smart card full report
computer science technology|
Active In SP
Joined: Jan 2010
21-01-2010, 07:58 PM
Smart cards full report.doc (Size: 749 KB / Downloads: 846)
Smart Cards are handy bits of plastic with embedded microprocessor or memory chips that are used for identification. Smart cards look like a credit card in size but have a computer chip embedded in them. The chip has a certain amount of memory capable of storing data, with a Card Operating System (COS), which is protected with advanced security features. Smart cards when coupled with a reader has the processing power to serve several different applications.
Smart cards can be considered as the worldâ„¢s smallest computers. Itâ„¢s quite possible that smart cards will follow the same trend of rapid increases in processing power that computers have, following "Mooreâ„¢s Law" and doubling in performance while halving in cost every eighteen months. As their capabilities grow, they could become the ultimate thin client, eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs. Smart cards have tremendous applications starting from the simple driving license to biometrics.
AN INTRODUCTION TO SMART CARDS
It has been said that smart cards will one day be as important as computers are today. This statement contains a bit of an error because it implies that smart cards are not computers, when in fact, they are. Because smart cards are indeed tiny computers, itâ„¢s difficult to predict the variety of applications that will be possible with them in the future. Itâ„¢s quite possible that smart cards will follow the same trend of rapid increases in processing power that computers have, following "Mooreâ„¢s Law" and doubling in performance while halving in cost every eighteen months.
Smart cards have proven to be quite useful as a transaction/authorization/identification medium in European countries. As their capabilities grow, they could become the ultimate thin client, eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs. By containing various identification certificates, smart cards could be used to voluntarily identify attributes of ourselves no matter where we are or to which computer network we are attached. According to Dataquest, the worldwide smart card market has grown 4.7 Billion units and $6.8 Billion by 2002.
We live in a world of fast-moving technical change. This is perhaps particularly relevant and challenging when related to smart cards, where hundreds of thousands of card-reading terminals need to be available, and tens of millions of smart cards need to be deployed, all with a potential life of several years. Forwards compatibility, and cross border and cross scheme interoperability is increasingly difficult to maintain against the background of rapid chip technology development. EEPROM may give way to faster and longer-lived Flash memory. Voltages for powering smart cards are reducing almost annually. Security technologies demand ever-faster processing power.
DEFINITION OF A SMART CARD
The smart card is one of the latest additions to the world of information technology. Similar in size to today's plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. This chip is the engine room of the smart card, and indeed is what makes it 'smart'. The information or data stored on the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader. This union between a conventional PVC card and a microprocessor allows an immense amount of information to be stored, accessed and processed either off-line or on-line. A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
On a fundamental level, microprocessor cards are similar to desktop computers. They have operating systems, they store data and applications, they compute and process information and they can be protected with sophisticated security tools. Memory capacity and computing capabilities are increasing as semiconductor technology races forward. In fact, today's microprocessor cards have roughly the same computing power as desktop computers from 15 years ago.
EVOLUTION OF SMART CARDS
HISTORY OF SMART CARDS
The roots of the current day smart card can be traced back to the US in the early 1950s when Diners Club produced the first all-plastic card to be used for payment applications. The synthetic material PVC was used which allowed for longer-lasting cards than previously conventional paper based cards. In this system, the mere fact that you were issued a Diners Club card allowed you to pay with your "good name" rather than cash. In effect, the card identified you as a member of a select group, and was accepted by certain restaurants and hotels that recognized this group. VISA and MasterCard then entered the market, but eventually the cost pressures of fraud, tampering, merchant handling, and bank charges made a machine-readable card necessary. The magnetic stripe was introduced, and this allowed further digitized data to be stored on the cards in a machine-readable format. This type of embossed card with a magnetic stripe is still the most commonly used method of payment.
In 1968, German inventors JÃƒÂ¼rgen, Dethloff and Helmut GrÃƒÂ¶trupp applied for the first ICC related patents. Similar applications followed in Japan in 1970 and France in 1974. Smart cards date back to 1974 when the Frenchman Roland Moreno was granted patents on the concept of the smart card. The first public field-tests with memory cards were launched in France in the early 1980s. In these tests, memory cards were used as telephone and payment cards. The first Finnish smart card was developed by the so-called Otakortti Project, organized by the Student Union of the University of Technology in Otaniemi in the late 1980s. The cards used in the project and implimentation were manufactured by Setec which was still called the Security Printing House of the Bank of Finland at that time. By 1986, many millions of French telephone smart cards were in circulation. Their number reached nearly 60 million in 1990, and 150 million are project and implimentationed for 1996.
Latest super smart cards have keypads, LCD displays, battery and math co-processors for performing complex encryption algorithms.
CLASSIFICATION OF SMART CARDS
Memory cards simply store data. They do not have any processing capability and can be viewed as a small floppy disk with optional security. The main storage area in such cards is normally EEPROM (Electrically Erasable Programmable Read-Only Memory), which - subject to defined security constraints - can have its content updated, and which retains current contents when external power is removed. Memory cards can be either memory only or can have security logic using passwords and pin codes.
Memory cards are further divided into 2:-
IC MEMORY CARDS
Can store data, but do not have a processor on the card.
OPTICAL MEMORY CARDS
Can only store data, but has a larger memory capacity than IC memory cards.
2.MICROPROCESSOR/INTELLIGENT SMART CARDS
A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port, card operating system (COS) and hard disk with built-in security features. These cards have on-card dynamic data processing capabilities. Within the card is a microprocessor or microcontroller chip that manages this memory allocation and file access This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organized file structures, via a card operating system. Unlike other operating systems, this software controls access to the on-card user memory. This capability permits different and multiple functions and/or different applications to reside on the card, allowing businesses to issue and maintain a diversity of Ëœproductsâ„¢ through the card.
CARD ACCEPTANCE DEVICE(CAD)
Though commonly referred to as "smart card readers", all smart card enabled terminals, by definition, have the ability to read and write as long as the smart card supports it and the proper access conditions have been fulfilled. It is also called as Interface Device (ID). In contrast to smart cards, which all have very similar construction, smart card readers come in a variety of form factors with varying levels of mechanical and logical sophistication. The card user's first action is to insert the card in the reader. The application controlling the reader will detect the presence of the card and issue a "Reset" command. This will ensure that the smart card begins the new session in a "cold boot" context, with all its working data in RAM newly initialized. The card returns a response to the reset that indicates to the application that the card is initialized and ready to proceed with the session.
Mechanically, readers have various options including :- whether the user must insert/remove the card versus automated insertion/ejection mechanism, sliding contacts versus landing contacts, and provisions for displays and keystroke entry. Electrically, the reader must conform to the ISO/IEC 7816-3 standards. The options for readers are numerous. The easiest way to describe a reader is by the method of itâ„¢s interface to a PC. Smart Card Readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and Keyboards and keyboard wedge readers. Most units have their own operating systems and development tools. They typically support other functions such as magnetic stripe reading, modem functions and transaction printing.
A wide range of Mobile and Desktop Readers for off-line or on-line transactions like Proximity Terminals & Finger Print Scanners are available. Some examples include reader integrated into a vending machine, handheld battery-operated reader with a small LCD screen, reader integrated into a GSM mobile phone, and a reader attached to a personal computer.
Applications using smart cards work through an API providing card services. The card services interface with the COS through the driver software, which is generally card-specific. In general terms, the card services correspond to the COS functions. Diagram illustrates the relationship between COS, reader, driver software, API and application.
DIFFERENT TYPES OF CONTACT INTERFACES
1.CONTACT SMART CARDS
As the name suggests, a contact smart card needs to come into physical contact with a device that will allow information and data to be transferred to and from the card. This device is generally called a card-accepting device (CAD) or a smart card reader/writer. Contact smart cards are inserted into a smart card reader, making physical contact with the reader.
The cards have embedded on them a small gold plate approximately the size of an Australian 5-cent coin, commonly called the Ëœmoduleâ„¢. When the card comes into contact with the reader, it makes contact with several electrical connectors on the module that transfer the information to and from the chip. Contact smart cards are inserted into a smart card reader, making physical contact with the reader. They have a small gold plate about Ã‚Â½" in diameter on the front, instead of the magnetic strip on the back of a credit card.
