Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Smart Cards Evolution


Published on

Description about current trend and evolution of smart cards

  • Be the first to comment

Smart Cards Evolution

  1. 1. Smart Cards
  2. 2. Topics Covered  Defining Smart Cards  Smart Card Architecture  Smart Card – Working  Smart Card – Security  Data Storage in Smart Card  Types of Smart Card  Usage and Application  Advantages and Disadvantages  Future Development12/13/2011 ITECH 7215 Information Security 2
  3. 3. DEFINING SMART CARDS • Known by other names like Chip Cards, Integrated Circuit Cards (ICC) and Processor Cards. • Size is same as any other Credit card With or without contact information. • Cards have an operating system. • The OS provides A standard way of interchanging information. An interpretation of the commands and data. • Cards must interface to a computer or terminal through a standard card reader.12/13/2011 ITECH 7215 Information Security 3
  4. 4. Card and Card Reader • Computer based readers: Connect through USB or COM (Serial) ports • Dedicated terminals: Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.12/13/2011 ITECH 7215 Information Security 4
  5. 5. SMART CARD ARCHITECTURE12/13/2011 ITECH 7215 Information Security 5
  6. 6. SMART CARD ARCHITECTURE • 256 bytes to 4KB RAM. • 8KB to 32KB ROM. • 1KB to 32KB EEPROM. • Crypto-coprocessors (implementing 3DES, RSA etc., in hardware) are optional. • 8-bit to 16-bit CPU. 8051 based designs are common. The price of a mid-level chip when produced in bulk is less than US$1. CLK RST Vcc RFU GND Vpp RFU I/O12/13/2011 ITECH 7215 Information Security 6
  7. 7. WORKING STRUCTURE • Central Processing Unit: Heart of the Chip • All the processing of data preforms in here. CPU12/13/2011 ITECH 7215 Information Security 7
  8. 8. WORKING STRUCTURE • security logic: detecting abnormal conditions e.g. low voltage CPU security logic12/13/2011 ITECH 7215 Information Security 8
  9. 9. WORKING STRUCTURE • serial i/o interface: contact to the outside world CPU security logic serial i/o interface12/13/2011 ITECH 7215 Information Security 9
  10. 10. WORKING STRUCTURE • test logic: self-test procedures CPU test logic security logic serial i/o interface12/13/2011 ITECH 7215 Information Security 10
  11. 11. WORKING STRUCTURE ROM: • card operating system • self-test procedures • typically 16 kbytes • future 32/64 kbytes CPU test logic security ROM logic serial i/o interface12/13/2011 ITECH 7215 Information Security 11
  12. 12. WORKING STRUCTURE RAM: • ‘Buffer memory’ of the processor • typically 512 bytes • future 1 kbyte CPU test logic security ROM logic RAM serial i/o interface12/13/2011 ITECH 7215 Information Security 12
  13. 13. WORKING STRUCTURE EEPROM: • cryptographic keys • PIN code CPU test logic • biometric template security ROM logic • balance RAM serial i/o • application code interface EEPROM • typically 8 kbytes • future 32 kbytes12/13/2011 ITECH 7215 Information Security 13
  14. 14. WORKING STRUCTURE databus: • connection between elements of the chip • 8 or 16 bits wide Databus CPU test logic security ROM logic RAM serial i/o interface EEPROM12/13/2011 ITECH 7215 Information Security 14
  15. 15. SMART CARD WORKING12/13/2011 ITECH 7215 Information Security 15
  16. 16. TERMINAL/PC CARD INTERACTION • The terminal/PC sends commands to the card (through the serial line). • The card executes the command and sends back the reply. • The terminal/PC cannot directly access memory of the card o Data in the card is protected from unauthorized access. This is what makes the card smart.12/13/2011 ITECH 7215 Information Security 16
  17. 17. HOW IT WORKS Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Card responds with an error Terminal sends first command to (because MF selection is only on select MF password presentation) Terminal prompts the user to provide password Card verifies P2. Stores a status “P2 Terminal sends password for Verified”. Responds “OK” verification Terminal sends command to select Card responds “OK” MF again Card supplies personal data and Terminal sends command to read EF1 responds “OK”12/13/2011 ITECH 7215 Information Security 17
  18. 18. COMMUNICATION • Communication between smart card and reader is standardized: ISO 7816 standard • Commands are initiated by the terminal Interpreted by the card OS Card state is updated Response is given by the card. • Commands have the following structure • Response from the card include 1..Le bytes followed by Response Code12/13/2011 ITECH 7215 Information Security 18
  19. 19. SMART CARD SECURITY12/13/2011 ITECH 7215 Information Security 19
  20. 20. SECURITY MECHANISM • Password Card holder’s protection • Cryptographic challenge Response Entity authentication • Biometric information Person’s identification • A combination of one or more12/13/2011 ITECH 7215 Information Security 20
  21. 21. PASSWORD VERIFICATION 1. Terminal asks the user to provide a password. 2. Password is sent to Card for verification. 3. Scheme can be used to permit user authentication. Not a person identification scheme12/13/2011 ITECH 7215 Information Security 21
  22. 22. CRYPTOGRAPHIC VERIFICATION 1. Terminal verify card (INTERNAL AUTH) • Terminal sends a random number to card to be hashed or encrypted using a key. • Card provides the hash or cyphertext. 2. Terminal can know that the card is authentic. 3. Card needs to verify (EXTERNAL AUTH) • Terminal asks for a challenge and sends the response to card to verify • Card thus know that terminal is authentic. 4. Primarily for the “Entity Authentication”12/13/2011 ITECH 7215 Information Security 22
