smart card technology
TRANSCRIPT
SHAILESH GUPTACSE B1081088
1968German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent for using plastic as a carrier for microchips.
1970Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card concept
1974Roland Moreno of France files the original patent for the IC card, later dubbed the “smart card.”
1977Three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began developing the IC card product.
1979Motorola developed first single chip Microcontroller for French Banking
1982World's first major IC card testing
1992Nationwide prepaid card project started in Denmark
1999 Federal Government began a Federal employee smart card identification
Aim of this project Aim of this project • To define a standard set of commands for
smart cards for use in Indian applications.
• To provide a reference implementation of this standard.
• Transport Applications (Driving License and Vehicle Registration Certificate) were the pilot projects.
• Hence the OS standard is named SCOSTA.
• SCOSTA is defined by IIT Kanpur along with a technical subcommittee of SCAFI (Smart Card Forum of India).
• The OS is not really restricted to the transport applications and can be used in any ID application
A smart card contains a "chip" with memory and is typically used to hold customer account information and a "balance" of money similar to a checking account. The card is inserted into a device that can read and write to it updating information appropriately.
The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits.
Loosely defined , a smart card is any card with a capability to relate information to a particular application such as: Magnetic Stripe Cards Optical Cards Memory Cards Microprocessor Cards
Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being:
1. MultOS 2. JavaCard3. Cyberflex4. StarCOS5. MFC
Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle:
• File Handling and Manipulation.• Memory Management• Data Transmission Protocols.
Standard technology for bank cards, driver’s licenses, library cards, and so on……
Uses a laser to read and write the card
CANPASS Contains: Photo ID Fingerprint
Can store: Financial Info Personal Info Specialized Info
Cannot process Info
Has an integrated circuit chip
Has the ability to: Store
information Carry out local
processing Perform Complex
Calculations
Hybrid Card Has two chips: contact and contactless
interface. The two chips are not connected.
Combi Card Has a single chip with a contact and
contactless interface. Can access the same chip via a contact
or contactless interface, with a very high level of security.
• Contact vs. Contactless
o Contact smart card Contact smart card are inserted in a smart card
reader making physical contact with the reader
o Contactless smart cards smart cards that employ a radio frequency
(RFID) between card and reader without physical
insertion of the card
o Combi card combines the two features
ClassificationClassification
• Memory vs. Microprocessoro Memory cards
simply store data read and write to a fixed address on the card Straight Memory Cards Protected Cards: configured to restrict access through a
password Stored Value Memory Cards: such as a telephone card,
the chip has memory cells, one for each telephone unit. A memory cell is cleared each time a telephone unit is used.
o Microprocessor cards Miniature Computer with microprocessor chip,
input/output port, OS, ROM, EEPROM, RAM Add, delete, manipulate information in its
memory Built-in security features multiple functions and/or different applications
reside on the card
ClassificationClassification
• Fabrication phase
• Pre-personalisation Phase
• Personalisation Phase
• Utilisation Phase
• End-of-Life Phase
Life CycleLife Cycle
What’s in a Card?What’s in a Card?
VccRSTCL
KRFU
VppI/O
GND
RFU
• 256 bytes to 4KB RAM.
• 8KB to 32KB ROM.
• 1KB to 32KB EEPROM.
• Crypto-coprocessors (implementing 3DES, RSA etc., in hardware) are optional.
• 8-bit to 16-bit CPU. 8051 based designs are common.
Card is inserted in the terminal Card gets power. OS boots
up. Sends ATR (Answer to reset)
ATR negotiations take place to set up data transfer speeds, capability negotiations etc.Terminal sends first command to select MF
Card responds with an error (because MF selection is only on password presentation)Terminal prompts the user to
provide passwordTerminal sends password for verification
Card verifies P2. Stores a status “P2 Verified”. Responds “OK”Terminal sends command to
select MF againTerminal sends command to read EF1 Card supplies personal data and
responds “OK”
Card responds “OK”
Personal information, including the card serial number, date of issue and cardholder’s name, gender, date of birth, ID number, and picture.
