SlideShare a Scribd company logo

Introduction to SmartCards - Michael Perlov

Download as PPT, PDF
Filipe Mello
Filipe Mello

Introduction to SmartCards - Michael Perlov

Technology
1 of 24
Security & Cryptography in Distributed Systems, Fall 1998 SSmmaarrtt CCaarrddss By Michael Perlov (perl7849@cs.nyu.edu)
Outline of the Presentation • What is a Smart Card? Examples • Case Study: IBM MultiFunction Card • Smart Card Standards • Additional Resources 08/26/14 Smart Cards 2
What is a Smart Card? • Technical definition: A card formed of plastic body with an embedded integrated circuit. • The devices come in several varieties, from simple memory cards to those carrying their own microprocessors. • There are four major categories 08/26/14 Smart Cards 3
Unprotected memory cards • Act as a storage medium for tokens • Carry an application code and a simple mechanism to specify the issuer of the card • Can’t perform off-line processing • Used as prepaid phone cards in France, Holland and Germany 08/26/14 Smart Cards 4
Wired logic memory cards • Have built-in EPROM or EEPROM • Can be reloaded with data (like monetary value) • Contain hard-wired data protection • Examples are electronic hotel keys and new-generation phone cards used in the Benelux countries 08/26/14 Smart Cards 5
Microprocessor cards • Typically have – an 8-bit microprocessor with an OS in ROM – 96 to 512 KB of RAM – 3 to 16 KB of ROM – Use EEPROM for non-volatile memory, with capacities ranging from 1 to 16 KB • Some have an additional cryptography coprocessor eith extra RAM to perform private-key (DES) and/or public-key (RSA) cryptography 08/26/14 Smart Cards 6
• Many cards of this type are multi-functional, providing the option of hosting several applications from various industry domains on a single card, key domains being: – Banking & Payment Systems • debit/credit • electronic purse – Health Care • health records • health insurance 08/26/14 Smart Cards 7
– Travel & Transportation • ticketless air travel • car rental – Electronic commerce • cyber shopping • secure access/payment via the Internet • We will look at an example of this kind of card in the case-study later on in the talk 08/26/14 Smart Cards 8
Contactless cards • Antenna is embedded in the plastic • How it works: – The antenna picks up an electromagnetic signal that emanates from the reader – The signal powers the card and transmits the data – The card updates its internal state and transmits a signal back • Useful when applications require high throughput, for ex. in mass transit 08/26/14 Smart Cards 9
Case Study - IBM Multifunction Card Overview • A sophisticated smart card solution, built on top of the IBM MFC (Multifunction Card) OS • The chip can be fed with data and a variety of application programs that can be updated whenever necessary • Supports private-key (DES) and public-key (RSA) cryptography 08/26/14 Smart Cards 10
Physical layout 08/26/14 Smart Cards 11
File system • Has a tree structure and can be compared with the file structure of a PC’s harddisk • Has the following file hierarchy: – Master Files (MF) - root directory – Dedicated Files (DF) - application directories – Elementary Files (EF) - application data files 08/26/14 Smart Cards 12
Access conditions • Each file contained in the directory tree of a MultiFunction Card contains predefined access conditions assigned for each of the following access methods: – Read: read, seek, etc – Update: update, decrease, etc. – Administer: create/delete, invalidate, restore, etc. 08/26/14 Smart Cards 13
• The following access conditions can be specified: – Always (ALW) - access without restriction – Card Holder verification (CHV) - card holder must present his secret CHV – External Authentication (AUT) - external world must authenticate itself – Protected (ENC) - either the command or the response is shielded with a cryptogram – Never (NEV) - the data cannot be accessed under any circumstances 08/26/14 Smart Cards 14
Commands supported by MFC OS – Application data commands • Read - reads data from a selected file • Select - selects a file • Update - updates a record in a data file • Append - appends a record to a file – Security commands • Get challenge - generate an 8-byte random number • Verify CHV • External authentication - authentication of the external world based on a previously generated random number and a secret key • Load key file - loads or updates cryptographic keys 08/26/14 Smart Cards 15
– Additional/modified commands available with public-key cryptography cards • Calculate hash • External authenticate - extension to the standard external authentication function using public-key cryptography • Generate signature - generates a digital signature based on a a card’s secret key (using RSA) • Verify signature - verifies a digital signature using a public key – Card management commands • Create file • Delete file 08/26/14 Smart Cards 16
Hardware support for security functions 08/26/14 Smart Cards 17
Standards Standardization plays a key role in the acceptance and growth of the smart card industry. Only the appropriate international standards can assure that a smart card fits into different card readers and terminals at different locations in the world 08/26/14 Smart Cards 18
Smart card standardization is driven from two sides: • The international standards organizations (ISO, ANSI, etc) – ISO began working on standards for chip cards as early as 1983 – The foundation of virtually all existing smart card standards is ISO 7816, which specifies • physical & electrical characteristics • formats and protocols for information exchange • functions provided by smart cards 08/26/14 Smart Cards 19
• The industry. Key players include Mastercard, Visa, Europay, IBM, Sun and others – EMV • Specification for the application of smart cards to the payment industry • Created by Europay, Mastercard and Visa – OpenCard Framework • A set of guidelines announced by IBM, Netscape and Sun • Provides an architecture and a set of APIs for building smart card-aware solutions on OpenCard-compliant network computers 08/26/14 Smart Cards 20
• Consists of four major components: – CardTerminal - encapsulates all card terminal related classes – CardAgent - provides a common interface for a multitude of card operating sysetms – CardIO - provides access to the file system of a smart card – CardAgentExtension - provides non-file related smart card functionality 08/26/14 Smart Cards 21
– JavaCard • Is a standard set of APIs and classes that allows Java applets to run directly on a standard ISO 7816 compliant card • The specifications are announced by Sun and Visa, with the support of leading smart card suppliers • Provides all the benefits of Java - portability, security, etc. – Smart Card SDK • Developed by Microsoft • Provides a set of APIs for developers to write smart card-aware Windows applications to operate with smart card readers that conform to the specification • The first integrated smart card PCs were to begin shipping this year 08/26/14 Smart Cards 22
Additional Resources • Smart Card terminology http://www.gemplus.com/basics/terms.htm • IBM Smart Card solutions http://www.chipcard.ibm.com/overview/ • JavaCard http://java.sun.com/products/javacard/ • Smart Card software develpment - Gemplus http://www.gemplus.com 08/26/14 Smart Cards 23
08/26/14 Smart Cards 24

