Академический Документы
Профессиональный Документы
Культура Документы
The smart card is one of the latest additions to the world of information technology and perhaps
some of the most widely used ,but underestimated Electronics device in use today. In many cases
these device are in the front line , defending citizens and system alike against against attacks on
information security . Because they have tended to be small and often concealed ,smart Cards have
carried on their important work ,largely unnoticed, but this is changing .High profile use of smart
cards for IDs, Passports, credit cards and e-tickets. The smart card has a microprocessor or memory
chip embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. As an access-control device, smart cards make personal and business data
available only to the appropriate users. Another application provides users with the ability to make
a purchase or exchange value. Smart cards provide data portability, security and convenience.
Smart cards come in two varieties: memory and microprocessor Memory cards simply store data
and can be viewed as a small floppy disk with optional security A microprocessor card, on the
other hand ,can add, delete and manipulate information in its memory on the card. Similar to a
miniature computer, a microprocessor card has an input/output port operating system and hard disk
with built-in security features. On a fundamental level,microprocessor cards are similar to desktop
computers. They have operating systems, they store data and applications, they compute and
process information and they can be protected with sophisticated security tools. The self-
containment of smart card makes it resistant to attack as it
does not need to depend upon potentially vulnerable external resources. Because of this
characteristic, smart cards are often used in different applications, which require
strong security protection and authentication. For examples, smart card can act as an identification
card, which is used to prove the identity of the card holder. It also can be a medical card, which
stores the medical history of a person. Furthermore, the smart card can be used as a credit/debit
bank card which allows off-line transactions. All of these applications require sensitive data to be
stored in the card, such as biometrics information of the card owner, personal medical history, and
cryptographic keys for authentication, etc.
In the near future, the traditional magnetic strip card will be replaced and
integrated together into a single card by using the multi-application smart card, which is known as
an electronic purse or wallet in the smart card industry. The smart card is becoming more and more
significant and will play an important role in our daily life. It will be used to carry a lot of sensitive
and critical data about the consumers ever more than before .
Although considered a leading edge technology, IC contact cards, an original French invention,
have been with us for over 20 years. Since the 1970s, the history of smart cards has reflected steady
advances in chip capabilities and capacity, as well as increases in the number and variety of
applications.
1970 Dr. Kunitaka Arimura of Japan filed the first and only patent on the
smart card concept.
1974 Roland Moreno of France filed the original patent for the IC card, later dubbed the
"smart card".
1977 Three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger
began developing the IC card product.
1979 Motorola developed the first secure single chip microcontroller for use in French
banking.
1982 Field testing of serial memory phone cards took place in France--the world's first
major IC card test.
1984 Field trials of ATM bank cards with chips were successfully conducted.
1986 In March, 14,000 cards equipped with the Bull CP8 were distributed to clients of
the Bank of Virginia and the Maryland National Bank. Also, 50,000 Casio cards
were distributed to clients of the First National Palm Beach Bank and the Mall bank.
1987 First large-scale smart card application implemented in the United States with the
U.S. Department of Agriculture’s nationwide Peanut Marketing Card.
1991 First Electronic Benefits Transfer (EBT) smart card project launched for the
Wyoming Special Supplemental Nutrition Program for Women, Infants, and
Children (WIC).
1992 A nationwide prepaid (electronic purse) card project (DANMONT) was started in
Denmark.
1993 Field test of multi-function smart card applications in Rennes, France, where the
Telecarte function (for public phones) was enabled in a Smart Bank Card.
1994 Europay, MasterCard, and Visa (EMV) published joint specifications for global
microchip-based bank cards (smart cards). Germany began issuance of 80 million
serial memory chip cards as citizen health cards.
1995 Over 3 million digital mobile phone subscribers worldwide begin initiating and billing
calls with smart cards.
1996 Over 1.5 million VISA Cash stored value cards were issued at the Atlanta Olympics.
MasterCard and Visa began sponsorship of competing consortia to work on solving
the problems of smart card interoperability; two different card solutions were
developed: the Java Card backed by Visa, and the Multi-application Operating
System (MULTOS) backed by MasterCard.