2.CONTACTLESS SMART CARDS
A contactless smart card has the same dimensions as a contact smart card, but it derives its name from the way information and data is transferred between chip and the card-accepting device (CAD). There is no physical contact between card and the CAD as there is with a contact smart card. Contactless smart cards have an antenna coil encircling the card several times, which communicates with an external receiving antenna to transfer information or carry out a transaction, eliminating the need for any physical contact.
Contactless smart cards can be further sub-divided into 2:-
Proximity cards are used where the distance between the card and the receiving antenna is usually less than 20 cms, that is, where the card is in close proximity to the receiving device. They are used to get access into secure work areas.
Remote cards are used when the distance between card and antenna are meters away. An example of where a remote contactless smart card could be utilized here vehicles pass through a toll-collecting device.
3.COMBI/DUAL INTERFACE CARDS
Various combination of security are available along with smart cards. They can be divided into 2 :-
DUAL INTERFACE CARDS
These are cards with both a contact and a contactless interface. These may incorporate two non-communicating chips - one for each interface - but preferably have a single, dual-interface chip providing the many advantages of a single e-purse, single operating architecture, etc. A combi card combines the two features with a very high level of security. An example is using the same cad for multiple applications:- contact cards for authenticating secure information over the information network and contactless cards to get access to secure work areas. Contactless and combi-card architectures have many advantages, but it will be several years before the main and traditional contact card-based schemes start to migrate to these technologies.
COMBINATION OF SMART CARDS AND BIOMETRIC DEVICES
It provides 2/3 factor authentication because it checks for Biometrics (Fingerprint, Iris scan) - 'Who you are', Smart Card - 'What you have' and Password/Pin - 'What you know'. This is the most secure mechanism. Such biometrics include Iris and Retinal scans, Face or Hand geometry, and of course DNA, but the most likely and most acceptable attribute is the fingerprint.
ISO STANDARDS FOR SMART CARDS
ISO 7816 PARTS 1-7 contain the following set of standards:-
1. Physical Characteristics(Part 1)
2. Dimensions and location of the contacts(Part 2)
3. Electronic signals and Transmission protocols(Part 3)
4. Inter-Industry command for interchange(Part 4)
5. Application Identifiers(Part 5)
6. Inter-Industry data elements(Part 6)
STANDARD DIMENSIONS OF A SMART CARD
The international standard for the smart card specifies the size of the card and the position, size and format of the contact pad. Usually, the size is described as "credit-card sized".
ISO/IEC 7810 & 7816 - PART 1
CONTACTS OF THE SMART CARD MODULE
Â¢ Vcc is the supply voltage that drives the chips and is generally 3 volts. However that in the future we are likely to see a move towards 1 volt taking advantage of advanced semiconductor technology and allowing much lower current levels to be consumed by the integrated circuit.
Â¢ GND is the substrate or ground reference voltage against which the Vcc potential is measured.
Â¢ RST is the signal line that is used to initiate the state of the integrated circuit after power on.
Â¢ The CLK signal is used drive the logic of the IC and is also used as the reference for the serial communications link. There are two commonly used clock speeds 3.57 MHZ and 4.92 MHZ
Â¢ The Vpp connector is used for the high voltage signal that is necessary to program the EPROM memory.
Â¢ Last, but by no means least is the serial input/output I/O connector. This is the signal line by which the chip receives commands and interchanges data with the outside world.
Â¢ 32 KB ROM
Â¢ 16KB EEPROM
Â¢ 1.3KB RAM
Â¢ ACE CRYPTO UNIT
Â¢ CHIP AREA=21.33mm2
A smart card's microprocessor chip has all the components needed for the smart card application. Diagram 2 below indicates its main components and describes their function.
The microprocessor is often a low-power, low speed device, with 8-bit operation at 3MHz. More recently, there has been a move towards dedicated 32-bit processor design, using RISC concepts, operating at 25MHz.The I/O controller is a serial device operating at 9600 baud. This means that all data transmission is serial bit-stream and is restricted to one way at a time. All the program code and security features to support the smart card application are burned into a ROM area. This includes the Card Operating System (COS or "Mask") and any secret encryption keys. There is no external method of reading out this data. The RAM is the working area for the COS. It is implemented as volatile memory, so that when power is removed, the data disappears. There is no method of accessing this data externally. Application data is stored in EEPROM. Memory persists in the absence of power â€œ ten years minimum guaranteed. Read/Write access to the application data is subject to strict security measures policed by the COS.
CARD OPERATING SYSTEM(COS)
The functional characteristics of the smart card are determined by its operating system. The operating system differs from traditional operating systems in that it is the only program run by the card processor. The directories and files on the card may be assigned operating conditions. The operating system receives outside commands and executes them provided that certain processing conditions are met. The processing conditions may include items such as the requirement to enter the userâ„¢s PIN or a strong authentication of the reader. The operating system is also responsible for the control of the RAM and the EEPROM.
Operating systems used in smart cards resemble disk operating systems used in PCs. Operating systems provide a hierarchical tree structure and very versatile options for specifying access rights. For this reason, a directory designed for smart cards together with its files and access rights is called an application.
Though typically only a few thousand bytes of program code, the operating system for the smart card microprocessor must handle such tasks as:
Â¢ Data transmission over the bi-directional, serial terminal interface
Â¢ Loading, operating, and management of applications
Â¢ Execution control and Instruction processing
Â¢ Protected access to data
Â¢ Memory Management
Â¢ File Management
Â¢ Management and Execution of cryptographic algorithms
In contrast to personal computer operating systems such as Unix, DOS, and Windows, smart card operating systems do not feature user interfaces or the ability to access external peripherals or storage media. The size is typically between 3 and 24 Kbytes. The lower limit is that used by specialized applications and the upper limit by multi-application operating systems.
SMART CARD DIRECTORY STRUCTURE
Â¢ Most smart cards have a UNIX like tree-structured file system.
Â¢ File names are two bytes long.
Â¢ The root of this tree is 3f.00.
Â¢ For example, the following is the directory structure of M-Card. There are some files we are interested in ... especially the purse file, i.e., 3f.00/02.00/02.01.
APPLICATION PROTOCOL DATA UNITS(APDU)
Smart Cards speak to the outside world using their data packages called APDUs which are constructed using a set of protocols. APDU contains either a command or a response message. In the card world, the master-slave model is used whereby a smart card always plays the passive role. The smart card always waits for a command APDU from a terminal. It then executes the action specified in the APDU and replies to the terminal with a response APDU. APDU is a message transmitted between the smart card and the host. APDU has two types - input and output. Input sends data to card, and output receives data from card. Command APDUs and response APDUs are exchanged alternatively between the card and a terminal.
It consists of a 5 byte header, and 0 - 255 bytes of data.
Â¢ CLA : Class byte. It is usually unique to an application.
Â¢ INS : Instruction byte. It specifies the instruction.
Â¢ P1 : Parameter 1. Instruction specific.
Â¢ P2 : Parameter 2. Instruction specific.
Â¢ P3 : Parameter 3. This specifies the length of the data.
Â¢ Data : 0 - 255 byte data transmitted from host to card, or the other way.
FABRICATION OF SMART CARDS
The manufacture of a smart card involves a large number of processes of which the embedding of the chip into the plastic card is key in achieving an overall quality product. This latter process is usually referred to as card fabrication.
