Академический Документы
Профессиональный Документы
Культура Документы
By
Sravanthi Karumanchi
Introduction
The semiconductor revolution has advanced to the
History
The roots of the current day smart card can be
Smart card
Difference between smart cards and
Electronic Module
The information or application stored in the
Physical structure
The International Standards Organization
Physical Structure
An integrated circuit chip consists of a
Microprocessor
Read only memory (ROM)
Nonstatic random access memory (RAM)
Electrically erasable programmable read only memory (EEPROM),
which will retain its state when the power is removed.
Programmable read only memory (PROM)
Erasable programmable ROM (EPROM)
5.
6.
7.
Insert the smart card into a reader. The smart card contains the
cryptographic keys and biometric fingerprint data.
Enter PIN (or password), in order to unlock the digital representation of
the fingerprint. In the trade, this is known as the minutia data.
Place the finger on the scanner. The scanned fingerprint is compared to
the fingerprint data on the smart card.
If the data matches, the smart-card fingerprint data is converted into a
number and combined with the smart-card secret PIN (retrieved in Step
2) and used as a symmetric cryptographic key to decrypt the private key.
A nonce (random number) is passed from the computer application to
the smart card.
The private key on the smart card is used to encrypt the nonce and pass
it back to the application.
The application verifies that a certified public key obtained from the
network-based directory service or from the card does, in fact, decrypt
the encrypted message from the card and reveal the same nonce that was
originally passed to the card.
Proximity Cards
Proximity cards or simply prox cards
Proximity Cards
Prox cards are available from several sources in
Hybrid Card
There will be some period of time in which there
Hybrid Card
Hybrid card is the term given to e-cards that
Combi Card
The combi card also known as a dual-
Combi Card
In the mass transit application, a contact-
designed to be tamper-resistant,
unauthorized individuals are unable to hack
the card secrets its virtually hackerresistant. As a result, crypto cards play an
essential part of any public/private key
system
Memory Chip
A memory chip can be viewed as small floppy
Memory Chip
They depend on the security of the smart
Microprocessor Chips
Microprocessor cards (also generally referred to by
Microprocessor Chips
A microprocessor chip can add, delete and otherwise
from the library, and to decrement value for the meal plan
and campus vending machines. The student might also use
it for secure access to certain buildings and to the
universitys computer system.
The figure shows a overview of uses of multi-application
smart card
Communication Protocol
Smart cards speak to the outside world using data packages
out below:
Step 1: Connection
In a smart card system for contact cards, the card is
inserted in a reader device. Contactless cards need only
be passed near a target.
Step 2: Authentication of the card
The card generates a message to the reader, which
confirms that it is a valid card. The message may be
encrypted for security purposes. The reader can also
check the card against a list of stolen cards and if
necessary lock it so that it can no longer be used.
cycle
Fabrication Phase: The chip manufacturers carry out
this phase. The silicon integrated circuit chip is created
and tested in this phase. A fabrication key (KF) is added
to protect the chip from fraudulent modification until it
is assembled into the plastic card support. The KF of
each chip is unique and is derived from a master
manufacturer key. Other fabrication data will be written
to the circuit chip at the end of this phase. Then the
chip is ready to deliver to the card manufacturer with
the protection of the key KF.
Access Control
The smart card access control system covers file access mainly.
Access Control
Two counters have to be implemented for each of the
Association.
GSM Standards
The specifications tie a telephone number to smart card, called a
Subscriber Identification Module (SIM) or User Identity Module
(UIM), rather than to a telephone handset. The SIM is inserted into
a telephone to activate it.
EMV Specifications
ISO
ISO 7816-1:Physical characteristics
ISO 7816-2:Dimensions and location of the
contacts
ISO 7816-3:Electronic signals and transmission
protocols
ISO 7816-4:Industry commands for
interchange
ISO 7816-5: Number system and registration
procedure for application identifiers
ISO 7816-6: Interindustry data elements
Attack Technologies
Attacks on smart cards are as follows
Invasive attacks
Noninvasive attacks
Physical attacks
Logical attacks
Trojan Horse attacks
Social Engineering attacks
Invasive attacks
Microprobing techniques are usually used to
Invasive attacks
Manual microprobing: Its major component is
a special optical microscope
Memory read out techniques: It is usually not
a practice to read out data from processor
directly. Microprobing is used to observe the
entire bus and record the values in the memory
as they are accessed.
