Future Life
Lt Col Santosh Khadsare FCT&S
Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology , making our life faster and obviously easier.
Plastic Cards
The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits.
OR A smart card is a plastic card with a small, built in microcomputer chip and integrated circuit that can store and process a lot of data
History
70s Smart Card First Patent in Germany and later in France and Japan. 80s Mass usage in Pay Phones and Debit Cards. 90s Smart Card based Mobiles Chips & Sim Cards.
History
2000s Payment and Ticketing Applications Credit cards, Mass transit (Smartrip) Healthcare and Identification Insurance information, Drivers license
Can store currently up to 7000 times more data than a magnetic stripe card. Information that is stored on the card can be updated. Magnetic stripe cards are vulnerable to many types of fraud.
Greatly enhances security by communicating with card readers using PKI algorithms. A single card can be used for multiple applications (cash, identification, building access, etc.) Smart cards provide a 3-fold approach to authentic identification:
Card Elements
Magnetic Stripe Logo
Chip
Hologram
etc.)
Reserved
Whats in a Card?
CLK
RST Vcc
RFU
GND RFU
Vpp
I/O
Varun Arora | varun@varunarora.in | www.varunarora.in
interface device) or in combination with an internal reset control circuit (optional use by the card) .
CLK
: Clocking or timing signal (optional use by the Fig : A smart card pin out
card).
GND : Ground (reference voltage).
VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card.
AUX1(C4): Auxilliary contact; USB devices: D+ AUX2(C8) : Auxilliary contact; USB devices: D-
CARD STRUCTURE
Out of the eight contacts only six are used. Vcc
is the supply voltage, Vss is the ground reference voltage against which the Vcc potential is measured, Vpp connector is used for the high voltage signal,chip receives commands & interchanges data.
Typical Configurations
256 bytes to 4KB RAM. 8KB to 32KB ROM. 1KB to 32KB EEPROM. 8-bit to 16-bit CPU. 8051 based designs are common.
Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
Microprocessor
Acts as a small floppy disk with optional security Are inexpensive Offer little security features
Can add, delete, and manipulate its memory. Acts as a miniature computer that includes an operating system, hard disk, and input/output ports. Provides more security and memory and can even download applications.
4285 3580
3325
2655
500
0
Transport
Ticketing
Payment
Require only close proximity to a reader Both the reader and card have antennas through which the two communicate Ideal for applications that require very fast card interfaces
ISO 14443.
International standard. Deals only contactless smart cards. Defines:a. Interface. b. Radio frequency interface. c. Electrical interface. d. Operating distance. Etc..
Has both contact as well as contactless interfaces. We can use the same chip using either contact or contactless interface with a high level of security.
Key Attributes
Security
to make the Digital Life safe and enjoyable
Ease of Use
to enable all of us to access to the Digital World
Privacy
to respect each individuals freedom and intimacy
Biometric techniques
Features of finger prints can be kept on the card (even verified on the card)
Such information is to be verified by a person. The information can be stored in the card securely
Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
The terminal/PC sends commands to the card (through the serial line). The card executes the command and sends back the reply. The terminal/PC cannot directly access memory of the card
data in the card is protected from unauthorized access. This is what makes the card smart.
Communication mechanisms
ISO 7816 standard Interpreted by the card OS Card state is updated Response is given by the card.
Response from the card include 1..Le bytes followed by Response Code
Security Mechanisms
Password
Biometric information
Password Verification
Terminal asks the user to provide a password. Password is sent to Card for verification. Scheme can be used to permit user authentication.
Cryptographic verification
Terminal sends a random number to card to be hashed or encrypted using a key. Card provides the hash or cyphertext.
Terminal can know that the card is authentic. Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the response to card to verify Card thus know that terminal is authentic.
Varun Arora | varun@varunarora.in | www.varunarora.in
Biometric techniques
Features of finger prints can be kept on the card (even verified on the card)
Such information is to be verified by a person. The information can be stored in the card securely.
Data storage
MF
File types
EF EF
DF
DF EF EF
DF
EF
Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name. OS keeps tack of a current DF and a current EF. Current DF or EF can be changed using SELECT FILE command. Target file specified as either:
DF name File ID SFID(Short File Identifier, 1 byte) Relative or absolute path (sequence of File IDs). Parent DF
Commands for file creation, deletion etc., File size and security attributes specified at creation time. Commands for reading, writing, appending records, updating etc.
Commands work on the current EF. Execution only if security conditions are met.
