SlideShare une entreprise Scribd logo

Smart card

Télécharger en tant que PPT, PDF
Santosh Khadsare
Santosh Khadsare

This is a compiled ppt of various ppt on the internet. Not my original work. Done for people who need ready refeerence

TechnologieBusiness
1  sur  73
Smart Cards Future Life……… Santosh Khadsare
Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology , making our life faster and obviously easier.
Plastic Cards  Visual identity application  Plain plastic card is enough  Magnetic strip (e.g. credit cards)  Visual data also available in machine readable form  No security of data  Electronic memory cards  Machine readable data  Some security (vendor specific)
What is a Smart Card? A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, cash payments , and other applications, and then periodically refreshed for additional use.
What is a smart card?
History 70’s Smart Card First Patent in Germany and later in France and Japan. 80’s Mass usage in Pay Phones and Debit Cards. 90’s Smart Card based Mobiles Chips & Sim Cards.
History 2000’s Payment and Ticketing Applications Credit cards, Mass transit (Smartrip) Healthcare and Identification Insurance information, Drivers license
Dimensions of smart card. 85.6mm x 53.98mm x 0.76mm(defined by ISO 7816)
Why use smart cards?  Can store currently up to 7000 times more data than a magnetic stripe card.  Information that is stored on the card can be updated.  Magnetic stripe cards are vulnerable to many types of fraud.  Lost/Stolen Cards  Skimming  Carding/ Phishing  Greatly enhances security by communicating with card readers using PKI algorithms.  A single card can be used for multiple applications (cash, identification, building access, etc.)  Smart cards provide a 3-fold approach to authentic identification: • Pin • Smartcard • Biometrics
Card Elements Magnetic Stripe Logo Chip Hologram Embossing (Card Number / Name / Validity, etc.)
Smart Cards devices GND VCC VPP Reset I/O Clock Varun Arora | varun@varunarora.in | Reserved www.varunarora.in
What’s in a Card? CL RST K Vcc RFU GND RFU Vpp I/O Varun Arora | varun@varunarora.in | www.varunarora.in
Electrical signals description VCC : Power supply input RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card) . CLK : Clocking or timing signal (optional use by the card). Fig : A smart card pin out GND : Ground (reference voltage). VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card. AUX1(C4): Auxilliary contact; USB devices: D+ AUX2(C8) : Auxilliary contact; USB devices: D-
CARD STRUCTURE Out of the eight contacts only six are used. Vcc is the supply voltage, Vss is the ground reference voltage against which the Vcc potential is measured, Vpp connector is used for the high voltage signal,chip receives commands & interchanges data.
Typical Configurations  256 bytes to 4KB RAM.  8KB to 32KB ROM.  1KB to 32KB EEPROM.  8-bit to 16-bit CPU. 8051 based designs are common.
Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card so data in the card is protected from unauthorized access. This is what makes the card smart.
Why Smart Cards? Security: Data and codes on the card are encrypted by the chip maker. The Smart Card’s circuit chip almost impossible to forge. Trust: Minimal human interaction. Portability. Less Paper work: Eco-Friendly
Two Types of Chips Memory chip Microprocessor  Acts as a small floppy  Can add, delete, and disk with optional manipulate its memory. security  Acts as a miniature  Are inexpensive computer that includes an  Offer little security operating system, hard features disk, and input/output ports.  Provides more security and memory and can even download applications.
From 1 billion to 4 billion units in 10 years… Worldwide smart card shipments 4500 4285 4000 3580 3500 Microprocessor cards Millions of units Memory cards 3000 2500 3325 2655 2000 1500 1000 500 925 960 925 960 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
Smart Cards in everyday life… Loyalty Transport Ticketing Payment Health card Smart Poster Communication
Contact Smart Cards  Requires insertion into a smart card reader with a direct connection  This physical contact allows for transmission of commands, data, and card status to take place
Contactless smart card:-
Contactless Smart Cards  Require only close proximity to a reader  Both the reader and card have antennas through which the two communicate  Ideal for applications that require very fast card interfaces
ISO 14443.  International standard.  Deals – only contactless smart cards.  Defines:- a. Interface. b. Radio frequency interface. c. Electrical interface. d. Operating distance. Etc…..
Dual interface smart cards.  Also called Combi card.  Has a single chip over it.  Has both contact as well as contactless interfaces.  We can use the same chip using either contact or contactless interface with a high level of security.
Dual interface smart card.
Hybrid smart card.  Two chips.  One with contact interface.  Other with contactless interface.  No connection between the two chips.
Hybrid smart cards.
Categories of Smart Cards Based on the type of IC chip embedded on the Smart Card. They are categorized into three types :-  IC Micro Processor Cards  IC Memory Cards  Optical Memory Cards
Key Attributes Security to make the Digital Life safe and enjoyable Ease of Use to enable all of us to access to the Digital World Privacy to respect each individual’s freedom and intimacy E SAF
Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely
Smart Card Readers  Dedicated terminals  Computer based readers  Usually with a small Connect through USB or screen, keypad, printer, COM (Serial) ports often also have biometric devices such as thumb print scanner.
Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card  data in the card is protected from unauthorized access. This is what makes the card smart.
