Smart Cards - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Smart Cards

Description:

... from simple memory cards to those carrying their ... Examples are electronic hotel keys and new-generation phone cards used in the Benelux countries ... – PowerPoint PPT presentation

Number of Views:436
Avg rating:3.0/5.0
Slides: 25
Provided by: michael438
Category:
Tags: cards | smart

less

Transcript and Presenter's Notes

Title: Smart Cards


1
Smart Cards
Security Cryptography in Distributed Systems,
Fall 1998
  • By Michael Perlov
  • (perl7849_at_cs.nyu.edu)

2
Outline of the Presentation
  • What is a Smart Card? Examples
  • Case Study IBM MultiFunction Card
  • Smart Card Standards
  • Additional Resources

3
What is a Smart Card?
  • Technical definition
  • A card formed of plastic body with an embedded
    integrated circuit.
  • The devices come in several varieties, from
    simple memory cards to those carrying their own
    microprocessors.
  • There are four major categories

4
  • Unprotected memory cards
  • Act as a storage medium for tokens
  • Carry an application code and a simple mechanism
    to specify the issuer of the card
  • Cant perform off-line processing
  • Used as prepaid phone cards in France, Holland
    and Germany

5
  • Wired logic memory cards
  • Have built-in EPROM or EEPROM
  • Can be reloaded with data (like monetary value)
  • Contain hard-wired data protection
  • Examples are electronic hotel keys and
    new-generation phone cards used in the Benelux
    countries

6
  • Microprocessor cards
  • Typically have
  • an 8-bit microprocessor with an OS in ROM
  • 96 to 512 KB of RAM
  • 3 to 16 KB of ROM
  • Use EEPROM for non-volatile memory, with
    capacities ranging from 1 to 16 KB
  • Some have an additional cryptography coprocessor
    eith extra RAM to perform private-key (DES)
    and/or public-key (RSA) cryptography

7
  • Many cards of this type are multi-functional,
    providing the option of hosting several
    applications from various industry domains on a
    single card, key domains being
  • Banking Payment Systems
  • debit/credit
  • electronic purse
  • Health Care
  • health records
  • health insurance

8
  • Travel Transportation
  • ticketless air travel
  • car rental
  • Electronic commerce
  • cyber shopping
  • secure access/payment via the Internet
  • We will look at an example of this kind of card
    in the case-study later on in the talk

9
  • Contactless cards
  • Antenna is embedded in the plastic
  • How it works
  • The antenna picks up an electromagnetic signal
    that emanates from the reader
  • The signal powers the card and transmits the data
  • The card updates its internal state and transmits
    a signal back
  • Useful when applications require high throughput,
    for ex. in mass transit

10
Case Study - IBM Multifunction Card
  • Overview
  • A sophisticated smart card solution, built on top
    of the IBM MFC (Multifunction Card) OS
  • The chip can be fed with data and a variety of
    application programs that can be updated whenever
    necessary
  • Supports private-key (DES) and public-key (RSA)
    cryptography

11
  • Physical layout

12
  • File system
  • Has a tree structure and can be compared with the
    file structure of a PCs harddisk
  • Has the following file hierarchy
  • Master Files (MF) - root directory
  • Dedicated Files (DF) - application directories
  • Elementary Files (EF) - application data files

13
  • Access conditions
  • Each file contained in the directory tree of a
    MultiFunction Card contains predefined access
    conditions assigned for each of the following
    access methods
  • Read read, seek, etc
  • Update update, decrease, etc.
  • Administer create/delete, invalidate, restore,
    etc.

14
  • The following access conditions can be specified
  • Always (ALW) - access without restriction
  • Card Holder verification (CHV) - card holder must
    present his secret CHV
  • External Authentication (AUT) - external world
    must authenticate itself
  • Protected (ENC) - either the command or the
    response is shielded with a cryptogram
  • Never (NEV) - the data cannot be accessed under
    any circumstances

15
  • Commands supported by MFC OS
  • Application data commands
  • Read - reads data from a selected file
  • Select - selects a file
  • Update - updates a record in a data file
  • Append - appends a record to a file
  • Security commands
  • Get challenge - generate an 8-byte random number
  • Verify CHV
  • External authentication - authentication of the
    external world based on a previously generated
    random number and a secret key
  • Load key file - loads or updates cryptographic
    keys

16
  • Additional/modified commands available with
    public-key cryptography cards
  • Calculate hash
  • External authenticate - extension to the standard
    external authentication function using public-key
    cryptography
  • Generate signature - generates a digital
    signature based on a a cards secret key (using
    RSA)
  • Verify signature - verifies a digital signature
    using a public key
  • Card management commands
  • Create file
  • Delete file

17
  • Hardware support for security functions

18
Standards
  • Standardization plays a key role in the
    acceptance and growth of the smart card industry.
    Only the appropriate international standards can
    assure that a smart card fits into different card
    readers and terminals at different locations in
    the world

19
  • Smart card standardization is driven from two
    sides
  • The international standards organizations (ISO,
    ANSI, etc)
  • ISO began working on standards for chip cards as
    early as 1983
  • The foundation of virtually all existing smart
    card standards is ISO 7816, which specifies
  • physical electrical characteristics
  • formats and protocols for information exchange
  • functions provided by smart cards

20
  • The industry. Key players include Mastercard,
    Visa, Europay, IBM, Sun and others
  • EMV
  • Specification for the application of smart cards
    to the payment industry
  • Created by Europay, Mastercard and Visa
  • OpenCard Framework
  • A set of guidelines announced by IBM, Netscape
    and Sun
  • Provides an architecture and a set of APIs for
    building smart card-aware solutions on
    OpenCard-compliant network computers

21
  • Consists of four major components
  • CardTerminal - encapsulates all card terminal
    related classes
  • CardAgent - provides a common interface for a
    multitude of card operating sysetms
  • CardIO - provides access to the file system of a
    smart card
  • CardAgentExtension - provides non-file related
    smart card functionality

22
  • JavaCard
  • Is a standard set of APIs and classes that
    allows Java applets to run directly on a standard
    ISO 7816 compliant card
  • The specifications are announced by Sun and Visa,
    with the support of leading smart card suppliers
  • Provides all the benefits of Java - portability,
    security, etc.
  • Smart Card SDK
  • Developed by Microsoft
  • Provides a set of APIs for developers to write
    smart card-aware Windows applications to operate
    with smart card readers that conform to the
    specification
  • The first integrated smart card PCs were to begin
    shipping this year

23
Additional Resources
  • Smart Card terminology
  • http//www.gemplus.com/basics/terms.htm
  • IBM Smart Card solutions
  • http//www.chipcard.ibm.com/overview/
  • JavaCard
  • http//java.sun.com/products/javacard/
  • Smart Card software develpment - Gemplus
  • http//www.gemplus.com

24
The End
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Smart Cards" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!