SlideShare una empresa de Scribd logo

Smart card

Descargar como PPT, PDF
Santosh Khadsare
Santosh Khadsare

This is a compiled ppt of various ppt on the internet. Not my original work. Done for people who need ready refeerence

TecnologíaEmpresariales
1 de 73
Smart Cards Future Life……… Santosh Khadsare
Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology , making our life faster and obviously easier.
Plastic Cards  Visual identity application  Plain plastic card is enough  Magnetic strip (e.g. credit cards)  Visual data also available in machine readable form  No security of data  Electronic memory cards  Machine readable data  Some security (vendor specific)
What is a Smart Card? A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, cash payments , and other applications, and then periodically refreshed for additional use.
What is a smart card?
History 70’s Smart Card First Patent in Germany and later in France and Japan. 80’s Mass usage in Pay Phones and Debit Cards. 90’s Smart Card based Mobiles Chips & Sim Cards.
History 2000’s Payment and Ticketing Applications Credit cards, Mass transit (Smartrip) Healthcare and Identification Insurance information, Drivers license
Dimensions of smart card. 85.6mm x 53.98mm x 0.76mm(defined by ISO 7816)
Why use smart cards?  Can store currently up to 7000 times more data than a magnetic stripe card.  Information that is stored on the card can be updated.  Magnetic stripe cards are vulnerable to many types of fraud.  Lost/Stolen Cards  Skimming  Carding/ Phishing  Greatly enhances security by communicating with card readers using PKI algorithms.  A single card can be used for multiple applications (cash, identification, building access, etc.)  Smart cards provide a 3-fold approach to authentic identification: • Pin • Smartcard • Biometrics
Card Elements Magnetic Stripe Logo Chip Hologram Embossing (Card Number / Name / Validity, etc.)
Smart Cards devices GND VCC VPP Reset I/O Clock Varun Arora | varun@varunarora.in | Reserved www.varunarora.in
What’s in a Card? CL RST K Vcc RFU GND RFU Vpp I/O Varun Arora | varun@varunarora.in | www.varunarora.in
Electrical signals description VCC : Power supply input RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card) . CLK : Clocking or timing signal (optional use by the card). Fig : A smart card pin out GND : Ground (reference voltage). VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card. AUX1(C4): Auxilliary contact; USB devices: D+ AUX2(C8) : Auxilliary contact; USB devices: D-
CARD STRUCTURE Out of the eight contacts only six are used. Vcc is the supply voltage, Vss is the ground reference voltage against which the Vcc potential is measured, Vpp connector is used for the high voltage signal,chip receives commands & interchanges data.
Typical Configurations  256 bytes to 4KB RAM.  8KB to 32KB ROM.  1KB to 32KB EEPROM.  8-bit to 16-bit CPU. 8051 based designs are common.
Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card so data in the card is protected from unauthorized access. This is what makes the card smart.
Why Smart Cards? Security: Data and codes on the card are encrypted by the chip maker. The Smart Card’s circuit chip almost impossible to forge. Trust: Minimal human interaction. Portability. Less Paper work: Eco-Friendly
Two Types of Chips Memory chip Microprocessor  Acts as a small floppy  Can add, delete, and disk with optional manipulate its memory. security  Acts as a miniature  Are inexpensive computer that includes an  Offer little security operating system, hard features disk, and input/output ports.  Provides more security and memory and can even download applications.
From 1 billion to 4 billion units in 10 years… Worldwide smart card shipments 4500 4285 4000 3580 3500 Microprocessor cards Millions of units Memory cards 3000 2500 3325 2655 2000 1500 1000 500 925 960 925 960 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
Smart Cards in everyday life… Loyalty Transport Ticketing Payment Health card Smart Poster Communication
Contact Smart Cards  Requires insertion into a smart card reader with a direct connection  This physical contact allows for transmission of commands, data, and card status to take place
Contactless smart card:-
Contactless Smart Cards  Require only close proximity to a reader  Both the reader and card have antennas through which the two communicate  Ideal for applications that require very fast card interfaces
ISO 14443.  International standard.  Deals – only contactless smart cards.  Defines:- a. Interface. b. Radio frequency interface. c. Electrical interface. d. Operating distance. Etc…..
Dual interface smart cards.  Also called Combi card.  Has a single chip over it.  Has both contact as well as contactless interfaces.  We can use the same chip using either contact or contactless interface with a high level of security.
Dual interface smart card.
Hybrid smart card.  Two chips.  One with contact interface.  Other with contactless interface.  No connection between the two chips.
Hybrid smart cards.
Categories of Smart Cards Based on the type of IC chip embedded on the Smart Card. They are categorized into three types :-  IC Micro Processor Cards  IC Memory Cards  Optical Memory Cards
Key Attributes Security to make the Digital Life safe and enjoyable Ease of Use to enable all of us to access to the Digital World Privacy to respect each individual’s freedom and intimacy E SAF
Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely
Smart Card Readers  Dedicated terminals  Computer based readers  Usually with a small Connect through USB or screen, keypad, printer, COM (Serial) ports often also have biometric devices such as thumb print scanner.
Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card  data in the card is protected from unauthorized access. This is what makes the card smart.