1. Chip specification
There are a number of factors to be decided in the specification of the integrated circuit for the smart card. The key parameters for the chip specification are as follows:-
a. Microcontroller type (e.g 6805,8051)
b. Mask ROM size
c. RAM size.3
d. Non volatile memory type (e.g EPROM, EEPROM)
e. Non volatile memory size
f. Clock speed (external, and optionally internal)
g. Electrical parameters (voltage and current)
h. Communications parameters (asynchronous, synchronous, byte, block)
i. Reset mechanism
j. Sleep mode (low current standby operation)
k. Co-processor (e.g for public key cryptography)
2. Card specification
The specification of a card involves parameters that are common to many existing applications using the ISO ID-1 card. The following list defines the main parameters that should be defined,
a. Card dimensions
b. Chip location (contact card)
c. Card material (e.g PVC, ABS)
d. Printing requirements
e. Magnetic stripe (optional)
f. Signature strip (optional)
g. Hologram or photo (optional)
h. Embossing (optional)
i. Environmental parameters
The choice of card material effects the environmental properties of the finished product. PVC was traditionally used in the manufacture of cards and enabled a higher printing resolution. Such cards are laminated as three layers with transparent overlays on the front and back. More recently ABS has been used which allows the card to be produced by an injection moulding process. It is even proposed that the chip micromodule could be inserted in one step as part of the moulding process. Temperature stability is clearly important for some applications and ETSI are particulary concerned here, such that their higher temperature requirement will need the use of polycarbonate materials.
3. Mask ROM Specification
The mask ROM contains the operating system of the smart card. It is largely concerned with the management of data files but it may optionally involve additional features such as cryptographic algorithms (e.g DES). In some ways this is still a relatively immature part of the smart card standards since the early applications used the smart card largely as a data store with some simple security features such as PIN checking. The relevant part of the ISO standard is 7816-4 (commands).There is a school of thought that envisages substantial changes in this area to account for the needs of multi-application cards where it is essential to provide the necessary security segregation. The developed code is given to the supplier who incorporates this data as part of the chip manufacturing process.
4. Application Software Specification
This part of the card development process is clearly specific to the particular application. The application code could be designed as part of the mask ROM code but the more modern approach is to design the application software to operate from the PROM non volatile memory. This allows a far more flexible approach since the application can be loaded into the chip after manufacture. More over by the use of EEPROM it is possible to change this code in an development environment. The manufacturer of a chip with the users ROM code takes on average three months. Application code can be loaded into the PROM memory in minutes with no further reference to the chip manufacturer.
5. Chip Fabrication
The first part of the process is to manufacture a substrate which contains the chip. This is often called a COB (Chip On Board) and consists of a glass epoxy connector board on which the chip is bonded to the connectors. There are three technologies available for this process, wire bonding, flip chip processing and tape automated bonding (TAB). In each case the semiconductor wafer manufactured by the semiconductor supplier is diced into individual chips . This may be done by scribing with a diamond tipped point and then pressure rolling the wafers so that it fractures along the scribe lines. More commonly the die are separated from the wafer by the use of a diamond saw. A mylar sheet is stuck to the back of the wafer so that following separation the dice remain attached to the mylar film. Wire bonding is the most commonly used technique in the manufacture of smart cards. Here a 25uM gold or aluminium wire is bonded to the pads on the chip using ultrasonic or thermo compression bonding.
Thermo compression bonding requires the substrate to be maintained at between 150C and 200C. The temperature at the bonding interface can reach 350C. To alleviate these problems thermo sonic bonding is often used which is a combination of the two processes but which operate at lower temperatures. The die mounting and wire bonding processes involve a large number of operations and are therefore quite expensive. However in the semiconductor industry generally two other techniques are used, the flip chip process and tape automated bonding. In both cases gold bumps are formed on the die. In flip chip processing the dice are placed face down on the substrate and bonding is effected by solder reflow. With tape automated bonding the dice are attached by thermocompression to copper leads supported on a flexible tape similar to a 35mm film. The finished substrate is hermetically sealed with an inert material such as epoxy resin. The complete micromodule is then glued into the card which contains the appropriately sized hole. The fabrication of a contactless card is somewhat different since it always involves a laminated card. The ICs and their interconnections as well as the aerial circuits are prepared on a flexible polyimide substrate.
Contactless card laminations
6. Application load
Assuming the application is to be placed in the PROM memory of the IC then the next stage in the process is to load the code into the memory. This is accomplished by using the basic commands contained in the operating system in the mask ROM. These commands allow the reading and writing of the PROM memory.
7. Card Personalisation
The card is personalized to the particular user by loading data into files in the PROM memory in the same way that the application code is loaded into memory. At this stage the security keys will probably be loaded into the PROM memory but as mentioned previously we will explore this in more detail later.
8. Application Activation
The final operation in the manufacturing process is to enable the application for operation. This will involve the setting of flags in the PROM memory that will inhibit any further changes to be made to the PROM memory except under direct control of the application. Again this is an integral part of the overall security process.
APPLICATIONS OF SMART CARDS
Electronic Purse to replace coins for small purchases in vending machines and over-the-counter transactions. VISA Cash Card issued during Olympics 1996 were the best example for this and Singaporeâ„¢s Net Cash Card system is a Smart card which acts like electronic purse and holds the money. The money can be spent for Payment in Parking Lots, museums, telephones, fast food joints, vending machines, transportations and many more places. Such electronic money can take many forms, and has been endowed with a wide and misleading vocabulary including stored value and e-purse.
Telephone Payment cards
These are the most widely used cards in the world. They have replaced coin-operated public phones, and have become advertising devices as well as collectorâ„¢s items.
National ID card
Smart Card based National IDâ„¢s project and implimentation have started to take of in many countries among which Sultanate of Oman is first middle east country to deploy 1.2 million National ID cards to itâ„¢s residents. Gemplus, one of the leading providers of smart cards is behind this project and implimentation with their solution called ResIDent for this purpose. Smart Card is one of the most secure mechanism today compared to any other type of ID cards, but when applications start to be deployed in such large scales it must taken care to make sure the whole system of such a project and implimentation is secure rather than just the information on the smart card, failing to do so will result for high threats and failure of such systems.
The citizens of Argentina, El Salvador donâ„¢t need to carry dumb cards/ license booklets as a proof of eligibility to drive; they are allotted smart cards with their complete information on it. This almost reduces the license fraud to none with a secure mechanism which is difficult to be faked.
Patient Data Card(PDC)
A Patient data Card is a mobile data card held by the patient. It stores current, accurate health information. Data typically stored on a PDC includes patient ID, insurance information, emergency record, disease history and electronic prescriptions.
Health Professional Card(HPC)
An HPC is an individually programmed access authorization card held by the health professional. It gives him/her the right to read or write specific data fields on a PDC and it can also carry a digital signature for secure communication. This solution is popular and can be found available for citizens of countries like France, Germany, Slovenia, Belgium.
Student ID card, containing a variety of applications such as electronic purse (for vending and laundry machines), library card, meal card and transportation are used and University of Nottingham is one them.
Employee Identification cards
These are used as identification cards at offices.
Employee access cards
Employee access card are used in most of the organizations today and millions of cards are being distributed every year catering this market, this mechanism replaces the conventional lock and key security, employees today donâ„¢t need to carry different keys to different locks for the secure office areas and access can be given or terminated at given point with just a click on the access software without any management of conventional keys , with the older mechanism of lock and key any disgruntled employee could make a fake key of the original while it was in his possession and misuse it later but in the case of smart cards this is almost impossible and if higher security is needed then biometrics can be combined to protect physical access to facilities.
Time Attendance system
It monitors staff attendance and streamlines the input of data into the payroll system eliminating re-keying time sheets of time cards. These systems interact with existing automated Payroll systems, reducing administrative work, maximizing resources and optimizing performance. It customizes company data and its GUI Interface of point and click processing now automates this process and eliminates manual data entry. Its unique working timetable with varying schedules and work rules help ensuring company policies, accurate pay and uniformly administers benefits. Its searching capabilities for employee records or date intervals produce detailed reports according to the searching criteria. The security features enable only the authorized person or administrator to view and modify data records as permitted to.
6.COMMUNICATIONS AND ENTERTAINMENT
SIM(Subscriber Identity Module)
Subscriber Identification Module (SIM) providing secure initiation of calls and identification of caller (for billing purposes) on any Global System Mobile Communications (GSM) Mobile Phones. According to the survey donâ„¢t by GSM World around 763 million cards used worldwide, this is one of the biggest applications of smart cards in the world after payphone cards.
Subscriber Activation card for Pay-TV
Subscriber activation for various programmes on Pay-TV like Showtime and others is a big market for smart cards.
