Table of Contents Smart Card Basics... 5 Overview & Applications... 5 Why Smart Cards... 6 Types of Chip Cards... 9

Size: px
Start display at page:

Download "Table of Contents Smart Card Basics... 5 Overview & Applications... 5 Why Smart Cards... 6 Types of Chip Cards... 9"

Transcription

1

2

3 Table of Contents Smart Card Basics... 5 Overview & Applications... 5 Why Smart Cards... 6 SIM Cards and Telecommunication... 6 Loyalty and Stored Value... 6 Securing Digital Content and Physical Assets... 6 E-Commerce... 6 Bank Issued Cards... 7 Healthcare Informatics... 7 Enterprise and Network Security... 7 Physical Access... 8 Types of Chip Cards... 9 Card Construction... 9 Contact Cards...10 Memory Cards...11 CPU/MPU Microprocessor Multifunction Cards...11 Contactless Cards...12 Multi-mode Communication Cards...12 Hybrid Cards...12 Dual Interface Cards...12 Multi-component Cards...12 Smart Card Form Factors Integrated Circuits and Operating Systems Smart Card Readers/Terminals Readers...15 Contact...15 Contactless...15 Interface...15 Reader & Terminal to Card Communication...15 Applications Development...16 Terminals...16 Smart Card Standards ICAO...17 Global System for Mobile Communication (GSM)...18 OpenCard Framework...18 Global Platform...19 Common Criteria...19 Biometric Standards...19 System Planning & Deployment Basic Set-Up...21 Security Planning...21 Value Applications...21 General Issuance...22 Multi-Application Card Systems

4 Deployment...23 Smart Card Security (Section 1) What Is Security?...24 What Is Information Security?...24 The Elements Of Data Security...24 The Mechanisms Of Data Security...25 Smart Card Security (Section 2) Data Integrity...26 Authentication...26 Non-Repudiation...26 Authorization and Delegation...26 Auditing and Logging...27 Management...27 Cryptography/Confidentiality...27 Data Security Mechanisms and their Respective Algorithms...28 Smart Card Security (Section 3) Host-Based System Security...30 Card-Based System Security...31 Threats To Cards and Data Security...31 Security Architectures...32 PKI-Public Key Infrastructure...33 Conclusions Glossary Attributions

5 Smart Card Basics Welcome to Smart Card Basics. This is a sponsored site brought to you by a number of leading manufacturers in the smart card industry. We have tried to make this site informative with out a single perspective or a marketing pitch. It is our belief that informed users make better choices, which in turn leads to a stronger market for all. Smart Card or Chip card technology is fast becoming commonplace in our culture and daily lives. We hope that this site will bring you a little closer in your understanding of this exciting technology and the benefits it can bring to your applications. If you have specific questions regarding a specific technology discussed below feel free to send us an and the appropriate site sponsor will respond. Overview & Applications A smart card, a type of chip card, is a plastic card embedded with a computer chip that stores and transacts data between users. This data is associated with either value or information or both and is stored and processed within the card s chip, either a memory or microprocessor. The card data is transacted via a reader that is part of a computing system. Smart card-enhanced systems are in use today throughout several key applications, including healthcare, banking, entertainment and transportation. To various degrees, all applications can benefit from the added features and security that smart cards provide. According to Eurosmart, worldwide smart card shipments will grow 10% in 2010 to billion cards. Markets that have been traditionally served by other machine readable card technologies such as bar-code and magnetic stripe are converting as the calculated return on investment is revisited by the each card issuer year after year. First introduced in Europe nearly three decades ago, smart cards debuted as a stored value tool for pay phones to reduce theft. As smart cards and other chip-based cards advanced, people found new ways to use them, including charge cards for credit purchases and for record keeping in place of paper. In the U.S., consumers have been using chip cards for everything from visiting libraries to buying groceries to attending movies, firmly integrating them into our everyday lives. Several U.S. states have chip card programs in progress for government applications ranging from the Department of Motor Vehicles to Electronic Benefit Transfer (EBT). Many industries have implemented the power of smart cards into their products such as GSM digital cellular phones to TV-satellite decoders. 5