Recommended

Comp.generartions overview
Comp.generartions overviewComp.generartions overview
Comp.generartions overview
FalakNaqvi1
 
Smart Card based Robust Security System
Smart Card based Robust Security SystemSmart Card based Robust Security System
Smart Card based Robust Security System
International Journal of Engineering Inventions www.ijeijournal.com
 
Scope of embedded system
Scope of embedded systemScope of embedded system
Scope of embedded system
Ananth S
 
Data security
Data securityData security
Data security
Muhammad Yasir
 
Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3
Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3
Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3
micmitchel
 
Patient Identification in Europe
Patient Identification in EuropePatient Identification in Europe
Patient Identification in Europe
Plan de Calidad para el SNS
 
Case study on smart card (embeded system) based on IOT
Case study on smart card (embeded system) based on IOTCase study on smart card (embeded system) based on IOT
Case study on smart card (embeded system) based on IOT
divyawani2
 
ES components
ES componentsES components
ES components
VijayKumar5738
 

Recommended

Comp.generartions overview
Comp.generartions overviewComp.generartions overview
Comp.generartions overview
FalakNaqvi1
 
Smart Card based Robust Security System
Smart Card based Robust Security SystemSmart Card based Robust Security System
Smart Card based Robust Security System
International Journal of Engineering Inventions www.ijeijournal.com
 
Scope of embedded system
Scope of embedded systemScope of embedded system
Scope of embedded system
Ananth S
 
Data security
Data securityData security
Data security
Muhammad Yasir
 
Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3
Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3
Draft of mm suggestions for pro tech presentation to meta 3 4-2013 v3
micmitchel
 
Patient Identification in Europe
Patient Identification in EuropePatient Identification in Europe
Patient Identification in Europe
Plan de Calidad para el SNS
 
Case study on smart card (embeded system) based on IOT
Case study on smart card (embeded system) based on IOTCase study on smart card (embeded system) based on IOT
Case study on smart card (embeded system) based on IOT
divyawani2
 
ES components
ES componentsES components
ES components
VijayKumar5738
 
How software should get done
How software should get doneHow software should get done
How software should get done
osmanehmad
 
Cryptography And Secure Systems
Cryptography And Secure SystemsCryptography And Secure Systems
Cryptography And Secure Systems
Invisibits
 
How to explain bitcoin to your mother
How to explain bitcoin to your motherHow to explain bitcoin to your mother
How to explain bitcoin to your mother
Philippe Camacho, Ph.D.
 