1998 In September 1998, the U.S. Government’s General Services Administration and
the United States Navy joined forces and implemented a nine-application smart card
system and card management solution at the Smart Card Technology Center in
Washington, DC. The Technology Center's primary purpose is to demonstrate and
evaluate the integration of multi-application smart cards with other types of
technology, showcasing systems available for use in the Federal Government.
Microsoft announced its new Windows smart card operating system.
France began piloting a smart health card for its 50 million citizens.
1999 The U.S. Government’s General Services Administration has been involved in the
Smart Access Common ID Project for the past year. The Smart Access Common ID
Card program will establish a contract vehicle for use by all Federal agencies to
acquire a standard, interoperable employee identification card, from one or more
vendors, capable of providing both physical and logical (system/network) access to
all Federal employees.
PHYSICAL STRUCTURE
This section discusses the physical structure of a smart card and examines the components of
asmart card. It will also discuss all the phases of a card’s life cycle, and explores how the micro
controller handles and transfers data securely from the card manufacturer to the application
supplier and then to the bearer. As a result, we can determine how the data or information
stored on the card can be protected.
There are two main way to distinguish card type . On the one hand it is based on the related
application /Issuer type ,on the other it is the technical features and/or physical characteristics.
As there is close relation between the two –e.g.an ID card for government bearing security feature
in the card body.
In banking there are the standard debit/credit card in –ID-1 format both with similar
characteristics: A multi-layer card body with printed design ,some optional printed security
features, a magnetic strip ,a signature panel ,a hologram and more with a chip .The optical
personalization of the card is either done by embossing or by laser engraving.
New variations include non-standard ISO/IEC7810 cards in smaller sizes(e.g-VISA mini)
or different shapes. With the evolving trend to contactless payment even other form factors have
have shown up like key fobs or modules embedded in the shell of mobile phone. For a card body
which has no security element ,optical personalization is either done by inkjet and thermal transfer printing
or by laser engraving . Mobile phones which takes a complete ID-1 card are long gone ,but even the
ISO/IEC 7810ID -000 plug -in size has already a smaller successor : The Mini –UICC or 3rd
FormFactor(3FF).
Card Type Explanation Size
The printed circuit conforms to ISO standard 7816/3 which provides five connection points
for power and data. It is hermetically fixed in the recess provided on the card and is burned
onto the circuit chip, filled with a conductive material, and sealed with contacts protruding.
The printed circuit protects the circuit chip from mechanical stress and static electricity.
Communication with the chip is accomplished through contacts that overlay the printed circuit.
The capability of a smart card is defined by its integrated circuit chip. Typically, an
integrated circuit chip consists of a microprocessor, read only memory (ROM), no static
random access memory (RAM) and electrically erasable programmable read only memory
(EEPROM) which will retain its state when the power is removed. The current circuit chip
is made from silicon which is not flexible and particularly easy to break. Therefore, in order
to avoid breakage when the card is bent, the chip is restricted to only a few millimeters in size.
Furthermore, the physical interface which allows data exchange between the integrated
circuit chip and the card acceptor device (CAD) is limited to 9600 bits per second. The
communication line is a bi-directional serial transmission line which conforms to ISO
standard 7816/3. All the data exchanges are under the control of the central processing unit
in the integrated circuit chip. Card commands and input data are sent to the chip which
responses with status words and output data upon the receipt of these commands and data.
Information is sent in half duplex mode, which means transmission of data is in one
direction at a time. This protocol together with the restriction of the bit rate prevent massive
data attack on the card. In general, the size, the thickness and bend requirements for the
smart card are designed to protect the card from being spoiled physically. However, this
also limits the memory and processing resources that may be placed on the card. As a
result, the smart card always has to incorporate with other external peripherals to operate.
For example, it may require a device to provide and supply user input and output, time
and date information, power and so on. These limitations may degr ade the security of the
smart card in some circumstances, as the external elements are untrusted and precarious
PRODUCTION AND LIFE CYCLE
There is an operating system inside each smart card which may contain a manufacturer
identification number (ID), type of component, serial number, profile information, and so on.