Each file has a life cycle status indicator (LCSI), one of: created, initialized, activated, deactivated, terminated.
Multiple passwords can be used and levels of security access may be given
In our GSM phone (the SIM card) Inside our Wallets Credit/Debit cards HealthCare cards Loyalty cards Our corporate badge Our Passport Our e-Banking OTP
Interactive billboards
Transports
eTicketing
Retail
Banking & Finance Mobile Communication Pay Phone Cards Transportation Electronic Tolls Passports Electronic Cash Retailer Loyalty Programs Information security
Transportation
Drivers license Mass transit fare collection system
Its no longer only Cards e-Passport: the first Smart Secure Device
E Governance
As the amount of business and holiday travel increases security continues to be a top concern for governments worldwide. When fully implemented smart passport solutions help to reduce fraud and forgery of travel documents. Enhanced security for travellers Philips launched such a project with the US in 2004.
Student id card
All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
OS Based Classification
Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being: 1. MultOS 2. JavaCard 3. Cyberflex 4. StarCOS 5. MFC Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: File Handling and Manipulation. Memory Management Data Transmission Protocols.
ADVANTAGES
Proven to be more reliable than the magnetic stripe card. Can store up to thousands of times of the information than the magnetic stripe card. Reduces tampering and counterfeiting through high security mechanisms such as advanced encryption and biometrics. Can be disposable or reusable. Performs multiple functions. Has wide range of applications (e.g., banking, transportation, healthcare...) Compatible with portable electronics (e.g., PCs, telephones...) Evolves rapidly applying semi-conductor technology
Disadvantages
Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
Remedies
Banks like Fortis and Dexia in Belgium combine a Smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, his PIN and the transaction amount into the card reader, the card reader returns an 8-digit signature. This signature is manually copied to the PC and verified by the bank. This method prevents malware from
Future Aspects
Soon it will be possible to access the data in Smart cards by the use of Biometrics.
Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet. In the near future, the multifunctional smart card will replace the traditional magnetic swipe card. Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
295
+31%
225 500
+16%
580
Telecom (SIM) Banking - Retail Identity & others
205 410
+22%
2040
2600
3000
2007
2008
2009
By 2020
20 Billion Smart Secure Devices >4 Billion Mobile Appliances users >4 Billion e-ID documents in use
Conclusion Conclusion:
Smart Cards will evolve into a broader family of Devices Smart Cards will evolve into a broaderfamily of Devices More new shapes for new applications More new shapes for new applications
Our Embedded software and ultra-embedded nanotechnologies virtual digital personal attributes Embedded software to ultra-embedded nanotechnologies The only mistake andavoid for our Industry is to entertain an endless
We will build the best solutions Industry is to entertain an enjoy The only mistake to avoid for our and the best value for people to endless debate many new services about fears.
We will build the best Education Education moresolutions and the best value for people to enjoy many new services
Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Conclusion:
Smart Cards will evolve into a broader family of Devices
More new shapes for new applications Our virtual digital personal attributes Embedded software and ultra-embedded nanotechnologies
Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA and ECC. Key pair generation. Variable timing/clock fluctuation. 0.6 micron components. Data stored on the card is encrypted. Pin Blocking.
y=x+ax+b Q(x,y) =kP(x,y) Uses point multiplication to compute and ECDLP to crack. Beneficial for portable devices. Cryptographic coprocessors can be added to speed up encryption and decryption.
CAIN
Confidentiality is obtained by the encryption of the information on the card. Authenticity is gained by using the PKI algorithm and the two/three factor authentication. Integrity is maintained through error-checking and enhanced firmware. Repudiation is lower because each transaction is authenticated and recorded.
Current uses:
Chicago Transit Card Speed Pass Amex Blue Card Phone Cards University ID cards Health-care cards Access to high level government facilities.
Federally Passed Real-ID act of 2005. ePassports
Future uses:
Data Structure
Data on Smart Cards is organized into a tree hierarchy. This has one master file (MF or root) which contains several elementary files (EF) and several dedicated files (DF). DFs and MF correspond to directories and EFs correspond to files, analogous to the hierarchy in any common OS for PCs.
Data Structure
However, these two hierarchies differ in that DFs can also contain data. DF's, EF's and MF's header contains security attributes resembling user rights associated with a file/directory in a common OS. Any application can traverse the file tree, but it can only move to a node if it has the appropriate rights. The PIN is also stored in an EF but only the card has access permission to this file.