Non-Invasive attacks
The attacked card is not physically harmed and the
Physical attacks
Physical attacks attempt to reverse engineering the
Logical attacks
Logical attacks occur when a smart card is
Single sign-on
The corporate user no longer has to remember multiple passwords to
multiple applications. On the contrary, the user simply inserts his smart
card, enters the PIN and the rest of the work is performed by the smart
card.
Mobility
Multiple applications on a single card
PKI
The core of solutions based on the Public Key Infrastructure (PKI) consists
of a pair of keys - the public key and the private key. Storing the private key
of the key pair underlying the PKI system is an essential part of security and
ease of use. The private key is stored in the chip of the smart card; thus, only
the cardholder can use his private key. The register of public keys is
maintained and administered by a trusted third party.
Economic benefits
Smart cards reduce transaction costs by eliminating paper and paper
handling costs in hospitals and government benefit payment programs.
Contact and contactless toll payment cards streamline toll collection
procedures, reducing labor costs as well as delays caused by manual
systems.
vehicle for issuing and carrying tickets - even though the single benefit
of being able to securely order/provide a ticket directly to chip cards
via the Internet is substantial. Airlines also want to use the cards to
provide tie-ins to their frequent-flyer programs and to cross-marketing
deals with auto rentals and hotels, as well as to provide simplified
access to private airline lounges.
Communication applications
The secure initiation of calls and identification of caller (for
Information Security
Employee access card with secured passwords and the potential
Healthcare
Banking
Internet
Bibliography
R. Anderson and M. Kuhn, "Tamper Resistance---a Cautionary Note," Proc. 2nd Usenix
Workshop on Electronic Commerce, Usenix, Berkeley, Calif., 1996, pp. 1-11.
R. Anderson, M. Kuhn, Low Cost Attacks on Tamper Resistant Devices," Security
Protocol workshop, April 1997, http://www.cl.cam.ac.uk/ftp/users/rja14/tamper2.ps.gz.
D. Boneh, R. DeMillo, and R. Lipton, On the Importance of Checking Cryptographic
Protocols for Faults," Advances in Cryptology: Proceedings of EUROCRYPT '97,
Springer-Verlag, May 1997, pp. 37-51.
Gemplus, http://www.gemplus.com/
Smart card Alliance, http://www.smartcardalliance.org/
Smart card basics, http://www.smartcardbasics.com/
Prepaid Smart Card Techniques,
http://ntrg.cs.tcd.ie/mepeirce/Project/Chaum/cardcom.html
Smart card groups: http://www.smartcardclub.co.uk/
Smart cards: A primer, http://www.javaworld.com/javaworld/jw-12-1997/jw-12javadev.html
CITI Projects: Smart cards: http://www.citi.umich.edu/projects/smartcard/
Schlumberger sema smart cards: http://www.smartcards.net/
Smart card center: White papers:
http://www.datacard.com/smart_card_center/white_papers.shtm
Multifunctionality of smart card: http://www.oberthurusa.com/whitepapers-multi.asp
M.U.S.C.L.E: http://www.linuxnet.com/
Bibliography
Paul Kocher, Joshua Jaffe, Benjamin Jun, Differential Power Analysis, Advances in
Cryptology, proceedings of Crypto'99, Lecture Notes in Computer Science 1666,
Springer-Verlag, pp. 388--397, 1999. http://citeseer.nj.nec.com/kocher99differential.html
Verisign: http://www.verisign.com/products/smartcard/
Smart card authority: http://www.smartcardauthority.com/
Comdex white papers: http://whitepapers.comdex.com/data/rlist?t=pd_10_30_10_68_4
SCIA: www.scia.org
CREC/KPMG: White paper, Smart cards:
http://cism.bus.utexas.edu/works/articles/smartcardswp.html
Smart card applications: http://www.smartcard.com.au/
Smart cards Overview: http://developer.netscape.com/tech/security/certs/cards.html
Smart card: http://palazzolo.members.easyspace.com/sun/smartcards.html
SSP Solutions: http://www.litronic.com/
Smart card: http://www.atis.org/tg2k/_smart_card.html
Smart card:
http://www.computerworld.com/databasetopics/data/story/0,10801,43436,00.html
Schlumberger sema smart cards: http://www.smartcards.net/infosec