Study on Bitcoin
Study on Bitcoin Study on Bitcoin
Study on Bitcoin
Dhanith Krishna
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
Abdulaziz Mohd
 
Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)
Sahan Walpitagamage
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
pankhadi
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
Ritesh Goyal
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
Vishal Singh
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
Wolf McNally
 
Smart id's
Smart id'sSmart id's
Smart id's
Chetanya Bansal
 
Embedded system in Smart Cards
Embedded system in Smart CardsEmbedded system in Smart Cards
Embedded system in Smart Cards
Rebecca D'souza
 
Smart card
Smart cardSmart card
Smart card
Vaibhaw Mishra
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)
ALOK GUPTA
 
Smart card technology
Smart card technologySmart card technology
Smart card technology
Shashank Karamballi
 
Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation
ppriteshs
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
Hai Nguyen
 
Smart Card
Smart CardSmart Card
Smart Card
Alan Leewllyn Bivera
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
崇倍 洪
 
Java card technology
Java card technologyJava card technology
Java card technology
Amol Kamble
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.ppt
ssuser1b4013
 

More Related Content

Viewers also liked

How software should get done
How software should get doneHow software should get done
How software should get done
osmanehmad
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
Abdulaziz Mohd
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
pankhadi
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
Ritesh Goyal
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
Vishal Singh
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
Wolf McNally
 

Viewers also liked (10)

How software should get done
How software should get doneHow software should get done
How software should get done
 
Cryptography And Secure Systems
Cryptography And Secure SystemsCryptography And Secure Systems
Cryptography And Secure Systems
 
How to explain bitcoin to your mother
How to explain bitcoin to your motherHow to explain bitcoin to your mother
How to explain bitcoin to your mother
 
Study on Bitcoin
Study on Bitcoin Study on Bitcoin
Study on Bitcoin
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)Electronic Payment Systems (EPS)
Electronic Payment Systems (EPS)
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
 
Introduction to bitcoin
Introduction to bitcoinIntroduction to bitcoin
Introduction to bitcoin
 

Similar to Introduction to SmartCards - Michael Perlov

Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
Hai Nguyen
 
Study of Java Card and its Application
Study of Java Card and its ApplicationStudy of Java Card and its Application
Study of Java Card and its Application
editor1knowledgecuddle
 
Spelunking Credit Cards with Ruby
Spelunking Credit Cards with RubySpelunking Credit Cards with Ruby
Spelunking Credit Cards with Ruby
Sau Sheong Chang
 

Similar to Introduction to SmartCards - Michael Perlov (20)

Smart id's
Smart id'sSmart id's
Smart id's
 
Embedded system in Smart Cards
Embedded system in Smart CardsEmbedded system in Smart Cards
Embedded system in Smart Cards
 
Smart card
Smart cardSmart card
Smart card
 
Embedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment IndustryEmbedded System Security: Learning from Banking and Payment Industry
Embedded System Security: Learning from Banking and Payment Industry
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)
 
Smart card technology
Smart card technologySmart card technology
Smart card technology
 
Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation
 
Vanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmapVanderhoof smartcard-roadmap
Vanderhoof smartcard-roadmap
 
Smart Card
Smart CardSmart Card
Smart Card
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
 
Java card technology
Java card technologyJava card technology
Java card technology
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.ppt
 
Smart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelSmart cards & RFID-Anant Patel
Smart cards & RFID-Anant Patel
 
Smart card ppt
Smart card pptSmart card ppt
Smart card ppt
 
C programming for problem solving
C programming for problem solving C programming for problem solving
C programming for problem solving
 
Study of Java Card and its Application
Study of Java Card and its ApplicationStudy of Java Card and its Application
Study of Java Card and its Application
 
Spelunking Credit Cards with Ruby
Spelunking Credit Cards with RubySpelunking Credit Cards with Ruby
Spelunking Credit Cards with Ruby
 
Smart card
Smart cardSmart card
Smart card
 
Smart cards
Smart cardsSmart cards
Smart cards
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDS
 

More from Filipe Mello

More from Filipe Mello (20)

Analise de Ponto de Equilibrio
Analise de Ponto de EquilibrioAnalise de Ponto de Equilibrio
Analise de Ponto de Equilibrio
 
Tendencias do Mercado Consumidor
Tendencias do Mercado ConsumidorTendencias do Mercado Consumidor
Tendencias do Mercado Consumidor
 
Reservas de Fosfatos e Fertilizantes
Reservas de Fosfatos e FertilizantesReservas de Fosfatos e Fertilizantes
Reservas de Fosfatos e Fertilizantes
 
