E2PROM or flash), the concerned memory zone would have been written partially or would have been corrupted.
This problematic exists also in the case of contact cards but it is less annoying, because the user is used to let his card in the reader until the end of the transaction. The ATM’s or the parking terminals have the same motorised reader that “detain” the card during the transaction.
Anti-tearing is the concept that consists in giving the card countermeasures, hardware and/or software, to prevent that tearing during a writing results in corruption of the content stored in the memory.
Let’s assume that for example a card store a number of points or tokens, which initial value is 12345. The terminal wants to add 1 and to have a final value of 12346. If the card does not have an anti-tearing measure and that it is teared when its internal logic rewrites the value in the memory, the final value could be 12300, or 123FF, or 00000, or FFFFF….
The value will be associated to a checksum or to a control of integrity and cryptographic authenticity (CMAC) to determine the next time whether it is correct or not. But if it is incorrect, how can we know what would have been the correct value ?
The simplest method to solve this problem is to you a “mirroring” technology, which means double the storage memory and write and one area and then another.
If the writing is not ended, the old value is still stored in one of those areas which is used as a backup and allows to restore a coherent state at the next power up.
In counterparty to this ease of use, this method can rise the cost of the card because the size of the storage memory of the card should be doubled.
For cards that don’t have an anti-tearing, it is possible to implement the same principle of “mirroring” at the application level, by storing each data twice. In counterparty, the size of the useful memory is divided by two and the transaction time is doubled.
Another method consist in giving the chip a capacitor and a buffer memory.
When the terminal requests a writing operation, it is not realised directly in the non-volatile storage memory, but it is put on hold in the volatile buffer memory.
When all the expected data have been received, the card checks its power source and the load level of its capacitor. If its capacitor has loaded enough energy, it knows that the writing can begin because it will be able to finish it even in case of tearing.
But if the power supply is not present and the capacitor does not have enough energy the writing will not occur.
These two methods can be combined to lead some cards to a powerful transactional mechanism. Instead of protecting individual writing, anti-tearing coupled with the transactional mechanism will ensure the atomicity of a chain of several writings. They could either be all successful or the former content is preserved.
The interest of such a transactional mechanism is also to accelerate the error recovery and it is important for applications like transportation.
If the user takes away his card during the transaction, the terminal notifies the error and refuses the access. The user presents its card again. The terminal should begin a new transaction and realise a full processing, which takes time and risks to count to trips instead of one.
If the card has a transactional anti-tearing, the terminal can just read again the last event written in its transaction journal. If it is coherent with its own history, it can immediately free the way.
Contactless card for middle and high range integrate most of the time an anti-tearing mechanism that protects their metadata: configurations areas, cryptographic keys, files system organisation..
But anti-tearing to protect data zones is not systematic. If need be, you need to activate it file by file at the initial formatting.
Published on 11/20/2018