INSTITUTE OF TECHNOLOGY ANDMANAGEMENT, MEERUT SATYENDER KUMAR 0728531039
DEFINITION A Smart card is a portable devices that contains some non-volatile memory and a microprocessor. This card contains some kind of an encrypted key that is compared to a secret key contained on the user’s processor.
History of SMART CARD In 1968 German rocket scientist Helmut Grottrup and his colleague Jurgen Dethloff invented the automated chip card, receiving a patent only in 1982. The first mass use of the cards was as a Telecarte for payment in French pay phones, starting in 1983.
Types of SMART CARD Contactless smart cards ( e.g. Highway toll Tags ) Contact smart card(SIM Card, Driving license, Electronic purses like debit card etc. )
Contactless SMART CARD These smart cards do not require any physical contact between the card and the reader and becoming popular for payment and ticketing applications such as highway tolls. They communicates with the reader and gets powered through R-f induction technology (at data rate of 106-848 Kbits/sec.)Most commonly used contactless smart cards are:Montreal’s OPUS card, Hongkong’s OCTOPUS card,Songhais public transportation card.
Contact SMART CARD Contact smart cards have a contact area of about 1sq. Cm (.16 sq. inch) comprising of several gold plated contact pads. These pads provides electrical connectivity when inserted in to a reader
Plastic Cards Visual identity application Plain plastic card is enough Magnetic strip (e.g. credit cards) Visual data also available in machine readable form No security of data Electronic memory cards Machine readable data
SMART CARDS Processor cards (and therefore memory too) Credit card size With or without contacts Cards have an operating system too. The OS provides A standard way of interchanging information An interpretation of the commands and data. Cards must interface to a computer or terminal through a standard card reader.
What’s in a Card? CL RST K Vcc RFU GND RFU Vpp I/O
Terminologies VCC : Power supply input RST : Reset signal, used to reset the cards communications. CLK : Provides the card with a clock signal , from which data communications timing is derived. GND : Ground(reference voltage).
VPP : Programming voltage input - originally an input for a higher voltage to program persistent memory e.g. EEPROM. I/O : Serial input and output . RFU : Reserved for future use.
Typical Configurations 256 bytes to 4KB RAM. 8KB to 32KB ROM. 1KB to 32KB EEPROM. 8-bit to 16-bit CPU. 8051 based designs are common.
Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
Communication mechanisms Communication between smart card and reader is standardized ISO 7816 standard Commands are initiated by the terminal Interpreted by the card OS Card state is updated Response is given by the card.
Why SMART CARD Improve the convenience and security of any transaction. Provide tamper-proof storage of user account and identity. Provide vital components of system security. Protect against a full range of security threats
Password Verification Terminal asks the user to provide a password. Password is sent to Card for verification. Scheme can be used to permit user authentication.
Cryptographic verification Terminal verify card Terminal sends a random number to card to be hashed or encrypted using a key. Card provides the hash or hypertext. Terminal can know that the card is authentic.
Biometric techniques Finger print identification. Features of finger prints can be kept on the card (even verified on the card) Photograph pattern . Such information is to be verified by a person. The information can be stored in the card securely.
Access & control of the files Applications may specify the access controls A password (PIN) on the MF selection (For example SIM password in mobiles) Multiple passwords can be used and levels of security access may be given Applications may also use cryptographic authentication
How does it all work?Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset)ATR negotiations take place toset up data transfer speeds,capability negotiations etc.Terminal sends first command to Card responds with an errorselect MF (because MF selection is only on password presentation)Terminal prompts the user toprovide passwordTerminal sends password for Card verifies P2. Stores a statusverification “P2 Verified”. Responds “OK”Terminal sends command to Card responds “OK”select MF again Card supplies personal data and responds “OK”Terminal sends command to read
Applications Payphones Mobile Communications Banking & Retail Electronic Purse Health Care ID Verification and Access Control Transport purpose