PC Security cards
Chip cards are used today by majority of the corporations like Microsoft, Oracle to access their networks, chip cards can be incorporated with technologies like Active Directory to store the PKI certificates for authentications makes it dual factor (Digital Certificate + User password) and the it also allows the users to encrypt the files and digitally sign the emails. The advantage of this mechanism is that in case of any damage to smart card due to tampering/usage the user data is still secure to be decrypted by issuing a new card with the same original Digital Certificate. In case the smart card is lost or if company decided no to reissue the same digital certificate to avoid any kind security breach, they can reissue the smart card with a new private key (Digital Certificate) and the data can be decrypted for the user by an special key.
Web based HTML forms can be digitally signed by your private key. This could prove to be a very important technology for internet based business because it allows for digital documents to be hosted by web servers and accessed by web browsers in a paperless fashion. Online expense reports, W-4 forms, purchase requests, and group insurance forms are some examples. For form signing, smart cards provide portability of the private key and certificate as well as hardware strength non repudiation. If an organization writes code that can be downloaded over the web and then executed on client computers, it is best to sign that code so the clients can be sure it indeed came from a reputable source. Smart cards can be used by the signing organization so the private key canâ„¢t be compromised by a rogue organization in order to impersonate the valid one.
Smart cards can cipher into billions and billions of foreign languages, and choose a different language at random every time they communicate. This authentication process ensures only genuine cards and computers are used and makes eaves-dropping virtually impossible.
Telecommuting And Corporate Network Security
Business to business Intranets and Virtual Private Networks VPNs are enhanced by the use of smart cards. Users can be authenticated and authorized to have access to specific information based on preset privileges. Additional applications range from secure email to electronic commerce. A smart card as an interoperable computing device has become the ultimate utility of processor cards. Today's networked societies revolve around accessing the worldwide information superhighways. As more people log-on to the network and more and more activities take place through networks, online security is of utmost importance.
BENEFITS OF SMART CARDS
Light and easy
Easy to use
Can be used independent of terminal devices.
Secret place for storing information.
Capable of processing, not just storing information.
Communicating with computing devices.
Information and applications on a card can be updated without having to issue new cards
The processing power of a smart card makes it ideal to mix multiple functions. For example, government benefit cards will also allow users access to other benefit programs such as health care clinics and job training programs. A college identification card can be used to pay for food, phone calls and photocopies, to access campus networks and to register classes. By integrating many functions, governments and colleges can manage and improve their operations at lower costs and offer innovative services.
Smart cards reduce transaction costs by eliminating paper and paper handling costs in hospitals and government benefit payment programs. Contact and contactless toll payment cards streamline toll collection procedures, reducing labor costs as well as delays caused by manual systems. Maintenance costs for vending machines, petroleum dispensers, parking meters and public phones are lowered while revenues could increase, about 30% in some estimates, due to the convenience of the smart card payment systems in these machines.
A smart card contains all the data needed to personalize networking, Web connection, payments and other applications. Using a smart card, one can establish a personalized network connection anywhere in the world using a phone center or an information kiosk. Web servers will verify the user's identity and present a customized Web page, an e-mail connection and other authorized services based on the data read from a smart card. Personal settings for electronic appliances, including computers, will be stored in smart cards rather than in the appliances themselves. Phone numbers are stored in smart cards instead of phones. While appliances become generic tools, users only carry a smart card as the ultimate networking and personal computing device.
Chip is tamper-resistant.
Information stored on the card can be PIN code and/or read-write protected.
The most common method used for cardholder verification at present is to give the cardholder a PIN (Personal Identification Number) which he or she has to remember.
Who can access the information
Everybody - Some smart cards require no password. Anyone holding the card can have access (e.g. the patient's name and blood type on a Medi Card can be read without the use of a password).
Card Holder Only - The most common form of password for card holders is a PIN (Personal Identification Number), a 4 or 5 digit number which is typed in on a key pad. Therefore, if an unauthorized individual tries to use the card, it will lock-up after 3 unsuccessful attempts to present the PIN code. More advanced types of passwords are being developed.
Third Party Only - Some smart cards can only be accessed by the party who issued it (e.g., an electronic purse can only be reloaded by the issuing bank).
How can the information be accessed
Information on a smart card can be divided into several sections:- read only, added only, updated only and no access available.
Capable of performing encryption.
Each smart card has its own, unique serial number.
Using biometrics for security.
In production systems using fingerprint recognition, the fingerprint sensor is in the terminal, but the fingerprint profile data may be either in the terminal side of the card-to-terminal interface, or preferably held within the card itself (a fingerprint profile takes up only a few hundred bytes of data space). Prototype cards where the fingerprint sensor is on the card surface are now in development and may one day be a commercial proposition. In the meantime, a number of major national schemes around the world are incorporating fingerprint biometrics using optical or proximity readers associated with keyboards, mice and point-of-sale terminals.
There are two types of personalisation.
The first one is the Electronic Personalisation, which means writing the data (particular data, fingerprint minutiae, variable data, etc.) into the chip.
The second is the Graphical Personalisation, which means printing the required optical layout on the card surface (Text, Photos, Signature, and Graphics).
Smart card is an excellent technology to secure storage and authentication. If an organization can deploy this technology selecting the right type of solutions which is cross platform compatible and supports the standards required, it would be economical as well as secure. This technology has to be standardized and used in various applications in an organization not just for physical access or information access. Various developments are happening in the smart card industry with respect to higher memory capacities and stronger encryption algorithms which could provide us with much tougher security. But we need to understand that we will achieve better security only if we have users educated to use these technology with at most care. A smart world is the future.
1. Information Technology Magazine - June 2003 edition.
2. Whatâ„¢s so smart about smart cards 2002,Gemplus C.A. gemplusbasics/index.html
3. "Understanding Smart Technology" Ahmed Qurram Baig, CSSP Jan 13, 2003.
5. Contactless Technology for Secure Physical Access: Technology and Standard Choices, Smart card Alliance, 2002. smartcardallianceContactless/whitepaper.cfm
6. Why Use a Biometric and a Card in the Same Device bitpipedata
7. "Smart Card Technical Capabilities" Won. J. Jun, Giesecke & Deverent July 8, 2003.
8. "Smart Cards - Enabling Smart Commerce in the Digital Age" smartcardsCREC-KPMG White Paper Smart Cards.htm
10. "Smart Card Basics and Security Overview" smartcardbasics.com
I express my sincere gratitude to Dr. Agnisarman Namboodiri, Head of Department of Information Technology, MES College of Engineering for his support to shape this paper in a systematic way.
I am greatly indebted to Mr. Saheer H and Ms. S.S. Deepa, lecturers in the Department of IT for their guidance and valuable advice that helped me in the preparation of this paper.
Lastly, I would like to thank all staff members of IT Department and all my friends for their suggestions and constrictive criticism.
a) An Introduction to Smart Cards
b) Definition of Smart Cards
2. EVOLUTION OF SMART CARDS
a) History of Smart Cards
b) Current trends
3. CLASSIFICATION OF SMART CARDS
a) Memory Cards
b) Microprocessor/Intelligent Smart Cards
4. CARD ACCEPTANCE DEVICE (CAD)
5. DIFFERENT CONTACT INTERFACES
a) Contact Smart Cards
b) Contactless Smart Cards
c) Combi/Dual Interface Smart Cards
6. ISO STANDARDS FOR SMART CARDS
a) Standard dimensions of a Smart Card
b) Contacts of the Smart Card module
7. TECHNOLOGICAL FEATURES
a) The Chip
b) Card Operating System(COS)
c) Smart Card Directory Features
d) Application Protocol Data Units(APDU)
8. FABRICATION OF SMART CARDS
9. APPLICATIONS OF SMART CARDS
10. BENEFITS OF SMART CARDS
computer science technology|
Active In SP
Joined: Jan 2010
23-01-2010, 01:42 AM
smart card.pdf (Size: 99.52 KB / Downloads: 444)
smart-cards.ppt (Size: 1.61 MB / Downloads: 572)
What is a Smart Card?