Communication mechanisms  Communication between smart card and reader is standardized  ISO 7816 standard  Commands are initiated by the terminal  Interpreted by the card OS  Card state is updated  Response is given by the card.  Commands have the following structure CLA INS P1 P2 Lc 1..Lc Le  Response from the card include 1..Le bytes followed by Response Code
Security Mechanisms  Password  Card holder’s protection  Cryptographic challenge Response  Entity authentication  Biometric information  Person’s identification  A combination of one or more
Password Verification  Terminal asks the user to provide a password.  Password is sent to Card for verification.  Scheme can be used to permit user authentication.  Not a person identification scheme Varun Arora | varun@varunarora.in | www.varunarora.in
Cryptographic verification  Terminal verify card (INTERNAL AUTH)  Terminal sends a random number to card to be hashed or encrypted using a key.  Card provides the hash or cyphertext.  Terminal can know that the card is authentic.  Card needs to verify (EXTERNAL AUTH)  Terminal asks for a challenge and sends the response to card to verify  Card thus know that terminal is authentic.  Primarily for the “Entity Authentication” Varun Arora | varun@varunarora.in | www.varunarora.in
Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely.
Data storage  Data is stored in smart cards in E2PROM  Card OS provides a file structure mechanism MF File types Binary file (unstructured) DF DF EF EF Fixed size record file DF EF Variable size record file EF EF
File Naming and Selection  Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name.  OS keeps tack of a current DF and a current EF.  Current DF or EF can be changed using SELECT FILE command. Target file specified as either:  DF name  File ID  SFID(Short File Identifier, 1 byte)  Relative or absolute path (sequence of File IDs).  Parent DF
Basic File Related Commands  Commands for file creation, deletion etc., File size and security attributes specified at creation time.  Commands for reading, writing, appending records, updating etc.  Commands work on the current EF.  Execution only if security conditions are met.  Each file has a life cycle status indicator (LCSI), one of: created, initialized, activated, deactivated, terminated.
Access control on the files  Applications may specify the access controls  A password (PIN) on the MF selection  For example SIM password in mobiles  Multiple passwords can be used and levels of security access may be given  Applications may also use cryptographic authentication
An example scenario (institute ID card) What happens ifFree user Read: the Select: P2 forgets his upon verification Write: requirements: Security password? verification EF1 (personal data) by K1, K2 or K3 EF1: Solution1: Add supervisor Name: Varun Arora PF/Roll: 13 passwordbe modified only by Should MF Read: Free the DOSA/DOFA/Registrar Solution2: Allow EF2 (Address) Write: Password DOSA/DOFA/Registrar to Readable to all (P1) #320, MSc (off) modifyVerification EF3 475, SICSR (Res) EF2: Solution3: Allow both to Card holder should be able happen to modify EF3 (password) EF4 (keys) EF3 (password) K1 (DOSA’s key) P1 (User password) Read: Never P1 (User password) K2 (DOFA’s key) P2 (sys password) Write: Once K3 (Registrar’s key) Read: Never Write: Password Verification (P1)
An example scenario (institute ID card) EF1 (personal data) Library manages its own keys in EF3 EF2 (Address) under DF1 MF EF3 (password) Institute manages its EF4 (keys) keys and data under Modifiable: By admin DF1 (Lib) MF staff. Read: all EF2 (Privilege info) Thus library can EF1 (Issue record) Max Duration: 20 days develop applications Max Books: 10 independent of the Bk# dt issue dt retn Reserve Collection: Yes rest. Keys EF3: Bk# dt issue dt retn K1: Issue staff key K2: Admin staff key Bk# dt issue dt retn Modifiable: By issue Bk# dt issue dt retn staff. Read all
How does it all work? Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Terminal sends first command to Card responds with an error select MF (because MF selection is only on password presentation) Terminal prompts the user to provide password Terminal sends password for Card verifies P2. Stores a status verification “P2 Verified”. Responds “OK” Terminal sends command to Card responds “OK” select MF again Card supplies personal data and responds “OK” Terminal sends command to read EF1
So many Smart Cards with us at all times…..  In our GSM phone (the SIM card)  Inside our Wallets  Credit/Debit cards  HealthCare cards  Loyalty cards  Our corporate badge  Our Passport  Our e-Banking OTP  … and the list keeps growing
Our Industries Is rapidly changing Interactive billboards Transports New solutions leveraging on mobile contactless services eTicketing Retail
Smart Card Applications Government programs  Banking & Finance  Mobile Communication  Pay Phone Cards  Transportation  Electronic Tolls  Passports  Electronic Cash  Retailer Loyalty Programs  Information security
Banking and finance Electronic purse to replace coins for small purchases in vending machines . Credit and debit cards Securing payments across the internet
Smart card Pay phones  Outside of the United States there is a widespread use of payphones  phone company does not have to collect coins  the users do not have to have coins or remember long access numbers and PIN codes  The risk of vandalism is very low since these payphones are smart card-based. “Generally, a phone is attacked if there is some money inside it, as in the case of coin-based payphone
Transportation  Driver’s license  Mass transit fare collection system  Electronic toll collection system
It’s no longer only «Cards» e-Passport: the first Smart Secure Device 45 Millions e-Passport in 2009