  23. 23. BIOMETRIC MECHANISM • Finger print identification. Features of finger prints can be kept on the card (even verified on the card) • Photograph/IRIS pattern etc. Such information is to be verified by a person. The information can be stored in the card securely.12/13/2011 ITECH 7215 Information Security 23
  24. 24. DATA STORAGE12/13/2011 ITECH 7215 Information Security 24
  25. 25. DATA STORAGE • Data is stored in smart cards in EEPROM • Card OS provides a file structure mechanism • File types: Binary file (unstructured) Fixed size record file Variable size record file MF DF DF EF EF DF EF EF EF12/13/2011 ITECH 7215 Information Security 25
  26. 26. ACCESSING FILES • Applications may specify the access controls • A password (PIN) on the MF selection e.g. SIM password in mobiles • Multiple passwords can be used and levels of security access may be given • Applications may also use cryptographic authentication12/13/2011 ITECH 7215 Information Security 26
  27. 27. SMART CARD TYPES12/13/2011 ITECH 7215 Information Security 27
  28. 28. MAGNETIC STRIPE CARDS Standard technology for bank cards, driver’s licenses, library cards, and so on……12/13/2011 ITECH 7215 Information Security 28
  29. 29. OPTICAL CARDS • Uses a laser to read and write the card • US Cards Contains: • Photo ID • Fingerprint12/13/2011 ITECH 7215 Information Security 29
  30. 30. MEMORY CARDS • Can store: Financial Info Personal Info Specialized Info • Cannot process Info12/13/2011 ITECH 7215 Information Security 30
  31. 31. MICROPROCESSOR CARDS • Has an integrated circuit chip • Has the ability to: • Store information • Carry out local processing • Perform Complex Calculations12/13/2011 ITECH 7215 Information Security 31
  32. 32. USAGE/APPLICATIONS12/13/2011 ITECH 7215 Information Security 32
  33. 33. SMART CARD USAGE Commercial Applications Banking/payment Identification Parking and toll collection Universities use smart cards for ID purposes and at the library, vending machines, copy machines, and other services on campus. EMV standard Mobile Telecommunications SIM cards used on cell phones All GSM phones with smart cards Contains mobile phone security, subscription information, phone number on the network, billing information, and frequently called numbers12/13/2011 ITECH 7215 Information Security 33
  34. 34. SMART CARD USAGE • Information Technology • Secure logon and authentication of users to PCs and networks • Encryption of sensitive data • Other Applications • Over 4 million small dish TV satellite receivers in the US use a smart card as its removable security element and subscription information. • Pre-paid, reloadable telephone cards • Health Care, stores the history of a patient • Fast ticketing in public transport, parking, and road tolling in many countries • JAVA cards12/13/2011 ITECH 7215 Information Security 34
  35. 35. OTHER SMART CARD APPLICATIONS12/13/2011 ITECH 7215 Information Security 35
  36. 36. SMART CARD APPLICATIONS Retail Sale of goods Communication GSM using Electronic Purses, Payphones Credit / Debit Vending machines Loyalty programs Tags & smart labels Entertainment Transportation – Pay-TV Public Traffic – Public event access Parking control Road Regulation (ERP) Car Protection12/13/2011 ITECH 7215 Information Security 36
  37. 37. SMART CARD APPLICATIONS Healthcare E-commerce Insurance data sale of information sale of products Personal data sale of tickets, reservations Personal file Government Identification E-banking access to accounts Passport to do transactions Driving license shares12/13/2011 ITECH 7215 Information Security 37
  38. 38. SMART CARD APPLICATIONS Educational facilities Office Physical access Physical access Network access Network access Time registration Personal data (results) Secure e-mail & Web Copiers, vending machines, applications restaurants, ...12/13/2011 ITECH 7215 Information Security 38
  39. 39. ADVANTAGES/DISADVANTAGES12/13/2011 ITECH 7215 Information Security 39
  40. 40. ADVANTAGES In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages including: • Life of a smart card is longer • A single smart card can house multiple applications. Just one card can be used as your license, passport, credit card, ATM card, ID Card, etc. • Smart cards cannot be easily replicated and are, as a general rule much more secure than magnetic stripe cards. it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption). • Data on a smart card can be protected against unauthorized viewing. As a result of this confidential data, PINs and passwords can be stored on a smart card. This means, merchants do not have to go online every time to authenticate a transaction.12/13/2011 ITECH 7215 Information Security 40
  41. 41. DISADVANTAGES • NOT tamper proof • Can be lost/stolen • Lack of user mobility – only possible if user has smart card reader every he goes • Has to use the same reader technology • Can be expensive • Working from PC – software based token will be better • No benefits to using a token on multiple PCs to using a smart card • Still working on bugs12/13/2011 ITECH 7215 Information Security 41
  42. 42. FUTURE DEVELOPMENT • Microprocessor Cards (Contactless Smart Card) • Microprocessor Cards (Combi / Hybrid Cards) Hybrid Card: Has two chips: contact and contactless interface. The two chips are not connected. Combi Card: Has a single chip with a contact and contactless interface. Can access the same chip via a contact or contactless interface, with a very high level of security.12/13/2011 ITECH 7215 Information Security 42