What is a Smart Card• A smart card, typically a type of chip card, is a plastic card that contains an embedded computer chip– either a memory or microprocessor type–that stores and transacts data.This data is usually associated with either value, information or both .• In the tasks of very reliable authentication, electronic signature generation, and cryptograph, smart cards are superior to traditional magnetic stripe technologies
History A patent for an identification card with an integrated circuit was filed, and the smart card was born (1968). An important characteristic of a smart card is that the information on it cannot be copied. Smart cards are recognized as the next generation financial transaction cards. Today every mobile phone that complies with the GSM standard contains a smart card that identifies the phone and authenticates the owner to the telephone system
Some developers• Hardware-Vendors: ATMEL, Philips, Renesas (former Hitachi), Infineon (former Siemens), Samsung, ST microelectronics• Smart-Card-Vendors: Oberthur, Gemplus, AXALTO (former Schlumberger), IBM, Sony, ORGA Card Systems, T-Systems (Telesec), ASK, Gieseke & Devrient, Austria Card, Siemens• Other software/application issuers are mainly related to the banking/payment field: Soc. T.Europienne de Monnaie Electronique (a French electronic purse society), Mondex, other banks and credit card companies
Fields of Smart Card Usage (1)• Health Applications For example in Germany health insurance companies will issue an electronic health card cards for the health professionals• electronic passport (ePass, ICAO-specifications) No need to say that BSI is active in this field…• eGovernment / eCard Goal: to fit as many applications as possible onto one card in order to avoid multiple cards for every citizen BSI is very active to promote this concept in Germany Social insurance also related to this
Fields of Smart Card Usage (2)• Digital Signatures As you know CC evaluation is required here by law in Germany and other countries• Digital Tachographs Smart cards will be used in trucks in Europe instead of paper disks in order to store driving times and similar data• Access Control in companies and organizations• Public Transport
3.1.2 Smart Card Hardware22.214.171.124 Contact and Contactless Cards Communication can take place either through the contacts on the card or via wireless (“contactless”) transmission.126.96.36.199 The Computer on the Smart Card The chip of a smart card consists of a microprocessor, ROM, EEPROM, and RAM. ROM (16 kb) - Operating System - Communication EEPROM (16 kb) - Security (DES, RSA) - File system - Program files - Keys - Passwords CPU - Applications - 8 bit RAM - 5 MHz, 5V - 4 kb - Optional: crypto- coprocessor
188.8.131.52 Hardware SecurityThe objective of smart card chip design is to provide high physical security for thedata stored in the card.The Processor and the memory are combined in the same chip which makes itdifficult to tap the signals exchange between them.184.108.40.206 Card Acceptance DevicesMany pervasive devices like set-top boxes, cellular phones, or handhelds areequipped with smart card readers.
Smart Card SoftwareA smart card application consists of followingtwo parts :-• Off card application• On card application
• The off-card part of the application is the part that resides on the host computer or terminal connected to the smart card through a smart reader device example: open card frame work
• The on-card application is a program stored in the memory of the smart card chip. If the on- card application has executable code, this code is executed by the smart card operating system and can use operating system services, such as encrypting or decrypting data
File-system Cards The majority of current cards have a file system integrated into the operating system. ISO 7816 File System MIF A file system consists of directory (DF) and files (EF). The root directory is referred as MF. DF MF (Master File) EF DF(Dedicated File) DF EF(Elementary File) DF EF
Communication Between the On-Card and Off-Card PartsThe protocol stack of the communicationbetween the smart card and host has severallayers.1. Application Layer :- Communication takes place between the off card part of an application and its corresponding on card part.
Application Protocol Data Unit (APDU) Application Protocol Data Units are used to exchange data between the host and the smart card. ISO 7816-4 defines two types of APDUs: Command APDUs, which are sent from the off- card application to the smart card, and Response APDUs, which are sent back from the smart card to reply to commands. CLA INS P1 P2 Lc Optional Data Le
Command APDU CLA INS P1 P2 Lc Optional Data Le Response APDU Optional Data SW1 SW22. Protocol LayerThe protocol with T=0, each character is transmittedseparately, while with T=1, blocks of characters aretransmitted.
Smart Labels Bar codes Advantages They can be printed on labels, they are very inexpensive, and they can be reliably scanned. Disadvantages Since bar code are scanned optically, they must be visible on the outside of the object. Scanning takes place at a short range – a few centimeters.
Smart labels contain control logic with non-volatile read/write memory for datastorage. Data capacity ranges from 64 bits to about 2K bits
Example Applications Shipping industry The smart label contains identification and destination information. Inventory control
Smart Tokens The need for robustness can be fulfilled by encapsulating the chips in plastic or metal. Examples – tollbooth, gas station, security systemSmart Token ExamplesKey fob from GemplusThe chip contains 1024 bytes of EEPROM memory chip and associated antenna.
iButton iButtons can contain microprocessor chips or memory chips. A cryptographic chip implementing the JavaCard 2.0 Standard is also available