Communication mechanisms  Communication between smart card and reader is standardized  ISO 7816 standard  Commands are initiated by the terminal  Interpreted by the card OS  Card state is updated  Response is given by the card.  Commands have the following structure CLA INS P1 P2 Lc 1..Lc Le  Response from the card include 1..Le bytes followed by Response Code
Security Mechanisms  Password  Card holder’s protection  Cryptographic challenge Response  Entity authentication  Biometric information  Person’s identification  A combination of one or more
Password Verification  Terminal asks the user to provide a password.  Password is sent to Card for verification.  Scheme can be used to permit user authentication.  Not a person identification scheme Varun Arora | varun@varunarora.in | www.varunarora.in
Cryptographic verification  Terminal verify card (INTERNAL AUTH)  Terminal sends a random number to card to be hashed or encrypted using a key.  Card provides the hash or cyphertext.  Terminal can know that the card is authentic.  Card needs to verify (EXTERNAL AUTH)  Terminal asks for a challenge and sends the response to card to verify  Card thus know that terminal is authentic.  Primarily for the “Entity Authentication” Varun Arora | varun@varunarora.in | www.varunarora.in
Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely.
Data storage  Data is stored in smart cards in E2PROM  Card OS provides a file structure mechanism MF File types Binary file (unstructured) DF DF EF EF Fixed size record file DF EF Variable size record file EF EF
File Naming and Selection  Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name.  OS keeps tack of a current DF and a current EF.  Current DF or EF can be changed using SELECT FILE command. Target file specified as either:  DF name  File ID  SFID(Short File Identifier, 1 byte)  Relative or absolute path (sequence of File IDs).  Parent DF
Basic File Related Commands  Commands for file creation, deletion etc., File size and security attributes specified at creation time.  Commands for reading, writing, appending records, updating etc.  Commands work on the current EF.  Execution only if security conditions are met.  Each file has a life cycle status indicator (LCSI), one of: created, initialized, activated, deactivated, terminated.
Access control on the files  Applications may specify the access controls  A password (PIN) on the MF selection  For example SIM password in mobiles  Multiple passwords can be used and levels of security access may be given  Applications may also use cryptographic authentication
An example scenario (institute ID card) What happens ifFree user Read: the Select: P2 forgets his upon verification Write: requirements: Security password? verification EF1 (personal data) by K1, K2 or K3 EF1: Solution1: Add supervisor Name: Varun Arora PF/Roll: 13 passwordbe modified only by Should MF Read: Free the DOSA/DOFA/Registrar Solution2: Allow EF2 (Address) Write: Password DOSA/DOFA/Registrar to Readable to all (P1) #320, MSc (off) modifyVerification EF3 475, SICSR (Res) EF2: Solution3: Allow both to Card holder should be able happen to modify EF3 (password) EF4 (keys) EF3 (password) K1 (DOSA’s key) P1 (User password) Read: Never P1 (User password) K2 (DOFA’s key) P2 (sys password) Write: Once K3 (Registrar’s key) Read: Never Write: Password Verification (P1)
An example scenario (institute ID card) EF1 (personal data) Library manages its own keys in EF3 EF2 (Address) under DF1 MF EF3 (password) Institute manages its EF4 (keys) keys and data under Modifiable: By admin DF1 (Lib) MF staff. Read: all EF2 (Privilege info) Thus library can EF1 (Issue record) Max Duration: 20 days develop applications Max Books: 10 independent of the Bk# dt issue dt retn Reserve Collection: Yes rest. Keys EF3: Bk# dt issue dt retn K1: Issue staff key K2: Admin staff key Bk# dt issue dt retn Modifiable: By issue Bk# dt issue dt retn staff. Read all
How does it all work? Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Terminal sends first command to Card responds with an error select MF (because MF selection is only on password presentation) Terminal prompts the user to provide password Terminal sends password for Card verifies P2. Stores a status verification “P2 Verified”. Responds “OK” Terminal sends command to Card responds “OK” select MF again Card supplies personal data and responds “OK” Terminal sends command to read EF1
So many Smart Cards with us at all times…..  In our GSM phone (the SIM card)  Inside our Wallets  Credit/Debit cards  HealthCare cards  Loyalty cards  Our corporate badge  Our Passport  Our e-Banking OTP  … and the list keeps growing
Our Industries Is rapidly changing Interactive billboards Transports New solutions leveraging on mobile contactless services eTicketing Retail
Smart Card Applications Government programs  Banking & Finance  Mobile Communication  Pay Phone Cards  Transportation  Electronic Tolls  Passports  Electronic Cash  Retailer Loyalty Programs  Information security
Banking and finance Electronic purse to replace coins for small purchases in vending machines . Credit and debit cards Securing payments across the internet
Smart card Pay phones  Outside of the United States there is a widespread use of payphones  phone company does not have to collect coins  the users do not have to have coins or remember long access numbers and PIN codes  The risk of vandalism is very low since these payphones are smart card-based. “Generally, a phone is attacked if there is some money inside it, as in the case of coin-based payphone
Transportation  Driver’s license  Mass transit fare collection system  Electronic toll collection system
It’s no longer only «Cards» e-Passport: the first Smart Secure Device 45 Millions e-Passport in 2009
