SMART CARDS_sourabhgarg


Presentation Description

No description available.


Presentation Transcript


SMART CARDS Submitted By: Sourabh Garg B.Tech(IT)-3 rd year 0819213445


overview Introduction History of smart cards Characteristics Types of smart cards Category of smart cards Smart cards standards Smart Card Devices Typical Configurations Security Mechanism Applications Advantages Disadvantages Future Aspects


INTRODUCTION Smart card is a small plastic intelligent token embedded with an IC chip that make it ‘smart’. Smart cards provide computational capabilities along with memory capacity It is a combination of software and hardware designed to perform specific task. Smart cards may also provide strong security authentication for single sign-on within large organizations.

History of Smart Cards:

History of Smart Cards In the early 1950s Diners club produced the first all-plastic card to be used for payment applications. Smart card has its origin in 1970s by inventors from Germany, Japan and France. Untill mid 80s most of the work on Smart Cards was at the research and development level. First mass use was for payment in french payphones. The current world population of Smart Cards is nearly 3 billion. The manufacturer of Smart Cards are Gemplus, IBM, Siemens, Telesec and many more.


Characteristics Works in a time constraint environment Good performance and high reliability Less cost requirement due to mass production Designed for specific task

What is ‘Smart’ about the Smart Cards..??:

What is ‘Smart’ about the Smart Cards..?? Smart Cards are capable of not just storing data but also have processing power. They have larger storage capacity when compared to magnetic swipe cards. The data stored can be protected against unauthorized access and tempering. They are appropriate for secure and convenient data storage. Smart cards have the property of multifunctionality.

Types of Smart Cards:

Types of Smart Cards Based on the way Smart card interacts with the Reader, Smart cards are of two types: Contact Smart Card : These Cards require insertion into the Reader. Contactless Smart Cards : These cards require close proximity of the Reader.


Continued.. The contact smart card consist of small contact plate on the face, which is 1/2’ in diameter. The transmission of data takes place when this contact plate comes with the connector of the reader. This card consist of an IC chip and an antenna coil embedded into it. These cards are mainly used when transactions must be processed quickly.

Categories of Smart Cards:

Categories of Smart Cards Based on the type of IC chip embedded inside the Smart card, they are categorized into two types: MEMORY CARDS : Memory cards simply store data. They do not have any processing capability and can be viewed as a small floppy disk with optional security. The main storage area in such cards is normally EEPROM. Memory cards are further divided into 2:- i . IC MEMORY CARDS: They can store data, but do not have a processor on the card. ii. OPTICAL MEMORY CARDS: They can only store data, but has a larger memory capacity than IC memory cards.


2. MICROPROCESSOR/INTELLIGENT SMART CARDS : Smart cards with micro processors look like standard plastic cards, but they are equipped with an embedded Integrated Circuit(IC) chip. They can store information, carry out local processing on the data stored, and perform complex calculations. A microprocessor card, can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port, card operating system (COS) and hard disk.

Smart Cards Standards:

Smart Cards Standards ISO7816 is the international standard for Smart Cards That use Electrical contacts. With this standard, Smart Cards could communicate with the Reader using the same protocol. The ISO7816 standards are separated in 3 different parts: ISO7816-1: defines the physical characteristics of the card. Iso7816-2: defines the dimension and contact position of the card. ISO7816-3: defines the electrical signals and transmission protocols .

Smart Cards devices:

Smart Cards devices VCC Reset Clock GND VPP I/O Reserved

What’s in a Card?:

What’s in a Card? Vcc RST CLK RFU Vpp I/O GND RFU

Typical Configurations:

Typical Configurations 256 bytes to 4KB RAM. 8KB to 32KB ROM. 1KB to 32KB EEPROM. Crypto-coprocessors (implementing 3DES, RSA etc., in hardware) are optional. 8-bit to 16-bit CPU. 8051 based designs are common. The price of a mid-level chip when produced in bulk is less than US$1.

Smart Card Readers:

Smart Card Readers Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner. Computer based readers Connect through USB or COM (Serial) ports




Continued… Though commonly referred to as "smart card readers“ CAD have the ability to read and write as long as the smart card supports it. The application controlling the reader will detect the presence of the card and issue a "Reset" command. The card returns a response to the reset that indicates to the application that the card is initialized and ready to proceed with the session. Mechanically, readers have various options .

Terminal/PC Card Interaction:

Terminal/PC Card Interaction The terminal/PC sends commands to the card (through the serial line). The card executes the command and sends back the reply. The terminal/PC cannot directly access memory of the card data in the card is protected from unauthorized access. This is what makes the card smart.

How does it all work?:

How does it all work? Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Terminal sends first command to select MF Card responds with an error (because MF selection is only on password presentation) Terminal prompts the user to provide password Terminal sends password for verification Card verifies P2. Stores a status “P2 Verified”. Responds “OK” Terminal sends command to select MF again Terminal sends command to read EF1 Card supplies personal data and responds “OK” Card responds “OK”

Security Mechanisms:

Security Mechanisms Password Card holder’s protection Cryptographic challenge Response Entity authentication Biometric information Person’s identification A combination of one or more

Password Verification:

Password Verification Terminal asks the user to provide a password. Password is sent to Card for verification. Scheme can be used to permit user authentication. Not a person identification scheme

Cryptographic verification:

Cryptographic verification Terminal verify card (INTERNAL AUTH) Terminal sends a random number to card to be hashed or encrypted using a key. Card provides the hash or cypher text . Terminal can know that the card is authentic. Card needs to verify (EXTERNAL AUTH) Terminal asks for a challenge and sends the response to card to verify Card thus know that terminal is authentic. Primarily for the “Entity Authentication”

Biometric techniques:

Biometric techniques Finger print identification. Features of finger prints can be kept on the card (even verified on the card) Photograph/IRIS pattern etc. Such information is to be verified by a person. The information can be stored in the card securely.

Smart Card Applications:

Smart Card Applications Identity Management Ticketless Travel Loyalty Programs Building Security/Area Access Secure Network Access Information Security Healthcare Debit/Credit Card Electronic Purse Mass Transit Time and Attendance Administration Training Management Qualification Certification Distance Learning Mobile Communications Mary Carver Drivers License Work/Entry Permits Parking


Continued… In Banks: They are used as credit/debit cards. Medical applications: They can be used as Health insurance card or Medical File Access Card. In Transportation Services: for urban parking, Airline Application and Electronic Toll Collection. In Telecommunications: The smart cards contain the phone number on the network, billing information and call numbers. Used as identification cards.


Advantages A chip is tamper resistant. Information stored on the card can be PIN protected and read write protected. Capable of performing data encryption. Capable of processing information .


Disadvantages The accuracy of information is small. It gives liability issues if stolen or lost. It is potential for too much data on one card if lost or stolen. It is a potential area for computer hacker and computer viruses. Lack of technology to support user.

Future Aspects:

Future Aspects Soon it will be possible to access the data in smart cards by the use of biometrics. Smart cards Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet. In the near future, the multifunctional Smart cards wioll completely replace the traditional magnetic swipe card.


Conclusion Smart card is an excellent technology to secure storage and authentication. If an organization can deploy this technology selecting the right type of solutions which is cross platform compatible and supports the standards required, it would be economical as well as secure. This technology has to be standardized and used in various applications in an organization not just for physical access or information access. Various developments are happening in the smart card industry with respect to higher memory capacities and stronger encryption algorithms which could provide us with much tougher security. But we need to understand that we will achieve better security only if we have users educated to use these technology with at most care. A smart world is the future.


References History of Smart Cards http://www. wikipedia .org/