220 likes | 839 Views
Smart Card Technology Why is a Smart Card So Smart?. CIS4360 – Introduction Computer Security Joey Ferreira Joshua Lawrence. History. 1968 German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent for using plastic as a carrier for microchips. 1970
E N D
Smart Card TechnologyWhy is a Smart Card So Smart? CIS4360 – Introduction Computer Security Joey Ferreira Joshua Lawrence
History • 1968 German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent for using plastic as a carrier for microchips. • 1970 Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card concept • 1974 Roland Moreno of France files the original patent for the IC card, later dubbed the “smart card.” • 1977 Three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began developing the IC card product. Source: smart.gov
History • 1979 Motorola developed first single chip Microcontroller for French Banking • 1982 World's first major IC card testing • 1992 Nationwide prepaid card project started in Denmark • 1999 Federal Government began a Federal employee smart card identification Source: smart.gov
What is a Smart Card? • The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits. • Loosely defined, a smart card is any card with a capability to relate information to a particular application such as: • Magnetic Stripe Cards • Optical Cards • Memory Cards • Microprocessor Cards
Magnetic Stripe Cards Standard technology for bank cards, driver’s licenses, library cards, and so on……
Uses a laser to read and write the card CANPASS Contains: Photo ID Fingerprint Optical Cards
Can store: Financial Info Personal Info Specialized Info Cannot process Info Memory Cards
Has an integrated circuit chip Has the ability to: Store information Carry out local processing Perform Complex Calculations Microprocessor Cards
Microprocessor CardsCombi / Hybrid Cards • Hybrid Card • Has two chips: contact and contactless interface. • The two chips are not connected. • Combi Card • Has a single chip with a contact and contactless interface. • Can access the same chip via a contact or contactless interface, with a very high level of security.
How are Smart Cards Used? • Commercial Applications • Banking/payment • Identification • Ticketing • Parking and toll collection • Universities use smart cards for ID purposes and at the the library, vending machines, copy machines, and other services on campus. • Mobile Telecommunications • SIM cards used on cell phones • Over 300,000,000 GSM phones with smart cards • Contains mobile phone security, subscription information, phone number on the network, billing information, and frequently called numbers.
How are Smart Cards Used? • Information Technology • Secure logon and authentication of users to PCs and networks • Encryption of sensitive data • Other Applications • Over 4 million small dish TV satellite receivers in the US use a smart card as its removable security element and subscription information. • Pre-paid, reloadable telephone cards • Health Care, stores the history of a patient • Fast ticketing in public transport, parking, and road tolling in many countries
Advantages In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages including: • Life of a smart card is longer • A single smart card can house multiple applications. Just one card can be used as your license, passport, credit card, ATM card, ID Card, etc. • Smart cards cannot be easily replicated and are, as a general rule much more secure than magnetic stripe cards • Data on a smart card can be protected against unauthorized viewing. As a result of this confidential data, PINs and passwords can be stored on a smart card. This means, merchants do not have to go online every time to authenticate a transaction.
Advantages • chip is tamper-resistant- information stored on the card can be PIN code and/or read-write protected- capable of performing encryption- each smart card has its own, unique serial number • capable of processing, not just storing information- Smart cards can communicate with computing devices through a smart card reader- information and applications on a card can be updated without having to issue new cards • A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
Disadvantages + NOT tamper proof + Can be lost/stolen + Lack of user mobility – only possible if user has smart card reader every he goes + Has to use the same reader technology + Can be expensive + Working from PC – software based token will be better + No benefits to using a token on multiple PCs to using a smart card + Still working on bugs
OS Based Classification • Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being:1. MultOS 2. JavaCard3. Cyberflex4. StarCOS5. MFCSmart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle:• File Handling and Manipulation.• Memory Management• Data Transmission Protocols.
References • http://sec.isi.salford.ac.uk/download/smart.pdf • http://www.smart.gov • http://www.gemplus.com • http://www.smartcardalliance.org/industry_info/smart_cards_primer.cfm • http://www.axalto.com/Company/Governance/pdf/Annual%20Report%202004.pdf • http://www.smartcard.co.uk/tutorials/sct-itsc.pdf