smart card analysis presentation

8/10/2019 Smart Card Analysis Presentation

1/22

SMART CARD


2/22

INTRODUCTION

A smart card, chip card, or integrated circuit card (ICC), isdefined as any pocket-sized card with embedded integrated

circuits which can process information. This implies that it can

receive input which is processed - by way of the ICC applications -

and delivered as an output.

The card is made of plastic, generally PVC, but sometimes ABS.The card may embed a hologram to avoid counterfeiting.

A smart card is a card that is embedded with either a

microprocessor and a memory chip or only a memory chip with

non-programmable logic.

The microprocessor card can add, delete, and otherwisemanipulate information on the card, while a memory-chip card (for

example, pre-paid phone cards) can only undertake a pre-defined

operation.

A smart cardis a card with a microchip in it. Such cards are used

as a method of identification and authentication.


3/22

CH R CTERESIS OF SM RT C RD

Dimensions are normally credit card size. The ID-1 of ISO 7810

standard defines them as 85.60 53.98 mm.

Contains a security system - tamper-resistant properties (e.g. a

secure cryptoprocessor,secure file system, human-readablefeatures) and is capable of providing security services.

Asset managed by way of a central administration system which

interchanges information and configuration settings with the card

through the security system. The latter includes card hotlisting,

updates for application data. Card data is transferred to the central administration system

through card reading devices, such as ticket readers, ATMs etc.


4/22

BENEFITS

Smart cards provide a means of effecting

business transactions in a flexible,

secure way with minimal humanintervention and in a standard way.Smart

cards are used as a method of

identification and authentication.


5/22

HISTORY OF SM RT C RDS

The chip card was invented by German rocket scientist Helmut

Grttrup and his colleague Jrgen Dethloff in 1968; the patent was

finally approved in 1982. The first mass use of the cards was for payment in French pay

phones, starting in 1983 (Tlcarte).

Roland Moreno actually patented his first concept of the memory

card in 1974. In 1977, Michel Ugon from Honeywell Bull invented the first

microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip

Microcomputer) that defines the necessary architecture to auto-

program the chip.

Three years later, the very first "CP8" based on this

patent was produced by Motorola.


6/22

A Finnish smart card, combining credit card and debit card properties.

The second use was with the integration of microchips into all French

debit cards (Carte Bleue) completed in 1992. Smart-card-based electronic purse systems (in which value is stored on

the card chip, not in an externally recorded account, so that machines

accepting the card need no network connectivity) were tried throughout

Europe from the mid-1990s.

The major boom in smart card use came in the 1990s, with theintroduction of the smart-card-based SIM used in GSM mobile phone

equipment in Europe.

The major boom in smart card use came in the 1990s, with the

introduction of the smart-card-based SIM used in GSM mobile phone

equipment in Europe. The first version of the EMV system was released in 1994.

The goal of EMVco is to assure the various financial institutions and

retailers that the specifications retain backward compatibility with the

1998 version.


7/22

TYPES OF SMART CARDS

Integrated Circuit (IC) Microprocessor Cards:

Microprocessor cards (also generally referred to by the industry as "chipcards") offer greater memory storage and security of data than atraditional mag stripe card. Chip cards also can process data on the card.

The current generation of chip cards has an eight-bit processor, 16KBread-only memory, and 512 bytes of random-access memory.

Some examples of these cards are:

Cards that hold money ("stored value cards")

Card that hold money equivalents (for example, "affinity cards) Cards that provide secure access to a network

Cards that secure cellular phones from fraud

Cards that allow set-top boxes on televisions to remain secure frompiracy


8/22

Integrated Circuit (IC) Memory Cards: IC memory cards can hold up to 1-4 KB of data, but have no

processor on the card with which to manipulate that data. Thus, they are dependent on the card reader (also known as the

card-accepting device) for their processing and are suitable for

uses where the card performs a fixed operation.

Optical Memory Cards: Optical memory cards look like a card with a piece of a CD glued

on top - which is basically what they are.

Optical memory cards can store up to 4 MB of data. But once

written, the data cannot be changed or removed.

Thus, this type of card is ideal for record keeping - for example

medical files, driving records, or travel histories.