E Governance  As the amount of business and holiday travel increases security continues to be a top concern for governments worldwide.  When fully implemented smart passport solutions help to reduce fraud and forgery of travel documents.  Enhanced security for travellers  Philips launched such a project with the US in 2004.
Student id card  All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
Threats in Using Smart Cards failure rate probability of breaking: keeping in wallets may damage the chip on the card. malware attacks: active malwares on systems may result in modifying the transactions.
OS Based Classification  Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being: 1. MultOS 2. JavaCard 3. Cyberflex 4. StarCOS 5. MFC Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: • File Handling and Manipulation. • Memory Management • Data Transmission Protocols.
ADVANTAGES  Proven to be more reliable than the magnetic stripe card.  Can store up to thousands of times of the information than the magnetic stripe card.  Reduces tampering and counterfeiting through high security mechanisms such as advanced encryption and biometrics.  Can be disposable or reusable.  Performs multiple functions.  Has wide range of applications (e.g., banking, transportation, healthcare...)  Compatible with portable electronics (e.g., PCs, telephones...)  Evolves rapidly applying semi-conductor technology
Disadvantages Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
Remedies… Banks like Fortis and Dexia in Belgium combine a Smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, his PIN and the transaction amount into the card reader, the card reader returns an 8-digit signature. This signature is manually copied to the PC and verified by the bank. This method prevents malware from changing the transaction amount.
Future Aspects  Soon it will be possible to access the data in Smart cards by the use of Biometrics.  Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet.  In the near future, the multifunctional smart card will replace the traditional magnetic swipe card.  Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
The Smart card success story Microprocessor Smart Cards Shipments ( Millions of units ) 4000 295 +31% 3500 +10% 225 580 +16% Telecom (SIM) 3000 205 +22% 500 2500 Banking - Retail 410 2000 Identity & others +15% 1500 3000 +27% 2600 1000 2040 500 0 2007 2008 2009
By 2020 … 20 Billion Smart Secure Devices >4 Billion Mobile Appliances users >4 Billion e-ID documents in use
Conclusion: Conclusion… • Smart Cards will evolve into a broader family of Devices • Smart Cards will evolve into a broaderfamily of Devices • More new shapes for new applications • More new shapes for new applications • Embedded software attributes » • Our virtual « digital personaland ultra-embedded nanotechnologies •• The only mistake andavoid for our Industry is to entertain an endless Embedded software to ultra-embedded nanotechnologies debate about fears. • We will build the best solutions Industry is to entertain an enjoy • The only mistake to avoid for our and the best value for people to endless debate many new services about fears. •• Education … moresolutions and the best value for people to enjoy many new We will build the best Education services • Preparing people to use those Smart Secure Devices is as important as • Political ownership how communication will be key to success teaching them and to read and write • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Conclusion: • Smart Cards will evolve into a broader family of Devices • More new shapes for new applications • Our virtual « digital personal attributes » • Embedded software and ultra-embedded nanotechnologies • The only mistake to avoid for our Industry is to entertain an endless debate about fears. • We will build the best solutions and the best value for people to enjoy many new services • Political ownership and communication will be key to success • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Security of Smart Cards  Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA and ECC.  Key pair generation.  Variable timing/clock fluctuation.  0.6 micron components.  Data stored on the card is encrypted.  Pin Blocking.
Elliptical Curve Cryptography  y²=x³+ax+b  Q(x,y) =kP(x,y)  Uses point multiplication to compute and ECDLP to crack.  Beneficial for portable devices.  Cryptographic coprocessors can be added to speed up encryption and decryption.
CAIN  Confidentiality is obtained by the encryption of the information on the card.  Authenticity is gained by using the PKI algorithm and the two/three factor authentication.  Integrity is maintained through error-checking and enhanced firmware.  Repudiation is lower because each transaction is authenticated and recorded.
Common and Future Uses of Smart Cards  Current uses:  Chicago Transit Card  Speed Pass  Amex Blue Card  Phone Cards  University ID cards  Health-care cards  Access to high level government facilities.  Future uses:  Federally Passed Real-ID act of 2005.  ePassports
Data Structure  Data on Smart Cards is organized into a tree hierarchy. This has one master file (MF or root) which contains several elementary files (EF) and several dedicated files (DF).  DFs and MF correspond to directories and EFs correspond to files, analogous to the hierarchy in any common OS for PCs.
Data Structure  However, these two hierarchies differ in that DFs can also contain data. DF's, EF's and MF's header contains security attributes resembling user rights associated with a file/directory in a common OS.  Any application can traverse the file tree, but it can only move to a node if it has the appropriate rights.  The PIN is also stored in an EF but only the card has access permission to this file.

