Prepared by Prepared by NITHU.S.MENON NITHU.S.MENON

S2.MCA S2.MCA

SMART CARDSMART CARD

The smart card is one of the latest additions to The smart card is one of the latest additions to the world of information technology. the world of information technology. Similar in size to today's plastic payment card, Similar in size to today's plastic payment card, the smart card has a microprocessor or memory the smart card has a microprocessor or memory chip embedded in it that, when coupled with a chip embedded in it that, when coupled with a reader, has the processing power to serve many reader, has the processing power to serve many different applications.different applications.As an access-control device, smart cards make As an access-control device, smart cards make personal and business data available only to the personal and business data available only to the appropriate users. appropriate users. Another application provides users with the Another application provides users with the ability to make a purchase or exchange value. ability to make a purchase or exchange value.

Smart cards provide data portability, security and Smart cards provide data portability, security and convenience. Smart cards come in two varieties: convenience. Smart cards come in two varieties: memory and microprocessor. memory and microprocessor. Memory cards simply store data and can be viewed as Memory cards simply store data and can be viewed as a small floppy disk with optional security. a small floppy disk with optional security. A microprocessor card, on the other hand, can add, A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on delete and manipulate information in its memory on the card. Similar to a miniature computer, a the card. Similar to a miniature computer, a microprocessor card has an input/output port microprocessor card has an input/output port operating system and hard disk with built-in security operating system and hard disk with built-in security features. features. On a fundamental level, microprocessor cards are On a fundamental level, microprocessor cards are similar to desktop computers. They have operating similar to desktop computers. They have operating systems, they store data and applications, they systems, they store data and applications, they compute and process information and they can be compute and process information and they can be protected with sophisticated security tools. protected with sophisticated security tools.

The smart card is an electronic recording The smart card is an electronic recording device. Information in the microchip can device. Information in the microchip can instantaneously verify the cardholder's identity instantaneously verify the cardholder's identity and any privileges to which the cardholder may and any privileges to which the cardholder may be entitled. be entitled.

Information such as withdrawals, sales, and Information such as withdrawals, sales, and bills can be processed immediately and if/when bills can be processed immediately and if/when necessary; those records can be transmitted to necessary; those records can be transmitted to a central computer for file updating. a central computer for file updating.

What is a smart card?What is a smart card?

A smart card resembles a A smart card resembles a credit cardcredit card in size in size and shape, but inside it is completely different. and shape, but inside it is completely different. First of all, it First of all, it hashas an inside -- a normal credit an inside -- a normal credit card is a simple piece of plastic. The inside of a card is a simple piece of plastic. The inside of a smart card usually contains an smart card usually contains an embedded embedded microprocessormicroprocessor. .

The microprocessor is under a gold contact pad The microprocessor is under a gold contact pad on one side of the card. on one side of the card.

Smart cards are defined by the ISO 7816 Smart cards are defined by the ISO 7816 standards.standards.

Smarts cards may have up to 8 kilobytes of Smarts cards may have up to 8 kilobytes of

RAM, 346 kilobytes of ROM, 256 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit programmable ROM, and a 16-bit microprocessor. The smart card uses a serial microprocessor. The smart card uses a serial interface and receives its power from external interface and receives its power from external sources like a card reader. The processor uses sources like a card reader. The processor uses a limited instruction set for applications such as a limited instruction set for applications such as cryptographycryptography

How does a smart card works?How does a smart card works?

Smart Card Readers are also known as card Smart Card Readers are also known as card programmers (because they can write to a card), card programmers (because they can write to a card), card terminals, card acceptance device (CAD) or an interface terminals, card acceptance device (CAD) or an interface device (IFD). device (IFD). Smart cards are portable data cards that must Smart cards are portable data cards that must communicate with another device to gain access to a communicate with another device to gain access to a display device or a network. Cards can be plugged into a display device or a network. Cards can be plugged into a reader, commonly referred to as a card terminal, or they reader, commonly referred to as a card terminal, or they can operate using radio frequencies (RF). can operate using radio frequencies (RF).

When the smart card and the card reader When the smart card and the card reader come into contact, each identifies itself to come into contact, each identifies itself to the other by sending and receiving the other by sending and receiving information. If the messages exchanged do information. If the messages exchanged do not match, no further processing takes not match, no further processing takes place. place.

So, unlike ordinary bank cards, smart cards So, unlike ordinary bank cards, smart cards can defend themselves against can defend themselves against unauthorized users and uses in innovative unauthorized users and uses in innovative security measures. security measures.

SMART CARD READERSSMART CARD READERS

Dedicated terminalsUsually with a small screen, keypad, printer, often alsohave biometric devices such as thumb print scanner.

