Smart Cards - PowerPoint PPT Presentation

About This Presentation

Title:

Smart Cards

Description:

Smart cards will be used in trucks in Europe instead of paper disks in order to ... Clear separation of applications and data (as if different cards were used) ... – PowerPoint PPT presentation

Number of Views:142

Avg rating:3.0/5.0

Slides: 33

Provided by: just4

Category:

more less

Transcript and Presenter's Notes

Title: Smart Cards

1
Smart Cards RFIDName Yousef YahyaFoad
ajjawiDr. Loai Tawalbeh
2
What is the Smart Card?

A smart card is a card that is embedded with
either a microprocessor and a memory chip or only
a memory chip with non-programmable logic. The
microprocessor card can add, delete, and
otherwise manipulate information on the card,
while a memory-chip card (for example, pre-paid
phone cards) can only undertake a pre-defined
operation.
Smart Cards example For RFID ISO-Standards

3
How Does It Work?

Smart Card inserted into Card Acceptor Device
(CAD), card reader
Communicated with CAD through half duplex serial
lines with a data rate of up to 9600 bits per
second
Commands follow standard ISO 7816 specifications
Smart Card can get information from host
computer, provide identification, do
encryptions/decryption , etc.

4
Where Are They Used?

All over the place, more so outside the US
Medical applications In Germany 80 million
people can use smart cards when they go to the
doctor
Voting In Sweden you can vote with your smart
card
Entertainment Most DSS dishes in the U.S. have
smart cards
Telecommunications Many cellular phones come
with smart cards

5
Smart Card Readers

Computer based readers
Connect through USB or COM (Serial) ports

Dedicated terminals
Usually with a small screen, keypad, printer,
often alsohave biometric devices such as thumb
print scanner.

6
Terminal/PC Card Interaction

The terminal/PC sends commands to the card
(through the serial line).
The card executes the command and sends back the
reply.
The terminal/PC cannot directly access memory of
the card
data in the card is protected from unauthorized
access. This is what makes the card smart.

7
Fields of Smart Card Usage (1)

Health Applications
For example in Germany health insurance
companies will issue an electronic health card
cards for the health professionals
electronic passport (ePass, ICAO-specifications)
No need to say that BSI is active in this field
eGovernment / eCard
Goal to fit as many applications as possible
onto one card in order to avoid multiple cards
for every citizen
BSI is very active to promote this concept in
Germany
Social insurance also related to this

8
Fields of Smart Card Usage (2)

Digital Signatures
As you know CC evaluation is required here by
law in Germany and other countries
Digital Tachographs
Smart cards will be used in trucks in Europe
instead of paper disks in order to store driving
times and similar data
Access Control in companies and organizations
Public Transport

9
Some developers

Hardware-Vendors ATMEL, Philips, Renesas (former
Hitachi), Infineon (former Siemens), Samsung, ST
microelectronics
Smart-Card-Vendors Oberthur, Gemplus, AXALTO
(former Schlumberger), IBM, Sony, ORGA Card
Systems, T-Systems (Telesec), ASK, Gieseke
Devrient, Austria Card, Siemens
Other software/application issuers are mainly
related to the banking/payment field Soc.
T.Europienne de Monnaie Electronique (a French
electronic purse society), Mondex, other banks
and credit card companies

10
Physical Structure Life Cycle

Physical structure specified by ISO Standard
7810, 7816
Printed circuit provides five connection points
for power and data
Capability of Smart Card defined by IC chip
Microprocessor
ROM
RAM
EEPROM

11
Life Cycle

OS and security keys inside each smart card which
have different visibility rules
Hence life cycle as card passes from
manufacturer to application provider to user

12
Massachusetts Bay Transit Authority (MBTA).

The MBTA aims to provide a safe, available, and
inexpensive service to its customers while
respecting its customers' basic rights to
privacy.
Currently, the MBTA is pursuing a plan of
automated fare collection that will entail the
use of RFID smartcards.

