Smart Card Technology

Download Report

Transcript Smart Card Technology

Smart Card Technology
Why is a Smart Card So Smart?
CIS4360 – Introduction Computer Security
Joey Ferreira
Joshua Lawrence
History




1968
German inventor Jurgen Dethloff along with Helmet Grotrupp filed
a patent for using plastic as a carrier for microchips.
1970
Dr. Kunitaka Arimura of Japan filed the first and only patent on
the smart card concept
1974
Roland Moreno of France files the original patent for the IC card,
later dubbed the “smart card.”
1977
Three commercial manufacturers, Bull CP8, SGS Thomson, and
Schlumberger began developing the IC card product.
Source: smart.gov
History




1979
Motorola developed first single chip Microcontroller for French
Banking
1982
World's first major IC card testing
1992
Nationwide prepaid card project started in Denmark
1999
Federal Government began a Federal employee smart card
identification
Source: smart.gov
What is a Smart Card?


The standard definition of a a smart card, or
integrated circuit card (ICC), is any pocket sized
card with embedded integrated circuits.
Loosely defined, a smart card is any card with a
capability to relate information to a particular
application such as:
•
•
•
•
Magnetic Stripe Cards
Optical Cards
Memory Cards
Microprocessor Cards
Magnetic Stripe Cards
Standard technology for bank cards, driver’s licenses, library cards,
and so on……
Optical Cards


Uses a laser to read
and write the card
CANPASS Contains:
• Photo ID
• Fingerprint
Memory Cards


Can store:
• Financial Info
• Personal Info
• Specialized Info
Cannot process Info
Microprocessor Cards


Has an integrated
circuit chip
Has the ability to:
• Store information
• Carry out local
processing
• Perform Complex
Calculations
Microprocessor Cards
Contact Smart Card
Contact
Microprocessor Cards
Contactless Smart Card
Microprocessor Cards
Combi / Hybrid Cards

Hybrid Card
• Has two chips: contact and contactless
interface.
• The two chips are not connected.

Combi Card
• Has a single chip with a contact and
contactless interface.
• Can access the same chip via a contact or
contactless interface, with a very high level of
security.
Microprocessor Cards
Combi / Hybrid Cards
How are Smart Cards Used?


Commercial Applications
• Banking/payment
• Identification
• Ticketing
• Parking and toll collection
• Universities use smart cards for ID purposes
and at the the library, vending machines,
copy machines, and other services on
campus.
Mobile Telecommunications
• SIM cards used on cell phones
• Over 300,000,000 GSM phones with smart
cards
• Contains mobile phone security, subscription
information, phone number on the network,
billing information, and frequently called
numbers.
How are Smart Cards Used?


Information Technology
• Secure logon and authentication of users to PCs and networks
• Encryption of sensitive data
Other Applications
• Over 4 million small dish TV satellite receivers in the US use a
smart card as its removable security element and subscription
information.
• Pre-paid, reloadable telephone cards
• Health Care, stores the history of a patient
• Fast ticketing in public transport, parking, and road tolling in
many countries
Advantages
In comparison to it’s predecessor, the magnetic strip card,
smart
cards have many advantages including:
• Life of a smart card is longer
• A single smart card can house multiple applications. Just one
card can be used as your license, passport, credit card, ATM
card, ID Card, etc.
• Smart cards cannot be easily replicated and are, as a general
rule much more secure than magnetic stripe cards
• Data on a smart card can be protected against unauthorized
viewing. As a result of this confidential data, PINs and
passwords can be stored on a smart card. This means,
merchants do not have to go online every time to authenticate
a transaction.
Advantages
• chip is tamper-resistant
- information stored on the card can be PIN code and/or readwrite protected
- capable of performing encryption
- each smart card has its own, unique serial number
• capable of processing, not just storing information
- Smart cards can communicate with computing devices
through a smart card reader
- information and applications on a card can be updated
without having to issue new cards
• A smart card carries more information than can be
accommodated on a magnetic stripe card. It can make a
decision, as it has relatively powerful processing capabilities
that allow it to do more than a magnetic stripe card (e.g., data
encryption).
Disadvantages
+ NOT tamper proof
+ Can be lost/stolen
+ Lack of user mobility – only possible if user has smart
card reader every he goes
+ Has to use the same reader technology
+ Can be expensive
+ Working from PC – software based token will be better
+ No benefits to using a token on multiple PCs to using a
smart card
+ Still working on bugs
Security Mechanisms
OS Based Classification

Smart cards are also classified on the basis of their
Operating System. There are many Smart Card Operating
Systems available in the market, the main ones being:
1.
2.
3.
4.
5.
MultOS
JavaCard
Cyberflex
StarCOS
MFC
Smart Card Operating Systems or SCOS as they are
commonly called, are placed on the ROM and usually
occupy lesser than 16 KB. SCOS handle:
• File Handling and Manipulation.
• Memory Management
• Data Transmission Protocols.
References






http://sec.isi.salford.ac.uk/download/smart.pdf
http://www.smart.gov
http://www.gemplus.com
http://www.smartcardalliance.org/industry_info/smart_card
s_primer.cfm
http://www.axalto.com/Company/Governance/pdf/Annual
%20Report%202004.pdf
http://www.smartcard.co.uk/tutorials/sct-itsc.pdf