6 Why Smart Cards Smart cards greatly the convenience and security of any transaction. They provide tamper-proof storage of user and account identity. Smart card systems have proven to be more reliable than other machine-readable cards, such as magnetic-stripe and bar-code, with many studies showing card read life and reader life improvements demonstrating much lower cost of system maintenance. Smart cards also provide vital components of system security for the exchange of data throughout virtually any type of network. They protect against a full range of security threats, from careless storage of user passwords to sophisticated system hacks. The costs to manage password resets for an organization or enterprise are very high, thus making smart cards a cost-effective solution in these environments. Multifunction cards can also serve as network system access and store value and other data. Worldwide, people are now using smart cards for a wide variety of daily tasks. These include: SIM Cards and Telecommunication The largest use application of smart card technology is in Subscriber Identity Modules (SIM) as required by the standard for all Global System for Mobile Communication (GSM) phone systems; each phone utilizes the unique identity as presented in the SIM to manage the rights and privileges on that network and all other networks that are tied by agreement to roam. This use case represents over half of all smart cards consumed each year. The Universal Subscriber Identification Modules (USIM) is also being used to bridge the identity gap as phones transition between a GSM and a UTMS or 3G network operator. Loyalty and Stored Value Another use of smart cards is stored value, particularly loyalty programs that track and incentivize repeat customers. Stored value is more convenient and safer than cash. For issuers, float is realized on unspent balances and residuals on balances that are never used. For multi-chain retailers that administer loyalty programs across many different businesses and POS systems, smart cards can centrally locate and track all data. The applications are numerous, from transportation systems, including parking and laundry, to gaming, as well as all retail and many entertainment uses. Securing Digital Content and Physical Assets In addition to information security, smart cards achieve greater security of services and equipment, because the card restricts access to all but the authorized user(s). Information and entertainment is being delivered via satellite or cable to the home DVR player or cable box or cable-enabled PC. Home delivery of service is encrypted and decrypted via the smart card per subscriber access. Digital video broadcast systems have already adopted smart cards as electronic keys for protection. Smart cards can also act as keys to machine settings for sensitive laboratory equipment and dispensers for drugs, tools, library cards, health club equipment etc. In some environments, smart card enabled- SD and microsd cards are protecting digital content as it is being delivered to the mobile hand-sets/ phones. E-Commerce Smart cards make it easy for consumers to securely store information and cash for purchasing. The advantages they offer consumers are: The card can carry personal account, credit and buying preference information that can be accessed with a mouse click instead of filling out forms. Cards can manage and control expenditures with automatic limits and reporting. Internet loyalty programs can be deployed across multiple vendors with disparate POS systems and the card acts as a secure central depository for points or rewards. 6