Computer based readersConnect through USB or COM

(Serial) ports

Communicating with a Smart Communicating with a Smart Card ReaderCard Reader

The reader provides a path for your application to send and receive The reader provides a path for your application to send and receive commands from the card. There are many types of readers commands from the card. There are many types of readers available, such as serial, PCCard, and standard keyboard models. available, such as serial, PCCard, and standard keyboard models. Unfortunately, the ISO group was unable to provide a standard for Unfortunately, the ISO group was unable to provide a standard for communicating with the readers so there is no one-size-fits-all communicating with the readers so there is no one-size-fits-all approach to smart card communication.approach to smart card communication.Each manufacturer provides a different protocol for communication Each manufacturer provides a different protocol for communication with the reader.with the reader.First you have to communicate with the reader. First you have to communicate with the reader. Second, the reader communicates with the card, acting as the Second, the reader communicates with the card, acting as the intermediary before sending the data to the card. intermediary before sending the data to the card. Third, the card will process the data and return it to the reader, Third, the card will process the data and return it to the reader, which will then return the data to its originating source. which will then return the data to its originating source.

What is a smart card operating What is a smart card operating system?system?

A smart card contains an integrated circuit (IC) chip containing A smart card contains an integrated circuit (IC) chip containing a central processing unit (CPU), random access memory a central processing unit (CPU), random access memory (RAM) and non-volatile data storage. Data stored in the smart (RAM) and non-volatile data storage. Data stored in the smart card's microchip can be accessed only through the chip card's microchip can be accessed only through the chip operating system (COS). Smart cards provide a secure, operating system (COS). Smart cards provide a secure, portable platform for "any time, anywhere" computing that can portable platform for "any time, anywhere" computing that can contain and manipulate substantial amounts of data, especially contain and manipulate substantial amounts of data, especially an individual's personal digital identity.an individual's personal digital identity.Smart cards are a type of mini computer with an operating Smart cards are a type of mini computer with an operating system capable of running a variety of applications. JavaCard is system capable of running a variety of applications. JavaCard is a multi-application smart card operating system which provides a multi-application smart card operating system which provides an API with a set of standard classes through which common an API with a set of standard classes through which common java applets can be loaded and executed on the smart card. java applets can be loaded and executed on the smart card.

Java's portability allows smart cards to become a Java's portability allows smart cards to become a general-purpose computing platform while creating general-purpose computing platform while creating a potentially huge market for application software a potentially huge market for application software and development. and development.

Due to the increasing demand for smart card Due to the increasing demand for smart card applications, businesses and service providers are applications, businesses and service providers are constantly looking for innovations and applications constantly looking for innovations and applications for available services that could utilize smart card for available services that could utilize smart card technology.technology.

Types of Smart CardsTypes of Smart Cards

Contact Cards and Contactless CardsContact Cards and Contactless Cards

Contact Cards require insertion into a smart Contact Cards require insertion into a smart card reader with a direct connection to a card reader with a direct connection to a conductive micro-module on the surface of the conductive micro-module on the surface of the card.card.

Contactless Cards require only close proximity Contactless Cards require only close proximity (a few inches) of a reader (a few inches) of a reader

Categories of Smart CardsCategories of Smart Cards

Integrated Circuit (IC) Microprocessor Cards: Allow Integrated Circuit (IC) Microprocessor Cards: Allow for adding, deleting, or manipulating information in for adding, deleting, or manipulating information in memory, allowing for a variety of applications and memory, allowing for a variety of applications and dynamic read/write capabilities. Most Smart Cards in dynamic read/write capabilities. Most Smart Cards in use for mobile applications are of this type. use for mobile applications are of this type.

IC Memory Cards: Can store data, but do not have a IC Memory Cards: Can store data, but do not have a processor on the card. processor on the card.

Optical Memory Cards: Can only store data, but Optical Memory Cards: Can only store data, but have a larger memory capacity than IC memory have a larger memory capacity than IC memory cards.cards.

Security MechanismsSecurity Mechanisms

PasswordPassword Card holder’s protectionCard holder’s protection

Cryptographic challenge ResponseCryptographic challenge Response Entity authenticationEntity authentication

Biometric informationBiometric information Person’s identificationPerson’s identification

A combination of one or moreA combination of one or more

CONCLUSIONCONCLUSION

The self-containment of smart card makes The self-containment of smart card makes it resistant to attack as it does not need to it resistant to attack as it does not need to depend upon potentially vulnerable depend upon potentially vulnerable external resources. external resources.

Because of this characteristic, smart cards Because of this characteristic, smart cards are often used in different applications, are often used in different applications, which require strong security protection which require strong security protection and authentication.and authentication.

Smart cards are much more popular in Europe than in the United States. In Europe, the health insurance and banking industries use smart cards extensively. Every German citizen has a smart card for health insurance. Even though smart cards have been around in their modern form for at least a decade, they are just starting to take off in the United States.

References:References:

Smart Card HandbookSmart Card Handbook

ISO7816 standardsISO7816 standards

www.parivahan.nic.inwww.parivahan.nic.in

THANK YOUTHANK YOU