This document summarizes a presentation on smart cards and their applications. It discusses the components and security mechanisms of smart cards, including passwords, cryptographic challenge-response authentication, and biometric information storage. It provides examples of smart card usage for identity cards and banking applications. It also describes India's SCOSTA project to define a standard smart card operating system for transportation applications like driving licenses.
John Lewis and Newsbrands - The untold story Newsworks
James Murphy, founding partner, Adam & Eve and Tim Pearson, executive director, Manning Gottlieb OMD, provide a new perspective on the most admired retail story, in which newsbrands play a lead role.
Expedia and PHD won the unique 'Day of influence' package – one day of advertising across all major UK newsbrand platforms, including print tablet, online and mobile – for a campaign to promote tourism back to the Philippines following the devastation of typhoon Haiyan.
Kia teamed up with The Telegraph to enrich understanding of its involvement in football, while improving consideration of its new model and increasing sales.
For the launch of its 'Man on the Moon' app, John Lewis teamed up with The Sunday Times to tap into readers' trust of newspapers and drive engagement beyond just its Christmas TV advert.
Unilever teamed up with Trinity Mirror to encourage communities to join in The Patron's Lunch celebrations, with a four-page pull out providing tips, tricks and recipes on how to host the ultimate local street party.
With a mission to bring back Britain's teatime as an occasion to savour, McCain wanted to position itself as a brand that would make 'good stuff' happen during these unappreciated moments.
In a bid to reposition McArthurGlen as a destination fashion retailer, the brand hijacked London Fashion Week to prove it could replicate the latest trends with products from its outlets.
10,856 readers, five big brand campaigns and 700,000+ individual brand measurements demonstrate that newsbrands have a significant impact on brand health.
Analysis of the IPA Effectiveness Awards – a bank of campaigns with proven commercial success – shows that including newsbrands in the media mix improves business performance and boosts the business effectiveness of other media.
John Lewis and Newsbrands - The untold story Newsworks
James Murphy, founding partner, Adam & Eve and Tim Pearson, executive director, Manning Gottlieb OMD, provide a new perspective on the most admired retail story, in which newsbrands play a lead role.
Expedia and PHD won the unique 'Day of influence' package – one day of advertising across all major UK newsbrand platforms, including print tablet, online and mobile – for a campaign to promote tourism back to the Philippines following the devastation of typhoon Haiyan.
Kia teamed up with The Telegraph to enrich understanding of its involvement in football, while improving consideration of its new model and increasing sales.
For the launch of its 'Man on the Moon' app, John Lewis teamed up with The Sunday Times to tap into readers' trust of newspapers and drive engagement beyond just its Christmas TV advert.
Unilever teamed up with Trinity Mirror to encourage communities to join in The Patron's Lunch celebrations, with a four-page pull out providing tips, tricks and recipes on how to host the ultimate local street party.
With a mission to bring back Britain's teatime as an occasion to savour, McCain wanted to position itself as a brand that would make 'good stuff' happen during these unappreciated moments.
In a bid to reposition McArthurGlen as a destination fashion retailer, the brand hijacked London Fashion Week to prove it could replicate the latest trends with products from its outlets.
10,856 readers, five big brand campaigns and 700,000+ individual brand measurements demonstrate that newsbrands have a significant impact on brand health.
Analysis of the IPA Effectiveness Awards – a bank of campaigns with proven commercial success – shows that including newsbrands in the media mix improves business performance and boosts the business effectiveness of other media.
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the M...mentoresd
Meeting SEP 2.0 Compliance: Developing Power Aware Embedded Systems for the Modern Age – Andrew Caples
The Smart Energy Profile (SEP) 2.0 is quickly becoming the go-to standard for developing innovative products and services in the energy power management sector. Information flow between meters, smart appliances, and energy management systems must occur in an open, standardized, and interoperable fashion. SEP 2.0 establishes the standard for communication interoperability as well as security for networked appliances and meters.
In this session attendees will learn how to meet the challenges of SEP 2.0 compliance with a small footprint RTOS, such as Nucleus RTOS from Mentor Graphics, to address the connectivity and security requirements for the smart energy profile. This session takes a detailed look at the design considerations to consider how an RTOS can reduce development time and cost for SEP 2.0 compliant products.
Power-sharing Class 10 is a vital aspect of democratic governance. It refers to the distribution of power among different organs of government, levels of government, and social groups. This ensures that no single entity can control all aspects of governance, promoting stability and unity in a diverse society.
