1 / 174

Smart Card

Smart Card. Cryptographic Service Provider Smart Card CSP.

gaylec
Télécharger la présentation

Smart Card

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Card https://store.theartofservice.com/the-smart-card-toolkit.html

  2. Cryptographic Service Provider Smart Card CSP • These cryptographic functions can be realised by a smart card, thus the Smart Card CSP is the Microsoft way of a PKCS#11. Microsoft Windows is identifying the correct Smart Card CSP, which have to be used, analysing the answer to reset (ATR) of the smart card, which is registered in the Windows Registry. Installing a new CSP, all ATRs of the supported smart cards are enlisted in the registry. https://store.theartofservice.com/the-smart-card-toolkit.html

  3. ISO 9564 - PIN protection between entry device and smart card • The PIN entry device and the smart card reader that will verify the PIN may be integrated into a single physically secure unit, but they do not need to be. If they are not both part of an integrated secure unit, then the PIN shall be encrypted while it is transmitted from the PIN entry device to the card reader. https://store.theartofservice.com/the-smart-card-toolkit.html

  4. Digital signature - Putting the private key on a smart card • All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user's computer, and protected by a local password, but this has two disadvantages: https://store.theartofservice.com/the-smart-card-toolkit.html

  5. Digital signature - Putting the private key on a smart card • the user can only sign documents on that particular computer https://store.theartofservice.com/the-smart-card-toolkit.html

  6. Digital signature - Putting the private key on a smart card • the security of the private key depends entirely on the security of the computer https://store.theartofservice.com/the-smart-card-toolkit.html

  7. Digital signature - Putting the private key on a smart card • Thus, the loss of the smart card may be detected by the owner and the corresponding certificate can be immediately revoked https://store.theartofservice.com/the-smart-card-toolkit.html

  8. Digital signature - Using smart card readers with a separate keyboard • Entering a PIN code to activate the smart card commonly requires a numeric keypad https://store.theartofservice.com/the-smart-card-toolkit.html

  9. Digital signature - Other smart card designs • Smart card design is an active field, and there are smart card schemes which are intended to avoid these particular problems, though so far with little security proofs. https://store.theartofservice.com/the-smart-card-toolkit.html

  10. Electronic paper - Displays embedded in smart cards • Flexible display cards enable financial payment cardholders to generate a one-time password to reduce online banking and transaction fraud. Electronic paper offers a flat and thin alternative to existing key fob tokens for data security. The world’s first ISO compliant smart card with an embedded display was developed by Innovative Card Technologies and nCryptone in 2005. The cards were manufactured by Nagra ID. https://store.theartofservice.com/the-smart-card-toolkit.html

  11. Single sign-on - Smart card based • Initial sign-on prompts the user for the smart card. Additional software applications also use the smart card, without prompting the user to re-enter credentials. Smart card-based single sign-on can either use certificates or passwords stored on the smart card. https://store.theartofservice.com/the-smart-card-toolkit.html

  12. Security token - Smart cards • Many connected tokens use smart card technology. Smart cards can be very cheap (around ten cents) and contain proven security mechanisms (as used by financial institutions, like cash cards). However, computational performance of smart cards is often rather limited because of extreme low power consumption and ultra thin form-factor requirements. https://store.theartofservice.com/the-smart-card-toolkit.html

  13. Security token - Smart cards • Smart-card-based USB tokens which contain a smart card chip inside provide the functionality of both USB tokens and smart cards. They enable a broad range of security solutions and provide the abilities and security of a traditional smart card without requiring a unique input device. From the computer operating system's point of view such a token is a USB-connected smart card reader with one non-removable smart card present. https://store.theartofservice.com/the-smart-card-toolkit.html

  14. Reverse engineering - Reverse engineering of integrated circuits/smart cards • Welz: [http://www.crypto.rub.de/its_seminar_ws0708.html Smart cards as methods for payment] (2008), Seminar ITS-Security Ruhr-Universität Bochum https://store.theartofservice.com/the-smart-card-toolkit.html

  15. Reverse engineering - Reverse engineering of integrated circuits/smart cards • In some cases, it is even possible to attach a probe to measure voltages while the smart card is still operational https://store.theartofservice.com/the-smart-card-toolkit.html

  16. Payment card - Smart card • Using smart cards is also a form of strong security authentication for single sign-on within large companies and organizations. https://store.theartofservice.com/the-smart-card-toolkit.html

  17. Payment card - Smart card • EMV is the standard adopted by all major issuers of smart payment cards. https://store.theartofservice.com/the-smart-card-toolkit.html

  18. StarHub TV - Smart Card • It is black on the top showing the StarHub's logo and name, and at the back, the card is white and has a golden chip that stores the subscriber's information and channels they subscribe to and there is a message saying, do not remove the smart card from the set top box's slot to avoid service disruption. https://store.theartofservice.com/the-smart-card-toolkit.html

