Smart Cards Evolution
Upcoming SlideShare
Loading in...5
×
 

Smart Cards Evolution

on

  • 1,254 views

Description about current trend and evolution of smart cards

Description about current trend and evolution of smart cards

Statistics

Views

Total Views
1,254
Views on SlideShare
1,249
Embed Views
5

Actions

Likes
1
Downloads
111
Comments
0

2 Embeds 5

http://www.linkedin.com 3
http://emv-cards.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Various International Standards for Smart Communication are:Mobile Telecom StandardsETSI: GSM 03.48, TS 23.048ETSI & 3G Smart Card Platform (SCP): TS 102.225, 102.226Government StandardsUS Federal Government: GSC-ISUnder review (US): FIPS 201, PIVISO: new part 13 of 7816 seriesNew Work Item from Japan: approved by ISO SC17Work assigned to ISO SC17/WG4, editor: JapanScope: commands for application management in multi application environmentContribution: a subset of Global Platform Card Specification, endorsed by ANSIUS official contribution to ISO
  • MF: Master File: A Root or Master File (MF) is the peak of the hierarchy. It contains information and locations of files contained within it.DF: Dedicated File: Dedicated Files (DF) contain the actual data files. Dedicated files are like directories on smart cards. They subdivide the cards to hold files called Elementary Files (EF).EF: Elementary File: The elementary file is where the actual data is stored. It can be of four different types. Transparent File Linear, Variable Length Record File Linear, Fixed Length Record File Cyclic, Fixed Length Record File File Naming and Selection in Data Storage:Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name.OS keeps tack of a current DF and a current EF.Target file specified as either:DF nameFile IDSFIDRelative or absolute path (sequence of File IDs).Parent DF