13
Smart Cards vs. RFID

Contactless Smart Cards
Identify people
Store information
RFID
Identify or track objects

14
RFID Privacy and Smartcard PrivacyRFID Radio
Frequency Identification

Transponder (RFID-Tag, RFID-Label)
Antenna
Integration in Information Systems (i.e. Server,
Services, Back Office Example inventory control
system)

15
RFID and Identity

RFID has 3 identity types
ID linked to Person
direct identification personal data on chip
(biometrics)
personal data in database (employee badge)
ID linked to Service
In combination with person ID (banking, season
cards)
Anonymous (one time public transportation paper
tickets)
ID linked to Object / Product
product information in database (retail
products, library books)
direct identification (car keys)
Combining Object/Product ID with Individual is
additional step, covered by existing privacy
principles

16
Privacy-enhancing solutions for RFID (PETs)

System-solutions
Encryption
Tag/Reader Authentication
Range reduction
Antenna size/design
Consumer-in-Control Solutions
Kill-switch
Removable tags
Blocker tags
Shielding
User interface (NFC-device)

Security Evaluation
Users (e.g. Banks) want high security assurance
for smart cards.
Standard security evaluation procedure
Common Criteria evaluation EAL 4 or EAL 5
Evaluation is very expensive

18
Determining Privacy Risk

When Privacy Risk is
High use smart cards PETs
Medium use smart cards, smart tag PETs
Low use smart tag (PETs optional)

19
Ways of protecting privacy

Privacy by Design (technological)
examples encryption, kill command, read range
main actors technology providers,
standardization bodies
influencing factors cost, usability
public policy RD-funding, Launching customer
Privacy by Design (organizational)
examples system design, business model
main actors system integrators, end-users
(business)
influencing factors business opportunities,
customer trust
public policy privacy principles, guidelines,
best-practices
Rule-based protection
examples self-regulation, law
main actors government, business, stakeholders
influencing factors administrative burdens
(cost), market development
public policy compliance verification (Trust
but Verify)

20
Contactless Smart Cards and Privacy

Data security
Personal data (may be) stored in chips memory
Password protection
Mutual authentication chip and reader
Advanced encryption (3DES, AES, PKI)
Extremely short operating range lt 10 cm
Advanced system design and sensor technology to
prevent tempering
Multi-application smart cards
Several applications on a single card
Exclusivity Clear separation of applications and
data (as if different cards were used)
Back office and system design
Full application of current privacy and data
protection laws

21
Contactless Card
22
RFID/EPC tags and privacy

ICC Principles of Fair RFID/EPC use
RFID-use should be legal, honest, decent
No personal data stored in RFID-tag
Consumer information and choice
Labeling
How to remove / disable tags
Privacy statement including RFID/EPC use
What data is collected via RFID
Purposes of collection/use
Data disclosures (if any)
Data security
Individuals right of access to data in
RFID-enabled IT-system

23
Recommendations

Do not legislate RFID-technology, but only its
applications and use
Address privacy risks of the entire system
Current OECD Privacy Principles already apply to
system design, applications and data collection
and management
Use Privacy-Enhancing Technologies only where
relevant
Stimulate RD, standardization and
use/acceptance of PETs
RFID is the enabling technology !

24
Sample Applications of RFID Systems

Logistics Chains
Enterprise Resource Planning Systems
Inventory Control
Some Benefits
reducing the sources of errors(for instance
reduction of inventory inaccuracies)
minimizing out of stocks
reduction of labor costs
simplification of business processes

25
RFID -Areas of Applications

From a cross-industry viewpoint, the following
areas of applications can be distinguished
identification of objects
document authentication
maintenance and repair, recall campaigns
theft-protection and stop-loss strategies
access authorization and routing control
environmental monitoring and sensor technology
supply chain management automation, process
control and optimization
Also Convenience Tools, Magic, New Learning
Tools, New Dimension of Gaming

26
RFID Basic Services

Identification
Example Which bag is it?
Localization (to a certain extent)
Example Where is the bag? gt Hint Location
of the reader (active RFIDs GPS receiver)
Capturing State
Example monitor the temperature of
perishable goods
Mapping into Information Systems
Examples Automatic Stocktaking, Customer
Relationship Management

27
RFID Technology and Standards

(A) Active vs. Passive
(B) Smart vs. Dumb
(C) Near Field vs. Far Field
(D) Closed Systems vs. Open Systems

28
Passive

no internal power supply
antenna induces minute electrical current
durable
Need an external antenna which is 80 times bigger
than the chip in the best version thus far
Typical tags embedded in labels

29
Active

Own internal power source
Transmit at higher power levels than passive tags
(Re-)writable
(Larger) memory (for example 1 MB)
Communication ranges of 100 meters or more
Example Monitoring the security of ocean
containers or trailers stored in a yard or
terminal

30
Smart vs. Dumb