1 / 87

Smart Cards

Smart Cards. By Sravanthi Karumanchi. Introduction. The semiconductor revolution has advanced to the point where the computing power that once took up an entire room can now me lost among the spare change, house keys or candy wrappers in the average pocket.

nitsa
Télécharger la présentation

Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Cards By Sravanthi Karumanchi

  2. Introduction • The semiconductor revolution has advanced to the point where the computing power that once took up an entire room can now me lost among the spare change, house keys or candy wrappers in the average pocket. • Smart cards have proven to be quite useful as a transaction/authorization/identification medium. • As their capabilities grow, they could become the ultimate thin client, eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs.

  3. History • The roots of the current day smart card can be traced back to the US in the early 1950s when Diners Club produced the first all-plastic card to be used for payment applications. • VISA and MasterCard then entered the market, but eventually the cost pressures of fraud, tampering, merchant handling, and bank charges made a machine-readable card necessary

  4. What is a Smart card? • A smart card is a credit card sized plastic card with an embedded computer chip. • The chip can either be a microprocessor with internal memory or a memory chip with non-programmable logic. • They can be programmed to accept, store and send data.

  5. Need for a smart card • An advanced security system is worthless if it is so inconvenient for the users that they always find a way around it. For example, many users have so many passwords to remember today that they often write them down in easily accessible places or choose simple easily guessed passwords. Smart cards can easily store large passwords. • Being a computer in itself, smart cards can also perform advanced security functions like storage of cryptographic keys and ability to perform cryptographic algorithms.

  6. Need for a smart card • Smart cards provide tamper-resistant storage for protecting sensitive information like private keys, account numbers, passwords, and other forms of personal information. • They can isolate security-critical computations that involve authentication, key exchange and digital signatures from other parts of the system that do not have a "need to know". Since computations can be done in the card itself, the keys need not exist anywhere other than the card itself. This prevents malicious sniffing programs from getting hold of the key.

  7. Need for a smart card • They provide a level of portability to securely move information from one system to another. • They can run custom code and thus are programmable.

  8. Smart card • Difference between smart cards and magnetic smart card • Magnetic stripe card does not have a chip embedded in them • A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).

  9. Electronic Module • The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a smart card reader.

  10. Physical structure • The International Standards Organization ( ISO) 7810, 7816/1, 7816/2 specifies the physical structure of the smart card. • A printed circuit and an integrated chip are embedded on the card

  11. Physical Structure • An integrated circuit chip consists of a • Microprocessor • Read only memory (ROM) • Nonstatic random access memory (RAM) • Electrically erasable programmable read only memory (EEPROM), which will retain its state when the power is removed. • Programmable read only memory (PROM) • Erasable programmable ROM (EPROM) • The current circuit chip is made from silicon, which is not flexible and particularly easy to break. Therefore, in order to avoid breakage when the card is bent, the chip is restricted to only a few millimeters in size. • This also limits the memory and processing resources that may be placed on the card. As a result, the smart card always has to incorporate with other external peripherals to operate.

  12. Smart card architecture elements • Central Processing Unit • Traditionally there is a 8 bit controller, but nowadays 16 bit and 32 bit chips are also used. • Smart Card CPUs execute machine instructions at a speed of approximately 1 MIPS. A coprocessor is often included to improve the speed of encryption computations. • Memory System • RAM. 1K. This is needed for fast computation and response. Only a tiny amount is available. • EEPROM (Electrically Erasable PROM). Between 1 to 24K. Unlike RAM, its contents are not lost when power is. Applications can run off and write to it, but it is very slow and one can only read/write to it so many (100 000) times. • ROM. Between 8 to 24K. The Operating System and other basic software like encryption algorithms are stored here.

  13. Smart card architecture elements • Input /Output • This is via a single I/O port that is controlled by the processor to ensure that communications are standardized, in the form of APDUs (A Protocol Data Unit). • Interface Devices(IFDs) • Smart Cards need power and a clock signal to run programs, but carry neither. Instead, these are supplied by the Interface Device - usually a Smart Card Reader - in contact with the card. • In addition to providing the power and clock signals, the reader is responsible for opening a communication channel between application software on the computer and the operating system on the card • The communication channel to a Smart Card is half-duplex.