9/22

COMPARISON OF SMART CARDSMaximum Data

Capacity

Processing

Power

Cost of

Card

Cost of Reader

and

Connection

Magnetic Stripe

Cards

140 bytes None $0.20 - $0.75 $750

Integrated Circuit

Memory

Cards

1 Kbyte None $1 - $2.50 $500

Integrated Circuit

Processor

Cards

8 Kbytes 8-bit cpu, moving

to 16- and 32-

bit

$7-$15 $500

Optical Memory

Cards

4.9 Mbytes None $7 - $12 $3,500 - $4,000


10/22

Contact smart card:

Contact smart cards have a small gold chip about 1cm by 1cm on thefront. When inserted into a reader, the chip makes contact with electricalconnectors that can read information from the chip and write informationback.

The ISO/IEC 7816and ISO/IEC 7810series of standards

define:

the physical shape

the positions and shapes of the electrical connectors

the electrical characteristics

the communications protocols the format of the commands sent to the card and the responses returned

by the card

robustness of the card

the functionality

The cards do not contain batteries; energy is supplied by the cardreader.


11/22

Contactless smart card:

A second type is the contactlesssmart card, in which the chip communicateswith the card reader through RFID induction technology (at data rates of 106to 848 kbit/s).

These cards require only close proximity to an antenna to completetransaction.

The standard for contactless smart card communications is ISO/IEC 14443,dated 2001.

It defines two types of contactless cards ("A" and "B"), allows forcommunications at distances up to 10 cm.

An alternative standard for contactless smart cards is ISO 15693, whichallows communications at distances up to 50 cm.

Example of widely used contactless smart cards are Hong Kong's Octopuscard, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate

the ISO/IEC 14443 standard.


12/22

Smart Card Standards

ISO 7816 is the international standard for Smart Cards.SIM

The introduction of smart cards for wireless communications occurred in the

early 1990s when GSM networks deployed the Subscriber Identity Module

(SIM) a security module initially deployed to provide a facility for

challenge/response authentication for GSM subscribers.

STK

The SIM evolved to incorporate the use of the SIM Toolkit (STK) - an important

API for securely loading applications to the SIM. STK allows the mobile

operator to create/provision services by loading them into the SIM without

changing anything in the GSM handset. One convenient way for loadingapplications to the SIM is over-the-air via Short Message Service (SMS).

UIM

Introduced by the CDMA Development Group and the 3GPP2, the Removable

User Identity Module (R-UIM) card represents a smart card for use with CDMA

based mobile phones.


13/22

Java Card

The Java card sits on top of the smart card OS, allowing application

programmers access for deployment of services independent of the hardware

and OS of the smart card. Executable code is platform independent, meaning

that any card incorporating a Java Card interpreter can run the same

application. When coupled with the STK, the Java card allows services to load

and run on cards from different vendors.

WIM

Introduced with WAP specification 1.2, the WAP Identification Module (WIM)provides end-to-end security for WAP, improving on version 1.1 which only

provided transport security between the handset and the WAP gateway.

S@T

The SIM Alliance has proposed a SIM Alliance Toolkit (S@T) as an industry

standard for WAP based services for via any GSM phase 2+ phone that is notWAP enabled. The SIM Alliances states that one of the key benefits of S@T is

the availability of WAP based services to non-WAP phones. Furthermore, all

WAP browsers earlier than version 1.2 do not support WIM, making S@T and

an enabler of secure transactions thanks to the SIM.


14/22

ApplicationsFinancial:

The applications of smart cards include their use as credit or ATM cards, in a fuel

card, SIMs for mobile phones, authorization cards for pay television, pre-payutilities in household, high-security identification and access-control cards, and

public transport and public phone payment cards. Smart cards may also be used

as electronic wallets.

Identification:

A quickly growing application is in digital identification cards. In this application, thecards are used for authentication of identity. The most common example is in

conjunction with a PKI. The smart card will store an encrypted digital certificate

issued from the PKI along with any other relevant or needed information about the

card holder.

Gujarat was the first state in India to introduce the smart card license system in

1999. To date the Gujarat Government has issued 5 million smart card driving

licenses to its people.

Other

Smart cards are widely used to protect digital television streams. See television

encryption for an overview, and VideoGuard for a specific example of how

smartcard security worked (and was cracked).