For more information, visit-www.vavaclasses.com
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Basic Civil Engineering Notes of Chapter-6, Topic- Ecosystem, Biodiversity Green house effect & Hydrological cycle
Types of Ecosystem
(1) Natural Ecosystem
(2) Artificial Ecosystem
component of ecosystem
Biotic Components
Abiotic Components
Producers
Consumers
Decomposers
Functions of Ecosystem
Types of Biodiversity
Genetic Biodiversity
Species Biodiversity
Ecological Biodiversity
Importance of Biodiversity
Hydrological Cycle
Green House Effect
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptxDenish Jangid
Solid waste management & Types of Basic civil Engineering notes by DJ Sir
Types of SWM
Liquid wastes
Gaseous wastes
Solid wastes.
CLASSIFICATION OF SOLID WASTE:
Based on their sources of origin
Based on physical nature
SYSTEMS FOR SOLID WASTE MANAGEMENT:
METHODS FOR DISPOSAL OF THE SOLID WASTE:
OPEN DUMPS:
LANDFILLS:
Sanitary landfills
COMPOSTING
Different stages of composting
VERMICOMPOSTING:
Vermicomposting process:
Encapsulation:
Incineration
MANAGEMENT OF SOLID WASTE:
Refuse
Reuse
Recycle
Reduce
FACTORS AFFECTING SOLID WASTE MANAGEMENT:
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
plant breeding methods in asexually or clonally propagated crops
Smartcards
1. Cutting Edge 2005 workshop, IIT Kanpur
Smart Cards: Technology
for Secure Management
of Information
Rajat Moona
Computer Science and Engineering
IIT Kanpur
moona@iitk.ac.in
3. Plastic Cards
Visual identity application
Plain plastic card is enough
Cutting Edge 2005 workshop, IIT Kanpur
Magnetic strip (e.g. credit cards)
Visualdata also available in machine
readable form
No security of data
Electronic memory cards
Machine readable data
Some security (vendor specific)
4. Smart Cards
Processor cards (and therefore memory too)
Credit card size
Cutting Edge 2005 workshop, IIT Kanpur
With or without contacts.
Cards have an operating system too.
The OS provides
A standard way of interchanging information
An interpretation of the commands and data.
Cards must interface to a computer or
terminal through a standard card reader.
6. What’s in a Card?
Cutting Edge 2005 workshop, IIT Kanpur
CL RST
K Vcc
RFU
GND
RFU
Vpp
I/O
7. Typical Configurations
256 bytes to 4KB RAM.
8KB to 32KB ROM.
Cutting Edge 2005 workshop, IIT Kanpur
1KB to 32KB EEPROM.
Crypto-coprocessors (implementing 3DES,
RSA etc., in hardware) are optional.
8-bit to 16-bit CPU. 8051 based designs are
common.
The price of a mid-level chip when produced
in bulk is less than US$1.
8. Smart Card Readers
Computer based readers
Connect through USB or
Cutting Edge 2005 workshop, IIT Kanpur
COM (Serial) ports
Dedicated terminals
Usually with a small screen,
keypad, printer, often also
have biometric devices such
as thumb print scanner.
9. Terminal/PC Card Interaction
The terminal/PC sends commands to
the card (through the serial line).
Cutting Edge 2005 workshop, IIT Kanpur
The card executes the command and
sends back the reply.
The terminal/PC cannot directly access
memory of the card
data
in the card is protected from
unauthorized access. This is what
makes the card smart.
10. Communication mechanisms
Communication between smart card and reader is
standardized
Cutting Edge 2005 workshop, IIT Kanpur
ISO 7816 standard
Commands are initiated by the terminal
Interpreted by the card OS
Card state is updated
Response is given by the card.
Commands have the following structure
CLA INS P1 P2 Lc 1..Lc Le
Response from the card include 1..Le bytes followed by
Response Code
11. Security Mechanisms
Password
Cutting Edge 2005 workshop, IIT Kanpur
Card holder’s protection
Cryptographic challenge Response
Entity authentication
Biometric information
Person’s identification
A combination of one or more
12. Password Verification
Terminal asks the user to provide a
password.
Cutting Edge 2005 workshop, IIT Kanpur
Password is sent to Card for
verification.
Scheme can be used to permit user
authentication.
Not a person identification scheme
13. Cryptographic verification
Terminal verify card (INTERNAL AUTH)
Terminal sends a random number to card to
Cutting Edge 2005 workshop, IIT Kanpur
be hashed or encrypted using a key.
Card provides the hash or cyphertext.
Terminal can know that the card is
authentic.
Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the
response to card to verify
Card thus know that terminal is authentic.
Primarily for the “Entity Authentication”
14. Biometric techniques
Finger print identification.
Cutting Edge 2005 workshop, IIT Kanpur
Features of finger prints can be kept on
the card (even verified on the card)
Photograph/IRIS pattern etc.
Such information is to be verified by a
person. The information can be stored
in the card securely.