Standard credit card-sized with microchip embedded on it
What is a Smart Card?
Can hold up to 32,000 bytes
Newer smart cards have math co-processors
Perform complex encryption routines quickly
1968- German inventors patent combination of plastic cards with micro chips.
1970- Japan patent different version.
1974- Roland Moreno invents integrated chip card and patents it in France.
1977- Motorola produces first smart card microchip.
1979- Motorola develops first single chip microcontroller for bank in France.
1982- ATM cards with smart chips tested and smart chips placed on telephone cards.
1991- AT&T declared its contactless smart card.
1992- Germany uses smart card for health care.
1996- First university campus deployment of chip cards.
What are Biometrics?
Biometrics are the science of measuring physical or behavioral characteristics that are unique to each individual and also verifies that an individual is who she claims to be.
History of Biometrics
Biometric verification was used thousands of years ago by the people in the Nile valley. They identified individuals through unique scars and a combination of features such as complexion, eye color, and height. They did not use the advanced technological tools we have today, but the basic principles used by them were similar.
Then in the nineteenth century criminology came up with a variety of measuring devices being produced. The development of fingerprinting became the international methodology among police forces for identity verification.
Active In SP
Joined: Mar 2010
14-04-2010, 11:39 PM
please read topicideashow-to-latest-smart-card-features-full-report and topicideashow-to-smart-card-full-report and topicideashow-to-smart-cards--4505 and topicideashow-to-smart-cards--4991 for getting all information about smart cards
project report helper|
Active In SP
Joined: Sep 2010
28-10-2010, 10:53 AM
SMARTCARD.doc (Size: 20.5 KB / Downloads: 112)
smart card full report
Organizations have been experimenting with smart cards for almost thirty years, yet they are not yet pervasively used particularly in the North American market. Smart cards offer exciting possibilities for convenience, accuracy, customization, data security and coreduction for individuals and organizations.
There have, however, been many barriers to the broad diffusion of smart cards such as
deposit insurance liability, data accuracy, transaction anonymity, fraud risk, the small number of application developers and the difficulties associated with changing people's habits and expectations.
Today, Sun Microsystems Java software platform removes or reduces many of the problems faced by earlier smart card implementations. The largest players in the smart card industry are working toward standardizing on Java because of the advantages inherent in its design such as security, network awareness and scalability. In addition, any Java programmer can potentially become a smart card application developer.
As a result, we believe that Java will be a significant factor in fueling the smart card industry.
Active In SP
Joined: Sep 2010
28-12-2010, 02:23 PM
Seminar Report On Smart Card.docx (Size: 273.95 KB / Downloads: 134)
Simple plastic card, just at the size of a credit card, with a microprocessor and memory embedded inside is a smart card. Beside its tiny little structure it has many uses and wide variety of applications ranging from phone cards to digital identification of the individuals.These application could be; identity of the customer, library card, e−wallet, keys to various doors, etc... And only one card can be issued to an end−entity for all these applications. Smart cards hold these data within different files, and , as you will read, these data is only visible to its program depending on the operating system of the card. These data files are arranged in a file system much like a Linux directory structure. MF (Master File), can be seen as the root directory where the headers of elementary files and dedicated files are contained. Dedicated files are like the ordinary directories and elementary files are just data files. The PIN is also stored in an EF but only the card has access permission to this file. The attributes of the files on UNIX
environments are changed to access conditions. Many cards have access condition lists which must be fulfilled before accessing the data. With the file system, access conditions, a microcomputer, RAM, ROM, EEPROM a smart card is just a computer running its own operating system inside your wallet.
Classification of Smart Cards
Due to the communication with the reader and functionality of smart cards, they are classified differently.
Contact vs Contactless
Memory vs Microprocessor
Contact vs Contactless:
As smart cards have embedded microprocessors, they need energy to function and some mechanism to communicate, receiving and sending the data. Some smart cards have golden plates, contact pads, at one corner of the card. This type of smart cards are called Contact Smart Cards. The plates are used to supply the necessary energy and to communicate via direct electrical contact with the reader. When you insert the cardinto the reader, the contacts in the reader sit on the plates.
I/O : Input or Output for serial data to the integrated circuit inside the card.
Vpp : Programing voltage input (optional use by the card).
Gnd : Ground (reference voltage).
CLK : Clocking or timing signal (optional use by the card).
.RST : Either used itself (reset signal supplied from the interface device) or in combination with an
internal reset control circuit (optional use by the card). If internal reset is implemented, the voltagesupply on Vcc is mandatory.
Vcc : Power supply input (optional use by the card).
The readers for contact smart cards are generally a separate device plugged into serial or USB port. There are keyboards, PCs or PDAs which have built−in readers like GSM cell phones. They also have embedded readers for GSM style mini smart cards.Some smart cards do not have a contact pad on their surface.The connection between the reader and the card is done via radio frequency (RF). But they have small wire loop embedded inside the card. This wire loop is used as an inductor to supply the energy to the card and communicate with the reader. When you insert the card into the readers RF field, an induced current is created in the wire loop and used as an energy source.With the modulation of the RF field, the current in the inductor, the communication takes place. The readers of smart cards usually connected to the computer via USB or serial port. As the contactless cards are not needed to be inserted into the reader, usually they are only composed of a serial interface for the computer and an antenna to connect to the card. The readers for contactless smart cards may or may not have a slot. The reason is some smart cards can be read up to 1.5 meters away from the reader but some needs to be positioned a few millimeters from the reader to be read accurately.There is one another type of smart card, combo card. A combo card has a contact pad for the transaction oflarge data, like PKI credentials, and a wire loop for mutual authentication. Contact smart cards are mainlyused in electronic security whereas contactless cards are used in transportation and/or door locks.
Memory vs Microprocessor:
The most common and least expensive smart cards are memory cards. This type of smart cards, contains EEPROM(Electrically Erasable Programmable Read−Only Memory), non−volatile memory. Because it is non−volatile when you remove the card from the reader, power is cut off, card stores the data. You canthink of EEPROM, inside, just like a normal data storage device which has a file system and managed via a microcontroller (mostly 8 bit). This microcontroller is responsible for accessing the files and accepting the communication. The data can be locked with a PIN (Personal Identification Number), your password. PIN's are normally 3 to 8 digit numbers those are written to a special file on the card. Because this type is not capable of cryptography, memory cards are used in storing telephone credits, transportation tickets or electronic cash.
Microprocessor cards, are more like the computers we use on our desktops. They have RAM, ROM and EEPROM with a 8 or 16 bit microprocessor. In ROM there is an operating system to manage the file system in EEPROM and run desired functions in RAM. With the addition of a crypto module our smart card can now handle complex mathematical computations regarding to PKI. Because the internal clock rate of microcontrollers are 3 to 5 MHz, there is a need to add a component, accelerator for the cryptographic functions. The crypto−cards are more expensive than non−crypto smart cards and so do microprocessor card than memory cards.
Operating Systems used
New trend in smart card operating systems is Java Card Operating System. Java Card OS was developed by Sun Microsystems and than promoted to Java Card Forum. Java Card OS is popular because it gives independence to the programmers over architecture. And Java OS based applications could be used on any vendor of smart card that support Java Card OS.Most of the smart cards today use their own OS for underlying communication and functions. But to give true support for the applications smart cards operating systems go beyond the simple functions supplied by ISO7816 standards. As a result porting your application, developed on one vendor, to another vendor of smart card becomes very hard work.Another advantage of Java Card OS is, it allows the concept of post−issuance application loading. This allows you to upgrade the applications on smart card after delivering the card to the end−user. The importance is, when someone needs a smart card he/she is in need of a specific application to run. But later the demand can change and more applications could be necessary.
Another operating system for smart cards is MULTOS (Multi−application Operating System). As the name suggests MULTOS also supports multi−applications. But MULTOS was specifically designed for high−security needs. And in many countries MULTOS has achieved "ITSec E6 High" in many countries. And also Microsoft is on the smart card highway with Smart Card for Windows.In a point of view the above Operating Systems are Card−Side API's to develop cardlets or small programs that run on the card. Also there is Reader−Side API's like Open Card Framework and GlobalPlatform.