E Governance  As the amount of business and holiday travel increases security continues to be a top concern for governments worldwide.  When fully implemented smart passport solutions help to reduce fraud and forgery of travel documents.  Enhanced security for travellers  Philips launched such a project with the US in 2004.
Student id card  All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
Threats in Using Smart Cards failure rate probability of breaking: keeping in wallets may damage the chip on the card. malware attacks: active malwares on systems may result in modifying the transactions.
OS Based Classification  Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being: 1. MultOS 2. JavaCard 3. Cyberflex 4. StarCOS 5. MFC Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: • File Handling and Manipulation. • Memory Management • Data Transmission Protocols.
ADVANTAGES  Proven to be more reliable than the magnetic stripe card.  Can store up to thousands of times of the information than the magnetic stripe card.  Reduces tampering and counterfeiting through high security mechanisms such as advanced encryption and biometrics.  Can be disposable or reusable.  Performs multiple functions.  Has wide range of applications (e.g., banking, transportation, healthcare...)  Compatible with portable electronics (e.g., PCs, telephones...)  Evolves rapidly applying semi-conductor technology
Disadvantages Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
Remedies… Banks like Fortis and Dexia in Belgium combine a Smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, his PIN and the transaction amount into the card reader, the card reader returns an 8-digit signature. This signature is manually copied to the PC and verified by the bank. This method prevents malware from changing the transaction amount.
Future Aspects  Soon it will be possible to access the data in Smart cards by the use of Biometrics.  Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet.  In the near future, the multifunctional smart card will replace the traditional magnetic swipe card.  Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
The Smart card success story Microprocessor Smart Cards Shipments ( Millions of units ) 4000 295 +31% 3500 +10% 225 580 +16% Telecom (SIM) 3000 205 +22% 500 2500 Banking - Retail 410 2000 Identity & others +15% 1500 3000 +27% 2600 1000 2040 500 0 2007 2008 2009
By 2020 … 20 Billion Smart Secure Devices >4 Billion Mobile Appliances users >4 Billion e-ID documents in use
Conclusion: Conclusion… • Smart Cards will evolve into a broader family of Devices • Smart Cards will evolve into a broaderfamily of Devices • More new shapes for new applications • More new shapes for new applications • Embedded software attributes » • Our virtual « digital personaland ultra-embedded nanotechnologies •• The only mistake andavoid for our Industry is to entertain an endless Embedded software to ultra-embedded nanotechnologies debate about fears. • We will build the best solutions Industry is to entertain an enjoy • The only mistake to avoid for our and the best value for people to endless debate many new services about fears. •• Education … moresolutions and the best value for people to enjoy many new We will build the best Education services • Preparing people to use those Smart Secure Devices is as important as • Political ownership how communication will be key to success teaching them and to read and write • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Conclusion: • Smart Cards will evolve into a broader family of Devices • More new shapes for new applications • Our virtual « digital personal attributes » • Embedded software and ultra-embedded nanotechnologies • The only mistake to avoid for our Industry is to entertain an endless debate about fears. • We will build the best solutions and the best value for people to enjoy many new services • Political ownership and communication will be key to success • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Security of Smart Cards  Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA and ECC.  Key pair generation.  Variable timing/clock fluctuation.  0.6 micron components.  Data stored on the card is encrypted.  Pin Blocking.
Elliptical Curve Cryptography  y²=x³+ax+b  Q(x,y) =kP(x,y)  Uses point multiplication to compute and ECDLP to crack.  Beneficial for portable devices.  Cryptographic coprocessors can be added to speed up encryption and decryption.
CAIN  Confidentiality is obtained by the encryption of the information on the card.  Authenticity is gained by using the PKI algorithm and the two/three factor authentication.  Integrity is maintained through error-checking and enhanced firmware.  Repudiation is lower because each transaction is authenticated and recorded.
Common and Future Uses of Smart Cards  Current uses:  Chicago Transit Card  Speed Pass  Amex Blue Card  Phone Cards  University ID cards  Health-care cards  Access to high level government facilities.  Future uses:  Federally Passed Real-ID act of 2005.  ePassports
Data Structure  Data on Smart Cards is organized into a tree hierarchy. This has one master file (MF or root) which contains several elementary files (EF) and several dedicated files (DF).  DFs and MF correspond to directories and EFs correspond to files, analogous to the hierarchy in any common OS for PCs.
Data Structure  However, these two hierarchies differ in that DFs can also contain data. DF's, EF's and MF's header contains security attributes resembling user rights associated with a file/directory in a common OS.  Any application can traverse the file tree, but it can only move to a node if it has the appropriate rights.  The PIN is also stored in an EF but only the card has access permission to this file.