15. Data storage
Data is stored in smart cards in
E2PROM
Cutting Edge 2005 workshop, IIT Kanpur
Card OS provides a file structure
mechanism
MF File types
Binary file (unstructured)
DF DF EF EF
Fixed size record file
DF EF Variable size record file
EF EF
16. File Naming and Selection
Each files has a 2 byte file ID and an optional 5-bit
SFID (both unique within a DF). DFs may optionally
Cutting Edge 2005 workshop, IIT Kanpur
have (globally unique) 16 byte name.
OS keeps tack of a current DF and a current EF.
Current DF or EF can be changed using SELECT FILE
command. Target file specified as either:
DF name
File ID
SFID
Relative or absolute path (sequence of File IDs).
Parent DF
17. Basic File Related Commands
Commands for file creation, deletion etc.,
File size and security attributes specified at
Cutting Edge 2005 workshop, IIT Kanpur
creation time.
Commands for reading, writing, appending
records, updating etc.
Commands work on the current EF.
Execution only if security conditions are met.
Each file has a life cycle status indicator
(LCSI), one of: created, initialized, activated,
deactivated, terminated.
18. Access control on the files
Applications may specify the access
controls
Cutting Edge 2005 workshop, IIT Kanpur
A password (PIN) on the MF selection
• For example SIM password in mobiles
Multiple passwords can be used and
levels of security access may be given
Applications may also use
cryptographic authentication
19. An example scenario (institute
ID card) Read: Free
What happens if the user
Select: P2 forgets hisupon verification
Write: requirements:
Security password?
verification EF1 (personal data) by K1, K2 or K3
EF1:
Solution1: Add supervisor
Name: Rajat Moona
PF/Roll: 2345 passwordbe modified only by
Cutting Edge 2005 workshop, IIT Kanpur
Should
MF Read: Free
the DOSA/DOFA/Registrar
Solution2: Allow
EF2 (Address) Write: Password
DOSA/DOFA/Registrar to
Readable to all (P1)
Verification
#320, CSE (off) modify EF3
475, IIT (Res) EF2:
Solution3: Allow both to
Card holder should be able
happen
to modify
EF3 (password) EF4 (keys)
EF3 (password) K1 (DOSA’s key)
P1 (User password) Read: Never
P1 (User password) K2 (DOFA’s key)
P2 (sys password) Write: Once
K3 (Registrar’s key)
Read: Never
Write: Password
Verification (P1)
20. An example scenario (institute
ID card)
EF1 (personal data) Library manages its
own keys in EF3
EF2 (Address)
Cutting Edge 2005 workshop, IIT Kanpur
under DF1
MF
EF3 (password)
Institute manages its
EF4 (keys) keys and data under
Modifiable: By
DF1 (Lib) MFadmin staff. Read:
EF2 (Privilege info) all
Thus library can
EF1 (Issue record)
Max Duration: 20 days develop applications
Max Books: 10 independent of the
Bk# dt issue dt retn Reserve Collection: Yes rest. Keys
EF3:
Bk# dt issue dt retn
K1: Issue staff key
K2: Admin staff key
Bk# dt issue dt retn Modifiable: By
Bk# dt issue dt retn issue staff. Read
all
21. How does it all work?
Card is inserted in the terminal
Card gets power. OS boots up.
Sends ATR (Answer to reset)
ATR negotiations take place to
Cutting Edge 2005 workshop, IIT Kanpur
set up data transfer speeds,
capability negotiations etc.
Terminal sends first command to Card responds with an error
select MF (because MF selection is only on
password presentation)
Terminal prompts the user to
provide password
Terminal sends password for Card verifies P2. Stores a status
verification “P2 Verified”. Responds “OK”
Terminal sends command to Card responds “OK”
select MF again Card supplies personal data and
responds “OK”
Terminal sends command to read EF1
22. Another Application Scenario
1. Authenticate user to bank
Terminal with officer card:
two card 1a. Get challenge from
Cutting Edge 2005 workshop, IIT Kanpur
readers banker card.
Banker’s card User’s card 1b. Obtain response for the
Application challenge from passport
software runs (IAUTH).
here 1c. Validate response with
officer card (EAUTH)
2. Authenticate officer card
to passport.
3. Transfer money to the
user’s card
The terminal itself does not store any keys, it’s the two cards that
really authenticate each other. The terminal just facilitates the
process.
23. Status of smart card
deployments
Famous Gujarat Dairy card
Primarily an ID card
Cutting Edge 2005 workshop, IIT Kanpur
GSM cards (SIM cards for mobiles)
Phone book etc. + authentication.
Cards for “credit card” applications.
By 2007 end all credit cards will be smart.