  19. SkyCable - Smart card • The smart card stores the subscriber’s information and the plan to which they subscribe.[http://www.skycable.com/2010/sep/digiexpert.html SKYCABLE - Be A Digibox Expert] https://store.theartofservice.com/the-smart-card-toolkit.html

  20. Smart card • A 'smart card', 'chip card', or 'integrated circuit card' ('ICC') is any pocket-sized card with embedded integrated circuits. Smart cards are made of plastic, generally polyvinyl chloride, but sometimes polyethylene terephthalate based polyesters, acrylonitrile butadiene styrene or polycarbonate. https://store.theartofservice.com/the-smart-card-toolkit.html

  21. Smart card • Since April 2009, a Japanese company has manufactured reusable financial smart cards made from paper. https://store.theartofservice.com/the-smart-card-toolkit.html

  22. Smart card • Smart cards can provide identity document|identification, authentication, data storage and application processing. Smart cards may provide strong security authentication for single sign-on (SSO) within large organizations. https://store.theartofservice.com/the-smart-card-toolkit.html

  23. Smart card - Invention • An important patent for smart cards with a microprocessor and memory as used today was filed by Jürgen Dethloff in 1976 and granted as USP 4105156 in 1978.http://worldwide.espacenet.com/publicationDetails/originalDocument?FT=Ddate=19780808DB=EPODOClocale=en_EPCC=USNR=4105156AKC=AND=4 https://store.theartofservice.com/the-smart-card-toolkit.html

  24. Smart card - Invention • In 2008 Dexa Systems spun off from Schlumberger and acquired Enterprise Security Services business, which included the smart card solutions division responsible for deploying the first large scale public key infrastructure (PKI) based smart card management systems. https://store.theartofservice.com/the-smart-card-toolkit.html

  25. Smart card - Invention • The first mass use of the cards was as a telephone card for payment in French payphone|pay phones, starting in 1983. https://store.theartofservice.com/the-smart-card-toolkit.html

  26. Smart card - Carte Bleue • After the Télécarte, microchips were integrated into all French Carte Bleue debit cards in 1992. Customers inserted the card into the merchant's Point of sale|POS terminal, then typed the Personal identification number|PIN, before the transaction was accepted. Only very limited transactions (such as paying small Electronic toll collection|highway tolls) are processed without a PIN. https://store.theartofservice.com/the-smart-card-toolkit.html

  27. Smart card - Carte Bleue • Smart-card-based Stored value card|electronic purse systems store funds on the card so that readers do not need network connectivity https://store.theartofservice.com/the-smart-card-toolkit.html

  28. Smart card - Carte Bleue • Since the 1990s, smart-cards have been the Subscriber Identity Module|SIMs used in European GSM mobile phone equipment. Mobile phones are widely used in Europe, so smart cards have become very common. https://store.theartofservice.com/the-smart-card-toolkit.html

  29. Smart card - EMV • EMV-compliant cards and equipment are widespread except in a few countries such as the United States. Typically, a country's national payment association, in coordination with MasterCard International, Visa Inc.|Visa International, American Express and Japan Credit Bureau|JCB, jointly plan and implement EMV systems. https://store.theartofservice.com/the-smart-card-toolkit.html

  30. Smart card - EMV • Historically, in 1993 several international payment companies agreed to develop smart-card specifications for debit card|debit and credit cards. The original brands were MasterCard, Visa Inc.|Visa, and Europay. The first version of the EMV system was released in 1994. In 1998 the specifications became stable. https://store.theartofservice.com/the-smart-card-toolkit.html

  31. Smart card - EMV • EMVCo maintains these specifications. EMVco's purpose is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version. EMVco upgraded the specifications in 2000 and 2004.[http://www.emvco.org/ EMVco] https://store.theartofservice.com/the-smart-card-toolkit.html

  32. Smart card - Development of contactless systems • Contactless smart cards do not require physical contact between a card and reader. They are becoming more popular for payment and ticketing. Typical uses include mass transit and motorway tolls. Visa and MasterCard implemented a version deployed in 2004–2006 in the U.S. Most contactless fare collection systems are incompatible, though the MIFARE Standard card from NXP Semiconductors has a considerable market share in the US and Europe. https://store.theartofservice.com/the-smart-card-toolkit.html

  33. Smart card - Development of contactless systems • Smart cards are also being introduced for identification and entitlement by regional, national, and international organizations. These uses include citizen cards, drivers’ licenses, and patient cards. In Malaysia, the compulsory national ID MyKad enables eight applications and has 18 million users. Contactless smart cards are part of ICAO biometric passports to enhance security for international travel. https://store.theartofservice.com/the-smart-card-toolkit.html