Recomendados

Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation ppriteshs
 
Smart cards
Smart cards Smart cards
Smart cards Punjab College Of Technical Education
 
Smart cards
Smart cardsSmart cards
Smart cardsjaswinderkaur144
 
E cash payment
E cash paymentE cash payment
E cash paymentMurlidhar Sarda
 
Smart card technologya
Smart card technologyaSmart card technologya
Smart card technologyapuneet bhatia
 
Smart cards
Smart cardsSmart cards
Smart cardsSiddhartha Mazumdar
 
Smart card
Smart cardSmart card
Smart cardram212213
 
Presentation on security feature of atm (2)
Presentation on security feature of atm (2)Presentation on security feature of atm (2)
Presentation on security feature of atm (2)Siya Agarwal
 

Recomendados

Smart Card Presentation
Smart Card Presentation Smart Card Presentation
Smart Card Presentation ppriteshs
 
Smart cards
Smart cards Smart cards
Smart cards Punjab College Of Technical Education
 
Smart cards
Smart cardsSmart cards
Smart cardsjaswinderkaur144
 
E cash payment
E cash paymentE cash payment
E cash paymentMurlidhar Sarda
 
Smart card technologya
Smart card technologyaSmart card technologya
Smart card technologyapuneet bhatia
 
Smart cards
Smart cardsSmart cards
Smart cardsSiddhartha Mazumdar
 
Smart card
Smart cardSmart card
Smart cardram212213
 
Presentation on security feature of atm (2)
Presentation on security feature of atm (2)Presentation on security feature of atm (2)
Presentation on security feature of atm (2)Siya Agarwal
 
Smart card
Smart cardSmart card
Smart cardRahul Srivastava
 
SMART CARD
SMART CARDSMART CARD
SMART CARDKapil Dev Ghante
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card TechnologyAmit Gaur
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDSsalman khan
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyLav Pratap
 
Smart card
Smart cardSmart card
Smart cardSaumya Ranjan Behura
 
QR Codes seminar
QR Codes seminarQR Codes seminar
QR Codes seminarUmsh23
 
Smart card ppt
Smart card pptSmart card ppt
Smart card pptkondalarao7
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technologythinkahead.net
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityReben Dalshad
 
Smatcard documentation
Smatcard documentationSmatcard documentation
Smatcard documentationBhadra Gowdra
 
An atm with an eye
An atm with an eyeAn atm with an eye
An atm with an eyeJohn Williams
 
Smart Card
Smart CardSmart Card
Smart CardAlan Leewllyn Bivera
 
Money pad the future wallet
Money pad the future walletMoney pad the future wallet
Money pad the future walletLeelakh Sachdeva
 
Smart cards
Smart cardsSmart cards
Smart cardsimshubham
 
E-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYE-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYPranav Patel
 
Smart Card
Smart CardSmart Card
Smart CardDarani Daran
 
An atm with an iris recognition
An atm with an iris recognitionAn atm with an iris recognition
An atm with an iris recognitionmahesh123slideshre
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGERishikese MR
 
Information technology seminar topics
Information technology seminar topicsInformation technology seminar topics
Information technology seminar topics123seminarsonly
 
Smart card system ppt
Smart card system ppt Smart card system ppt
Smart card system ppt Dewanshu Haswani
 
Ppt Smart Card
Ppt Smart CardPpt Smart Card
Ppt Smart CardRam Dutt Shukla
 

Más contenido relacionado

La actualidad más candente

Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card TechnologyAmit Gaur
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyLav Pratap
 
QR Codes seminar
QR Codes seminarQR Codes seminar
QR Codes seminarUmsh23
 
Smatcard documentation
Smatcard documentationSmatcard documentation
Smatcard documentationBhadra Gowdra
 
Money pad the future wallet
Money pad the future walletMoney pad the future wallet
Money pad the future walletLeelakh Sachdeva
 
E-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYE-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYPranav Patel
 
An atm with an iris recognition
An atm with an iris recognitionAn atm with an iris recognition
An atm with an iris recognitionmahesh123slideshre
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGERishikese MR
 
Information technology seminar topics
Information technology seminar topicsInformation technology seminar topics
Information technology seminar topics123seminarsonly
 

La actualidad más candente (20)

Smart card
Smart cardSmart card
Smart card
 
SMART CARD
SMART CARDSMART CARD
SMART CARD
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technology
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDS
 
Smart card technology
Smart card technologySmart card technology
Smart card technology
 
Smart card
Smart cardSmart card
Smart card
 
QR Codes seminar
QR Codes seminarQR Codes seminar
QR Codes seminar
 
Smart card ppt
Smart card pptSmart card ppt
Smart card ppt
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technology
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
 
Smatcard documentation
Smatcard documentationSmatcard documentation
Smatcard documentation
 
An atm with an eye
An atm with an eyeAn atm with an eye
An atm with an eye
 
Smart Card
Smart CardSmart Card
Smart Card
 
Money pad the future wallet
Money pad the future walletMoney pad the future wallet
Money pad the future wallet
 
Smart cards
Smart cardsSmart cards
Smart cards
 
E-PAPER TECHNOLOGY
E-PAPER TECHNOLOGYE-PAPER TECHNOLOGY
E-PAPER TECHNOLOGY
 
Smart Card
Smart CardSmart Card
Smart Card
 
An atm with an iris recognition
An atm with an iris recognitionAn atm with an iris recognition
An atm with an iris recognition
 
3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE3D OPTICAL DATA STORAGE
3D OPTICAL DATA STORAGE
 
Information technology seminar topics
Information technology seminar topicsInformation technology seminar topics
Information technology seminar topics
 

