Survey on Smart Card - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Survey on Smart Card

Description:

Survey on Smart Card & Mobile Payment Tijo Thomas ( 03229401) Guided by Prof: Bernard Menezes Contents Introduction Methodology of Study Existing Payments Schemes ... – PowerPoint PPT presentation

Number of Views:134
Avg rating:3.0/5.0
Slides: 31
Provided by: mbt8
Category:
Tags: card | mobile | payment | smart | survey

less

Transcript and Presenter's Notes

Title: Survey on Smart Card


1
Survey onSmart Card Mobile Payment
  • Tijo Thomas ( 03229401)
  • Guided by Prof Bernard Menezes

2
Contents
  • Introduction
  • Methodology of Study
  • Existing Payments Schemes
  • Business Drivers
  • Relation between SIM card Smart Card
  • Technological Trends
  • Business Trends
  • Conclusion

3
Introduction
  • Motivation
  • To understand the existing payment schemes.
  • To understand the role of smart card in retail
    payment.
  • To understand the security issues.
  • Goal
  • To understand the future of retail payment.

4
Methodology of Study
  • Collected the details about the existing payment
    schemes.
  • Surveyed Industry Standards for Payments.
  • Collected responses to questionnaire from focus
    groups.
  • Studied various types of smart cards.
  • Analyzed the relationship between smart card and
    SIM card.
  • Surveyed the Business Trends of M-Commerce and
    its future.

5
Existing Payment Scheme
  • Based on Value
  • Micro payments less than 5
  • Medium Payments Between 5 - 25
  • Macro payments - above 25
  • Based on Location
  • Remote Transaction SMS, GPRS
  • Proximity Transaction Bluetooth, RFID
  • Based on Technology
  • Magnetic Strip card
  • Smart Card

6
Smart card Payments
  • What is smart card?
  • Smart card is a tamper proof plastic card with
    an embedded microchip that can be loaded with
    data.
  • Why smart card?
  • Security
  • Processing power
  • Memory

7
Smart Card Security
  • OS and File Security
  • File hierarchy MF,DF,EF
  • File security attributes
  • Access Rights
  • Always(ALW)
  • Card holder Verification 1 (CHV1)
  • Card holder Verification 2 (CHV2)
  • Administrative (ADM)

8
Smart Card Security
  • Hardware Security
  • All the data are store in EEPROM, so can be
    erased using unusual voltage
  • Data can be erased by exposure to UV rays
  • Heating the card in high temperature
  • Statistical Attack like Differential power
    analysis (DPA)

9
Java Card
  • The Java Card platform was designed and
    developed from the beginning specifically to
    enhance the security of smart cards.
  • Advantages
  • Open Architecture Designed with Industry Experts
  • Java runtime environment (JRE)
  • Security Enhancements transaction atomicity,
    Cryptography, Applet firewall
  • Code reusability (OOPS) data integrity
  • Proven platform - Passed security evaluation by
    financial agencies, US Dept of Defense and US
    national security Agency.

10
Mobile Commerce
  • Definition
  • Mobile commerce is the use the of mobile hand
    held devices to communicate, inform, transact and
    entertain using text and data via connection to
    public and private networks
  • (Lehman Brothers)
  • Mobile Commerce refers to any transaction with
    monetary value that is conducted via a mobile
    telecommunications network. (Durlacher)

11
Scheme of Mobile Payments
  • SMS Based Payments
  • WAP/GPRS
  • Reverse SMS Billing
  • Proximity Payments

12
SMS Based Payments
  • Secure message in the form of SMS are used to
    transfer money from one user account to another
  • Use of PKI
  • Implementation e.g. mCheque
  • Advantage No account information is revealed

13
WAP/GPRS based payments
  • Wireless Application Protocol (WAP) over GPRS
    mobiles are used
  • Similar to e commerce
  • Less risk involved
  • Cost for GPRS connectivity is reducing.
  • No changes in the existing business model

14
Reverse SMS Billing
  • Definition
  • Provider over charge SMS from special numbers
    -(Premium SMS)
  • Separate Business Models are to be realized
  • Only small change in the existing set up
  • Advantage No additional infra structure is
    required.
  • Applications Digital contents like ring tones,
    music , video...etc

15
Proximity Payments
  • Definition
  • The trading parties are in the same vicinity.
  • Standardized interfaces e.g. Infra red , Blue
    tooth
  • Supported Offline transaction
  • Cheaper solution for micro payments
  • High Risk
  • Separate Business Models Infrastructure need to
    be implemented