Smart Cards Evolution Smart Cards Evolution Presentation Transcript

  • Smart Cards
  • Topics Covered  Defining Smart Cards  Smart Card Architecture  Smart Card – Working  Smart Card – Security  Data Storage in Smart Card  Types of Smart Card  Usage and Application  Advantages and Disadvantages  Future Development12/13/2011 ITECH 7215 Information Security 2
  • DEFINING SMART CARDS • Known by other names like Chip Cards, Integrated Circuit Cards (ICC) and Processor Cards. • Size is same as any other Credit card With or without contact information. • Cards have an operating system. • The OS provides A standard way of interchanging information. An interpretation of the commands and data. • Cards must interface to a computer or terminal through a standard card reader.12/13/2011 ITECH 7215 Information Security 3
  • Card and Card Reader • Computer based readers: Connect through USB or COM (Serial) ports • Dedicated terminals: Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.12/13/2011 ITECH 7215 Information Security 4
  • SMART CARD ARCHITECTURE12/13/2011 ITECH 7215 Information Security 5
  • SMART CARD ARCHITECTURE • 256 bytes to 4KB RAM. • 8KB to 32KB ROM. • 1KB to 32KB EEPROM. • Crypto-coprocessors (implementing 3DES, RSA etc., in hardware) are optional. • 8-bit to 16-bit CPU. 8051 based designs are common. The price of a mid-level chip when produced in bulk is less than US$1. CLK RST Vcc RFU GND Vpp RFU I/O12/13/2011 ITECH 7215 Information Security 6
  • WORKING STRUCTURE • Central Processing Unit: Heart of the Chip • All the processing of data preforms in here. CPU12/13/2011 ITECH 7215 Information Security 7
  • WORKING STRUCTURE • security logic: detecting abnormal conditions e.g. low voltage CPU security logic12/13/2011 ITECH 7215 Information Security 8
  • WORKING STRUCTURE • serial i/o interface: contact to the outside world CPU security logic serial i/o interface12/13/2011 ITECH 7215 Information Security 9
  • WORKING STRUCTURE • test logic: self-test procedures CPU test logic security logic serial i/o interface12/13/2011 ITECH 7215 Information Security 10
  • WORKING STRUCTURE ROM: • card operating system • self-test procedures • typically 16 kbytes • future 32/64 kbytes CPU test logic security ROM logic serial i/o interface12/13/2011 ITECH 7215 Information Security 11
  • WORKING STRUCTURE RAM: • ‘Buffer memory’ of the processor • typically 512 bytes • future 1 kbyte CPU test logic security ROM logic RAM serial i/o interface12/13/2011 ITECH 7215 Information Security 12
  • WORKING STRUCTURE EEPROM: • cryptographic keys • PIN code CPU test logic • biometric template security ROM logic • balance RAM serial i/o • application code interface EEPROM • typically 8 kbytes • future 32 kbytes12/13/2011 ITECH 7215 Information Security 13
  • WORKING STRUCTURE databus: • connection between elements of the chip • 8 or 16 bits wide Databus CPU test logic security ROM logic RAM serial i/o interface EEPROM12/13/2011 ITECH 7215 Information Security 14
  • SMART CARD WORKING12/13/2011 ITECH 7215 Information Security 15
  • TERMINAL/PC CARD INTERACTION • The terminal/PC sends commands to the card (through the serial line). • The card executes the command and sends back the reply. • The terminal/PC cannot directly access memory of the card o Data in the card is protected from unauthorized access. This is what makes the card smart.12/13/2011 ITECH 7215 Information Security 16
  • HOW IT WORKS Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Card responds with an error Terminal sends first command to (because MF selection is only on select MF password presentation) Terminal prompts the user to provide password Card verifies P2. Stores a status “P2 Terminal sends password for Verified”. Responds “OK” verification Terminal sends command to select Card responds “OK” MF again Card supplies personal data and Terminal sends command to read EF1 responds “OK”12/13/2011 ITECH 7215 Information Security 17
  • COMMUNICATION • Communication between smart card and reader is standardized: ISO 7816 standard • Commands are initiated by the terminal Interpreted by the card OS Card state is updated Response is given by the card. • Commands have the following structure • Response from the card include 1..Le bytes followed by Response Code12/13/2011 ITECH 7215 Information Security 18
  • SMART CARD SECURITY12/13/2011 ITECH 7215 Information Security 19
  • SECURITY MECHANISM • Password Card holder’s protection • Cryptographic challenge Response Entity authentication • Biometric information Person’s identification • A combination of one or more12/13/2011 ITECH 7215 Information Security 20
  • PASSWORD VERIFICATION 1. Terminal asks the user to provide a password. 2. Password is sent to Card for verification. 3. Scheme can be used to permit user authentication. Not a person identification scheme12/13/2011 ITECH 7215 Information Security 21
  • CRYPTOGRAPHIC VERIFICATION 1. Terminal verify card (INTERNAL AUTH) • Terminal sends a random number to card to be hashed or encrypted using a key. • Card provides the hash or cyphertext. 2. Terminal can know that the card is authentic. 3. Card needs to verify (EXTERNAL AUTH) • Terminal asks for a challenge and sends the response to card to verify • Card thus know that terminal is authentic. 4. Primarily for the “Entity Authentication”12/13/2011 ITECH 7215 Information Security 22