More important, the system area may contain different security keys, such as manufacturer key
or fabrication key (KF), and personalization key (KP). All of this information should be kept
secret and not be revealed by others.
Hence, from the manufacturer to the application
provider, then the card holder, the production of a smart card is divided into different phases.
Limitation on transfer and access of data is incremental at different phases in order to protect
different areas in the smart card. There are five main phases for a typical smart card life cycle.
MATERIALS
The basic material used for cards is either supplied as foil for laminating or granulate in case of
injection moulding .The classical material used is PVC ,but due to environmental discussion and
higher lifetime requirements as well , other materials gain importance.
CUTTING
PRE-PERSONALISATION PHASE
This phase is carried out by the card suppliers. In this phase, the chip will be mounted on the
plastic card which may have the logo of the application provider printed on it. The connection
between the chip and the printed circuit will be made, and the whole unit can be tested. For
added security and to allow secure delivery of the card to the card issuer, the fabrication key will
be replaced by a personalisation key (KP). After that, a personalisation lock VPER will be written
to prevent further modification of the KP. In addition, physical memory access instructions will
be disabled. Access of the card can be done only by using logical memory addressing. This
rserves the system and fabrication areas being accessed or modified
GLUING
PERSONALISATION PHASE
This phase is conducted by the card issuers. It completes the creation of logical data structures.
Data files contents and application data are written to the card. Information of card holder
identity, PIN, and unblocking PIN will be stored as well. At the end, a utilization lock VUTIL will
be written to indicate the card is in the utilization phase.
FINISHED MODULES
UTILIZATION PHASE
This is the phase for the normal use of the card by the cardholder. The application system,
logical file access controls, and others are activated. Access of information on the card will be
limited by the security policies set by the application. This will be discussed in detail in the next
section.
MODULE ON BODY
Magnetic strip cards are widely used in a range of applications. They are low cost and easy to use
(read/write).This type of card is used for credit/debit and financial application.(ATM’s) .
CHIP CARDS
As the name suggests a chip –card is basically a plastic card that ,rather like the magnetic strip
card that has an electronic chip embedded in it.Historically these cards were easy to identify by
virtual of the contact that where usually gold/silver in colour.A chip card is accessed by placing it
within a card reader which simply makes physical contact with the gold pads,allowing the chip to
be powered and locked and for communication to take place.
The most common and least expensive smart cards are memory cards. This type of smart
Cards, contains EEPROM(Electrically Erasable Programmable Read-Only Memory),
non-volatile memory. Because it is non-volatile when you remove the card from the
reader , power is cut off, card stores the data. You can think of EEPROM, inside, just like
a normal data storage device which has a file system and managed via a microcontroller
(mostly 8 bit). This microcontroller is responsible for accessing the files and accepting
the communication. The data can be locked with a PIN (Personal Identification Number),
your password. PIN's are normally 3 to 8 digit numbers those are written to a special file
on the card. Because this type is not capable of cryptography, memory cards are used in
storing telephone credits, transportation tickets or electronic cash.
Fig-Microprocessor Card
ROM/RAM contains card operating system and working storage. EEPROM used for data storage
Typical specifications
-8-bit CPU
–Advertised as 16-bit by combining 8-bit register pairs
-16K-32K ROM
-256-512 bytes RAM
-4K-16K EEPROM
–Advertised in bits to make it sound bigger
Size ratio of memory cells:
RAM = 4xEEPROM size
= 16xROM size
•Everything has to be fabbed on the same die.
,
CONTACT-LESS SMART CARD:-
The contactless smart card, in which the chip communicates with the card reader
through RFID(Radio frequency ID) induction technology (at data rates of 106 to 848 kbit/s). These
cards require only close proximity to an antenna to complete transaction. They are often used when
transactions must be processed quickly or hands-free, such as on mass transit systems, where smart
cards can be used without even removing them from a wallet.