  14. Smart card architecture elements • Interface Devices • The receiver is required to sample the signal on the serial line at the same rate as the transmitter sends it in order for the correct data to be received. This rate is known as the bit rate or baud rate. • Data received by and transmitted from a Smart Card is stored in a buffer in the Smart Card's RAM. As there isn't very much RAM, relatively small packets (10 - 100 bytes) of data are moved in each message.

  15. Smart Card Dimensions • Two physical dimensions are specified for smart cards. The most popular form is approximately the size of a credit card. Small enough to be conveniently portable, the card is large enough to display graphics and advertising on its side. The second, smaller smart card size, specified by the European Telecommunications Standards Institute (ETSI), is used specifically for Global System for Mobile Communications (GSM) phones, the predominant cellular phone technology system in Europe.

  16. How does a smart card work? • All smart cards have essentially the same physical interface to the outside world, the smart card reader. To use a smart card, an end user simply inserts it into a read / write device where it remains for the duration of a session or transaction. • The user provides a PIN or password as they would at an ATM machine providing the added protection of two-factor authentication.

  17. How does a smart card work? • While still in the reader, the card interacts with securitysoftware on the local machine and the network as needed. It confines certain operations, such as those involving a user’s private key, to the card itself. That means the private key and any digital certificates never leave the card. All computations involving them happen internally and securely so only the cardholder can access the private key. • When a session or workday is over, the user removes the card and keeps it in a safe place. Without the card, unauthorized individuals can’t hack into protected resources.

  18. How is authentication done • Insert the smart card into a reader. The smart card contains the cryptographic keys and biometric fingerprint data. • Enter PIN (or password), in order to unlock the digital representation of the fingerprint. In the trade, this is known as the minutia data. • Place the finger on the scanner. The scanned fingerprint is compared to the fingerprint data on the smart card. • If the data matches, the smart-card fingerprint data is converted into a number and combined with the smart-card secret PIN (retrieved in Step 2) and used as a symmetric cryptographic key to decrypt the private key. • A nonce (random number) is passed from the computer application to the smart card. • The private key on the smart card is used to encrypt the nonce and pass it back to the application. • The application verifies that a certified public key obtained from the network-based directory service or from the card does, in fact, decrypt the encrypted message from the card and reveal the same nonce that was originally passed to the card.

  19. Smart card Variations

  20. Contact Smart Cards • Contact smart cards must be inserted into a smart card reader device where pins attached to the reader make contact with pads on the surface of the card to read and store information in the chip.

  21. Contactless Smart Cards • Contactless smart cards contain an embedded antenna instead of contact pads attached to the chip for reading and writing information contained in the chip's memory. • Contactless cards do not have to be inserted a smart card reader. Instead, they need only be passed within range of a radio frequency acceptor to read and store information in the chip. • These cards have an antenna embedded inside the microchip that allow the card to communicate with an antenna coupler unit without physical contact.

  22. Contactless Smart Cards • The range of operation is typically from about 2.5" to 3.9" (63.5mm to 99.06mm) depending on the acceptor. • Student identification, electronic passport, vending, parking and tolls are common applications for contactless cards.

  23. Proximity Cards • Proximity cards or simply prox cards communicate through an antenna similar to contactless smart cards except that they are read-only devices that generally have a greater range of operation. • The range of operation for prox cards is typically from 2.5" to 20" (63.5mm to 508mm) • They are growing in popularity because of the convenience they offer markets such as walk-through access terminals in mass transportation, security, identification, and access control

  24. Proximity Cards • Prox cards are available from several sources in both ISO thickness cards from .027" to .033" and clamshell cards from .060" to over .070" thick • They are used in security, identification, and access control applications, especially door access where fast, hands-free operation is preferred.

  25. Hybrid Card • There will be some period of time in which there will be some magnetic stripe-only cards, some chip-only cards, and many cards that will carry both a chip and a magnetic stripe as seen by the recent release of the America Express Blue card. A hybrid infrastructure is expected to accommodate the transition. • A Hybrid card has two chips, each with its respective contact and contactless interface. The two chips are not connected, but for many applications, this Hybrid serves the needs of consumers and card issuers.