16
Business Drivers
  • Wider acceptance for GPRS/WAP enabled mobile
    devices
  • Mobile operators are looking for new revenue
    streams
  • Population of mobiles devices over PC
  • Average time to detect a mobile theft is 68 min
    over 26 hours for credit cards
  • More secure than conventional credit cards

17
Relationship between SIM card and smart card
  • GSM specification11.11 defines the interface
    between Subscriber Identification Module (SIM)
    and the Mobile Equipment for use during the
    network operation as well as the internal
    organization of SIM.
  • Any implementation of this standard can act as a
    SIM card in Mobiles.
  • Implementation
  • Java Card
  • Native Card

18
Technology Trends
  • Research organizations Focus groups are working
    on the effective standards.
  • Different Business Models (OSS BSS) are being
    evaluated for its feasibility.
  • Emerging Wireless Technology - 3G, 2.5G
  • Advancement Mobile Phone Technology

19
Business Trends
Taken from Towards A Holistic Analysis of Mobile
Payments A Multiple Perspectives Approach by
Jan Ondrus Yves Pigneur
20
Business Trends
  • Research reveals high potential market
  • New revenue stream for MNOs
  • Opportunity for new comers - application
    developer, content providers etc
  • High Penetration of mobile device
  • Lack of security in existing credit/debit card
    system

21
Conclusion
  • High Potential Market
  • High Demand for Killer Applications
  • MNO are looking for new revenue stream
  • Customers willingness to experiment
  • Merchants are looking for a standard OSS and
    standard based products
  • Opportunity for new comers

22
  • Thank You

23
  • GSM Specifications

24
GSM Specification
  • Defines the interface between Subscriber
    Identification Module (SIM) and the Mobile
    Equipment for use during the network operation as
    well as the internal organization of SIM.
  • Any implementation of this standard can act as a
    SIM card in Mobiles

25
GSM Characteristics
  • Physical Characteristics- electronic signals,
    supply voltage, transition protocol
  • Logical Model- logical structure of SIM, file
    structure.
  • Security Feature
  • File access condition
  • Description of Functionalities- functional
    description of commands and respective response,
    status condition, error code
  • Description of Commands- mapping the functions to
    APDU
  • Contents of Elementary files- elementary files
    for GSM session, access condition..etc
  • Application Protocol- list of standard operation
    between SIM and ME.

26
GSM SIM Security
  • Subscriber Identity Authentication
  • authenticate the identity of the mobile
    subscriber
  • The network issues a random challenge
  • Mobile Subscriber (MS) computes the
    responseusing a one-way hash fn (A3 algo) using
    a authentication key which is unique to each
    subscriber
  • The Network also compute the response and compare
    with the response it receive from MS
  • The same mechanism is used to establish a cipher
    key Kc
  • This key is used to encrypt data and radio
    signal. (A8 Algo)
  • The two algorithms are combined into single
    algorithm called A38

27
GSM SIM Security
  • User Signalling Data Confidentiality
  • The data is exclusive-ord with the key Kc and
    transferred over the radio path.
  • Subscriber Identity Confidentiality
  • This service is to hide the International Mobile
    Subscriber Identity (IMSI)
  • The service is based on Temporary MSI (TMSI)
  • The IMSI is mapped to TMSI
  • The TMSI is then encrypted with the cipher key Kc
    and send

28
  • Smart Card Standards

29
Smart card Standards
  • International Standards
  • ISO 7816 physical and elecrical characteristics
    as well as format and protocol for information
    exchange between the smartcard and reader.
  • European Telecommunication Standards Institute
    (ETSI) Standard for the GSM SIM to communicate
    with the mobile device

30
Smart card Standards
  • Industry Standards
  • EMV Euro pay, Master Cards Visa defines a
    standard to allow safe ,easy electronic commerce
    standard
  • Mobile 3D Visas international new global
    specification that ensure security of internet
    payments made over mobile phones.
  • Open card Framework Provides an architecture
    and a set of API that enable application
    developer to build application in java which use
    smart card reader.
  • PC/SC Personal computer/ Smartcard is a win 32
    based specification to allow the manufactures to
    develop products independently.
  • CEPS Common Electronic Purse Standard
  • Java Card
Write a Comment
User Comments (0)
About PowerShow.com