7 Micro Payments - paying nominal costs without transaction fees associated with credit cards, or for amounts too small for cash, like reprint charges. Bank Issued Cards Around the globe the bank controlled Co-ops (Visa, MasterCard, Discover, and American Express) have rolled out millions of smart cards under the EMV (Europay, MasterCard, VISA) standard. Often referred to as chip and PIN cards; these are the de facto type of cards for bank issuance in most countries except the U.S. As Canada has just recently started its regulatory shift of EMV cards the U.S. will be the sole island in North America that has not yet made the adoption. This adoption is being driven by the increased types of fraud for both credit and debit cards. Smart cards have been proven to secure a transaction with regularity, so much so that the EMV standard has become the norm. As banks enter competition in newly opened markets such as investment brokerages, they are securing transactions via smart cards at an increased rate. This means: Smart cards increase trust through improved security. Two-Factor Authentication insures protection of data and value across the internet. Threats such as the Man in the middle and Trojan Horses that replay a user name and password are eliminated This is improving customer service. Customers can use secure smart cards for fast, 24-hour electronic funds transfers over the internet Costs are reduced: transactions that normally would require a bank employee s time and paperwork can be managed electronically by the customer with a smart card Healthcare Informatics The explosion of health care data brings up new challenges to the efficiency of patient care and privacy safeguards. Smart cards solve both challenges with secure, mobile storage and distribution of everything from emergency data to benefits status. Many socialized countries have already adopted smart cards as credentials for their health networks and as a means of carrying an immediately retrievable Electronic Health Record (EHR). Benefits include: Rapid, accurate identification of patients; improved treatment Reduction of fraud with authentication of provider/patient visits and insurance eligibility A convenient way to carry data between systems or to sites without systems Reduction of records maintenance costs Embedded Medical Device Control For years, embedded controllers have been in many types of machines, governing the quality and precision of their function. In Healthcare, embedded smart cards ensure the best and safest delivery of care in devices such as dialysis machines, blood analyzers and laser eye surgery equipment. Enterprise and Network Security Microsoft Windows, Sun Microsystems (a subsidiary of Oracle Corporation) and all new versions of Linux have built-in software hooks to deploy smart cards as a replacement for user name and passwords. Microsoft has built a complete credential platform around the Scard dll and Crypto Service Provider (CSP). With enterprises realizing that Public Key Infrastructure (PKI)-enhanced security is what is needed for widely deployed employees, a smart card badge is the new standard. Business-to-business Intranets and Virtual Private Networks (VPNs) are enhanced by the use of smart cards. Users can be authenticated and authorized to have access to specific information based on preset privileges. Additional applications range from secure to electronic commerce. 7

8 Physical Access Businesses and universities of all types need simple identity cards for all employees and students. Most of these people are also granted access to certain data, equipment and departments according to their status. Multifunction, microprocessor-based smart cards incorporate identity with access privileges and can also store value for use in various locations, such as cafeterias and stores. Many hotels have also adopted ISO7816 type card readers into the hotel rooms for use by the staff. All U.S. government and many corporations have now incorporated a contactless reader as an access point to their facilities. Some companies have incorporated a biometric component to this credential as well. The older systems deploy a simple proximity card system as the gate keeper. But as the security requirements have become stronger and the cost of ISO14443 standard systems have become cheaper, the world is rapidly adopting this new standard. This market shift is partially driven by the US government s adoption of the mandated Personal Identity Verification (PIV) standard. There is a rich ecosystem of suppliers and integrators for this standard. 8

9 Types of Chip Cards Smart cards are defined according to 1). How the card data is read and written and 2). The type of chip implanted within the card and its capabilities. There is a wide range of options to choose from when designing your system. Figure 3-1: Types of chip cards Card Construction Mostly all chip cards are built from layers of differing materials, or substrates, that when brought together properly gives the card a specific life and functionality. The typical card today is made from PVC, Polyester or Polycarbonate. The card layers are printed first and then laminated in a large press. The next step in construction is the blanking or die cutting. This is followed by embedding a chip and then adding data to the card. In all, there may be up to 30 steps in constructing a card. The total components, including software and plastics, may be as many as 12 separate items; all this in a unified package that appears to the user as a simple device. 9

10 Contact Cards These are the most common type of smart card. Electrical contacts located on the outside of the card connect to a card reader when the card is inserted. This connector is bonded to the encapsulated chip in the card. Typical smart card module Typical Module C1 VCC GRD C5 C2 C3 NO CONNECT CLK NO CONNECT I/O C6 C7 C4 NO CONNECT NO CONNECT C8 Card Contacts *Image Courtesty of CardLogix Increased levels of processing power, flexibility and memory will add cost. Single function cards are usually the most cost-effective solution. Choose the right type of smart card for your application by determining your required level of security and evaluating cost versus functionality in relation to the cost of the other hardware elements found in a typical workflow. All of these variables should be weighted against the expected lifecycle of the card. On average the cards typically comprise only 10 to 15 percent of the total system cost with the infrastructure, issuance, software, readers, training and advertising making up the other 85 percent. The following chart demonstrates some general rules of thumb: Card Function Trade-Offs 10