Recommandé

Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation ppriteshs
 
Smart cards
Smart cards Smart cards
Smart cards Punjab College Of Technical Education
 
Smart card
Smart cardSmart card
Smart cardRahul Srivastava
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyShashank Karamballi
 
Smart card
Smart cardSmart card
Smart cardSaumya Ranjan Behura
 
Smart cards
Smart cardsSmart cards
Smart cardsjaswinderkaur144
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityReben Dalshad
 
wireless usb ppt
wireless usb pptwireless usb ppt
wireless usb pptChaithanya Adudodla
 

Recommandé

Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation ppriteshs
 
Smart cards
Smart cards Smart cards
Smart cards Punjab College Of Technical Education
 
Smart card
Smart cardSmart card
Smart cardRahul Srivastava
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyShashank Karamballi
 
Smart card
Smart cardSmart card
Smart cardSaumya Ranjan Behura
 
Smart cards
Smart cardsSmart cards
Smart cardsjaswinderkaur144
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityReben Dalshad
 
wireless usb ppt
wireless usb pptwireless usb ppt
wireless usb pptChaithanya Adudodla
 
Smart card
Smart cardSmart card
Smart cardRitika Golash
 
5 pen-pc-technology complete ppt
5 pen-pc-technology complete ppt5 pen-pc-technology complete ppt
5 pen-pc-technology complete pptatinav242
 
Smart cards
Smart cardsSmart cards
Smart cardsimshubham
 
Biometric Authentication PPT
Biometric Authentication PPTBiometric Authentication PPT
Biometric Authentication PPTOECLIB Odisha Electronics Control Library
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyLav Pratap
 
E-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYE-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYPranav Patel
 
Screenless Display PPT
Screenless Display PPTScreenless Display PPT
Screenless Display PPTVikas Kumar
 
Money pad the future wallet
Money pad the future walletMoney pad the future wallet
Money pad the future walletLeelakh Sachdeva
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technologythinkahead.net
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card TechnologyAmit Gaur
 
Smart card
Smart cardSmart card
Smart cardram212213
 
Touchless touch screen
Touchless touch screenTouchless touch screen
Touchless touch screenLovely Professional University
 
Ppt Smart Card
Ppt Smart CardPpt Smart Card
Ppt Smart CardRam Dutt Shukla
 
Smart cards
Smart cardsSmart cards
Smart cardsSiddhartha Mazumdar
 
E ball technology
E ball technologyE ball technology
E ball technologyMOHAMMAD ASIF
 
Pill camera presentation
Pill camera presentationPill camera presentation
Pill camera presentationLeelakh Sachdeva
 
LI-FI Presentation
LI-FI Presentation LI-FI Presentation
LI-FI Presentation sana chikkodi
 
Silent sound-technology ppt final
Silent sound-technology ppt finalSilent sound-technology ppt final
Silent sound-technology ppt finalLohit Dalal
 
Smart card ppt
Smart card pptSmart card ppt
Smart card pptkondalarao7
 
Ppt presentation
Ppt presentationPpt presentation
Ppt presentationvishal4799
 
Smart card system ppt
Smart card system ppt Smart card system ppt
Smart card system ppt Dewanshu Haswani
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 

Contenu connexe

Tendances

5 pen-pc-technology complete ppt
5 pen-pc-technology complete ppt5 pen-pc-technology complete ppt
5 pen-pc-technology complete pptatinav242
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyLav Pratap
 
E-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYE-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYPranav Patel
 
Screenless Display PPT
Screenless Display PPTScreenless Display PPT
Screenless Display PPTVikas Kumar
 
Money pad the future wallet
Money pad the future walletMoney pad the future wallet
Money pad the future walletLeelakh Sachdeva
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card TechnologyAmit Gaur
 
Silent sound-technology ppt final
Silent sound-technology ppt finalSilent sound-technology ppt final
Silent sound-technology ppt finalLohit Dalal
 
Ppt presentation
Ppt presentationPpt presentation
Ppt presentationvishal4799
 

Tendances (20)

Smart card
Smart cardSmart card
Smart card
 
5 pen-pc-technology complete ppt
5 pen-pc-technology complete ppt5 pen-pc-technology complete ppt
5 pen-pc-technology complete ppt
 
Smart cards
Smart cardsSmart cards
Smart cards
 
Biometric Authentication PPT
Biometric Authentication PPTBiometric Authentication PPT
Biometric Authentication PPT
 
Smart card technology
Smart card technologySmart card technology
Smart card technology
 
E-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYE-PAPER TECHNOLOGY
E-PAPER TECHNOLOGY
 
Screenless Display PPT
Screenless Display PPTScreenless Display PPT
Screenless Display PPT
 
Money pad the future wallet
Money pad the future walletMoney pad the future wallet
Money pad the future wallet
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technology
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technology
 
Smart card
Smart cardSmart card
Smart card
 
Touchless touch screen
Touchless touch screenTouchless touch screen
Touchless touch screen
 