Active In SP
Joined: Feb 2011
11-03-2011, 02:24 PM
contactless_smartcard.doc (Size: 167.5 KB / Downloads: 79)
The smart card is one of the latest additions to the world of information technology. Similar in size to today's plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. As an access-control device, smart cards make personal and business data available only to the appropriate users. Another application provides users with the ability to make a purchase or exchange value. Smart cards provide data portability, security and convenience.
Smart cards today achieve much more than their original application of replacing cash and coins. Smart cards grant access to secure areas, confirm a person’s identity via biometrics, and retain large quantities of personal data (such as medical records.) More important than these specific applications are the recent trends in how the smart cards are used – to facilitate the exchange of information between customer and proprietor, which is much broader than the concluding financial transaction. Smart cards are plastic cards that contain a computer chip. Smart cards store larger amounts of information than magnetic stripe cards. They can also update this information and secure it at a higher level than a magnetic stripe.
Elements of a typical Smart Card
Smart cards have the same three fundamental elements as all other computers: processing power, data storage and a means to input and output data. Processing power is supplied by a microprocessor chip (e.g. Intel 8051 and Motorola 6805), and data storage is supplied by a memory chip (EEPROM, FLASH, ROM, RAM). In some instances these elements can be combined in one chip. The means in which data is transferred varies from card to card. In order to operate, each card must have a power source, whether in a card reader or on the card itself. Below figure shows the main elements of microprocessor used in smart cards – CPU, ROM RAM and EEPROM
The microprocessor is the intelligent element of the smart card which manipulates and interprets data. The software utilized for manipulation and interpretation of the data is either embedded in memory during the manufacture of the card or input under the control of the microprocessor. Microprocessors in smart cards can be up to 16 bits with a 10MHz processor
The memory in a smart card can either be non-volatile, retaining data when power is switched off, or volatile, losing data when power is switched off. If the memory is volatile, the smart card would then require a battery to power itself. Memory can also allow data to be written to it and read from it, or only allow data to be read from it (read-only memory). In most cases smart card applications will require non-volatile memory to retain information such as the identity of the cardholder and the application software, and read/write memory to update stored information, such as a balance after a transaction is made.
Memory in smart cards can be categorized into three types: ROM, RAM and programmable read-only memory (PROM). ROM is non-volatile, and the contents are embedded in the chip during the manufacturing stage; once embedded, the contents cannot be altered. Currently, chips with up to 32Kb of ROM are available. RAM is volatile, and is used as a temporary storage space. Data can be written to it, altered, read and deleted from it. Currently, chips are available with more than 64Kb of RAM. There are two types of PROM: electrically programmable read-only memory (EPROM) and electrically erasable programmable read-only memory (EEPROM). EPROM cannot be reprogrammed. EEPROM can be reprogrammed, however its structure is more complex and susceptible to damage which makes it more expensive. Currently, chips with up to 8Kb of EEPROM are available.
Memory can be structured to provide different levels of security zones. The open zone holds non-confidential data, such as identity of the cardholder, but cannot be altered by an unauthorized person. The working zone holds confidential data that requires certain information to be given before access is allowed. For instance, a personal identification number (PIN) would be required before accessing the data for a purchase transaction and available credit. The secret zone holds completely confidential data, such as the PIN. The microprocessor can access this data to compare the PIN to the number input by the cardholder, which ensures the data never leaves the card.
Input / Output
There are several different ways to input and output data to and from the smart card. Contact cards usually contain a metallic contact on the surface which, when inserted in a slot in the read/write unit, links with a connector in the unit. Contactless cards use a contact less method of transmission and reception of data, which only require the card to be placed near or on the surface of the read/write unit. Super Smart Cards have an integrated keyboard and display unit, therefore not requiring a read/write unit. They may have contacts embedded in the surface of the card in order to transfer data to other electronic devices.
Generally, there are three methods used to power smart cards:
From an external power source that feeds a current through contacts on the card
In this method, power is sent through two of the contacts when the card is inserted in the read/write unit. The card will then reset itself, and execute its program.
By transmitting power
In the second method, a type of contactless operation such as inductive coupling will transmit both power and data through the air or a non-metallic surface to the smart card, from the read/write unit.
By a battery embedded in the card
In the third method, a battery is incorporated in the card. This method is not popular due to the difficulty of meeting the ISO standards for dimensions, additional costs incurred from incorporating the battery in the card and problems associated with flexing a card containing a battery
Active In SP
Joined: Feb 2011
06-04-2011, 02:23 PM
Smart Card.doc (Size: 176 KB / Downloads: 123)
A smart card is a piece of plastic, the same size as a credit or debit card, with a silicon chip embedded in it. The chip contains a microprocessor, which is a miniature computer which can perform calculations and store data in its memory. These chips hold a variety of information, from stored (monetary)-value used for retail and vending machines, to secure information and applications for higher-end operations such as medical/health care records. The card is "smart" because it is "active", that is that it can receive information, process it and then "make a decision".
A chip-card is a standard-sized plastic card that "contains an integrated circuit or 'chip' which gives the card the ability to store and/or process data"
Chip-cards are of three different kinds:
• 'memory cards', which contain storage but no processing or significant security capabilities;
• 'smart-cards', which contain a processor, systems software and applications software and permanent data engraved into non-volatile memory, and some (less expensive) volatile memory for use as a working storage area; and
• 'super-smart cards', which are smart-cards with a (very small) key-pad and display.
The mainstream area of development is in smart-cards, and this paper concerns itself exclusively with that form.
A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside -- a normal credit card is a simple piece of plastic. The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card.
Smart cards help businesses evolve and expand their products and services in a rapidly changing global market. In addition to the well known commercial applications (banking, payments, access control, identification, ticketing and parking or toll collection), in recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications (secure logon and authentication of users to PC and networks, storage of digital certificates, passwords and credentials, encryption of sensitive data, wireless communication subscriber authentication, etc.)
• 1968- German inventors patent combination of plastic cards with micro chips.
• 1970- Japan patent different version.
• 1974- Roland Moreno invents integrated chip card and patents it in France.
• 1977- Motorola produces first smart card microchip.
• 1979- Motorola develops first single chip microcontroller for bank in France.
• 1982- ATM cards with smart chips tested and smart chips placed on telephone cards.
• 1991- AT&T declared its contactless smart card.
• 1992- Germany uses smart card for health care.
• 1996- First university campus deployment of chip cards.
3. Technical Overview
The basic components of the smart card subsystem are based on PC/SC standards. These basic components include:
• A resource manager that uses a Win32® application programming interface (API).
• A user interface (UI) that works with the resource manager.
• Several base service providers that provide access to specific services.
The following illustration shows the relationships of these components in the overall smart card architecture.
What’s in a Card?
256 bytes to 4KB RAM.
8KB to 32KB ROM.
1KB to 32KB EEPROM.
Crypto-coprocessors (implementing 3DES, RSA etc., in hardware) are optional.
8-bit to 16-bit CPU. 8051 based designs are common.
The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory (RAM), it would be no different than a diskette.
Smarts cards may have up to 8 kb of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.
• Chip is tamper-resistant.
• Information stored on the card can be PIN protected and/or read-write protected.
• Capable of performing data encryption.
• Capable of processing (not just storing) information.
• Post-issuance update of information and application.
Smart Card Classification:
Component Based Classification:
• Most common and the cheapest.
• Contain EEPROM and ROM.
– ROM holds card number, card holder name.
– EEPROM holds data that changes with time, usually application data. E.g. in pre-paid phone card, it holds talk time left.
– EEPROM can be locked with a PIN.
• Cost around $1, when produced in bulk.
• Areas where used: Pre paid telephone cards, parking schemes, ticketing, vending machines
• Cards that contain a microprocessor.
• Various parts of a Chip Card
– ROM: Also called the Mask of the card. Holds the Operating System.
– EEPROM: Holds the application programs and their data.
– PROM: Holds the card number.
– RAM: Used as temporary storage space for variables.