11 Memory Cards Memory cards cannot manage files and have no processing power for data management. All memory cards communicate to readers through synchronous protocols. In all memory cards you read and write to a fixed address on the card. There are three primary types of memory cards: 1). Straight, 2). Protected, and 3). Stored Value. Before designing in these cards into a proposed system the issuer should check to see if the readers and/or terminals support the communication protocols of the chip. Most contactless cards are variants on the protected memory/ segmented memory card idiom. 1) 2) 3) Straight Memory Cards These cards just store data and have no data processing capabilities. Often made with I2C or serial flash semiconductors, these cards were traditionally the lowest cost per bit for user memory. This has now changed with the larger quantities of processors being built for the GSM market. This has dramatically cut into the advantage of these types of devices. They should be regarded as floppy disks of varying sizes without the lock mechanism. These cards cannot identify themselves to the reader, so your host system has to know what type of card is being inserted into a reader. These cards are easily duplicated and cannot be tracked by on-card identifiers Protected / Segmented Memory Cards These cards have built-in logic to control the access to the memory of the card. Sometimes referred to as Intelligent Memory cards, these devices can be set to write protect some or the entire memory array. Some of these cards can be configured to restrict access to both reading and writing. This is usually done through a password or system key. Segmented memory cards can be divided into logical sections for planned multifunctionality. These cards are not easily duplicated but can possibly be impersonated by hackers. They typically can be tracked by an on-card identifier. Stored Value Memory Cards These cards are designed for the specific purpose of storing value or tokens. The cards are either disposable or rechargeable. Most cards of this type incorporate permanent security measures at the point of manufacture. These measures can include password keys and logic that are hard-coded into the chip by the manufacturer. The memory arrays on these devices are set-up as decrements or counters. There is little or no memory left for any other function. For simple applications such as a telephone card, the chip has 60 or 12 memory cells, one for each telephone unit. A memory cell is cleared each time a telephone unit is used. Once all the memory units are used, the card becomes useless and is thrown away. This process can be reversed in the case of rechargeable cards. CPU/MPU Microprocessor Multifunction Cards These cards have on-card dynamic data processing capabilities. Multifunction smart cards allocate card memory into independent sections or files assigned to a specific function or application. Within the card is a microprocessor or microcontroller chip that manages this memory allocation and file access. This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organized file structures, via a card operating system (COS). Unlike other operating systems, this software controls access to the on-card user memory. This capability permits different and multiple functions and/or different applications to reside on the card, allowing businesses to issue and maintain a diversity of products through the card. One example of this is a debit card that also enables building access on a college campus. Multifunction cards benefit issuers by enabling them to market their products and services via state-of-the-art transaction and encryption technology. Specifically, the technology enables secure identification of users and permits information updates without replacement of the installed base of cards, simplifying program changes and reducing costs. For the card user, multifunction means greater convenience and security, and ultimately, consolidation of multiple cards down to a select few that serve many purposes. There are many configurations of chips in this category, including chips that support cryptographic PKI functions with on-board math co-processors or JavaCard with virtual machine hardware blocks. As a rule of thumb - the more functions, the higher the cost. 11