Ppt Smart Card
Ppt Smart CardPpt Smart Card
Ppt Smart Card
 
Smart cards
Smart cardsSmart cards
Smart cards
 
E ball technology
E ball technologyE ball technology
E ball technology
 
Pill camera presentation
Pill camera presentationPill camera presentation
Pill camera presentation
 
LI-FI Presentation
LI-FI Presentation LI-FI Presentation
LI-FI Presentation
 
Silent sound-technology ppt final
Silent sound-technology ppt finalSilent sound-technology ppt final
Silent sound-technology ppt final
 
Smart card ppt
Smart card pptSmart card ppt
Smart card ppt
 
Ppt presentation
Ppt presentationPpt presentation
Ppt presentation
 

En vedette

Digital Right Management
Digital Right ManagementDigital Right Management
Digital Right ManagementRatul Alahy
 
PPT on mind reading computer
PPT on mind reading computer PPT on mind reading computer
PPT on mind reading computerAnjali Agarwal
 
MCSi Digital Signage Presentation
MCSi Digital Signage PresentationMCSi Digital Signage Presentation
MCSi Digital Signage PresentationGary Quasebarth
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityPrav_Kalyan
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transactionHarsh Mehta
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

En vedette (15)

Smart card system ppt
Smart card system ppt Smart card system ppt
Smart card system ppt
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Digital Right Management
Digital Right ManagementDigital Right Management
Digital Right Management
 
PPT on mind reading computer
PPT on mind reading computer PPT on mind reading computer
PPT on mind reading computer
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Mind reading computer
Mind reading computerMind reading computer
Mind reading computer
 
MCSi Digital Signage Presentation
MCSi Digital Signage PresentationMCSi Digital Signage Presentation
MCSi Digital Signage Presentation
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transaction
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 

Similaire à Smart card

smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfssuser5b47c8
 
smartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdfsmartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdfssuser5b47c8
 
smartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdfsmartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdfssuser5b47c8
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICSkajal
 
Smart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelSmart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelAnant Patel
 
Access control basics-3
Access control basics-3Access control basics-3
Access control basics-3grantlerc
 
Smart card Technology
Smart card TechnologySmart card Technology
Smart card TechnologyDharaneeshwar
 
Presentation1 akash.pptx
Presentation1 akash.pptxPresentation1 akash.pptx
Presentation1 akash.pptxAnadityaRout
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokenssaniacorreya
 

Similaire à Smart card (20)

Smartcard lecture #5
Smartcard lecture #5Smartcard lecture #5
Smartcard lecture #5
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdf
 
smartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdfsmartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdf
 
Smart Card
Smart CardSmart Card
Smart Card
 
Smart Card
Smart CardSmart Card
Smart Card
 
smartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdfsmartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdf
 
Smartcard
SmartcardSmartcard
Smartcard
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICS
 
Smart cards system
Smart cards systemSmart cards system
Smart cards system
 
Smart card
Smart cardSmart card
Smart card
 
Smart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelSmart cards & RFID-Anant Patel
Smart cards & RFID-Anant Patel
 
smart card
smart cardsmart card
smart card
 
Namrata
NamrataNamrata
Namrata
 
Access control basics-3
Access control basics-3Access control basics-3
Access control basics-3
 
Smart card Technology
Smart card TechnologySmart card Technology
Smart card Technology
 
Smart cards
Smart cardsSmart cards
Smart cards
 
Smart Card based Robust Security System
Smart Card based Robust Security SystemSmart Card based Robust Security System
Smart Card based Robust Security System
 
Presentation1 akash.pptx
Presentation1 akash.pptxPresentation1 akash.pptx
Presentation1 akash.pptx
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokens
 
Card reader
Card readerCard reader
Card reader
 

Plus de Santosh Khadsare

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 

Plus de Santosh Khadsare (20)

Cyber fraud (netflix)
Cyber fraud (netflix)Cyber fraud (netflix)
Cyber fraud (netflix)
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)
 
Guassvirus
GuassvirusGuassvirus
Guassvirus
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Webmail
WebmailWebmail
Webmail
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
 
Web server
Web serverWeb server
Web server
 
Samba server
Samba serverSamba server
Samba server
 
Firewall(linux)
Firewall(linux)Firewall(linux)
Firewall(linux)
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Linuxfilesys
LinuxfilesysLinuxfilesys
Linuxfilesys
 