  • BIOMETRIC MECHANISM • Finger print identification. Features of finger prints can be kept on the card (even verified on the card) • Photograph/IRIS pattern etc. Such information is to be verified by a person. The information can be stored in the card securely.12/13/2011 ITECH 7215 Information Security 23
  • DATA STORAGE12/13/2011 ITECH 7215 Information Security 24
  • DATA STORAGE • Data is stored in smart cards in EEPROM • Card OS provides a file structure mechanism • File types: Binary file (unstructured) Fixed size record file Variable size record file MF DF DF EF EF DF EF EF EF12/13/2011 ITECH 7215 Information Security 25
  • ACCESSING FILES • Applications may specify the access controls • A password (PIN) on the MF selection e.g. SIM password in mobiles • Multiple passwords can be used and levels of security access may be given • Applications may also use cryptographic authentication12/13/2011 ITECH 7215 Information Security 26
  • SMART CARD TYPES12/13/2011 ITECH 7215 Information Security 27
  • MAGNETIC STRIPE CARDS Standard technology for bank cards, driver’s licenses, library cards, and so on……12/13/2011 ITECH 7215 Information Security 28
  • OPTICAL CARDS • Uses a laser to read and write the card • US Cards Contains: • Photo ID • Fingerprint12/13/2011 ITECH 7215 Information Security 29
  • MEMORY CARDS • Can store: Financial Info Personal Info Specialized Info • Cannot process Info12/13/2011 ITECH 7215 Information Security 30
  • MICROPROCESSOR CARDS • Has an integrated circuit chip • Has the ability to: • Store information • Carry out local processing • Perform Complex Calculations12/13/2011 ITECH 7215 Information Security 31
  • USAGE/APPLICATIONS12/13/2011 ITECH 7215 Information Security 32
  • SMART CARD USAGE Commercial Applications Banking/payment Identification Parking and toll collection Universities use smart cards for ID purposes and at the library, vending machines, copy machines, and other services on campus. EMV standard Mobile Telecommunications SIM cards used on cell phones All GSM phones with smart cards Contains mobile phone security, subscription information, phone number on the network, billing information, and frequently called numbers12/13/2011 ITECH 7215 Information Security 33
  • SMART CARD USAGE • Information Technology • Secure logon and authentication of users to PCs and networks • Encryption of sensitive data • Other Applications • Over 4 million small dish TV satellite receivers in the US use a smart card as its removable security element and subscription information. • Pre-paid, reloadable telephone cards • Health Care, stores the history of a patient • Fast ticketing in public transport, parking, and road tolling in many countries • JAVA cards12/13/2011 ITECH 7215 Information Security 34
  • OTHER SMART CARD APPLICATIONS12/13/2011 ITECH 7215 Information Security 35
  • SMART CARD APPLICATIONS Retail Sale of goods Communication GSM using Electronic Purses, Payphones Credit / Debit Vending machines Loyalty programs Tags & smart labels Entertainment Transportation – Pay-TV Public Traffic – Public event access Parking control Road Regulation (ERP) Car Protection12/13/2011 ITECH 7215 Information Security 36
  • SMART CARD APPLICATIONS Healthcare E-commerce Insurance data sale of information sale of products Personal data sale of tickets, reservations Personal file Government Identification E-banking access to accounts Passport to do transactions Driving license shares12/13/2011 ITECH 7215 Information Security 37
  • SMART CARD APPLICATIONS Educational facilities Office Physical access Physical access Network access Network access Time registration Personal data (results) Secure e-mail & Web Copiers, vending machines, applications restaurants, ...12/13/2011 ITECH 7215 Information Security 38
  • ADVANTAGES/DISADVANTAGES12/13/2011 ITECH 7215 Information Security 39
  • ADVANTAGES In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages including: • Life of a smart card is longer • A single smart card can house multiple applications. Just one card can be used as your license, passport, credit card, ATM card, ID Card, etc. • Smart cards cannot be easily replicated and are, as a general rule much more secure than magnetic stripe cards. it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption). • Data on a smart card can be protected against unauthorized viewing. As a result of this confidential data, PINs and passwords can be stored on a smart card. This means, merchants do not have to go online every time to authenticate a transaction.12/13/2011 ITECH 7215 Information Security 40
  • DISADVANTAGES • NOT tamper proof • Can be lost/stolen • Lack of user mobility – only possible if user has smart card reader every he goes • Has to use the same reader technology • Can be expensive • Working from PC – software based token will be better • No benefits to using a token on multiple PCs to using a smart card • Still working on bugs12/13/2011 ITECH 7215 Information Security 41
  • FUTURE DEVELOPMENT • Microprocessor Cards (Contactless Smart Card) • Microprocessor Cards (Combi / Hybrid Cards) Hybrid Card: Has two chips: contact and contactless interface. The two chips are not connected. Combi Card: Has a single chip with a contact and contactless interface. Can access the same chip via a contact or contactless interface, with a very high level of security.12/13/2011 ITECH 7215 Information Security 42