12 Contactless Cards These are smart cards that employ a radio frequency (RFID) between card and reader without physical insertion of the card. Instead, the card is passed along the exterior of the reader and read. Types include proximity cards which are implemented as a read-only technology for building access. These cards function with a very limited memory and communicate at 125 MHz. Another type of limited card is the Gen 2 UHF Card that operates at 860 MHz to 960 MHz True read and write contactless cards were first used in transportation for quick decrementing and reloading of fare values where their lower security was not an issue. They communicate at MHz, and conform to the ISO14443 standard. These cards are often protected memory types. They are also gaining popularity in retail stored value, since they can speed-up transactions and not lower transaction processing revenues (i.e. VISA and MasterCard), like traditional smart cards. Variations of the ISO14443 specification include A, B, and C, which specify chips from either specific or various manufacturers. A=NXP-(Philips) B=Everybody else and C=Sony only chips. Contactless card drawbacks include the limits of cryptographic functions and user memory, versus microprocessor cards and the limited distance between card and reader required for operation. Multi-mode Communication Cards These cards have multiple methods of communications, including ISO7816, ISO14443 and UHF gen 2. How the card is made determines if it is a Hybrid or dual interface card. The term can also include cards that have a magnetic-stripe and or bar-code as well. Hybrid Cards Hybrid cards have multiple chips in the same card. These are typically attached to each interface separately, such as a MIFARE chip and antenna with a contact 7816 chip in the same card. Dual Interface Cards These cards have one chip controlling the communication interfaces. The chip may be attached to the embedded antenna through a hard connection, inductive method or with a flexible bump mechanism. Multi-component Cards These types of cards are for a specific market solution. For example, there are cards where the fingerprint sensor is built on the card. Or one company has built a card that generates a one-time password and displays the data for use with an online banking application. Vault cards have rewriteable magnetic stripes. Each of these technologies is specific to a particular vendor and is typically patented. 12

13 Smart Card Form Factors The expected shape for cards is often referred to as CR80. Banking and ID cards are governed by the ISO 7810 specification. But this shape is not the only form factor that cards are deployed in. Specialty shaped cutouts of cards with modules and/or antennas are being used around the world. The most common shapes are SIM. SD and MicroSD cards can now be deployed with the strength of smart card chips. USB flash drive tokens are also available that leverage the same technology of a card in a different form factor. Integrated Circuits and Operating Systems The two primary types of smart card operating systems: 1). Fixed File Structure and 2). Dynamic Application System. As with card types, selection of a card operating system depends on the application the card is developed for. The other defining difference is in the encryption capabilities of the operating system and the chip. The types of encryption are Symmetric Key and Asymmetric Key (Public Key). The chip selection for these functions is vast and supported by many semiconductor manufacturers. What separates a smart card chip from other microcontrollers is often referred to as trusted silicon. The device itself is designed to securely store data withstanding outside electrical tampering or hacking. These additional security features include a long list of mechanisms such as no test points, special protection metal masks and irregular layouts of the silicon gate structures. The trusted silicon semiconductor vendor list below is current for Atmel EM systems Felicia Infineon Microchip NXP Renasas Samsung Sharp Sony ST Microelectronics Many of the features that users have come to expect, such as specific encryption algorithms, have been incorporated into the hardware and software libraries of the chip architectures. This can often result in a card manufacturer not future-proofing their design by having their card operating systems only ported to a specific device. Care should be taken in choosing the card vendor that can support your project over time as card operating system-only vendors come in and out of the market. The tools and middleware that support card operating systems are as important as the chip itself. The tools to implement your project should be easy to use and give you the power to deploy your project rapidly. See the security section of this site for more information regarding PKI. 1) Fixed File Structure This type treats the card as a secure computing and storage device. Files and permissions are set in advance by the issuer. These specific parameters are ideal and economical for a fixed type of card structure and functions that will not change in the near future. Many secure stored value and healthcare applications are utilizing this type of card. An example of this kind of card is a low-cost employee multi-function badge or credential. Contrary to some biased articles, these style cards can be used very effectively with a stored biometric component and reader. Globally, these types of microprocessor cards are the most common. 13

14 2) Dynamic Application System This type of operating system, which includes the JavaCard and proprietary MULTOS card varieties, enables developers to build, test, and deploy different on card applications securely. Because the card operating systems and applications are more separate, updates can be made. An example card is a SIM card for mobile GSM where updates and security are downloaded to the phone and dynamically changed. This type of card deployment assumes that the applications in the field will change in a very short time frame, thus necessitating the need for dynamic expansion of the card as a computing platform. The costs to change applications in the field are high, due to the ecosystem requirements of security for key exchange with each credential. This is a variable that should be scrutinized carefully in the card system design phase. 14