Destacado

Digital Right Management
Digital Right ManagementDigital Right Management
Digital Right ManagementRatul Alahy
 
PPT on mind reading computer
PPT on mind reading computer PPT on mind reading computer
PPT on mind reading computerAnjali Agarwal
 
MCSi Digital Signage Presentation
MCSi Digital Signage PresentationMCSi Digital Signage Presentation
MCSi Digital Signage PresentationGary Quasebarth
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityPrav_Kalyan
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transactionHarsh Mehta
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 

Destacado (16)

Smart card system ppt
Smart card system ppt Smart card system ppt
Smart card system ppt
 
Ppt Smart Card
Ppt Smart CardPpt Smart Card
Ppt Smart Card
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Digital Right Management
Digital Right ManagementDigital Right Management
Digital Right Management
 
PPT on mind reading computer
PPT on mind reading computer PPT on mind reading computer
PPT on mind reading computer
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Mind reading computer
Mind reading computerMind reading computer
Mind reading computer
 
MCSi Digital Signage Presentation
MCSi Digital Signage PresentationMCSi Digital Signage Presentation
MCSi Digital Signage Presentation
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
secure electronics transaction
secure electronics transactionsecure electronics transaction
secure electronics transaction
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 

Similar a Smart card

smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfssuser5b47c8
 
smartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdfsmartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdfssuser5b47c8
 
smartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdfsmartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdfssuser5b47c8
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICSkajal
 
Smart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelSmart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelAnant Patel
 
Access control basics-3
Access control basics-3Access control basics-3
Access control basics-3grantlerc
 
Smart card Technology
Smart card TechnologySmart card Technology
Smart card TechnologyDharaneeshwar
 
Presentation1 akash.pptx
Presentation1 akash.pptxPresentation1 akash.pptx
Presentation1 akash.pptxAnadityaRout
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokenssaniacorreya
 
51775454-SMART-CARDS.ppt
51775454-SMART-CARDS.ppt51775454-SMART-CARDS.ppt
51775454-SMART-CARDS.pptAjaySahre
 

Similar a Smart card (20)

Smartcard lecture #5
Smartcard lecture #5Smartcard lecture #5
Smartcard lecture #5
 
smartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdfsmartcard-120830090352-phpapp02.pdf
smartcard-120830090352-phpapp02.pdf
 
smartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdfsmartcard-121018150432-phpapp01.pdf
smartcard-121018150432-phpapp01.pdf
 
smartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdfsmartcard-090723101806-phpapp01.pdf
smartcard-090723101806-phpapp01.pdf
 
Smartcard
SmartcardSmartcard
Smartcard
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICS
 
Smart cards system
Smart cards systemSmart cards system
Smart cards system
 
Smart card
Smart cardSmart card
Smart card
 
Smart cards & RFID-Anant Patel
Smart cards & RFID-Anant PatelSmart cards & RFID-Anant Patel
Smart cards & RFID-Anant Patel
 
smart card
smart cardsmart card
smart card
 
Namrata
NamrataNamrata
Namrata
 
Access control basics-3
Access control basics-3Access control basics-3
Access control basics-3
 
Smart card Technology
Smart card TechnologySmart card Technology
Smart card Technology
 
Smart cards
Smart cardsSmart cards
Smart cards
 
Smart Card based Robust Security System
Smart Card based Robust Security SystemSmart Card based Robust Security System
Smart Card based Robust Security System
 
Presentation1 akash.pptx
Presentation1 akash.pptxPresentation1 akash.pptx
Presentation1 akash.pptx
 
Smart card technology
Smart card technologySmart card technology
Smart card technology
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokens
 
Card reader
Card readerCard reader
Card reader
 
51775454-SMART-CARDS.ppt
51775454-SMART-CARDS.ppt51775454-SMART-CARDS.ppt
51775454-SMART-CARDS.ppt
 

Más de Santosh Khadsare

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 

Más de Santosh Khadsare (20)

Cyber fraud (netflix)
Cyber fraud (netflix)Cyber fraud (netflix)
Cyber fraud (netflix)
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)
 
Guassvirus
GuassvirusGuassvirus
Guassvirus
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Webmail
WebmailWebmail
Webmail
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
 
Web server
Web serverWeb server
Web server
 
Samba server
Samba serverSamba server
Samba server
 
Firewall(linux)
Firewall(linux)Firewall(linux)
Firewall(linux)
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Linuxfilesys
LinuxfilesysLinuxfilesys
Linuxfilesys
 
Linuxconcepts
LinuxconceptsLinuxconcepts
Linuxconcepts
 
Introtolinux
IntrotolinuxIntrotolinux
Introtolinux
 
New internet
New internetNew internet
New internet
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Smart card