  26. Hybrid Card • Hybrid card is the term given to e-cards that contain two or more embedded chip technologies such as a contactless smart chip with its antenna, a contact smart chip with its contact pads, and/or a proximity chip with its antenna all in a single card.

  27. Combi Card • The combi card also known as a dual-interface card i.e., with a contact and contactless interface. • It has one smart chip embedded in the card that can be accessed through either contact pads or an embedded antenna. It is now possible to access the same chip via a contact or contactless interface, with a very high level of security.

  28. Combi Card • In the mass transit application, a contact-type acceptor can be used to place a cash value in the chip's memory and the contactless interface can be used to deduct a fare from the card.

  29. Difference between a Hybrid and a Combi card • The main difference between a combi card and a hybrid card is that a combi card has only one chip and a hybrid card has two chips.

  30. Cryptographic Smart cards • Cryptographic cards or crypto cards are high-end microprocessor memory cards with additional support for cryptographic operations (digital signatures and encryption) • Crypto cards are designed to allow secure storage of private keys (or other secret keys). • These cards will also perform the actual cryptographic functions on the smart card itself. In this way, the private key need never leave the smart card.

  31. Cryptographic Smart cards • Since the EEPROM of these cards is designed to be tamper-resistant, unauthorized individuals are unable to hack the card secrets it’s virtually hacker-resistant. As a result, crypto cards play an essential part of any public/private key system

  32. Vault Smart Cards • These cards are activated upon user entry of a PIN (personal identification number) directly on the card. • The card self verifies the PIN, and then activates the smart module. The card is then handed to the merchant to complete the transaction. • After a transaction is completed, the card automatically returns to an inactive state and cannot be used again without reactivation PIN input. • Entry and verification process is fast, simple, and secure. Card self-verification eliminates the need for an external PIN database and also eliminates transmission of a PIN, reducing the chance of interception and misuse.

  33. Memory and Microprocessor Chips • The chips used in all the cards mentioned above fall into three categories: • microprocessor chips • memory chips. • Optical memory cards

  34. Memory Chip • A memory chip can be viewed as small floppy disks with optional security • Memory cards can hold from 103 bits to 16,000 bits of data, but have no processor on the card with which to manipulate that data. • They are less expensive than microprocessor cards but with a corresponding decrease in data management security. • They are used for storage and retrieval only.

  35. Memory Chip • They depend on the security of the smart card reader for their processing and are ideal when security requirements permit use of cards with low to medium security. • Smart-card memory chips are used for data storage and identification applications.

  36. Classification of memory cards • Memory chips are of three kinds • Straight memory cards:These cards just store data and have no data processing capabilities. They should be regarded as floppy disks of varying sizes without the lock mechanism. • Protected/Segmented memory cards:These cards have built-in logic to control the access to the memory of the card. Sometimes referred to as intelligent memory cards these devices can be set to write protect some or the entire memory array. Some of these cards can be configured to restrict access to both reading and writing. This is usually done through a password or system key. Segmented memory cards can be divided into logical sections for planned multi-functionality.

  37. Classification of memory cards • Stored value memory cards: These cards are designed for the specific purpose of storing value or tokens. The cards are either disposable or rechargeable. Most cards of this type incorporate permanent security measures at the point of manufacture. These measures can include password keys and logic that are hard-coded into the chip by the manufacturer. For simple applications such as a telephone card the chip has 60 or 12 memory cells, one for each telephone unit. A memory cell is cleared each time a telephone unit is used. Once all the memory units are used, the card becomes useless and is thrown away. This process can be reversed in the case of rechargeable cards.

  38. Microprocessor Chips • Microprocessor cards (also generally referred to by the industry as chip cards) offer greater memory storage and security of data. • Chips that contain both memory and a microprocessor are also similar to a small floppy disk, except they contain an intelligent controller used to securely add, delete, change, and update information contained in memory. • The more sophisticated microprocessor chips have state-of-the-art security features built in to protect the contents of memory from unauthorized access.

  39. Microprocessor Chips • A microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk. • Microprocessor chips are available 8, 16, and 32 bit architectures. Their data storage capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected with semiconductor technology advances. • The current generation of chip cards has an eight-bit processor, 16KB read-only memory, and 512 bytes of random-access memory. This gives them the equivalent processing power of the original IBM-XT computer, albeit with slightly less memory capacity.