The standard for contactless smart card communications is ISO/IEC 14443. It defines two types of
contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There had
been proposals for ISO/IEC 14443 types C, D, E, F and G that have been rejected by the
International Organization for Standardization. An alternative standard for contactless smart cards
is ISO/IEC 15693, which allows communications at distances up to 50 cm. Transportation
service BEST uses smart cards for bus pass, which predate the ISO/IEC 14443 standard. All of
them are primarily designed for public transportation payment and other electronic
purse applications.
A related contactless technology is RFID (Radio Frequency IDentification). In certain cases, it can
be used for applications similar to those of contactless smart cards, such as for electronic toll
collection. RFID devices usually do not include writeable memory or microcontroller processing
capability as contactless smart cards often do.
There are dual-interface cards that implement contactless and contact interfaces on a single card
with some shared storage and processing. An example is Porto's multi-application transport card,
called Andante, that uses a chip in contact and contactless (ISO/IEC 14443 Type B).
Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-
in inductor to capture some of the incident radio-frequency interrogation signal, rectify it, and use it
to power the card's electronics.
Contactless smart cards offer advantages to both the organization issuing the card and the
cardholder. The issuing organization can support multiple applications on a single card,
consolidating an appropriate mix of technologies and supporting a variety of security policies for
different situations. Applications such as logical access to computer networks, electronic
payment, electronic ticketing and transit can be combined with physical access to offer a multi-
application and multi-technology ID credential. The issuer can also record and update
appropriate privileges from a single central location. The organization as a whole incurs lower
maintenance costs over the system life, due to the elimination of mechanical components and
reader resistance to vandalism and harsh environmental conditions. With hybrid and dual-
interface cards, issuers can also implement systems that benefit from multiple card technologies.
CONTCTLESS TECHNOLOGY SUPPORT PHYSICAL ACCESS
CONTROL APPLICATION
There are three primary contactless technologies considered for physical access control
applications: 125 kHz, ISO/IEC 14443, and ISO/IEC 15693 technologies. 125 kHz read-only
technology is used by the majority of today’s RFID access control systems and is based on de
facto industry standards rather than international standards. 125 kHz technology allows for a
secure, uniquely coded number to be transmitted and processed by a back-end system. The back-
end system then determines the rights and privileges associated with that card. Cards that comply
with these standards are intelligent, read/ write devices capable of storing different kinds of data
and operating at different ranges. Standards-based contactless smart cards can authenticate a
person’s identity, determine the appropriate level of access, and admit the cardholder to a
facility, all from data stored on the card. These cards can include additional authentication
factors (such as biometric templates or PINs) and other card technologies, including a contact
smart card chip, to satisfy the requirements of legacy applications or applications for which a
different technology is more appropriate.
Contactless smart card technologies offer security professionals features that can enhance
systems designed to control physical or logical access (i.e., access to networks or other online
resources). Contactless cards differ from traditional contact smart cards by not requiring physical
connectivity to the card reader. The card is simply presented in close enough proximity to the
reader and uses radio frequencies (RF) to exchange information. The use of contactless
technologies is particularly attractive for secure physical access, where the ID credential and
reader must work in harsh operating conditions, with a high volume of use or with a high degree
of user convenience. For example, consider the use of a contactless card to control access to
public transportation. The card can be presented to the reader without having to be removed from
a wallet or purse. The fare is automatically deducted from the card and access is granted. Adding
funds through appropriate machines at transit centers or banks then refreshes the card. The
process is simple, safe, and accurate.
Both hybrid and dual-interface contactless cards are becoming available. On a hybrid card,
multiple independent technologies share the common plastic card body but do not communicate
or interact with each other. For example, one card could carry a magnetic stripe, bar code, 125
kHz technology, picture ID, contact smart card module and either ISO/IEC 14443 or ISO/IEC
15693 contactless smart card technology. The advantage of a hybrid card is that existing installed
systems can be supported, while new features and functionality can also be offered through smart
card technologies. A dual-interface card includes a single chip with both contact and contactless
capabilities. Contact and contactless technologies can therefore be implemented on one card,
each addressing the application requirements most suited to its capabilities and sharing the same
data.