  • 1. Smart Cards Future Life……… Santosh Khadsare
  • 2. Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology , making our life faster and obviously easier.
  • 3. Plastic Cards  Visual identity application  Plain plastic card is enough  Magnetic strip (e.g. credit cards)  Visual data also available in machine readable form  No security of data  Electronic memory cards  Machine readable data  Some security (vendor specific)
  • 4. What is a Smart Card? A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, cash payments , and other applications, and then periodically refreshed for additional use.
  • 5. What is a smart card?
  • 6. History 70’s Smart Card First Patent in Germany and later in France and Japan. 80’s Mass usage in Pay Phones and Debit Cards. 90’s Smart Card based Mobiles Chips & Sim Cards.
  • 7. History 2000’s Payment and Ticketing Applications Credit cards, Mass transit (Smartrip) Healthcare and Identification Insurance information, Drivers license
  • 8. Dimensions of smart card. 85.6mm x 53.98mm x 0.76mm(defined by ISO 7816)
  • 9. Why use smart cards?  Can store currently up to 7000 times more data than a magnetic stripe card.  Information that is stored on the card can be updated.  Magnetic stripe cards are vulnerable to many types of fraud.  Lost/Stolen Cards  Skimming  Carding/ Phishing  Greatly enhances security by communicating with card readers using PKI algorithms.  A single card can be used for multiple applications (cash, identification, building access, etc.)  Smart cards provide a 3-fold approach to authentic identification: • Pin • Smartcard • Biometrics
  • 10. Card Elements Magnetic Stripe Logo Chip Hologram Embossing (Card Number / Name / Validity, etc.)
  • 11. Smart Cards devices GND VCC VPP Reset I/O Clock Varun Arora | varun@varunarora.in | Reserved www.varunarora.in
  • 12. What’s in a Card? CL RST K Vcc RFU GND RFU Vpp I/O Varun Arora | varun@varunarora.in | www.varunarora.in
  • 13. Electrical signals description VCC : Power supply input RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card) . CLK : Clocking or timing signal (optional use by the card). Fig : A smart card pin out GND : Ground (reference voltage). VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card. AUX1(C4): Auxilliary contact; USB devices: D+ AUX2(C8) : Auxilliary contact; USB devices: D-
  • 14. CARD STRUCTURE Out of the eight contacts only six are used. Vcc is the supply voltage, Vss is the ground reference voltage against which the Vcc potential is measured, Vpp connector is used for the high voltage signal,chip receives commands & interchanges data.
  • 15. Typical Configurations  256 bytes to 4KB RAM.  8KB to 32KB ROM.  1KB to 32KB EEPROM.  8-bit to 16-bit CPU. 8051 based designs are common.
  • 16. Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
  • 17. Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card so data in the card is protected from unauthorized access. This is what makes the card smart.
  • 18. Why Smart Cards? Security: Data and codes on the card are encrypted by the chip maker. The Smart Card’s circuit chip almost impossible to forge. Trust: Minimal human interaction. Portability. Less Paper work: Eco-Friendly
  • 19. Two Types of Chips Memory chip Microprocessor  Acts as a small floppy  Can add, delete, and disk with optional manipulate its memory. security  Acts as a miniature  Are inexpensive computer that includes an  Offer little security operating system, hard features disk, and input/output ports.  Provides more security and memory and can even download applications.
  • 20. From 1 billion to 4 billion units in 10 years… Worldwide smart card shipments 4500 4285 4000 3580 3500 Microprocessor cards Millions of units Memory cards 3000 2500 3325 2655 2000 1500 1000 500 925 960 925 960 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
  • 21. Smart Cards in everyday life… Loyalty Transport Ticketing Payment Health card Smart Poster Communication
  • 22. Contact Smart Cards  Requires insertion into a smart card reader with a direct connection  This physical contact allows for transmission of commands, data, and card status to take place
  • 24. Contactless Smart Cards  Require only close proximity to a reader  Both the reader and card have antennas through which the two communicate  Ideal for applications that require very fast card interfaces
  • 25. ISO 14443.  International standard.  Deals – only contactless smart cards.  Defines:- a. Interface. b. Radio frequency interface. c. Electrical interface. d. Operating distance. Etc…..
  • 26. Dual interface smart cards.  Also called Combi card.  Has a single chip over it.  Has both contact as well as contactless interfaces.  We can use the same chip using either contact or contactless interface with a high level of security.
  • 28. Hybrid smart card.  Two chips.  One with contact interface.  Other with contactless interface.  No connection between the two chips.
  • 30. Categories of Smart Cards Based on the type of IC chip embedded on the Smart Card. They are categorized into three types :-  IC Micro Processor Cards  IC Memory Cards  Optical Memory Cards
  • 31. Key Attributes Security to make the Digital Life safe and enjoyable Ease of Use to enable all of us to access to the Digital World Privacy to respect each individual’s freedom and intimacy E SAF
  • 32. Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely
  • 33. Smart Card Readers  Dedicated terminals  Computer based readers  Usually with a small Connect through USB or screen, keypad, printer, COM (Serial) ports often also have biometric devices such as thumb print scanner.
  • 34. Terminal/PC Card Interaction  The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card  data in the card is protected from unauthorized access. This is what makes the card smart.
  • 35. Communication mechanisms  Communication between smart card and reader is standardized  ISO 7816 standard  Commands are initiated by the terminal  Interpreted by the card OS  Card state is updated  Response is given by the card.  Commands have the following structure CLA INS P1 P2 Lc 1..Lc Le  Response from the card include 1..Le bytes followed by Response Code