  40. Optical Memory Cards • Optical memory cards look like a card with a piece of a CD glued on top, which is basically what they are. • Optical memory cards can store up to 4 MB of data. • These cards can carry many megabytes of data, but the cards can only be written once and never erased with today’s technology. • Thus, this type of card is ideal for record keeping for example medical files, driving records, or travel histories.

  41. Multi-application Smart Card • Since the microprocessor cards have a reasonable amount of memory, one can have multiple applications residing in the card at the same time. • Multifunction smart cards allocate card memory into independent sections assigned to a specific function or application. • Within the card is a microprocessor or microcontroller chip that manages this memory allocation and file access. • This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organized file structures, via a card operating system (COS).

  42. Multi-application Smart Card • The technology permits information updates without replacement of the installed base of cards, greatly simplifying program changes and reducing costs.

  43. Multi-application Smart Card • A student uses the card as a basic ID, to check out books from the library, and to decrement value for the meal plan and campus vending machines. The student might also use it for secure access to certain buildings and to the university’s computer system. • The figure shows a overview of uses of multi-application smart card

  44. Chip Operating System • The smart card’s chip operating system, is a sequence of instructions, permanently embedded in the ROM of the smart card. • The functional characteristics of the smart card are determined by its operating system • The operating system receives outside commands and executes them provided that certain processing conditions are met.

  45. Chip Operating System • The baseline functions of the COS which are common across all smart card products include: • Management of interchanges between the card and the outside world, primarily in terms of the interchange protocol • Management of the files and data held in memory       • Access control to information and functions (for example, select file, read, write, and update data.) • Management of card security and cryptographic algorithm procedures. • Maintaining reliability, particularly in terms of data consistency, sequence interrupts, and recovering from an error. • Management of various phases of the card’s life cycle (that is, microchip fabrication, personalization, active life, and end of life)

  46. Communication Protocol • Smart cards speak to the outside world using data packages called APDU( application protocol data units) • APDU contains either command or response message • Smart card always waits for command APDU from a terminal. It plays a passive role • It then executes the action specified and replies to the terminal using a response APDU.

  47. A Smart card transaction • The steps in a typical smart card transaction are set out below: • Step 1: Connection In a smart card system for contact cards, the card is inserted in a reader device. Contactless cards need only be passed near a target. • Step 2: Authentication of the card The card generates a message to the reader, which confirms that it is a valid card. The message may be encrypted for security purposes. The reader can also check the card against a list of stolen cards and if necessary lock it so that it can no longer be used.

  48. A Smart card transaction • Step 3: Authentication of the reader The reader sends a message to the card, which is checked against pre-programmed codes to establish if the reader is valid. If the card is not satisfied that the reader is valid, it can prevent the reader gaining access to the information held on the card. • Step 4: Selecting an application A single smart card may support many different applications, which may be inter-related or quite distinct. The desired application can be selected by the cardholder, by a person with access to the reader, or chosen automatically by the reader or the card depending on the form of the initial authentication.

  49. A Smart card transaction • Step 5: Identifying security requirements The card is able to define the security requirements for the selected application. The card can enforce different levels of security for different purposes or for different persons or organizations. • Step 6: Authenticating the card-holder This can be done by either requiring the cardholder to enter a PIN (personal identification number) or some sort of biometric information (for example; fingerprints, retina scan or signature dynamics). The card keeps the relevant information to make a comparison in a secret area. It can make the comparison without divulging to the cardholder the data it holds for the authentication procedure.

  50. A Smart card transaction • Step 7: The transaction The transaction is generated by manual entry or by an automated process. The card or reader checks and authorizes the transaction. • Step 8: Transaction record The card generates a record of the transaction and transmits it electronically to the reader. The record may be used in another part of the system (for example; to allow the service provider to collect actual payment from a bank in a stored value application); by a third party to the transaction for other purposes (for example; collecting statistics); or as back up data storage in case the card is lost or damaged. • Step 9: Hard copy A paper record (such as a receipt) can be generated by the reader for the cardholder or the service provider.

More Related