Linuxconcepts
LinuxconceptsLinuxconcepts
Linuxconcepts
 
Introtolinux
IntrotolinuxIntrotolinux
Introtolinux
 
New internet
New internetNew internet
New internet
 

Dernier

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Smart card

  • 1. Smart Cards Future Life……… Santosh Khadsare
  • 2. Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology , making our life faster and obviously easier.
  • 3. Plastic Cards  Visual identity application  Plain plastic card is enough  Magnetic strip (e.g. credit cards)  Visual data also available in machine readable form  No security of data  Electronic memory cards  Machine readable data  Some security (vendor specific)
  • 4. What is a Smart Card? A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, cash payments , and other applications, and then periodically refreshed for additional use.
  • 5. What is a smart card?
  • 6. History 70’s Smart Card First Patent in Germany and later in France and Japan. 80’s Mass usage in Pay Phones and Debit Cards. 90’s Smart Card based Mobiles Chips & Sim Cards.
  • 7. History 2000’s Payment and Ticketing Applications Credit cards, Mass transit (Smartrip) Healthcare and Identification Insurance information, Drivers license
  • 8. Dimensions of smart card. 85.6mm x 53.98mm x 0.76mm(defined by ISO 7816)
  • 9. Why use smart cards?  Can store currently up to 7000 times more data than a magnetic stripe card.  Information that is stored on the card can be updated.  Magnetic stripe cards are vulnerable to many types of fraud.  Lost/Stolen Cards  Skimming  Carding/ Phishing  Greatly enhances security by communicating with card readers using PKI algorithms.  A single card can be used for multiple applications (cash, identification, building access, etc.)  Smart cards provide a 3-fold approach to authentic identification: • Pin • Smartcard • Biometrics
  • 10. Card Elements Magnetic Stripe Logo Chip Hologram Embossing (Card Number / Name / Validity, etc.)
  • 11. Smart Cards devices GND VCC VPP Reset I/O Clock Varun Arora | varun@varunarora.in | Reserved www.varunarora.in
  • 12. What’s in a Card? CL RST K Vcc RFU GND RFU Vpp I/O Varun Arora | varun@varunarora.in | www.varunarora.in
  • 13. Electrical signals description VCC : Power supply input RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card) . CLK : Clocking or timing signal (optional use by the card). Fig : A smart card pin out GND : Ground (reference voltage). VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card. AUX1(C4): Auxilliary contact; USB devices: D+ AUX2(C8) : Auxilliary contact; USB devices: D-
  • 14. CARD STRUCTURE Out of the eight contacts only six are used. Vcc is the supply voltage, Vss is the ground reference voltage against which the Vcc potential is measured, Vpp connector is used for the high voltage signal,chip receives commands & interchanges data.
  • 15. Typical Configurations  256 bytes to 4KB RAM.  8KB to 32KB ROM.  1KB to 32KB EEPROM.  8-bit to 16-bit CPU. 8051 based designs are common.
  • 16. Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
  • 17. Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card so data in the card is protected from unauthorized access. This is what makes the card smart.
  • 18. Why Smart Cards? Security: Data and codes on the card are encrypted by the chip maker. The Smart Card’s circuit chip almost impossible to forge. Trust: Minimal human interaction. Portability. Less Paper work: Eco-Friendly
  • 19. Two Types of Chips Memory chip Microprocessor  Acts as a small floppy  Can add, delete, and disk with optional manipulate its memory. security  Acts as a miniature  Are inexpensive computer that includes an  Offer little security operating system, hard features disk, and input/output ports.  Provides more security and memory and can even download applications.
  • 20. From 1 billion to 4 billion units in 10 years… Worldwide smart card shipments 4500 4285 4000 3580 3500 Microprocessor cards Millions of units Memory cards 3000 2500 3325 2655 2000 1500 1000 500 925 960 925 960 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
  • 21. Smart Cards in everyday life… Loyalty Transport Ticketing Payment Health card Smart Poster Communication
  • 22. Contact Smart Cards  Requires insertion into a smart card reader with a direct connection  This physical contact allows for transmission of commands, data, and card status to take place
  • 24. Contactless Smart Cards  Require only close proximity to a reader  Both the reader and card have antennas through which the two communicate  Ideal for applications that require very fast card interfaces
  • 25. ISO 14443.  International standard.  Deals – only contactless smart cards.  Defines:- a. Interface. b. Radio frequency interface. c. Electrical interface. d. Operating distance. Etc…..
  • 26. Dual interface smart cards.  Also called Combi card.  Has a single chip over it.  Has both contact as well as contactless interfaces.  We can use the same chip using either contact or contactless interface with a high level of security.
  • 28. Hybrid smart card.  Two chips.  One with contact interface.  Other with contactless interface.  No connection between the two chips.
  • 30. Categories of Smart Cards Based on the type of IC chip embedded on the Smart Card. They are categorized into three types :-  IC Micro Processor Cards  IC Memory Cards  Optical Memory Cards
  • 31. Key Attributes Security to make the Digital Life safe and enjoyable Ease of Use to enable all of us to access to the Digital World Privacy to respect each individual’s freedom and intimacy E SAF
  • 32. Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely
  • 33. Smart Card Readers  Dedicated terminals  Computer based readers  Usually with a small Connect through USB or screen, keypad, printer, COM (Serial) ports often also have biometric devices such as thumb print scanner.
  • 34. Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card  data in the card is protected from unauthorized access. This is what makes the card smart.