  • 36. Security Mechanisms  Password  Card holder’s protection  Cryptographic challenge Response  Entity authentication  Biometric information  Person’s identification  A combination of one or more
  • 37. Password Verification  Terminal asks the user to provide a password.  Password is sent to Card for verification.  Scheme can be used to permit user authentication.  Not a person identification scheme Varun Arora | varun@varunarora.in | www.varunarora.in
  • 38. Cryptographic verification  Terminal verify card (INTERNAL AUTH)  Terminal sends a random number to card to be hashed or encrypted using a key.  Card provides the hash or cyphertext.  Terminal can know that the card is authentic.  Card needs to verify (EXTERNAL AUTH)  Terminal asks for a challenge and sends the response to card to verify  Card thus know that terminal is authentic.  Primarily for the “Entity Authentication” Varun Arora | varun@varunarora.in | www.varunarora.in
  • 39. Biometric techniques  Finger print identification.  Features of finger prints can be kept on the card (even verified on the card)  Photograph/IRIS pattern etc.  Such information is to be verified by a person. The information can be stored in the card securely.
  • 40. Data storage  Data is stored in smart cards in E2PROM  Card OS provides a file structure mechanism MF File types Binary file (unstructured) DF DF EF EF Fixed size record file DF EF Variable size record file EF EF
  • 41. File Naming and Selection  Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name.  OS keeps tack of a current DF and a current EF.  Current DF or EF can be changed using SELECT FILE command. Target file specified as either:  DF name  File ID  SFID(Short File Identifier, 1 byte)  Relative or absolute path (sequence of File IDs).  Parent DF
  • 42. Basic File Related Commands  Commands for file creation, deletion etc., File size and security attributes specified at creation time.  Commands for reading, writing, appending records, updating etc.  Commands work on the current EF.  Execution only if security conditions are met.  Each file has a life cycle status indicator (LCSI), one of: created, initialized, activated, deactivated, terminated.
  • 43. Access control on the files  Applications may specify the access controls  A password (PIN) on the MF selection  For example SIM password in mobiles  Multiple passwords can be used and levels of security access may be given  Applications may also use cryptographic authentication
  • 44. An example scenario (institute ID card) What happens ifFree user Read: the Select: P2 forgets his upon verification Write: requirements: Security password? verification EF1 (personal data) by K1, K2 or K3 EF1: Solution1: Add supervisor Name: Varun Arora PF/Roll: 13 passwordbe modified only by Should MF Read: Free the DOSA/DOFA/Registrar Solution2: Allow EF2 (Address) Write: Password DOSA/DOFA/Registrar to Readable to all (P1) #320, MSc (off) modifyVerification EF3 475, SICSR (Res) EF2: Solution3: Allow both to Card holder should be able happen to modify EF3 (password) EF4 (keys) EF3 (password) K1 (DOSA’s key) P1 (User password) Read: Never P1 (User password) K2 (DOFA’s key) P2 (sys password) Write: Once K3 (Registrar’s key) Read: Never Write: Password Verification (P1)
  • 45. An example scenario (institute ID card) EF1 (personal data) Library manages its own keys in EF3 EF2 (Address) under DF1 MF EF3 (password) Institute manages its EF4 (keys) keys and data under Modifiable: By admin DF1 (Lib) MF staff. Read: all EF2 (Privilege info) Thus library can EF1 (Issue record) Max Duration: 20 days develop applications Max Books: 10 independent of the Bk# dt issue dt retn Reserve Collection: Yes rest. Keys EF3: Bk# dt issue dt retn K1: Issue staff key K2: Admin staff key Bk# dt issue dt retn Modifiable: By issue Bk# dt issue dt retn staff. Read all
  • 46. How does it all work? Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Terminal sends first command to Card responds with an error select MF (because MF selection is only on password presentation) Terminal prompts the user to provide password Terminal sends password for Card verifies P2. Stores a status verification “P2 Verified”. Responds “OK” Terminal sends command to Card responds “OK” select MF again Card supplies personal data and responds “OK” Terminal sends command to read EF1
  • 47. So many Smart Cards with us at all times…..  In our GSM phone (the SIM card)  Inside our Wallets  Credit/Debit cards  HealthCare cards  Loyalty cards  Our corporate badge  Our Passport  Our e-Banking OTP  … and the list keeps growing
  • 48. Our Industries Is rapidly changing Interactive billboards Transports New solutions leveraging on mobile contactless services eTicketing Retail
  • 49. Smart Card Applications Government programs  Banking & Finance  Mobile Communication  Pay Phone Cards  Transportation  Electronic Tolls  Passports  Electronic Cash  Retailer Loyalty Programs  Information security
  • 50. Banking and finance Electronic purse to replace coins for small purchases in vending machines . Credit and debit cards Securing payments across the internet
  • 51. Smart card Pay phones  Outside of the United States there is a widespread use of payphones  phone company does not have to collect coins  the users do not have to have coins or remember long access numbers and PIN codes  The risk of vandalism is very low since these payphones are smart card-based. “Generally, a phone is attacked if there is some money inside it, as in the case of coin-based payphone
  • 52. Transportation  Driver’s license  Mass transit fare collection system  Electronic toll collection system
  • 53. It’s no longer only «Cards» e-Passport: the first Smart Secure Device 45 Millions e-Passport in 2009
