Smart Card - PowerPoint PPT Presentation

smart card n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Smart Card PowerPoint Presentation
play fullscreen
1 / 26
Smart Card
425 Views
Download Presentation
gzifa
Download Presentation

Smart Card

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Smart Card Syed Jabbar Computer Science Course: 60-520 Prof. : Dr. Imran Ahmad November 28, 2003

  2. What is Smart Card? Smart Card A Smart Card is a credit-card sized plastic card embedded with an Integrated Circuit Chip (ICC) Integrated Circuit Chip (ICC) • Only a memory chip with non-programmable logic • A Microprocessor with Internal Memory

  3. Smart Card History • 1974 French journalist Roland Moreno filed the first patent in France in 1974 • 1982 Phone cards were tested in France in 1982 • 1984 ATM bank cards were successfully conducted In Europe • On-line verification of transactions was very expensive because of the high cost of telecommunications • The Smart Card provided the verification off-line with security and low cost In USA (1987) • First large-scale smart card application was implemented in USA in 1987

  4. Why Use Smart Card • Security Physical Protection: It is not impossible to open a smart card physically and access data in it. But it is much harder than tampering a workstation. Logical Protection: - Provides on-card computing platform and memory storage which assures data security - Most smart card operating systems provide Cryptographic Facilities which allows data encryption and decryption • Portability Wallet size card, so it can be carried very easily separating from outside world

  5. Where Use Smart Card • Authentication Medical History, Student ID • Financial System For storing sensitive information: Credit Card, Bank Card • Physical Access and Transportation System Door Opening, Mass Transit Environment • Communications Public Telephone Card, Sim Card for cellular phone • Identification For holding password through which a user is identified to a system for accessing and processing the information Network System

  6. Physical Structure • Specified by International Standards Organization (ISO 7816) • A smart card must be 85.60 mm wide, 53.98 mm height, and 0.76 mm thick • The ICC is embedded on a plastic card, and a thin gold plate printed circuit (contact) is embedded on top of that. • The communication between the chip and the Smart Card Reader is done through this printed circuit. Printed Circuit ICC Plastic Card

  7. Types of Integrated Circuit Chip • Memory Card Simple memory storage device without any processing power • Logic Card Memory card with additional security functions • Microprocessor Card - With Embedded Microprocessor - Smart enough to offer sophisticated processing power as a processor device that offers multiple functions

  8. Contact Card Has a gold connector plate Data is transferred by physically contacting with the plate Credit Card, Debit Card Contactless Card Has an antenna coil embedded inside the card Communicates by radio frequency technology Parking Card Communication Interface Type Contact Card Contactless Card

  9. Hybrid Card Has two separate chips – one with contact another with contactless interface Combi Card Has a single chip – with contact and contactless interface Cheaper than Hybrid Card Proximity Card Contactless Card but read-only Communication Interface Type (Cont.) Hybrid Card Combi Card

  10. Contents of ICC • Memory Module • Read Only Memory (ROM) - Stores Operating System, Encryption Algorithms etc. - Size between 8KB and 32KB • Electrically Erasable Programmable ROM (EEPROM) (Non Volatile Memory (NVM)) - Stores Business Applications - Size around 64KB • Random Access Memory (RAM) - Used for fast computation and response - Size around 3KB

  11. Contents of ICC (Cont.) • Central Processing Unit (CPU) - Between 8bit and 32 bit Microprocessor - Uses the instruction set Motorola 6805, Intel 8051, Hitachi H8 • Input/Output (I/O) - Half-Duplex channel - Communicates with reader as Master/Slave relationship

  12. Smart Card Contacts • Vcc – Power Connection (generally 5 volts) • RST – Reset, used for initiating • CLK – Clock Signal • RFU – Reserved for Future Use • GND – Ground Line • VPP – High Voltage Signal to program the EEPROM • I/O – Half-Duplex communication channel • RFU – Reserved for Future Use

  13. Operating System • Functionality is not like Windows, Unix, DOS functionality • On-card commands to which the smart card responds • ISO 7816 describes a wide range of standard commands that smart card can implement • Most manufacturers offer cards with OS implementing some or all of these standard commands with or without manufacturer-specific extensions such as manufacturer identification number, serial number etc.

  14. File Structure • Smart card file is a contiguous block of smart card memory module • Most smart card operating system supports file system based on ISO 7816 standard • Similar to MS-DOS and UNIX tree-structured hierarchical file system with one master file serving as root of the file system • The master file may contain several sub files

  15. Smart Card Software • Host Software • Runs on Interface Device (IFD) or Smart Card Reader • Usually written in the high-level languages such as – C, C++, Java, BASIC, COBOL, Pascal, or FORTRAN • Host software sends command to the card operating system that executes on card processor and returns the results • As many kinds of smart cards can be presented to the reader, the host software responses to the particular cards that included in the host software system

  16. Smart Card Software (Cont.) • Card Software • Runs on Smart Card itself • Classified as operating system, utility, and application software • Written in Assembly language • Written for customizing or extending existing software for particular application, or creating a new and unique custom-built smart card • It is time consuming and very expensive

  17. Java Card • Java Card was introduced in October, 1996 • Accepts and runs programs written in high-level programming language - Java • Before Java Card the only way to write and load software on smart card was to do it by a smart card manufacturer which was very time consuming and expensive. • Although some smart card manufacturers used high-level languages such as C to create card software, the capability of using these tools to program was not passed to the card issuer or cardholder. • Allows developing smart card programming easily in affordable cost • Does not support all features of Java language, because of the size of smart card memory

  18. Hacking Smart Card • All key information of smart card is stored in the EEPROM • EEPROM write operations can be affected by unusual voltages and temperatures • The information can be hacked by raising or dropping the supplied voltage to the EEPROM • Some chips use additional sensors that monitor characteristics of the power supplied to the chip and the programs lock the card when it detects any attack

  19. Smart Card Life-Cycle There are five main steps from smart card manufacturing to its end-of-life: • Step 1 • ICC is created and tested by the manufacturer • A unique id - Fabrication Key (FK) is added to the ICC to protect the chip from fraud modification until next step • Step 2 • ICC is mounted on the plastic card • Connection is made between ICC and printed circuit • After testing, the FK is replaced by the personalization key (PK) • Physical memory access instruction is disabled

  20. Smart Card Life-Cycle (Cont.) Now the card can be accessed only by logical memory addressing • Step 3 • Data files and applications are written by Card Issuer • Stores card holder’s identity or PIN etc. • Step 4 • Card’s application system and logical file access controls are activated for use • Accessing card information is limited by the application’s security policies

  21. Smart Card Life-Cycle (Cont.) • Step 5 • Done by the application by writing the invalidation lock to the file(s) • All the writing and updating operations are disabled by the operating system • The read instructions may remain active for analysis purposes OR • Blocks all PINS, so all the operations are blocked including reads

  22. Current Development & Research • Biometric Feature • Some manufacturers offer smart cards which are verified with finger-print for authentication • Scanned by finger-print scanner (reader), Keyboard with built-in fingerprint sensor • Useful for E-commerce, Remote access etc. • Research • Research is going on to implement biometric technique which will provide on-card processing for authentication • Compares read finger-print with the finger-print template stored on card • If authentication fails, the card will not supply its secured information

  23. Comparing with Magnetic & Optical Card

  24. Conclusion Smart card is taking place in the environment where security and authentication is main concern. Inclusion of biometric feature in smart card provides added security. Companies especially financial companies that use magnetic stripe cards, are moving towards using smart card for its security and multi-functionality.

  25. Thank You

  26. Questions ?