15/22

Smart Cards Versus Magnetic Stripe Credit Cards

In the banking industry smart cards will be utilized to secure transactions,

in healthcare Contactcards may be used very effectively to transfer and

provide role based secure access to vital information required to save a

life. Many have argued that a mag stripe can be used the same way by

simply having identifying numbers encoded to retrieve information from theback end computer systems. This works well until you are away from the

back end system in an ER that cannot utilize the mag stripe. With contact

smart cards access requires at least two factors of authentication unless

there is an emergency then there is a privacy compliant emergency code

for first responders. If there is no card reader then the Cell Phone you carry

will more than likely contain a smart card in it, (GSM) and that phone may

be utilized as the device that authenticates and displays emergency

information about you that will save your life.


16/22

Smart Card Software

Smart Card software in India:

India has established credibility globally for its excellent resources and skills at very

competitive prices. Information technology companies in India understand the

industry need for diverse applications and offer a wide range of smart card based

software services and solutions.

Smart card software solutions:

Security solutions for electronic banking platform using 3DES and PKI

cryptography, ensuring secured financial transactions Security solutions for mobile

payments using SIM/WIM cards Campus card solutions used to store and manage

identification, access control, attendance monitoring, marks card and e-cash basedpayment information Security solutions using smart card as a copy protection

device for software .Solutions for distributors and retailers of consumer goods


17/22

Smart Card software services

Indian service providers offer Smart Card software services in designing,

developing and testing of solutions using Smart Cards and systems that meet

specific customer requirements on diverse hardware and software platforms.

Some areas of expertise include:

Chip operating systems

Loyalty applications

Electronic cash

Security and access controlCampus card solutions

Transportation applications

Automatic fare collection

Fleet management

RFID / IC Tags

Benefits

Indian service providers enable Corporations to reduce time-to-market and

provide higher level services. They overcome challenges by delivering strategic

services and successfully implementing Smart Card software solutions.


18/22

Problems of Smart Cards

The plastic card in which the chip is embedded is fairly flexible, and the

larger the chip, the higher the probability of breaking. Smart cards are

often carried in wallets or pockets a fairly harsh environment for a chip.

Using a smart card for mass transit presents a risk for privacy, because

such a system enables the mass transit operator (and the authorities) to

track the movement of individuals.

Smart cards used for client-side identification and authentication are

the most secure way for eg. internet banking applications, but the securityis never 100% sure.


19/22

Manufacturers:

Chips :

AtmelHitachi

Infineon

NXP (former Philips Semiconductors)

Samsung Electronics

Sony

STMicroelectronics

Unicore Microsystems

Cards :

ASK (contactless cards)

Gemalto

Giesecke & Devrient

ITG (contactless cards)

Oberthur Card Systems

Sagem Orga

Toppan printing


20/22

A Smart Card Platform for Mobile Code:

More concretely, we propose to use a secure platform for the executionof (remote) code in a smart card which functions as follows:

The smart card implements an interpreter for mobile code written in adomain-specific language optimally supporting the intended applicationdomain.

A client such as a service provider sends messages containing so-calledscriptswritten in the domain-specific language the card-residentinterpreter understands.

The card's runtime platform executes the script, handles userinteraction, and sends back the responses to the client.

The platform implements key management facilities in order to provideend-to-end security between the client and the smart card.

Furthermore, the platform gives certain guarantees to both - code anduser - that the scripts are executed as intended and no informationleakage or secret storage manipulation can occur by malicious code oran external attacker.


21/22

Flip-Chip-solutions for Smart cards and

Smart label:

The FC assembly process on substrates like PVC, specifically used in the smartcard industry, brings very high requirements in regards of maximumtemperature load and therefore on the FC assembly technology .Smart labelsare in some regards very similar to smartcards, on the other hand differentsubstrate materials are used and the pressure for low cost production is veryintense. Therefore the production and FC technology needs to be adapted from

a high end interconnection point of view to an low cost interconnection on veryinexpensive substrates in a very productive environment .

Applying an FC assembly technology yields to a new generation of WID-systems, extremely thin label. The chip operates contactlcss at a frequencystandard, e.g.13.56MHz. Reading distances depend on the chip type, theantenna on the smart label (smart label size), the reader antenna, and the

reader specification. Smart labels make it possible to store more informationthan with the widely spread barcode. These label allow automatic distribution,the control and the pursuit on-the-fly.

The user can archive his data in a non-volatile memory (EEPROM). Chipspecific options allow the user to burn in information or to lock certain memoryblocks. Other functionality can be implemented in the necessary reader

software.


22/22

smart card analysis presentation

Documents