– Processor: 8 bit processor based on CISC architecture. Moving towards 32 bit due to JavaCards
– I/O Interface for data transfer to and from the card.
Interface Based Classification:
• Require insertion into the reader.
• 6-8 gold plated contacts
• Contact cards further divided into:
– Landing Contacts
– Sliding Contacts
– Contacts get worn out
– Card Tearing
– Electrostatic Discharges
• No insertion required.
• Data/Power transfer over RF via antenna inside.
• Reading Distance: few cms to 50 cms.
• Used when transaction has to be carried out quickly.
– Higher reliability as lesser moving parts involved.
– Longer Life, due to lesser wear and tear.
– Require Lesser Maintenance
Hybrid or Combo Cards
• Cards which can be used as either Contact Cards or as Contactless Cards
• Ways this can be done:
– Card could have two interfaces: One for contact readers, other for contactless readers.
– Or a contact card can be slipped into a pouch which has battery and antenna.
• Not too prevalent, might be used in future when multi application cards are introduced.
OS Based Classification:
• Smart Card Operating Systems (SCOS) are placed on the ROM and usually occupy lesser than 16 KB.
• SCOS handle:
– File Handling and Manipulation.
– Memory Management.
– Data Transmission Protocols.
• Various SCOS available are:
Smart Card Readers:
• Smart Card by itself is useless. Requires a reader.
• Reader is often called the Read-Write Unit as it can read as well as write to the card.
• Readers of two types:
– Insertion Readers: Cheaper, but manual.
[Card Swipe Machine]
– Motorized Readers: Automatic card capture and release. Costly. [Bank ATM Machines]
• Cost of a reader varies from $10 to $100.
• Readers often come with keypad for entry of PIN.
Readers are standard devices in a smart card system. They are controlled through drivers, and are introduced to and removed from the system through Plug and Play or through the control panel Devices applet.
Each reader must be defined for use by the smart card subsystem. The subsystem is not responsible for any reader not specifically given to it.
Smart Card Interfaces:
A smart card interface consists of a predefined set of services available within a smart card, the protocols necessary to invoke the services, and any assumptions regarding the context of the services.
With respect to smart cards, the term "interface" is similar to how it is used in COM, which in turn is similar in concept to the ISO 7816/5 application identifier but with a different scope.
Each smart card interface is identified by a globally unique identifier (GUID). For example, an interface might be defined that provides biorhythm information to its holder. If a given smart card supports this service, then it may claim to support that interface GUID. Using the interface GUIDs, an application may search for a particular set of interfaces, locating any card that supports that set, to complete a task.
Although an interface has one GUID, it might be implemented differently on different cards. For example, the biorhythm interface mentioned above can have several different implementations, yet all are referenced using the same GUID. The different implementations would not change the interaction between the application and the smart card; however, the interaction between the service provider and the smart cards may differ depending on the interface's implementation.
Trials commenced with storage-only chips in the late 1970s and with smart-cards during the early 1980s. Much of the initiative in the area has emanated from France and French companies, but Japanese and American suppliers have also been active in the area.
Smart-cards have been applied to a variety of functions, including:
• the identification of the card-holder;
• the authentication of card-holder's authority to conduct a transaction;
• the authentication of the transaction;
• the authentication of the data representing the transaction;
• the encryption and decryption of messages;
• data storage; and
• data processing.
Smart-cards have been used in or proposed for a variety of settings, including:
• financial applications of a number of different kinds, including:
o debit cards (payment against the account-holder's own funds);
o credit cards (payment against a line of revolving credit);
o account charging (e.g. for telephone calls and pay-television, and for tele-banking and tele-shopping); and
o frequent buyer schemes;
• as 'electronic cash' for low-value payments, sometimes referred to as 'tokens', 'pre-paid cards', or an electronic wallet or purse;
• access security for buildings and sites;
• access security for sensitive data access and data processing functions;
• account ownership and access (e.g. for videotext and e-mail);
• road and parking-site usage control and charging;
• organisational membership;
• the health care sector; and
The most common smart card applications are:
• Credit cards
• Electronic cash
• Computer security systems
• Wireless communication
• Loyalty systems (like frequent flyer points)
• Satellite TV
• Government identification
There are many significant smart card applications.
• Banks: Small trials in the U.S.; entire countries using the card in Europe and places like South Africa.
• Medical applications: In Germany 80 million people can use smart cards when they go to the doctor.
• Voting: In Sweden you can vote with your smart card, which serves as a non-repudiation device.
• Entertainment: Most DSS dishes in the U.S. have smart cards.
• Telecommunications: Many cellular phones come with smart cards in Europe and will soon be shipping in the United States.
• Mass Transit: British Air relies on rail and air connections more than most airports. There were many delays because customers could not be tracked while they were in transit, so no one knew where the customers were, which caused aircraft to be held for phantom customers. To solve this problem, British Air gives passengers contactless smart cards, and radio receivers track them throughout the facility. Now flights only wait when necessary, controllers can be given estimated ready times, and new departure slots can be calculated.
Active In SP
Joined: Feb 2011
14-04-2011, 03:04 PM
Smart_Card_Technology.PPT (Size: 1.74 MB / Downloads: 144)
Smart Card ??
The first smart card was developed in 1974, by “Roland Moreno”
A smart card is a plastic card that is embedded with either a microprocessor or a memory chip.
These smarts cards have the mechanism for storing and/or processing information.
Different kinds of smart cards
1. Integrated Circuit (IC) Microprocessor Cards
2. Integrated Circuit (IC) Memory Cards
3. Optical Memory Cards
(IC) Microprocessor Cards.
Also called as "chip cards“
The current generation of chip cards has an 8- BIT processor, 16KB ROM, and 512 bytes of RAM
stored value cards
These cards can provide services : secure access to a network cellular phones from fraud
IC memory cards
IC memory cards can hold up to 1-4 KB of data, but have no processor
also known as the card-accepting device
Applications like pre-paid phone cards and also popular as high-security alternatives to magnetic stripe cards.
Optical Memory Cards
Optical memory cards can store up to 4 MB of data. But once written, the data cannot be changed or removed
These cards have no processor in them (although this is coming in the near future)
This type of card is ideal for record keeping - for example medical files, driving records, or travel histories.
The chip components
Central Processing Unit (CPU)
Read Only Memory (ROM)
Random Access Memory (RAM)
Electrically Erasable Programmable Read Only Memory (EEPROM)
Smart cards and intelligent token uses different types of encryption systems.
SHA-1, RSA, DES
DES was published by the National Bureau of Standards. It is a secret Key cryptographic algorithm .
Contact smart cards
These smart card has up to 8 mechanical contacts .
1. VCC - to supply voltage to the chip
2. RST -to reset signal
3. CLK - for external clock signal
4. GND - for ground
5. VPP –for high voltage signal
6. I/O –to transfer data bet smart card &the card reader
7. RFU – Reserved for future use
Contact smart cards specifications:-
Benefits of Smart Cards
A smart card can be used as a highly secure storage for all kind of confidential information.
It can be used as a electronic purse.
The information on smart card cannot be copied where as credit card ‘s magnetic stripe can easily be copied and then be misused.
It can be used as a secure token to authenticate over the user’s computer and bank system.
Pay Phone, Health care, Identity Access, Pay TV, Gaming.
Intelligent Tokens have their own battery as a power supply .These batteries may last for 10 years
they also have stainless steel surrounding the chip
This shell protects the chip against environment changes and any attempt to attack the chip.
Some of the characteristics of the intelligent tokens
The risks of using smart cards
1. Losing value
2. Key compromise
3. Intelligent Tokens
Security of Intelligent tokens
When software and PC hardware are hacked, the keys remain safe in the digitally and physically secure iButton chip .
The characteristics of both contact / contact-less smart cards are the same with one difference that is the distance required by the contact-less smart cards
RAM is one of the major differences between the Intelligent tokens and smart cards
The use of smart cards will increase in the future especially the contact-less type and also the use of intelligent tokens.
Active In SP
Joined: Feb 2011
27-04-2011, 11:50 AM
Smart card technology(my).ppt (Size: 2.02 MB / Downloads: 114)
Smart card technology
What is smart card?