  • 54. E Governance  As the amount of business and holiday travel increases security continues to be a top concern for governments worldwide.  When fully implemented smart passport solutions help to reduce fraud and forgery of travel documents.  Enhanced security for travellers  Philips launched such a project with the US in 2004.
  • 55. Student id card  All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
  • 56.
  • 57. Threats in Using Smart Cards failure rate probability of breaking: keeping in wallets may damage the chip on the card. malware attacks: active malwares on systems may result in modifying the transactions.
  • 58. OS Based Classification  Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being: 1. MultOS 2. JavaCard 3. Cyberflex 4. StarCOS 5. MFC Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: • File Handling and Manipulation. • Memory Management • Data Transmission Protocols.
  • 59. ADVANTAGES  Proven to be more reliable than the magnetic stripe card.  Can store up to thousands of times of the information than the magnetic stripe card.  Reduces tampering and counterfeiting through high security mechanisms such as advanced encryption and biometrics.  Can be disposable or reusable.  Performs multiple functions.  Has wide range of applications (e.g., banking, transportation, healthcare...)  Compatible with portable electronics (e.g., PCs, telephones...)  Evolves rapidly applying semi-conductor technology
  • 60. Disadvantages Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
  • 61. Remedies… Banks like Fortis and Dexia in Belgium combine a Smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, his PIN and the transaction amount into the card reader, the card reader returns an 8-digit signature. This signature is manually copied to the PC and verified by the bank. This method prevents malware from changing the transaction amount.
  • 62. Future Aspects  Soon it will be possible to access the data in Smart cards by the use of Biometrics.  Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet.  In the near future, the multifunctional smart card will replace the traditional magnetic swipe card.  Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
  • 63. The Smart card success story Microprocessor Smart Cards Shipments ( Millions of units ) 4000 295 +31% 3500 +10% 225 580 +16% Telecom (SIM) 3000 205 +22% 500 2500 Banking - Retail 410 2000 Identity & others +15% 1500 3000 +27% 2600 1000 2040 500 0 2007 2008 2009
  • 64. By 2020 … 20 Billion Smart Secure Devices >4 Billion Mobile Appliances users >4 Billion e-ID documents in use
  • 65. Conclusion: Conclusion… • Smart Cards will evolve into a broader family of Devices • Smart Cards will evolve into a broaderfamily of Devices • More new shapes for new applications • More new shapes for new applications • Embedded software attributes » • Our virtual « digital personaland ultra-embedded nanotechnologies •• The only mistake andavoid for our Industry is to entertain an endless Embedded software to ultra-embedded nanotechnologies debate about fears. • We will build the best solutions Industry is to entertain an enjoy • The only mistake to avoid for our and the best value for people to endless debate many new services about fears. •• Education … moresolutions and the best value for people to enjoy many new We will build the best Education services • Preparing people to use those Smart Secure Devices is as important as • Political ownership how communication will be key to success teaching them and to read and write • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
  • 66. Conclusion: • Smart Cards will evolve into a broader family of Devices • More new shapes for new applications • Our virtual « digital personal attributes » • Embedded software and ultra-embedded nanotechnologies • The only mistake to avoid for our Industry is to entertain an endless debate about fears. • We will build the best solutions and the best value for people to enjoy many new services • Political ownership and communication will be key to success • Education … more Education • Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
  • 67.
  • 68. Security of Smart Cards  Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA and ECC.  Key pair generation.  Variable timing/clock fluctuation.  0.6 micron components.  Data stored on the card is encrypted.  Pin Blocking.
  • 69. Elliptical Curve Cryptography  y²=x³+ax+b  Q(x,y) =kP(x,y)  Uses point multiplication to compute and ECDLP to crack.  Beneficial for portable devices.  Cryptographic coprocessors can be added to speed up encryption and decryption.
  • 70. CAIN  Confidentiality is obtained by the encryption of the information on the card.  Authenticity is gained by using the PKI algorithm and the two/three factor authentication.  Integrity is maintained through error-checking and enhanced firmware.  Repudiation is lower because each transaction is authenticated and recorded.
  • 71. Common and Future Uses of Smart Cards  Current uses:  Chicago Transit Card  Speed Pass  Amex Blue Card  Phone Cards  University ID cards  Health-care cards  Access to high level government facilities.  Future uses:  Federally Passed Real-ID act of 2005.  ePassports
  • 72. Data Structure  Data on Smart Cards is organized into a tree hierarchy. This has one master file (MF or root) which contains several elementary files (EF) and several dedicated files (DF).  DFs and MF correspond to directories and EFs correspond to files, analogous to the hierarchy in any common OS for PCs.
  • 73. Data Structure  However, these two hierarchies differ in that DFs can also contain data. DF's, EF's and MF's header contains security attributes resembling user rights associated with a file/directory in a common OS.  Any application can traverse the file tree, but it can only move to a node if it has the appropriate rights.  The PIN is also stored in an EF but only the card has access permission to this file.

Notas del editor

  1. Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology,making our life faster and obviously easier.