  34. Smart card - Design • * Dimensions similar to those of a credit card. ID-1 of the ISO/IEC 7810 standard defines cards as nominally . Another popular size is ID-000 which is nominally (commonly used in Subscriber Identity Module|SIM cards). Both are thick. https://store.theartofservice.com/the-smart-card-toolkit.html

  35. Smart card - Design • * Contains a tamper-resistant security system (for example a secure cryptoprocessor and a secure file system) and provides security services (e.g., protects in-memory information). https://store.theartofservice.com/the-smart-card-toolkit.html

  36. Smart card - Design • * Managed by an administration system which securely interchanges information and configuration settings with the card, controlling card Blacklist (computing)|blacklisting and application-data updates. https://store.theartofservice.com/the-smart-card-toolkit.html

  37. Smart card - Design • * Communicates with external services via card-reading devices, such as ticket readers, Automated teller machine|ATMs, Dip reader|DIP reader, etc. https://store.theartofservice.com/the-smart-card-toolkit.html

  38. Smart card - Contact smart cards • Contact smart cards have a contact area of approximately , comprising several gold-plated contact pads. These pads provide electrical connectivity when inserted into a Card reader|reader, which is used as a communications medium between the smart card and a host (e.g., a computer, a point of sale terminal) or a mobile telephone. Cards do not contain Battery (electricity)|batteries; power is supplied by the card reader. https://store.theartofservice.com/the-smart-card-toolkit.html

  39. Smart card - Contact smart cards • * communications protocols, including commands sent to and responses from the card https://store.theartofservice.com/the-smart-card-toolkit.html

  40. Smart card - Contact smart cards • Because the chips in financial cards are the same as those used in subscriber identity modules (SIMs) in mobile phones, programmed differently and embedded in a different piece of Polyvinyl chloride|PVC, chip manufacturers are building to the more demanding GSM/3G standards. So, for example, although the EMV standard allows a chip card to draw 50mA from its terminal, cards are normally well below the telephone industry's 6mA limit. This allows smaller and cheaper financial card terminals. https://store.theartofservice.com/the-smart-card-toolkit.html

  41. Smart card - Contact smart cards • Communication protocols for contact smart cards include T=0 (character-level transmission protocol, defined in ISO/IEC 7816-3) and T=1 (block-level transmission protocol, defined in ISO/IEC 7816-3). https://store.theartofservice.com/the-smart-card-toolkit.html

  42. Smart card - Contactless smart cards • A second card type is the contactless smart card, in which the card communicates with and is powered by the reader through RF induction technology (at data rates of 106–848kbit/s). These cards require only proximity to an antenna to communicate. https://store.theartofservice.com/the-smart-card-toolkit.html

  43. Smart card - Contactless smart cards • Like smart cards with contacts, contactless cards do not have an internal power source. Instead, they use an inductor to capture some of the incident radio-frequency interrogation signal, rectifier|rectify it, and use it to power the card's electronics. https://store.theartofservice.com/the-smart-card-toolkit.html

  44. Smart card - Contactless smart cards • APDU transmission via a contactless interface is defined in ISO/IEC 14443-4. https://store.theartofservice.com/the-smart-card-toolkit.html

  45. Smart card - Hybrids • Dual-interface cards implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Porto's multi-application transport card, called Andante ticket|Andante, which uses a chip with both contact and Contactless smart card|contactless (ISO/IEC 14443 Type B) interfaces. https://store.theartofservice.com/the-smart-card-toolkit.html

  46. Smart card - Financial • Smart cards serve as credit or Automatic teller machine|ATM cards, fuel cards, mobile phone Subscriber Identity Module|SIMs, authorization cards for pay television, household utility pre-payment cards, high-security identification and access-control cards, and public transport and public phone payment cards. https://store.theartofservice.com/the-smart-card-toolkit.html

  47. Smart card - Financial • Cryptographic protocols protect the exchange of money between the smart card and the machine https://store.theartofservice.com/the-smart-card-toolkit.html

  48. Smart card - Financial • * Visa: Visa Contactless, Quick VSDC, qVSDC, Visa Wave, MSD, payWave https://store.theartofservice.com/the-smart-card-toolkit.html

  49. Smart card - Financial • Roll-outs started in 2005 in the U.S. Asia and Europe followed in 2006. Contactless (non-PIN) transactions cover a payment range of ~$5–50. There is an ISO/IEC 14443 PayPass implementation. Some, but not all PayPass implementations conform to EMV. https://store.theartofservice.com/the-smart-card-toolkit.html

  50. Smart card - Financial • Non-EMV cards work like magnetic stripe cards. This is common in the U.S. (PayPass Magstripe and VISA MSD). The cards do not hold or maintain the account balance. All payment passes without a PIN, usually in off-line mode. The security of such a transaction is no greater than with a magnetic stripe card transaction. https://store.theartofservice.com/the-smart-card-toolkit.html

More Related