Midia Kit - Casa e Jardim
Midia Kit - Casa e JardimMidia Kit - Casa e Jardim
Midia Kit - Casa e Jardim
 
Pesquisa de Mercado em Marketing
Pesquisa de Mercado em MarketingPesquisa de Mercado em Marketing
Pesquisa de Mercado em Marketing
 
Sistemas de distribuicao de cosmeticos
Sistemas de distribuicao de cosmeticosSistemas de distribuicao de cosmeticos
Sistemas de distribuicao de cosmeticos
 
Forum de Varejo
Forum de VarejoForum de Varejo
Forum de Varejo
 
Defesa do jornal bom dia
Defesa do jornal bom diaDefesa do jornal bom dia
Defesa do jornal bom dia
 
Aula responsabilidade social
Aula responsabilidade socialAula responsabilidade social
Aula responsabilidade social
 
Estrategias Souza Cruz
Estrategias Souza CruzEstrategias Souza Cruz
Estrategias Souza Cruz
 
Nutricao na atencao basica
Nutricao na atencao basicaNutricao na atencao basica
Nutricao na atencao basica
 
Canais de Distribuicao
Canais de DistribuicaoCanais de Distribuicao
Canais de Distribuicao
 
Turismo de natureza
Turismo de naturezaTurismo de natureza
Turismo de natureza
 
Gastronomia e Vinhos - Business
Gastronomia e Vinhos - BusinessGastronomia e Vinhos - Business
Gastronomia e Vinhos - Business
 
Inovacoes e Tendencias na Saude
Inovacoes e Tendencias na SaudeInovacoes e Tendencias na Saude
Inovacoes e Tendencias na Saude
 
IBRC - Pesquisa qualidade no atendimento
IBRC - Pesquisa qualidade no atendimentoIBRC - Pesquisa qualidade no atendimento
IBRC - Pesquisa qualidade no atendimento
 
Seminario Brasil 2020
Seminario Brasil 2020Seminario Brasil 2020
Seminario Brasil 2020
 
BNDES - Visao 2020
BNDES - Visao 2020BNDES - Visao 2020
BNDES - Visao 2020
 
Trade marketing no autoservico
Trade marketing no autoservicoTrade marketing no autoservico
Trade marketing no autoservico
 
APAS - painel de_mercado_e_consumo_2007
APAS - painel de_mercado_e_consumo_2007APAS - painel de_mercado_e_consumo_2007
APAS - painel de_mercado_e_consumo_2007
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Introduction to SmartCards - Michael Perlov

