ROM
HardwareRead-Only Memory -- mask-programmed memory on a smart card chip containing the permanent operating system code, written during wafer fabrication and unalterable after production.
What Is ROM in Smart Cards?
Read-Only Memory (ROMROMHardwarePermanent mask-programmed OS memory on chip.Click to view →) is mask-programmed, non-volatile memory on a smart card chip that contains the permanent operating system code. ROM content is defined during the chip design phase and physically written into the silicon during wafer fabrication -- once manufactured, it cannot be modified, erased, or rewritten. This immutability is both ROM's primary security advantage and its key architectural constraint.
Role in Smart Card Architecture
Every smart card chip contains three types of memory working together:
| Memory Type | Size | Content | Modifiable |
|---|---|---|---|
| ROM | 96-512 KB | Operating system, crypto libraries, JavaCard VM | Never |
| EEPROM | 16-144 KB | Application data, keys, applets | Read/write (slow) |
| RAM | 4-10 KB | Session variables, APDUAPDUProtocolCommunication unit between card and reader.Click to view → buffers, stack | Volatile (lost on power-off) |
ROM holds the card's operating system -- the fundamental software layer that manages file systems, processes APDU commands, enforces access control policies, and provides the runtime environment for applications. For JavaCard platforms, the ROM also contains the Java Card Virtual Machine (JCVM) bytecode interpreter and the GlobalPlatform card manager.
ROM vs Flash-Based OS
Newer smart card chips increasingly use flash memory instead of ROM for operating system storage, enabling post-manufacturing OS updates:
| Attribute | ROM-based OS | Flash-based OS |
|---|---|---|
| OS updates after manufacturing | Impossible | Possible (with authentication) |
| Manufacturing lead time | 8-12 weeks (mask fabrication) | 2-4 weeks |
| Cost at volume | Lower (no flash IP licensing) | Higher |
| Security | Immutable (highest assurance) | Requires secure boot chain |
| Typical use | Mass-market SIMSIMApplicationSmart card for mobile network authentication.Click to view →, payment | Modern multi-application cards |
Security Implications
ROM's immutability provides a strong security foundation: an attacker cannot modify the operating system code even with physical access to the chip. This makes ROM-based cards resistant to persistent software attacks. However, it also means that security patches for OS-level vulnerabilities require manufacturing a new chip mask -- a process that takes months and costs hundreds of thousands of dollars.
The crypto coprocessor algorithms are also typically implemented in ROM, ensuring that cryptographic primitives like AES, RSA, and ECC execute from immutable, verified code rather than from alterable storage.
Related Content
Post-Quantum Cryptography for Smart Cards
Security…+ working buffers) — some high-end cards up to 32 KB - ROM/Flash : 256 KB–1 MB (OS + applets) - EEPROM : 64–256 KB…
Smart Card Lifecycle Security
Security…unique Chip Serial Number (CSN / IC_SN) into non-volatile ROM. The CSN is the root identifier used throughout the…
Questions fréquemment posées
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.