  • 35. Communication mechanisms  Communication between smart card and reader is standardized  ISO 7816 standard  Commands are initiated by the terminal  Interpreted by the card OS  Card state is updated  Response is given by the card.  Commands have the following structure CLA INS P1 P2 Lc 1..Lc Le  Response from the card include 1..Le bytes followed by Response Code
  • 36. Security Mechanisms  Password  Card holder’s protection  Cryptographic challenge Response  Entity authentication  Biometric information  Person’s identification  A combination of one or more
  • 37. Password Verification  Terminal asks the user to provide a password.  Password is sent to Card for verification.  Scheme can be used to permit user authentication.  Not a person identification scheme Varun Arora | varun@varunarora.in | www.varunarora.in
  • 38. Cryptographic verification  Terminal verify card (INTERNAL AUTH)  Terminal sends a random number to card to be hashed or encrypted using a key.  Card provides the hash or cyphertext.  Terminal can know that the card is authentic.  Card needs to verify (EXTERNAL AUTH)  Terminal asks for a challenge and sends the response to card to verify  Card thus know that terminal is authentic.  Primarily for the “Entity Authentication” Varun Arora | varun@varunarora.in | www.varunarora.in
  • 39. Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely.
  • 40. Data storage  Data is stored in smart cards in E2PROM  Card OS provides a file structure mechanism MF File types Binary file (unstructured) DF DF EF EF Fixed size record file DF EF Variable size record file EF EF
  • 41. File Naming and Selection  Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name.  OS keeps tack of a current DF and a current EF.  Current DF or EF can be changed using SELECT FILE command. Target file specified as either:  DF name  File ID  SFID(Short File Identifier, 1 byte)  Relative or absolute path (sequence of File IDs).  Parent DF
  • 42. Basic File Related Commands  Commands for file creation, deletion etc., File size and security attributes specified at creation time.  Commands for reading, writing, appending records, updating etc.  Commands work on the current EF.  Execution only if security conditions are met.  Each file has a life cycle status indicator (LCSI), one of: created, initialized, activated, deactivated, terminated.
  • 43. Access control on the files  Applications may specify the access controls  A password (PIN) on the MF selection  For example SIM password in mobiles  Multiple passwords can be used and levels of security access may be given  Applications may also use cryptographic authentication
  • 44. An example scenario (institute ID card) What happens ifFree user Read: the Select: P2 forgets his upon verification Write: requirements: Security password? verification EF1 (personal data) by K1, K2 or K3 EF1: Solution1: Add supervisor Name: Varun Arora PF/Roll: 13 passwordbe modified only by Should MF Read: Free the DOSA/DOFA/Registrar Solution2: Allow EF2 (Address) Write: Password DOSA/DOFA/Registrar to Readable to all (P1) #320, MSc (off) modifyVerification EF3 475, SICSR (Res) EF2: Solution3: Allow both to Card holder should be able happen to modify EF3 (password) EF4 (keys) EF3 (password) K1 (DOSA’s key) P1 (User password) Read: Never P1 (User password) K2 (DOFA’s key) P2 (sys password) Write: Once K3 (Registrar’s key) Read: Never Write: Password Verification (P1)
  • 45. An example scenario (institute ID card) EF1 (personal data) Library manages its own keys in EF3 EF2 (Address) under DF1 MF EF3 (password) Institute manages its EF4 (keys) keys and data under Modifiable: By admin DF1 (Lib) MF staff. Read: all EF2 (Privilege info) Thus library can EF1 (Issue record) Max Duration: 20 days develop applications Max Books: 10 independent of the Bk# dt issue dt retn Reserve Collection: Yes rest. Keys EF3: Bk# dt issue dt retn K1: Issue staff key K2: Admin staff key Bk# dt issue dt retn Modifiable: By issue Bk# dt issue dt retn staff. Read all
  • 46. How does it all work? Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Terminal sends first command to Card responds with an error select MF (because MF selection is only on password presentation) Terminal prompts the user to provide password Terminal sends password for Card verifies P2. Stores a status verification “P2 Verified”. Responds “OK” Terminal sends command to Card responds “OK” select MF again Card supplies personal data and responds “OK” Terminal sends command to read EF1
  • 47. So many Smart Cards with us at all times…..  In our GSM phone (the SIM card)  Inside our Wallets  Credit/Debit cards  HealthCare cards  Loyalty cards  Our corporate badge  Our Passport  Our e-Banking OTP  … and the list keeps growing
  • 48. Our Industries Is rapidly changing Interactive billboards Transports New solutions leveraging on mobile contactless services eTicketing Retail
  • 49. Smart Card Applications Government programs  Banking & Finance  Mobile Communication  Pay Phone Cards  Transportation  Electronic Tolls  Passports  Electronic Cash  Retailer Loyalty Programs  Information security
  • 50. Banking and finance Electronic purse to replace coins for small purchases in vending machines . Credit and debit cards Securing payments across the internet
  • 51. Smart card Pay phones  Outside of the United States there is a widespread use of payphones  phone company does not have to collect coins  the users do not have to have coins or remember long access numbers and PIN codes  The risk of vandalism is very low since these payphones are smart card-based. “Generally, a phone is attacked if there is some money inside it, as in the case of coin-based payphone
  • 52. Transportation  Driver’s license  Mass transit fare collection system  Electronic toll collection system
  • 53. It’s no longer only «Cards» e-Passport: the first Smart Secure Device 45 Millions e-Passport in 2009