EMV standard
Card for e-purse applications
Bank cards
Card technology has advanced
Contactless smart cards,
32-bit processors and bigger memories
JAVA cards
24. SCOSTA Experience
Part of E-governance initiative of the
Government.
Cutting Edge 2005 workshop, IIT Kanpur
Government decided to
Create Smart driving licenses/registration
certificate
Backend system is already in place
Various smart card vendors in the country
All with their own proprietary solutions
In a national case, proprietary solution was
not acceptable.
NIC decides to ask IIT Kanpur to help.
SCOSTA: Smart Card OS for Transport Applications
25. Goals of this Project
To define a standard set of commands for smart
cards for use in Indian applications.
Cutting Edge 2005 workshop, IIT Kanpur
To provide a reference implementation of this
standard.
Transport Applications (Driving License and Vehicle
Registration Certificate) were the pilot projects.
Hence the OS standard is named SCOSTA.
SCOSTA is defined by IIT Kanpur along with a
technical subcommittee of SCAFI (Smart Card Forum
of India).
The OS is not really restricted to the transport
applications and can be used in any ID application
26. The SCOSTA Standard
Based on ISO 7816-4, -8, and -9.
Removes ambiguities in ISO 7816.
Cutting Edge 2005 workshop, IIT Kanpur
Has support for symmetric key
cryptography (Triple DES algorithm)
and internal and external
authentication.
Encryption/decryption and crypto
checksum computation and
verification using 3DES are also
supported.
27. SCOSTA Implementation -
Challenges
Portability – should be easy to port to
different processors.
Cutting Edge 2005 workshop, IIT Kanpur
Resource Constraints – very limited
memory (32 KB ROM, 512 byte RAM
are typical). Usually 8 bit processors
are used.
Government processes
Vendors and their business interests.
28. Challenges of the application
System must work nation wide
Cards are issued by the RTO
Cutting Edge 2005 workshop, IIT Kanpur
RTO officials may not be all that “clean”
Challans are done by police “on behalf of”
RTO
“Clean”??
Challans are settled by the Judiciary.
RTOs are administered by the STA
But under the Union Ministry
29. Solution
A robust key management scheme was
needed.
Cutting Edge 2005 workshop, IIT Kanpur
Solution was based on
Key derivations, usage counters etc.
30. Solution
The entire system is based on few
“nation wide” generator keys.
Cutting Edge 2005 workshop, IIT Kanpur
Safely housed with the government.
Say the keys are k1, k2, k3, k4.
Keys are themselves never stored any
where.
Instead five out of seven card scheme
is used.
31. 5 out of 7 scheme
Consider a polynomial
k1 + k2.x + k3.x2 + k4.x3 + k5.x4 = b
Cutting Edge 2005 workshop, IIT Kanpur
If b1, b2, b3, b4, b5 are known for x = 1, 2,
3.., the system of equations can be solved
and all k’s can be found.
We use the SCOSTA cards to store (x1, b1),
(x2, b2) etc.
At any point in time, five such pairs are
needed.
For robustness, seven cards are generated
and kept at 7 different locations.
32. Operations
At RTOs, two RTO officers are
required to create a DL
Cutting Edge 2005 workshop, IIT Kanpur
These two work in pair.
Have a usage counter of key built in.
RTO keys are generated and given in
the RTO cards
STA can revalidate the usage counter.
STA keys are also generated.
33. Operations
DL can be completely given by the
RTO.
Cutting Edge 2005 workshop, IIT Kanpur
Some information is public readable
on the DL.
Some information is once writable by
the police (challans) and readable by
the police.
The same information is updatable by
the judiciary. (but can not be deleted)
34. Operations
Therefore the DLs must carry
Police key, RTO keys and judiciary keys.
Cutting Edge 2005 workshop, IIT Kanpur
• A big security risk.
Instead these keys for the DL are card specific.
Police has a master key to generate DL
specific police key. Ditto with RTO and
Judiciary.
NIC generates the cards (and therefore
master keys) for RTO, Police and Judiciary.
35. Current State
DL/RC are being issued in Calcutta,
Delhi on SCOSTA cards (pilot basis)
Cutting Edge 2005 workshop, IIT Kanpur
Governments such as Jharkhand,
Maharastra, Gujarat, WB have already
started the process rolling.
Various other states will follow.
36. Acknowledgements
Prof. Deepak Gupta and Manindra Agrawal
(CSE)
Cutting Edge 2005 workshop, IIT Kanpur
S. Ravinder and Kapileshwar Rao (MTech
students of CSE who worked on this project)
National Informatics Centre (NIC) Delhi
MCIT and MoST
References:
Smart Card Handbook
ISO7816 standards
www.parivahan.nic.in