  • 1. Security & Cryptography in Distributed Systems, Fall 1998 SSmmaarrtt CCaarrddss By Michael Perlov (perl7849@cs.nyu.edu)
  • 2. Outline of the Presentation • What is a Smart Card? Examples • Case Study: IBM MultiFunction Card • Smart Card Standards • Additional Resources 08/26/14 Smart Cards 2
  • 3. What is a Smart Card? • Technical definition: A card formed of plastic body with an embedded integrated circuit. • The devices come in several varieties, from simple memory cards to those carrying their own microprocessors. • There are four major categories 08/26/14 Smart Cards 3
  • 4. Unprotected memory cards • Act as a storage medium for tokens • Carry an application code and a simple mechanism to specify the issuer of the card • Can’t perform off-line processing • Used as prepaid phone cards in France, Holland and Germany 08/26/14 Smart Cards 4
  • 5. Wired logic memory cards • Have built-in EPROM or EEPROM • Can be reloaded with data (like monetary value) • Contain hard-wired data protection • Examples are electronic hotel keys and new-generation phone cards used in the Benelux countries 08/26/14 Smart Cards 5
  • 6. Microprocessor cards • Typically have – an 8-bit microprocessor with an OS in ROM – 96 to 512 KB of RAM – 3 to 16 KB of ROM – Use EEPROM for non-volatile memory, with capacities ranging from 1 to 16 KB • Some have an additional cryptography coprocessor eith extra RAM to perform private-key (DES) and/or public-key (RSA) cryptography 08/26/14 Smart Cards 6
  • 7. • Many cards of this type are multi-functional, providing the option of hosting several applications from various industry domains on a single card, key domains being: – Banking & Payment Systems • debit/credit • electronic purse – Health Care • health records • health insurance 08/26/14 Smart Cards 7
  • 8. – Travel & Transportation • ticketless air travel • car rental – Electronic commerce • cyber shopping • secure access/payment via the Internet • We will look at an example of this kind of card in the case-study later on in the talk 08/26/14 Smart Cards 8
  • 9. Contactless cards • Antenna is embedded in the plastic • How it works: – The antenna picks up an electromagnetic signal that emanates from the reader – The signal powers the card and transmits the data – The card updates its internal state and transmits a signal back • Useful when applications require high throughput, for ex. in mass transit 08/26/14 Smart Cards 9
  • 10. Case Study - IBM Multifunction Card Overview • A sophisticated smart card solution, built on top of the IBM MFC (Multifunction Card) OS • The chip can be fed with data and a variety of application programs that can be updated whenever necessary • Supports private-key (DES) and public-key (RSA) cryptography 08/26/14 Smart Cards 10
  • 11. Physical layout 08/26/14 Smart Cards 11
  • 12. File system • Has a tree structure and can be compared with the file structure of a PC’s harddisk • Has the following file hierarchy: – Master Files (MF) - root directory – Dedicated Files (DF) - application directories – Elementary Files (EF) - application data files 08/26/14 Smart Cards 12
  • 13. Access conditions • Each file contained in the directory tree of a MultiFunction Card contains predefined access conditions assigned for each of the following access methods: – Read: read, seek, etc – Update: update, decrease, etc. – Administer: create/delete, invalidate, restore, etc. 08/26/14 Smart Cards 13
  • 14. • The following access conditions can be specified: – Always (ALW) - access without restriction – Card Holder verification (CHV) - card holder must present his secret CHV – External Authentication (AUT) - external world must authenticate itself – Protected (ENC) - either the command or the response is shielded with a cryptogram – Never (NEV) - the data cannot be accessed under any circumstances 08/26/14 Smart Cards 14
  • 15. Commands supported by MFC OS – Application data commands • Read - reads data from a selected file • Select - selects a file • Update - updates a record in a data file • Append - appends a record to a file – Security commands • Get challenge - generate an 8-byte random number • Verify CHV • External authentication - authentication of the external world based on a previously generated random number and a secret key • Load key file - loads or updates cryptographic keys 08/26/14 Smart Cards 15
  • 16. – Additional/modified commands available with public-key cryptography cards • Calculate hash • External authenticate - extension to the standard external authentication function using public-key cryptography • Generate signature - generates a digital signature based on a a card’s secret key (using RSA) • Verify signature - verifies a digital signature using a public key – Card management commands • Create file • Delete file 08/26/14 Smart Cards 16
  • 17. Hardware support for security functions 08/26/14 Smart Cards 17
  • 18. Standards Standardization plays a key role in the acceptance and growth of the smart card industry. Only the appropriate international standards can assure that a smart card fits into different card readers and terminals at different locations in the world 08/26/14 Smart Cards 18
  • 19. Smart card standardization is driven from two sides: • The international standards organizations (ISO, ANSI, etc) – ISO began working on standards for chip cards as early as 1983 – The foundation of virtually all existing smart card standards is ISO 7816, which specifies • physical & electrical characteristics • formats and protocols for information exchange • functions provided by smart cards 08/26/14 Smart Cards 19
  • 20. • The industry. Key players include Mastercard, Visa, Europay, IBM, Sun and others – EMV • Specification for the application of smart cards to the payment industry • Created by Europay, Mastercard and Visa – OpenCard Framework • A set of guidelines announced by IBM, Netscape and Sun • Provides an architecture and a set of APIs for building smart card-aware solutions on OpenCard-compliant network computers 08/26/14 Smart Cards 20
  • 21. • Consists of four major components: – CardTerminal - encapsulates all card terminal related classes – CardAgent - provides a common interface for a multitude of card operating sysetms – CardIO - provides access to the file system of a smart card – CardAgentExtension - provides non-file related smart card functionality 08/26/14 Smart Cards 21
  • 22. – JavaCard • Is a standard set of APIs and classes that allows Java applets to run directly on a standard ISO 7816 compliant card • The specifications are announced by Sun and Visa, with the support of leading smart card suppliers • Provides all the benefits of Java - portability, security, etc. – Smart Card SDK • Developed by Microsoft • Provides a set of APIs for developers to write smart card-aware Windows applications to operate with smart card readers that conform to the specification • The first integrated smart card PCs were to begin shipping this year 08/26/14 Smart Cards 22
  • 23. Additional Resources • Smart Card terminology http://www.gemplus.com/basics/terms.htm • IBM Smart Card solutions http://www.chipcard.ibm.com/overview/ • JavaCard http://java.sun.com/products/javacard/ • Smart Card software develpment - Gemplus http://www.gemplus.com 08/26/14 Smart Cards 23