  • 54. E Governance  As the amount of business and holiday travel increases security continues to be a top concern for governments worldwide.  When fully implemented smart passport solutions help to reduce fraud and forgery of travel documents.  Enhanced security for travellers  Philips launched such a project with the US in 2004.
  • 55. Student id card  All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
  • 56.
  • 57. Threats in Using Smart Cards failure rate probability of breaking: keeping in wallets may damage the chip on the card. malware attacks: active malwares on systems may result in modifying the transactions.
  • 58. OS Based Classification  Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being: 1. MultOS 2. JavaCard 3. Cyberflex 4. StarCOS 5. MFC Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: • File Handling and Manipulation. • Memory Management • Data Transmission Protocols.
  • 59. ADVANTAGES  Proven to be more reliable than the magnetic stripe card.  Can store up to thousands of times of the information than the magnetic stripe card.  Reduces tampering and counterfeiting through high security mechanisms such as advanced encryption and biometrics.  Can be disposable or reusable.  Performs multiple functions.  Has wide range of applications (e.g., banking, transportation, healthcare...)  Compatible with portable electronics (e.g., PCs, telephones...)  Evolves rapidly applying semi-conductor technology
  • 60. Disadvantages Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
  • 61. Remedies… Banks like Fortis and Dexia in Belgium combine a Smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, his PIN and the transaction amount into the card reader, the card reader returns an 8-digit signature. This signature is manually copied to the PC and verified by the bank. This method prevents malware from changing the transaction amount.
  • 62. Future Aspects  Soon it will be possible to access the data in Smart cards by the use of Biometrics.  Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet.  In the near future, the multifunctional smart card will replace the traditional magnetic swipe card.  Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
  • 63. The Smart card success story Microprocessor Smart Cards Shipments ( Millions of units ) 4000 295 +31% 3500 +10% 225 580 +16% Telecom (SIM) 3000 205 +22% 500 2500 Banking - Retail 410 2000 Identity & others +15% 1500 3000 +27% 2600 1000 2040 500 0 2007 2008 2009
  • 64. By 2020 … 20 Billion Smart Secure Devices >4 Billion Mobile Appliances users >4 Billion e-ID documents in use
  • 65. Conclusion: Conclusion… • Smart Cards will evolve into a broader family of Devices • Smart Cards will evolve into a broaderfamily of Devices • More new shapes for new applications • More new shapes for new applications • Embedded software attributes » • Our virtual « digital personaland ultra-embedded nanotechnologies •• The only mistake andavoid for our Industry is to entertain an endless Embedded software to ultra-embedded nanotechnologies debate about fears. • We will build the best solutions Industry is to entertain an enjoy • The only mistake to avoid for our and the best value for people to endless debate many new services about fears. •• Education … moresolutions and the best value for people to enjoy many new We will build the best Education services • Preparing people to use those Smart Secure Devices is as important as • Political ownership how communication will be key to success teaching them and to read and write • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
  • 66. Conclusion: • Smart Cards will evolve into a broader family of Devices • More new shapes for new applications • Our virtual « digital personal attributes » • Embedded software and ultra-embedded nanotechnologies • The only mistake to avoid for our Industry is to entertain an endless debate about fears. • We will build the best solutions and the best value for people to enjoy many new services • Political ownership and communication will be key to success • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
  • 67.
  • 68. Security of Smart Cards  Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA and ECC.  Key pair generation.  Variable timing/clock fluctuation.  0.6 micron components.  Data stored on the card is encrypted.  Pin Blocking.
  • 69. Elliptical Curve Cryptography  y²=x³+ax+b  Q(x,y) =kP(x,y)  Uses point multiplication to compute and ECDLP to crack.  Beneficial for portable devices.  Cryptographic coprocessors can be added to speed up encryption and decryption.
  • 70. CAIN  Confidentiality is obtained by the encryption of the information on the card.  Authenticity is gained by using the PKI algorithm and the two/three factor authentication.  Integrity is maintained through error-checking and enhanced firmware.  Repudiation is lower because each transaction is authenticated and recorded.
  • 71. Common and Future Uses of Smart Cards  Current uses:  Chicago Transit Card  Speed Pass  Amex Blue Card  Phone Cards  University ID cards  Health-care cards  Access to high level government facilities.  Future uses:  Federally Passed Real-ID act of 2005.  ePassports
  • 72. Data Structure  Data on Smart Cards is organized into a tree hierarchy. This has one master file (MF or root) which contains several elementary files (EF) and several dedicated files (DF).  DFs and MF correspond to directories and EFs correspond to files, analogous to the hierarchy in any common OS for PCs.
  • 73. Data Structure  However, these two hierarchies differ in that DFs can also contain data. DF's, EF's and MF's header contains security attributes resembling user rights associated with a file/directory in a common OS.  Any application can traverse the file tree, but it can only move to a node if it has the appropriate rights.  The PIN is also stored in an EF but only the card has access permission to this file.

Notes de l'éditeur

  1. Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology,making our life faster and obviously easier.