Hybrid and dual-interface technologies are complementary and, with thoughtful implementation,
transparent to the end user. With current technologies, security system designers can implement
an architecture that includes multiple ID credential technologies. This creates a significant
opportunity for more efficient credential management, improved user convenience, and easier
administration of multiple security policies and procedures. Through the use of the appropriate
card technology, cryptography, and digital signatures, logical access control can be incorporated
into networks and databases. And because the credential is a plastic card, it also supports the use
of pictures, logos, visual inspection information, holograms, digital watermarks, microprinting,
and other security markings to deter counterfeiting and impersonation. A single card is also more
efficient for the user, simplifying coordination for changes, reducing memorization for
complicated passwords or personal identification numbers (PINs), and decreasing the time for
authentication.
BENEFITS OF CONTACTLESS SMART CARD TECHNOLOGY
Contactless smart card technology is ideal for physical access control applications. Because ID
credentials and readers are typically exposed to the elements and have high usage, sealed
contactless technology prevents damage when cards and readers are exposed to dirt, water, cold,
and other harsh environmental conditions. With no mechanical reader heads or moving parts,
maintenance costs are minimized. Finally, with read ranges that can extend to many inches,
contactless technology offers the user the convenience of “hands free” access. The key benefits
of using contactless smart card technology for physical access are summarized below.
After a smart card is issued to the consumer by the application provider, the protection of the
card will be controlled by the application operating system mainly. Physical addressing mode of
accessing data is no longer available. Access of data has to be done through the logical file
structure on the card. This section will discuss how the operating system accomplishes the
security protection of the data stored on the card by examining the logical file structure and the
corresponding access controls of a smart card.
APPLICATION OF SMART CARD
Main Application
Public phone card (Pre-Paid)
Cellular Phone GSM card
Banking Card (Debit/Credit Card)
Health card
New Application
Electronics Purse
Transportation
Security Of Information
Identity
Retail &Loyalty
Physical Access Control
Satellite TV
IT Access Control
University Identification
Government Identification
40
35
30
25
20
15
10
0
Telecom Mobile Com. Identity Finance Transport Other
In fact, as mentioned above, the smart card has the capability to integrate those applications
together to form a multiple application card by utilising its embedded microprocessor and
memory storage spaces. However, this kind of integration is always limited by some of the
external logical elements rather than technical issues. For instance, in single application card
system, data stored in the card or even the card itself always belongs to the card issuer. In the
case of more than one application residing in a single card, this becomes impractical.
Moreover, we also have to consider how to partition the memory spaces for different
applications, and manage the rights and privileges of data accessing. This also relates to data
directory configuration and securities between each of them. Furthermore, the ability for
applications to communicate or share data between each others is another important concern
which may affect the whole design of the system and its operability.
Therefore, based on the natures and purposes of different applications, we discuss three different
kinds of infrastructure of multiple application smart card systems. The first one is minor
applications which co-operate with a dominant application. The second one will be the
integration of multiple applications under a single specification. At last, multiple independent
applications installed on a single card will be taken into an account.
Minor Applications Co-operate With Dominant Application.
While most of the existing smart card applications do not fully utilise both of the memory
storage and processing power of the card, it is feasible to integrate other minor applications
which make use of the existing resources and functionalities of the dominant system together.
This kind of system always requires co-operation between application providers. Figure shows
an overview of this system.
Minor applications co-operate with dominant Application.
Data Directory Configuration and Partitioning
As the minor applications reside under the existing dominant application and co-operate with it,
they should be acted as a subset under the dominant application logically. Figure below shows
the logical view and relationship between applications.
Technically, this can be done by placing minor applications under different sub-directories or
functional groups which are below the dominant application directory. Dedicated files (DFs) can
be used to separate and organize applications. Figure displays the structure and organization of
memory spaces inside the smart card.
DISADVANTAGE :
Today World is full of techie. So one can not offer perfect security against any technology .The
smart card also suffer from these techie. There is fraud and hacking also found to smart card.In
magnetic strip card , fraud become comman now a day .
Skimming –In this the information from valid card’s magnetic strip is copied to another card for
use in fraudulent automated transactions.
Counterfeiting –Here the plastic carrier /card is very carefully copied ,but the magnetic strip may
be blank or valid .
THE FUTURE
: