Smart Card. Smart Card applications
|
|
- Jane Bennett
- 8 years ago
- Views:
Transcription
1 Smart Card Chip Plastic card A very secure way of storing a small amount of sensitive data 1 Smart Card applications Retail Sale of goods using Electronic Purses, Credit / Debit Vending machines Loyalty programs Tags & smart labels Entertainment Pay-TV Public event access control Healthcare Insurance data Personal data Personal file Communication GSM Payphones Transportation Public Traffic Parking Road Regulation (ERP) Car Protection 2
2 Smart Card applications Educational facilities Physical access Network access Personal data (results) Copiers, vending machines, restaurants,... Office Physical access Network access Time registration Secure & Web applications E-commerce sale of information sale of products sale of tickets, reservations E-banking access to accounts to do transactions Shares Government Identification Passport Driving license 3 History - Smart Card Plastic cards :1950 Magnetic Stripe Card Very cheap to produce Can store dynamic data Easy to manipulate and copy (not always!) Integrated Circuit Card (ICC): 1974 Cheap to produce (Semiconductor technology) Can store dynamic data and can perform computation Can be hardened against unauthorized manipulation Standard credit card-sized with a microchip embedded on it Two types Memory-only chips Microprocessor chips 4
3 History - Smart Card German inventors patent combination of plastic cards with micro chips Japan patent different version Roland Moreno invents integrated chip card and patents it in France Motorola produces first smart card microchip Motorola develops first single chip microcontroller for bank in France ATM cards with smart chips tested and smart chips placed on telephone cards AT&T declared its contactless smart card 5 History - Smart Card Germany uses smart card for health care Europay, Mastercard, and Visa (EMV) specifications for global microchip-based bank cards First university campus deployment of chip cards (November) - Schlumberger shows how Java can be used to simplify smartcard programming JavaCard 1.0 Standard Sun releases JavaCard Version 2.1 JavaCard with: The JavaCard 2.1 API Specification The JavaCard 2.1 Runtime Environment Specification The JavaCard 2.1 Virtual Machine Specification 6
4 History - Smart Card Moreno Patent French PTT Trial GSM SIM EMV JavaCard Specification Milestones 7 Smart Card characteristics Connection (Contact vs. contactless): Contact cards Contact smart card are inserted in a smart card reader making physical contact with the reader Contactless smart cards Smart cards that employ a radio frequency (RFID) between card and reader without physical insertion of the card Hybrid-card Combines the two features With two independent chips The two chips are not connected Combi-card Combines the two features But has a single chip Can access the chip via the contact or contactless interface combines the two features in a single chip 10
5 Smart Card characteristics Processor: Small processors 8 or 16 up to 16 MHz (currently up to 32 bits) Very small memory 8k, 16k, 32k, 64k, 128kB of ROM Between 1 and 64 kbit of EEPROM Between 256 bytes and 4kB of RAM Chip Operating System (COS) Usually occupies less than 16 KB» Eg: MultOS; JavaCard; Cyberflex; StarCOS; Handles: File Handling and Manipulation Memory Management Data Transmission Protocols 11 Smart Card characteristics Hardware Closed package (usually tamper-proof) Memory encapsulation Fuses Security logic (sensors) Cryptographic coprocessors and random generator Software Decoupling applications and operating system Application separation (Java card) Restricted file access Life cycle control Various cryptographic algorithms and protocols 12
6 Smart card Life-cycle Production ROM : programming of code and constants Initialization EEPROM (Electrical Erasable Programmable ROM) : programming Personalization EEPROM : programming of user/application specific data Use Decommission Invalidate data or make card not usable. 13 Basic Smart Card features EEPROM: 1KB to 128KB RAM: 256 bytes to 4KB Cryptography algorithms: 3DES, AES, RSA, Elliptic curve, SHA-1, SHA-256,. Random number generator: pseudo RNG or hardware RNG Communication with the exterior: T=0, T=1, and contactless smart card protocols Chip Operating System (COS): Directory-based file system Single-application and multi-application support Simplified security based OS Power consumption: EMV allows up to 50mW Telecom devices up to 6 mw 14
7 Standardization ISO 7816 Sizes of cards ID-1 = mm Credit card size - ID-000 = 25 x 15 mm SIM card Size 0,76 mm 54 mm 85 mm Speciation of physical requirements (temperature, humidity,...) 15 Standardization Contact Layout sizes and location (ID-1) 1.7mm mm 10.25mm Vcc Reset Clock RS1 Gnd Vpp I/O RS2 16
8 Standardization Communication command format Protocol: APDU Application Protocol Data Unit Communication between card-reader (CAD) and Smartcard Command messages APDU for Commands APDU for Response Compulsory cla ins P1 P2 Lc data le data sw1 sw2 Optional 17 Standardization ISO/OSI layers: layer specification OSI layer 7: transfer of application data Application Layer ISO/IEC EMV GSM 11.11: SIM OSI layer 2: transfer of data frames Link Layer ISO/IEC : T=0 / T=1 ISO/IEC : T=2 OSI layer 1: transfer of characters Physical Layer ISO/IEC
9 Smart Card Acceptance Devices ISO standard Terminals Have memory, logic, power Eg: ATMs, gas pumps Readers Connect to a computer Eg:USB, serial, parallel port 19 Communication Protocol Typical transfer rates: - Contact bps - Contactless bps 20
10 Inside the smart card Simple Processor Co-processors (optional) No internal power source Memory ROM Read only from the birth of the card» JCRE, applications, native code EEPROM Persistent memory, >10 years RAM Transient Memory, expensive, fast 21 Inside the smart card CPU Central Processing Unit: heart of the chip 22
11 Inside a smart card CPU security logic security logic: detecting abnormal conditions, e.g. low voltage 23 Inside a smart card CPU security logic serial I/O interface: contact to the outside world serial I/O interface 24
12 Inside the smart card CPU security logic serial i/o interface test logic test logic: self-test procedures 25 Inside the smart card CPU security logic serial i/o interface test logic ROM ROM: card operating system self-test procedures typically 16 kbytes up to 128 kbytes 26
13 Inside the smart card CPU security logic serial i/o interface test logic ROM RAM RAM: scratch pad of the processor typically 512 bytes up to 4 kbyte 27 Inside the smart card CPU security logic serial i/o interface test logic ROM RAM EEPROM EEPROM: cryptographic keys PIN code biometric template balance application code typically 8 kbytes 28
14 Inside the smart card CPU security logic serial i/o interface databus test logic ROM RAM EEPROM databus: connection between elements of the chip 8 or 16 bits wide Up to 32 bits 29 Inside the smart card Secure data COS 30
15 Inside the smart card Numerical Processing Unit VCC Reset/Ctrl Clock Ground IO NPU CPU IO M P U RAM EEPROM ROM Memory Protection Unit 31 Inside the smart card Infineon SLE66 32
16 Communication protocols Communication protocols: T=0 protocol Byte-oriented Speed Rate: 115 kbps T=1 protocol Block-oriented Great Layer separation Speed Rate: 115 kbps (Electrical) byte transmission 33 APDU Commands ISO 7816: Standard describing the protocol for communication between smartcard and terminal Messages are called APDUs (Application Protocol Data Units), which are sequences of bytes in a certain format Terminal sends command APDU to card, card sends a response APDU back APDU for Commands APDU for Response Compulsory cla ins P1 P2 Lc data le data sw1 sw2 Optional 34
17 APDU - Application Protocol Data Unit APDU Direction - 2 flavors Request Response Extra Data 2 flavors Some APDUs have only a command Some APDUs have command + a data buffer Request Response Without data buffer select With data buffer writebinary APDU Commands Without data buffer verifypin With data buffer getchallenge 35 APDU Commands CLA INS P1 P2 Lc L Le B 0C 00 ((v)) FF Minimum of 6 bytes, maximum of? APDU for Commands APDU for Response Compulsory cla ins P1 P2 Lc data le data sw1 sw2 Optional 36
18 APDU Commands CLA INS P1 P2 Lc L Le B 0C 00 ((v)) FF CLA (Class of instruction) - indicates the type of command. 37 APDU Commands CLA INS P1 P2 Lc L Le B 0C 00 ((v)) FF INS (Instruction code) - is the Instruction code being applied to the applet. Examples: 60? Select File 20? Pin Verify 84? Get Challenge 38
19 CLA INS P1 P2 APDU Commands Lc L Le B 0C 00 ((v)) FF P1and P2 (Instruction parameters) - are parameters sent to the card. Can be used as two 1 byte parameters or one 2 byte parameter. Not used with all commands simply send Example: shows which file to choose, in this case 0B0C 39 APDU Commands CLA INS P1 P2 Lc L Le B 0C 00 ((v)) FF Lc is the optional data buffer length if additional info is needed to be sent with this command. 40
20 APDU Commands CLA INS P1 P2 Lc L Le B 0C 00 ((v)) FF L is the optional data buffer if additional info is needed to be sent with this command. If Lc is zero, there is no input data buffer. 41 APDU Commands CLA INS P1 P2 Lc L Le B 0C 00 ((v)) FF Le is the expected length of the return data buffer in the response APDU. Card may need to handle this (throw exception or otherwise) if not enough space is requested. 42
21 APDU Commands ((d)) SW1 SW2 ((v)) The first field is the variable length data buffer being returned. How does the client know how long it is? 43 APDU Commands ((d)) SW1 SW2 ((v)) The next two bytes indicate a status word indicating a success/error code. 44
22 APDU Commands SW1, SW2 Response Codes 45 Example Get Challenge Command CLA 80 INS 84 P1 00 P2 00 Lc 00 Le 08 0x80 0x84 - getchallenge Not used Not used Not used 0x08 8 bytes expected in return buffer
23 Examples Get Challenge Response Returned bytes: Data SW1 90 SW2 00 Hex data being returned Status Word1 90 Status Word2 00 Status = 9000 : success, normal completion 47 CLA 80 Examples PIN Verify Command INS 20 P1 00 P2 00 Lc 03 L Le
24 Examples PIN Verify Response Data (nothing) SW1 90 SW2 00 Some possible Status Words: 9000 normal termination, acceptance, success 67LL wrong length data buffer to return (Le) 6581 memory failure 6985 conditions not satisfied 49 Chip Operating System Chip Operating System (COS): sometimes referred to as the Mask is a sequence of instructions, permanently embedded in the ROM of the smart card Chip Operating Systems are divided into two families: General purpose COS which features a generic command set to cover most applications» Java card Dedicated COS with commands designed for specific applications can even contain the application itself.» An example of a dedicated COS would be a card designed to specifically support an electronic purse application. 50
25 Chip Operating System The baseline functions of the COS, include: Communication: between the card and the outside world, primarily in terms of the interchange protocol Data Management: of the files and data held in memory Access control: to information and functions e.g: select file, read, write, and update data Card security: management cryptographic algorithm procedures Maintaining reliability: particularly in terms of data consistency, sequence interrupts, and recovering from an error Smart Card's life cycle: management of various phases microchip fabrication, personalization, active life, and end of life 51 COS - File System Organization Predefined file structures: Binary files, Secret Key files, Accessed by a set of dedicated commands: Read, Write, Update 52
26 COS - File System MF (Master File) = Root Directory Containing other directories No data can be stored Always present & only 1 exists DF (Dedicated Files) Can be Nested Typically no more than 2 to 3 levels (limited space in the SC!) DF for applications also exit application dedicated file (ADF) Not located below the MF, can be considered a type of MF EF (Elementary Files) Always in DF Types of EF: Working EF : All data that are intended for the external world. Not used by the OS Internal EF : The OS files, store data for the operating system itself Application EF : Files containing user data for a particular application 53 COS - File Names 54
27 COS - File structures EF file structures: Transparent: Very small amounts of data or, Data having no internal structure (e.g. JPEG file) Linear: Equal-length records (e.g. telephone directory) Linear Variable: Variable record-length (e.g. Addresses)» Optimizes the used file space Cyclic: Linear model + Recently Written Record log files, the oldest is overwritten by the new entry Other file structures: Execute, Database, Data object, Sequence control 55 COS - Access Rights There are five basic levels of access rights to a file (both DF and EF): Some OS provide further levels. Basic levels can be categorized, increasingly in security, as follows: Always (ALW): Access of the file can be performed without any restriction. Card holder verification 1 (CHV1): Access can only be possible when a valid CHV1 value is presented. Card holder verification 2 (CHV2): Access can only be possible when a valid CHV2 value is presented. Administrative (ADM): Allocation of these levels and the respective requirements for their fulfilment are the responsibility of the appropriate administrative authority. Never (NEV): Access to the file is forbidden. 56
28 Authentication with Smartcards Unlike passwords private keys cannot be remembered typically 1024 or more bits File based storage provides weak security and no mobility Smartcards provide secure, tamper-resistant storage with mobility However: less easily shared than passwords card cost, need for readers 57 Authentication with Smartcards Unlocked by a PIN 58
29 Authentication with Smartcards Combining Fingerprints and Smartcards for Authentication Replace PINs with fingerprint verification Store template on card Match provided fingerprint on card Reader extracts minutiae features Security and privacy advantages Match-on-card leverages smartcard as trusted computing platform Match-on-card requires no additional trusted entity Mimics PIN verification Template stored on card as opposed to accessible database 59 Authentication with Smartcards Multi-factor authentication - combination of: What you know e.g.: passwords, PINs What you have e.g.: OTP tokens, smartcards What you are (biometrics) e.g.: fingerprints, iris scans, face recognition Typically two-factor authentication is used e.g.: PIN + Card (e.g. ATMs) Password + One-time-password (OTP) token Fingerprint + Smartcard 60
30 Acknowledgments Jean STEVENS Institute of Technology Berk Istanbul Technical University Marc Dr. Hakim Prince Sultan University Joshua Florida State University Erik University of Nijmegen 61
Java Card. Smartcards. Demos. . p.1/30
. p.1/30 Java Card Smartcards Java Card Demos Smart Cards. p.2/30 . p.3/30 Smartcards Credit-card size piece of plastic with embedded chip, for storing & processing data Standard applications bank cards
More informationSmart Card Technology Capabilities
Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards
More informationSmart Cards a(s) Safety Critical Systems
Smart Cards a(s) Safety Critical Systems Gemplus Labs Pierre.Paradinas Paradinas@gemplus.com Agenda Smart Card Technologies Java Card TM Smart Card a specific domain Card Life cycle Our Technical and Business
More informationRVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne
RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment Carolin Latze University of Berne Table of contents > Introduction Smartcards > Deployment Overview Linux Windows
More informationRF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
More informationCHAPTER 5 SMART CARD TECHNOLOGY
56 CHAPTER 5 SMART CARD TECHNOLOGY 5.1 INTRODUCTION Today's society is often illustrated as an information society. Technological developments, particularly in the areas of computers and telecommunications
More informationSmart Card Application Development Using the Java Card Technology
Smart Card Application Development Using the Java Card Technology Milan Fort RWTH Aachen Abstract Through their combination of portability and security, smart cards are playing an increasingly important
More informationSmart Cards and their Operating Systems
Smart Cards and their Operating Systems Heng Guo HUT, Telecommunications Software and Multimedia Laboratory Hguo@cc.hut.fi ABSTRACT This paper presents smart cards and their operating systems. First smart
More informationSmart Card: The Computer in Your Wallet
Smart Card: The Computer in Your Wallet MIPS Technologies, Inc. June 2002 Smart cards, credit-card-size pieces of plastic incorporating a silicon chip, comprise the highest volume computing platform. Roughly
More informationMeasurement and Analysis Introduction of ISO7816 (Smart Card)
Measurement and Analysis Introduction of ISO7816 (Smart Card) ISO 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, managed jointly by
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationSmart Card Evolution
Smart Card Evolution Fernando Ferreira Departamento de Informática, Universidade do Minho 4710-057 Braga, Portugal fernando.ferreira4@mail.telepac.pt Abstract. This comunnication describes the state of
More informationSecurity & Chip Card ICs SLE 44R35S / Mifare
Security & Chip Card ICs SLE 44R35S / Mifare Intelligent 1 Kbyte EEPROM with Interface for Contactless Transmission, Security Logic and Anticollision according to the MIFARE -System Short Product Info
More informationSmart Card Based User Authentication
Smart Card Based User Authentication A thesis submitted in partial fulfilment of the requirements for the degree of Master of Science By BRANDON JAMES B.S., Wright State University, June 2010 2012 Wright
More information1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A
www.acs.com.hk 1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A 2 3 ACOS5 Series (32KB EEPROM) Cryptographic Smart Card and Token Module
More informationContactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
More informationA Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.
A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role
More informationWhat is a Smart Card?
An Introduction to Smart Cards and RFIDs Prof. Keith E. Mayes Keith.Mayes@rhul.ac.uk Director of the ISG - Smart Card Centre www.scc.rhul.ac.uk Learning Objectives (MSc MSc) Identify the various types
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationJavaCard. Java Card - old vs new
JavaCard 1 Old Smart Cards: One program (applet) Written in machine-code, specific to chip Burned into ROM Java Card - old vs new old vs new smartcards New Smart Cards: Applet written in high-level language
More informationSmart Card Application Development Using Java
Uwe Hansmann Martin S. Nicklous Thomas Schack Frank Seliger Smart Card Application Development Using Java With 98 Figures, 16 Tables and a Multi Function Smart Card Springer Table of Contents Preface 1
More informationGemalto Mifare 1K Datasheet
Gemalto Mifare 1K Datasheet Contents 1. Overview...3 1.1 User convenience and speed...3 1.2 Security...3 1.3 Anticollision...3 2. Gemalto Mifare Features...4 2.1 Compatibility with norms...4 2.2 Electrical...4
More informationMDG. MULTOS Developer's Guide. MAO-DOC-TEC-005 v1.40. 2015 MAOSCO Limited. MULTOS is a registered trademark of MULTOS Limited.
MDG MULTOS Developer's Guide MAO-DOC-TEC-005 v1.40 2015 MAOSCO Limited. MULTOS is a registered trademark of MULTOS Limited. MULTOS Developer s Guide Copyright Copyright 1999 2015 MAOSCO Limited. This document
More informationAN2598 Application note
AN2598 Application note Smartcard interface with the STM32F101xx and STM32F103xx Introduction This document describes a firmware and hardware Smartcard interface solution based on the STM32F10xxx USART
More informationJava Card TM Open Platform for Smart Cards
Java Card TM Open Platform for Smart Cards Wolfgang Effing Giesecke & Devrient GmbH C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1 What happened in the past? Every company created
More informationHow To Protect A Smart Card From Being Hacked
Chip Terms Explained A Guide to Smart Card Terminology Contents 1 AAC Application Authentication Cryptogram AID Application Identifier Applet ARQC Authorization Request Cryptogram ARPC Authorization Response
More informationEMV (Chip and PIN) Project. EMV card
EMV (Chip and PIN) Project Student: Khuong An Nguyen Supervisor: Professor Chris Mitchell Year: 2009-2010 Full Unit Project EMV card 1 Contents Figures... 6 Tables... 7 1. Introduction... 8 1.1 Electronic
More informationSOSSE. Matthias Brüstle <m@mbsks.franken.de> Simple Operating System for Smartcard Education. Kommunikationsnetz Franken e.v.
Matthias Brüstle Smart Cards mit SOSSE sind lecker 1 SOSSE Simple Operating System for Smartcard Education Matthias Brüstle Kommunikationsnetz Franken e.v. Matthias Brüstle Smart Cards
More informationMicrosoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007
Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions Jan 23 rd, 2007 Microsoft ILM is a comprehensive, integrated, identity and access solution within the Microsoft system architecture. It includes
More informationYour Mobile Phone as a Ticket (NFC)
Your Mobile Phone as a Ticket (NFC) Francisco Maria van Uden Chaves IST - Technical University of Lisbon Av. Prof. Cavaco Silva Tagus Park 2780-990 Porto Salvo, Portugal francisco.chaves@ist.utl.pt Abstract.
More informationStudy of Java Card and its Application 1 Nainesh Rawani, 2 Akhil Patel
Study of Java Card and its Application 1 Nainesh Rawani, 2 Akhil Patel nainesh279@gmail.com 1,2 Information Technology Department, 1,2 Gujarat Technological University, Gujarat, India. Abstract: Sun Microsystems
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationChip Card & Security ICs Mifare NRG SLE 66R35
Chip Card & Security ICs Mifare NRG Intelligent 1 Kbyte Memory Chip with Interface for Contactless Transmission according to the Mifare -System Short Product Information April 2007 Short Product Information
More informationBanking. Extending Value to Customers. KONA Banking product matrix. KONA@I is leading the next generation of payment solutions.
Smart IC Banking Banking Extending Value to Customers KONA Banking product matrix Contact - SDA Product EEPROM Java Card Type KONA Products KONA@I is leading the next generation of payment solutions Banks,
More informationChytré karty opět o rok dál...
Chytré karty opět o rok dál... SmartCardForum 2010 Jan Němec Product expert, Gemalto Květen 2010 Agenda Chytré karty včera, dnes a zítra Úvod do problematiky NFC Integrace NFC do mobilních zařízení Java
More informationHIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements
HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements A Smart Card Alliance White Paper September 2003 Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 www.smartcardalliance.org
More informationEuropean Electronic Identity Practices Country Update of Portugal
European Electronic Identity Practices Country Update of Portugal Speaker: Anabela Pedroso anabela.pedroso@umic.pt Date: 3 November 2006 1. Status of National legislation on eid Are eid specific regulations
More informationThe Technology Is Ready. Philip Andreae Philip Andreae & Associates
The Technology Is Ready Philip Andreae Philip Andreae & Associates Why are you Here The globe is in migration to EMV June 2003: Visa Canada announced its plans to migrate to chip January 8, CTV W-5 documented
More informationThe Ultimate Authentication Technology
"USB tokens will be widely adopted into the market because of their low price and greater convenience." IDC, 2003 The Ultimate Authentication Technology The Digital Identity Paradigm Network security and
More informationMIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER
MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER GENERAL The MIFARE contactless smart card and MIFARE card reader/writer were developed to handle payment transactions for public transportation systems.
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationThe Implementation of Signing e-document by Using the Wireless Identity Module in Cellular Phone
832 The Fourth International Conference on Electronic Business (ICEB2004) / Beijing The Implementation of Signing e-document by Using the Wireless Identity Module in Cellular Phone Chengyuan Ku *, Yenfang
More informationAN2284 APPLICATION NOTE
APPLICATION NOTE Smart Card Interface with the STR71xx Introduction This document describes a software and hardware smart card interface for the STR71x Smart Card peripheral. The main purpose of this software
More informationPage 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications
in Open Distributed Processing s 1 in Open Distributed Processing s 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 7: 1 2 in Open Distributed Processing s 3 in Open Distributed Processing s Smart s
More informationLoyalty Systems over Near Field Communication (NFC)
Loyalty Systems over Near Field Communication (NFC) Diogo Simões IST - Technical University of Lisbon Av. Prof. Cavaco Silva Tagus Park 2780-990 Porto Salvo, Portugal diogo.simoes@tagus.ist.utl.pt Abstract.
More informationLesson-3 CASE STUDY OF AN EMBEDDED SYSTEM FOR SMART CARD
Design Examples and Case Studies of Program Modeling and Programming with RTOS-2: Lesson-3 CASE STUDY OF AN EMBEDDED SYSTEM FOR SMART CARD 1 1. Smart Card System Requirements 2 Purpose Enabling authentication
More informationW.A.R.N. Passive Biometric ID Card Solution
W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused
More informationDescription of the Technical Component:
Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance
More informationSmart Card in Biometric Authentication
Smart Card in Biometric Authentication Željka Požgaj, Ph.D. Faculty of Economics and Business 10000 Zagreb, Trg. J.F. Kennedy-a 6 E-mail: zpozgaj@efzg.hr Ivor Đurinek, Bs.C. 10090 Zagreb, Dvoriček 1 E-mail:
More informationSupporting Smart Cards in UEFI
presented by Supporting Smart Cards in UEFI UEFI PlugFest March 18-22, 2013 Presented by Jean Lusetti (Gemalto) Updated 2011-06-01 UEFI Spring PlugFest March 2013 www.uefi.org 1 Agenda Who is Gemalto?
More informationeid Security Frank Cornelis Architect eid fedict 2008. All rights reserved
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
More informationSecuring Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015
Securing Card-Not-Present Transactions through EMV Authentication Matthew Carter and Brienne Douglas December 18, 2015 Outline Problem Card-Not-Present (CNP) vs. PayPal EMV Technology EMV CNP Experiment
More informationSmart Card HOWTO. Tolga KILIÇLI. tolga@deepnight.org. Copyright 2001 by Tolga KILIÇLI
Smart Card HOWTO Tolga KILIÇLI tolga@deepnight.org Copyright 2001 by Tolga KILIÇLI Revision History Revision 1.0.4 2001 09 19 Revised by: tk This is the first release of Smart Card HOWTO. This document
More informationHigh Speed Software Driven AES Algorithm on IC Smartcards
SCIS 2004 The 2004 Symposium on Cryptography and Information Security Sendai, Japan, Jan.27-30, 2004 The Institute of Electronics, Information and Communication Engineers High Speed Software Driven AES
More informationMicrotronics technologies Mobile: 99707 90092
For more Project details visit: http://www.projectsof8051.com/rfid-based-attendance-management-system/ Code Project Title 1500 RFid Based Attendance System Synopsis for RFid Based Attendance System 1.
More informationKeep Out of My Passport: Access Control Mechanisms in E-passports
Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.
More informationPkBox Technical Overview. Ver. 1.0.7
PkBox Technical Overview Ver. 1.0.7 14 September 2015 All the information in this document is and can t be used entirely or in part without a written permission from Intesi Group S.p.A. Le informazioni
More informationExtending EMV payment smart cards with biometric on-card verification
Extending EMV payment smart cards with biometric on-card verification Olaf Henniger 1 and Dimitar Nikolov 2 1 Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstr. 5, D-64283 Darmstadt,
More informationM2M For industrial and automotive
M2M For industrial and automotive Content ST at a glance... 4 Where to find us... 5 The value chain... 5 Secure MCU... 6 Focus on ST33 secure microcontrollers... 6 M2M fields of application... 7 What is
More informationACR120 Technical Specifications version 2.9 November 2005
Version 2.9 11-2005, Email: info@acs.com.hk Website: www.acs.com.hk ACR120 Contactless Reader/Writer 1.0 Introduction The ACR120 is a compact and cost-effective contactless reader and writer. It is developed
More informationClassification of Smart Card Operating Systems
Classification of Smart Card Operating Systems Reza Asgari, Reza Ebrahimi Atani Department of Computer Engineering, Faculty of Engineering, University of Guilan rezaasgari.68@gmail.com, rebrahimi@guilan.ac.ir
More informationTS 101 206-4 V1.3.1 (1998-12)
Technical Specification Identification card systems; Telecommunications IC cards and terminals; Part 4: Application independent card related terminal requirements 2 Reference RTS/PTS-00014 (b6100j0r.pdf)
More informationACR880 GPRS Portable Smart Card Terminal
ACR880 GPRS Portable Smart Card Terminal Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Supported Card Types... 5 3.1.
More informationAPPLICATION PROGRAMMING INTERFACE
APPLICATION PROGRAMMING INTERFACE Advanced Card Systems Ltd. Website: www.acs.com.hk Email: info@acs.com.hk Table of Contents 1.0. Introduction... 4 2.0.... 5 2.1. Overview... 5 2.2. Communication Speed...
More informationSmart Card Application Standard Draft
Smart Card Application Standard Draft Contents 1 SCOPE... 6 1.1 DEFINITIONS / DOCUMENT CONVENTIONS... 6 2 KEY DATA ELEMENTS AND CONCEPTS... 7 2.1 STATIC CARD INFORMATION... 7 2.1.1 Card ID (CdID)... 7
More informationExercise 1: Set up the Environment
RFID Lab Gildas Avoine, 2014 Contact: gildas.avoine@irisa.fr Objective: Learn how much it is easy to read contactless tags, possibly simulate/clone. Requirement: Hardware: Reader SCL3711 or ACR122, Reader
More informationOverview of Contactless Payment Cards. Peter Fillmore. July 20, 2015
Overview of Contactless Payment Cards Peter Fillmore July 20, 2015 Blackhat USA 2015 Introduction Contactless payments have exploded in popularity over the last 10 years with various schemes being popular
More informationNXP Secure Smart Card Controllers P5CD016V1D / P5CD021V1D / P5CD041V1D / P5Cx081V1D with DESFire EV1
NXP Secure Smart Card Controllers P5CD016V1D / P5CD021V1D / P5CD041V1D / P5Cx081V1D with DESFire EV1 Rev. 1.1 24 October 2011 BSI-DSZ-CC-0707 Evaluation documentation Document information Info Keywords
More informationVASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy
VASCO Data Security International, Inc. DIGIPASS GO-7 FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Security Level: 2 Version: 1.7 Date: August 12, 2015 Copyright VASCO Data Security
More informationHacking the NFC credit cards for fun and debit ;) Renaud Lifchitz BT renaud.lifchitz@bt.com Hackito Ergo Sum 2012 April 12,13,14 Paris, France
Hacking the NFC credit cards for fun and debit ;) Renaud Lifchitz BT renaud.lifchitz@bt.com Hackito Ergo Sum 2012 April 12,13,14 Paris, France Speaker's bio French computer security engineer working at
More informationEvaluating Elliptic Curve Cryptography for Use on Java Card
Evaluating Elliptic Curve Cryptography for Use on Java Card Nadejda Pachtchenko Master o f Science (M.Sc) Letterkenny Institute o f Technology Dr. Mark Leeney Submitted to the Higher Education and Training
More informationRFID Based Real Time Password Authentication System for ATM
IJSRD - International Journal for Scientific Research & Development Vol. 3, Issue 04, 2015 ISSN (online): 2321-0613 RFID Based Real Time Password Authentication System for ATM Soniya B. Milmile 1 Prof.
More informationThe Canadian Migration to EMV. Prepared By:
The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More informationContactless Technology for Secure Physical Access: Technology and Standards Choices
Contactless Technology for Secure Physical Access: Technology and Standards Choices A Smart Card Alliance Report Publication Date: October 2002 Publication Number: ID-02002 Smart Card Alliance 191 Clarksville
More informationWhat Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization
Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase
More informationThe OpenEapSmartcard platform. Pr Pascal Urien ENST Paris
The OpenEapSmartcard platform Pr Pascal Urien ENST Paris /20 Pascal URIEN, CARTES 2005, November 16 th 2005 Introduction 1/4: Network ages Analog networks (Tree age) 1876, Alexander Graham Bell invents
More informationToday. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base
Important From Last Time A system is safety critical when its failure may result in injuries or deaths Verification and validation can dominate overall development effort Today Embedded system security
More informationThe e-payment Systems
The e-payment Systems Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing, sales, payment, fulfillment, customer service Electronic
More informationEMV 96 Integrated Circuit Card Terminal Specification for Payment Systems
EMV 96 Integrated Circuit Card Terminal Specification for Payment Systems Version 3.0 June 30, 1996 1996 Europay International S.A., MasterCard International Incorporated, and Visa International Service
More informationMUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards
MUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards David Corcoran Tommaso Cucinotta This document is provided on an as-is basis. Neither the authors nor the MUSCLE project are responsible
More informationAn evaluation of the Java Card environment
An evaluation of the Java Card environment Christophe Rippert, Daniel Hagimont Contact: Christophe Rippert, Sirac Laboratory INRIA Rhône-Alpes, 655 avenue de l Europe Montbonnot 38334 St Ismier Cedex,
More informationEMV (Chip-and-PIN) Protocol
EMV (Chip-and-PIN) Protocol Märt Bakhoff December 15, 2014 Abstract The objective of this report is to observe and describe a real world online transaction made between a debit card issued by an Estonian
More informationLesson 10:DESIGN PROCESS EXAMPLES Automatic Chocolate vending machine, smart card and digital camera
Lesson 10:DESIGN PROCESS EXAMPLES Automatic Chocolate vending machine, smart card and digital camera 1 Automatic Chocolate Vending Machine (ACVM) 2 Diagrammatic representation of ACVM Keypad for user Interface
More informationSIM CARD PROTOCOLS. This paper attempts in broad strokes to outline the construction of these protocols and how they are used.
SIM CARD PROTOCOLS Though rarely thought about by most users their mobile phone contains a remarkable computing device that enables them to go about their business of making calls, text messaging or playing
More informationIndex. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval
FLYPOS Index 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acuirer Interface 4-Letters of Approval 2 1- FLYPOS hardware/firmware Technology Overview 3 FLYPOS Technology
More informationSecure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft
Application Report Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft Embedded RF ABSTRACT This application report describes
More informationThe mobile phone as a contactless ticket
The mobile phone as a contactless ticket Magnus Egeberg Master of Science in Communication Technology Submission date: June 2006 Supervisor: Van Thanh Do, ITEM Co-supervisor: Juan Carlos Lopez Calvet,
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationSecure Dual Interface PKI Smart Card Controller
Secure Dual Interface PKI Smart Card Controller Rev. 1.3 4 October 2004 Short Form Specification 1. General description 1.1 Family description Philips Semiconductors SmartMX (Memory extension) multiple
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationmcard CPK Supported Solutions
mcard CPK Supported Solutions Century Longmai White Paper All rights reserved Contents 1. MTOKEN CPK CARD INTRODUCTION... 2 PRODUCT INTRODUCTION... 2 Product appearance... 3 Hardware parameters... 4 2.
More informationEMV: A to Z (Terms and Definitions)
EMV: A to Z (Terms and Definitions) First Data participates in many industry forums, including the EMV Migration Forum (EMF). The EMF is a cross-industry body focused on supporting an alignment of the
More informationEESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.
EESTEL White Paper October 29, 2014 Apple iphone 6, Apple Pay, What else? On 2014, September 9 th, Apple has launched three major products: iphone 6, Apple Watch and Apple Pay. On October 17 th, Apple
More informationACER ProShield. Table of Contents
ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...
More informationProtected Cash Withdrawal in Atm Using Mobile Phone
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 2 Issue 4 April, 2013 Page No. 1346-1350 Protected Cash Withdrawal in Atm Using Mobile Phone M.R.Dineshkumar
More informationIBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1. User Guide IBM SC23-9950-05
IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1 User Guide IBM SC23-9950-05 IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1 User Guide IBM SC23-9950-05
More informationAndrew Calafato. Technical Report RHUL MA 2013 4. 01 May 2013
An analysis of the vulnerabilities introduced with Java Card 3 Connected Edition Andrew Calafato Technical Report RHUL MA 2013 4 01 May 2013 Information Security Group Royal Holloway, University of London
More information