Vanderhoof smartcard-roadmap

293 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
293
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Vanderhoof smartcard-roadmap

  1. 1. Smart CardSmart CardAllianceAllianceSmart Card Technology Roadmapfor Secure ID ApplicationsRandy VanderhoofExecutive DirectorSmart Card Alliance
  2. 2. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003AgendaAgenda• Primary standards & specifications:– ISO 7816, PCSC, X509– Open Card platforms (Javacard & Multos)• Security standards and their challenges– FIPS 140, Common Criteria• Specifications for interoperability– Global Platform– GSA specification• Industry Specifications– GSM (presented in another EI201 Session)– EMV• References for use with RFPs• Primary standards & specifications:– ISO 7816, PCSC, X509– Open Card platforms (Javacard & Multos)• Security standards and their challenges– FIPS 140, Common Criteria• Specifications for interoperability– Global Platform– GSA specification• Industry Specifications– GSM (presented in another EI201 Session)– EMV• References for use with RFPs
  3. 3. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Where do standards apply?Where do standards apply?ISO 7816 -Interface between the card & the terminalPC/SC -Common driver interface for all smart card readersconnected under WindowsX509 -Digital Signature format & associated certificatesOpen OS -In the smart card only, allows a common applicationdevelopment platform for in-card applicationsFIPS 140 -Tamper resistance of a cryptographic deviceCommon Criteria -Threat evaluations and secure application protectionsGSC specification -Common way to find data files in cards & commonapplication structures for US Government applicationsGlobal Platform -Card application management and issuance in the cardas well as in the back-endEMV -Hardware specifications for smart cards and terminals-Multi application selection for smart cards-Credit & Debit: commands and related transaction flow
  4. 4. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Smart Cards forLogical SecuritySmart Cards forLogical Security• PC/SC allows applications to be independent of thesmart card reader (Windows drivers structure forhardware)• Microsoft Crypto API allows applications to usecrypto services of various crypto devices• X.509 standard format for digital certificates• PC/SC allows applications to be independent of thesmart card reader (Windows drivers structure forhardware)• Microsoft Crypto API allows applications to usecrypto services of various crypto devices• X.509 standard format for digital certificatesStill no standard mechanism to launch an applicationwhen a given smart card is inserted in reader PC
  5. 5. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003New Yorker Magazine - 1993New Yorker Magazine - 1993NewYorkerMagazine,July5,1993THIS is the problem!
  6. 6. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Issues for IT SecurityIssues for IT Security• Moving beyond user name and password• Managing internal and remote IT access• Developing a systems view of physical andlogical security• Servicing beyond the network edge• Moving beyond user name and password• Managing internal and remote IT access• Developing a systems view of physical andlogical security• Servicing beyond the network edge
  7. 7. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Smart Cards for Physical SecuritySmart Cards for Physical Security• It is the “What We Own”, or “Token” of IDSystems• It is an intelligent, highly tamper resistant Token,allowing us to provide proof of who we are andthe role we play• It is a Highly Secure, portable credential platformproviding• On-card security functions &• Intelligent interactions with reader• It is the “What We Own”, or “Token” of IDSystems• It is an intelligent, highly tamper resistant Token,allowing us to provide proof of who we are andthe role we play• It is a Highly Secure, portable credential platformproviding• On-card security functions &• Intelligent interactions with reader
  8. 8. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Smart Card Role in an ID SystemSmart Card Role in an ID System• A personal database– Store and safeguard information on anindividual basis– Local, portable storage of an individual’sprivate information• A personal firewall– Intelligent guardian of cardholder data –verifying that requestors are authorized toaccess information– Cardholder control of release of information• A personal terminal– Validation of the authenticity andtrustworthiness of card readers or terminals– Strong validation of cardholder as rightfulowner of the ID card• A personal database– Store and safeguard information on anindividual basis– Local, portable storage of an individual’sprivate information• A personal firewall– Intelligent guardian of cardholder data –verifying that requestors are authorized toaccess information– Cardholder control of release of information• A personal terminal– Validation of the authenticity andtrustworthiness of card readers or terminals– Strong validation of cardholder as rightfulowner of the ID card