Simple plastic card, just at the size of a credit card.
1.Memory only chips
Beside its tiny little structure it has many uses and wide variety of applications ranging from
phone cards to digital identification of the individuals.
These application could be; identity of the customer, library card, e−wallet, keys to various doors, etc... And
only one card can be issued to an end−entity for all these applications. Smart cards hold these data within different files, and , as you will read, these data is only visible to its program depending on the operating system of the card.
These data files are arranged in a file system much like a Linux directory structure.
Classification of smart card
As smart cards have embedded microprocessors, they need energy to function and some mechanism to communicate, receiving and sending the data.
Contact Smart card
Some smart cards have golden plates, contact pads, at one corner of the card. This type of smart cards are called Contact Smart Cards.
The plates are used to supply the necessary energy and to communicate via direct electrical contact with the reader. When you insert the card into the reader, the contacts in the reader sit on the plates.
A smart card pinout
VCC :-Power supply input.
Reset signal, used to reset the card's communications.
Provides the card with a clock signal, from which data communications timing is derived.
Ground (reference voltage).
Programming voltage input - originally an input for a higher voltage to program persistent memory (e.g., EEPROM), but now deprecated.
Serial input and output (half-duplex).
The two remaining contacts are AUX1 and AUX2 respectively, and used for USB interfaces and other uses.
Contactless smart card
Some smart cards do not have a contact pad on their surface.
The connection between the reader and the card is done via radio frequency (RF).
But they have small wire loop embedded inside the card. This wire loop is used as an inductor to supply the energy to the card and communicate with the reader.
When you insert the card into the readers RF field, an induced current is created in the wire loop and used as an energy source.
With the modulation of the RF field, the current in the inductor, the communication takes place.
The readers of smart cards usually connected to the computer via USB or serial port.
As the contactless cards are not needed to be inserted into the reader, usually they are only composed of a serial interface for the computer and an antenna to connect to the card.
The readers for contactless smart cards may or may not have a slot.
The reason is some smart cards can be read upto 1.5 meters away from the reader but some needs to be positioned a few millimeters from the reader to be read accurately.
Dual-interface cards implement contactless and contact interfaces on a single card with some shared storage and processing.
An example is Porto's multi-application transport card
Smart card Readers
Contact smart card readers are used as a communications medium between the smart card and a host (e.g., a computer, a point of sale terminal) or a mobile telephone.
Smart card can provide:-
Examples Of Smart card
The Mozilla Firefox web browser can use smart cards to store certificates for use in secure web browsing.
Smart cards support functionality has been added to Windows Live Passports.
Smart cards serve as credit or ATM cards, fuel cards, mobile phone SIMs, authorization cards for pay television, household utility pre-payment cards, high-security identification and access-control cards, and public transport and public phone payment cards.
Smart cards may also be used as electronic wallets
Health Care (Medical):-
Smart health cards can improve the security and privacy of patient information, provide a secure carrier for portable medical records, reduce health care fraud, support new processes for portable medical records, provide secure access to emergency medical information.
A quickly growing application is in digital identification. In this application, the cards authenticate identity.
E.g. PKI (Public Key Infrastructure)
Smart licenses hold up-to-date records of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph.
Problems With Smart Card
All data and passwords on a card are stored in the EEPROM (Electronically Erasable Programmable Read Only Memory) and can be erased or modified by an unusual voltage supply. Therefore some security processors implemented sensors for environmental changes.
Active In SP
Joined: May 2011
08-05-2011, 01:26 PM
wow! that's very great collections of project and implimentations ................
i like it....................
it realy helps to students for seminar and presentation and any other information.........................
i'm student of b.tech.......................
i'm realy supries ...............................
Active In SP
Joined: Mar 2011
12-05-2011, 09:16 AM
send code for smart card to my mail firstname.lastname@example.org
smart paper boy|
Active In SP
Joined: Jun 2011
20-06-2011, 10:09 AM
Smart Card Technology.ppt (Size: 769.5 KB / Downloads: 164)
German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent for using plastic as a carrier for microchips.
Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card concept
Roland Moreno of France files the original patent for the IC card, later dubbed the “smart card.”
Three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began developing the IC card product.
Motorola developed first single chip Microcontroller for French Banking
World's first major IC card testing
Nationwide prepaid card project and implimentation started in Denmark
Federal Government began a Federal employee smart card identification
What is a Smart Card?.
The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits.
Loosely defined, a smart card is any card with a capability to relate information to a particular application such as:
Magnetic Stripe Cards
Joined: Apr 2012
11-07-2012, 11:12 AM
to get information about the topic "smart card " full report ppt and related topic refer the link bellow
Joined: Apr 2012
26-07-2012, 11:36 AM
SMART CARD.pptx (Size: 318.16 KB / Downloads: 42)
In 1969 Helmut invented the automated chip card got patented in 1982.
In 1977, Michel Ugon from Honeybell Bull invented the first microprocessor smart card.
The major boom in smart car d use came in the 1990s, with the introduction of smart-card-based SIMs used in GSM mobile phone
WHAT IS SMART CARD?
A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded of ICCs-capable or processing information.
made of plastic, generally polyvinyl chloride, acrylonitrile butadiene styrene or polycarbonate
TYPES OF SMART CARD
Size as of credit and Debit card
Contained single embedded ICC that contains only memory or memory plus microprocessor.
Memory-Only chips : functions similar to a small floppy disk.
Memory and microprocessor chip similar to small floppy disk, also contained an “intelligent” controller.
Have Contact area of apprx. 1cm2 comprising of several gold plated contact card.
Inserted into card acceptor device.
Similar to Contact card, but contained embedded antenna instead of contact card.
It reads and stores information by passing it within radio Frequency acceptor range.
Range of operation depends on acceptor mostly about 2.5-3.9 in.
Common application: Student identification ,electronic passport
Also known as Dual interface card – has one smart chip embedded in it- can be accessed through either contact pads or an embedded antenna.
Popular application: Mass transit
SMART CARD WORKING
Smart card is inserted into a card acceptance device .
Chip’s metallic pad come in contact with the CAD’s corresponding
metallic pin, allowing the card and CAD to communicate.
Information are stored in RAM and ROM
Application memory :used by an executing application to store
information on the card.
Smart cards enhance software-only solutions, such as client authentication, interactive logon, and secure email.
It is helpful in storing the important things of people in a precise and effective manner
Joined: Apr 2012
11-08-2012, 04:44 PM
smartcard,B.J Pradhan.doc (Size: 25 KB / Downloads: 39)
A Smart Card or integrated circuit card (ICC) is a plastic card with an embedded microprocessor and a memory large enough to store programs made by the card-issuing company. The exact structure of a smart card is specified by international standards: the plastic card must have dimensions of 85.60mm x 53.98mm x 0.80mm and must be able to bend a specified amount without damage for instance. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps dedicated security logic. Microprocessor cards contain volatile memory and microprocessor components A printed circuit and an integrated circuit chip (microcontroller) are embedded on the card. The card is "smart" because it is "active", that is that it can receive information, process it and then "make a decision". For example, when a smart card is inserted in a terminal, the terminal sends its "digital signature" to the microprocessor. If the digital signature agrees with the existing parameters in the processor's memory, then the memory files are opened and the data made visible to the terminal. In the same way, the card sends its "digital signature" to the terminal and the terminal's microprocessor verifies it. This mutual verification is done off-line, this means that the terminal is not connected to the system's central computer, known as the host. The verification process typically takes a fraction of a second. In addition to digital signatures, Personal Identification Numbers (PIN) and hand written signatures can be used. Smart Cards do not have an internal power source but need power to operate. Therefore they only operate when in the presence of a Card Accepting Device (CAD) which supplies their power requirements. Most Smart Cards come into physical contact with CADs while others do not. Smart cards may also provide strong security authentication for single sign-on (SSO) within large organizations. However, a fundamental change in Smart Cards is in the language they are programmed. In a manner analogous to the development of computer systems, there has been a move from assembly language to higher level languages, especially Java.