Information relating to cardholder status, remarks for catastrophic diseases, number of visits and admissions, accumulated medical expenditure records and amount of cost-sharing.
Medical service information, including drug allergy history and long-term prescriptions of ambulatory care and certain medical treatments.
Public health administration information
Computer based readers Connect through USB or
COM (Serial) ports
Dedicated terminalsUsually with a small screen, keypad, printer, often alsohave biometric devices such as thumb print scanner.
In comparison to it’s predecessor, the magnetic strip card, smart
cards have many advantages including:
Life of a smart card is longer A single smart card can house multiple applications. Just
one card can be used as your license, passport, credit card, ATM card, ID Card, etc.
Smart cards cannot be easily replicated and are, as a general rule much more secure than magnetic stripe cards
Data on a smart card can be protected against unauthorized viewing. As a result of this confidential data, PINs and passwords can be stored on a smart card. This means, merchants do not have to go online every time to authenticate a transaction.
• chip is tamper-resistant- information stored on the card can be PIN code and/or read-write protected- capable of performing encryption- each smart card has its own, unique serial number
• capable of processing, not just storing information- Smart cards can communicate with computing devices through a smart card reader- information and applications on a card can be updated without having to issue new cards
• A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
+ NOT tamper proof + Can be lost/stolen+ Lack of user mobility – only possible if user has
smart card reader every he goes+ Has to use the same reader technology+ Can be expensive+ Working from PC – software based token will be
better+ No benefits to using a token on multiple PCs to
using a smart card+ Still working on bugs
Commercial Applications Banking/payment Identification Ticketing Parking and toll collection Universities use smart cards for ID
purposes and at the the library, vending machines, copy machines, and other services on campus.
Mobile Telecommunications SIM cards used on cell phones Over 300,000,000 GSM phones with smart
cards Contains mobile phone security,
subscription information, phone number on the network, billing information, and frequently called numbers.
Information Technology Secure logon and authentication of users to PCs and
networks Encryption of sensitive data
Other Applications Over 4 million small dish TV satellite receivers in the US
use a smart card as its removable security element and subscription information.
Pre-paid, reloadable telephone cards Health Care, stores the history of a patient Fast ticketing in public transport, parking, and road
tolling in many countries
Passwordo Card holder’s protection
Cryptographic challenge Responseo Entity authentication
Biometric informationo Person’s identification
A combination of one or more
• Terminal asks the user to provide a password.
• Password is sent to Card for verification.
• Scheme can be used to permit user authentication.
• Not a person identification scheme
• Terminal verify card (INTERNAL AUTH)o Terminal sends a random number
to card to be hashed or encrypted using a key.
o Card provides the hash or cyphertext.
• Terminal can know that the card is authentic.
• Card needs to verify (EXTERNAL AUTH)o Terminal asks for a challenge and
sends the response to card to verify
o Card thus know that terminal is authentic.
• Primarily for the “Entity Authentication”
• Finger print identification.o Features of finger prints can
be kept on the card (even verified on the card)
• Photograph/IRIS pattern etc.o Such information is to be
verified by a person. The information can be stored in the card securely.
Smart cards can be used for identification, authentication, and data storage
Smart card can provide strong Smart card can provide strong authentication for authentication for single sign- on or or enterprise single sign-on to to computers , , laptops, data with encryption, , data with encryption, enterprise resource planning platforms enterprise resource planning platforms such as SAP, etcsuch as SAP, etc
http://sec.isi.salford.ac.uk/download/smart.pdf
http://www.smart.gov
http://www.gemplus.com
http://www.smartcardalliance.org/industry_info/smart_cards_primer.cfm
http://www.axalto.com/Company/Governance/pdf/Annual%20Report%202004.pdf
http://www.smartcard.co.uk/tutorials/sct-itsc.pdf