  9. 9. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Personal ID CardsPersonal ID Cards• Personal Identification Cards– Specific rights, privileges, and responsibilities– Driver’s license, membership card for an organization orclub, credit card, border crossing document, badge forpaid event, etc.• Secure Personal Identification Cards– Extension to Personal Identification Cards• Includes best security technologies available – smart cards andbiometrics• Certifies identification and authentication of user and grantedprivileges• Confirms authenticity of credential through use of security markings– Multiple applications on the same credential• Personal Identification Cards– Specific rights, privileges, and responsibilities– Driver’s license, membership card for an organization orclub, credit card, border crossing document, badge forpaid event, etc.• Secure Personal Identification Cards– Extension to Personal Identification Cards• Includes best security technologies available – smart cards andbiometrics• Certifies identification and authentication of user and grantedprivileges• Confirms authenticity of credential through use of security markings– Multiple applications on the same credentialID systems that require the highest degree of security arecombining smart card and biometric technologies.
  10. 10. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Technology AvailabilityReaders and Reader ICsTechnology AvailabilityReaders and Reader ICs• Multiple providers of off the shelve reader products:– General purpose– Public transportation– Access Control– Retail industry• Multiple providers of off the shelve reader products:– General purpose– Public transportation– Access Control– Retail industry• Integrated ICs supporting:– ISO14443– ISO15693– ISO14443 and ISO15693• Integrated ICs supporting:– ISO14443– ISO15693– ISO14443 and ISO15693
  11. 11. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003NoNoYesContact interface supportYesYesYesHybrid card capabilityPasswordChallenge/ResponseChallenge/ResponseCard-to-reader authenticationOptionalYesYesAnti-collisionUp to 4Up to 26.6Up to 106 (ISO)Up to 848 (available)Data transfer rate (Kb/sec)Read onlyRead/writeRead/writeRead/write ability8 to 256 bytes256 and 2K bytes64 to 64K bytesMemory capacity rangeSupplier specificSupplier specific,DES/3DESMIFARE, DES/3DES, AES,RSA, ECCEncryption and authentication functionsMemoryMemoryWired logicMemoryWired logicMicrocontrollerChip types supported~1 meter(~3.3 feet)~1 meter(~3.3 feet)~10 centimeters(~3-4 inches)Read range125 kHzFrequency13.56 MHz13.56 MHzFrequencyNone(de facto)ISO 15693ISO 7810ISO 14443ISO 7810StandardsFeaturesProximity1569314443Contactless comparison chartContactless comparison chartSource: Smart Card Alliance – contactless whitepaper
  12. 12. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Challenges Facing the SecureIdentification Industry?Challenges Facing the SecureIdentification Industry?• When is visual authentication not enough?• The maturity of machine-readable technology with morestandards-based choices at lower costs• The recognized need that exists to bind the identity of thecardholder to the card – how do you do it?• How do you increase security without sacrificing speed andconvenience?• Managing scalable ID solutions that need multipletechnologies with security and privacy from point of issuanceto the network edge• When is visual authentication not enough?• The maturity of machine-readable technology with morestandards-based choices at lower costs• The recognized need that exists to bind the identity of thecardholder to the card – how do you do it?• How do you increase security without sacrificing speed andconvenience?• Managing scalable ID solutions that need multipletechnologies with security and privacy from point of issuanceto the network edge...demands intelligent, secure, portable, rewritable platform
  13. 13. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Enhanced Security Design OptionsEnhanced Security Design Options• Graph• GraphPIN,PasswordSomething You KnowSolutionsRelativeSecurityLevelSomething You Have + Something You Know + Something You Are++Something You Have + Something You Know++Something You Have + Something You Are++ BiometricID Card++
  14. 14. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Smart Badge ConvergenceSmart Badge Convergence125 KHzProximity13.56MHzContactlessSmartcardsContactSmartcardsTechnologyApplicationsDepartmentsITHumanResourcesFacilityManagementLogicalAccessPhysicalAccessDigitalCashTransitCourtesy of Assa Abloy
  15. 15. Smart CardSmart CardAllianceAllianceNIST Workshop: July 9, 2003Conclusion:What about Interoperability ?Conclusion:What about Interoperability ?• There are different aspects to interoperability• Solutions available– Development in the cards have been simplified thanks to Java– Card edge interface and data formats are clarified with GSC-IS– Multi application selection is possible for cards and applicationscompatible with the Open Platform mechanism– Multi application card management with Global Platform• Issues still pending– Management of biometrics templates and storage options– Agreement on policy issues for cross-certification of credentials• There are different aspects to interoperability• Solutions available– Development in the cards have been simplified thanks to Java– Card edge interface and data formats are clarified with GSC-IS– Multi application selection is possible for cards and applicationscompatible with the Open Platform mechanism– Multi application card management with Global Platform• Issues still pending– Management of biometrics templates and storage options– Agreement on policy issues for cross-certification of credentials

×