15 Smart Card Readers/Terminals Readers and terminals operate with smart cards to obtain card information and perform a transaction. Generally, a reader interfaces with a PC for the majority of its processing requirements. A terminal is a self-contained processing device. Both readers and terminals read and write to smart cards. Readers Contact This type of reader requires a physical connection to the cards, made by inserting the card into the reader. This is the most common reader type for applications such as ID and Stored Value. The card-to-reader communications is often ISO 7816 T=0 only. This communication has the advantage of direct coupling to the reader and is considered more secure. The other advantage is speed. The typical PTS Protocal Type Selection (ISO7816-3) negotiated speed can be up to 115 kilo baud. This interface enables larger data transport without the overhead of anti-collision and wireless breakdown issues that are a result from the card moving in and out of the reader antenna range. Contactless This type of reader works with a radio frequency that communicates when the card comes close to the reader. Many contactless readers are designed specifically for Payment, Physical Access Control and Transportation applications. The dominant protocol under the ISO is MIFARE, followed by the EMV standards. Interface A contact reader is primarily defined by the method of it s interface to a PC. These methods include RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Some readers support more than one type of card such as the tri mode insert readers from MagTek. These readers support magnetic stripe-contact and contactless read operations all in one device. Photo Courtesy of Precise Biometrics Photo Courtesty of Magtek Reader & Terminal to Card Communication All cards and readers that follow ISO standards have a standardized set of commands that enable communication for CPU cards. These commands, called APDUs (Application Protocol Data Units) can be executed at a very low level, or they can be scripted into APIs which enable the user to send commands from an application to a reader. 15

16 The reader communicates with the card where the response to the request takes place. From a technical perspective, the key is the APIs that are chosen. These layers of software can enable effective application communication with smart cards and readers from more than one manufacturer. Most terminal SDKs come with a customized API for that platform. They are typically in some form of C, C++ or C # and will have the header files included. Many smart card readers have specific drivers/apis for memory cards. For ISO7816 processor cards the PC/SC interface is often employed, but it has limitations. This is especially important if you have both memory and microprocessor cards that can are used in the same system. Some APIs give the software designer the ability to select readers from multiple vendors. The following are some of the function calls provided for transporting APDUs and their functions: Reader Select Reader Connect Reader Disconnect Card Connect Card Disconnect Proprietary Commands for specific readers and cards Allow ISO Commands to be passed to cards using standard ISO format Allow ISO Commands to be sent to cards using a simplified or shortcut format (As in the CardLogix Winplex API) Applications Development The development of PC applications for readers has been simplified by the Personal Computer/Smart Card (PC/ SC) standard. This standard is supported by all major operating systems. The problem with the PC/SC method is that it does not support all of the reader functions offered by each manufacturer, such as LED control and card latching/locking. When just using the drivers for each reader manufacturer, there is no connection to the functions of the card. The better choice is Application Programming Interfaces (API s) that are part of readily available in Software Development Kits (SDKs) that support specific manufacturer s card families. Check these kits for a variety of reader manufacturers supported. M.O.S. T. and Smart Toolz from CardLogix are good examples of a well rounded Smart Card SDK. Terminals Unlike readers, terminals are more similar to a self contained PC, with most featuring operating systems and development tools. Terminals are often specific to the use case such as Security, Health Informatics or POS. Connectivity in the terminals is typically via Transmission Control Protocol/Internet Protocol (TCP-IP) or GSM network. Many terminals today feature regular OS s making deployment easier such as Datastrip with windows CE or Exadigm with Linux. 16

17 Smart Card Standards Primarily, smart card standards govern physical properties, communication characteristics, and application identifiers of the embedded chip and data. Almost all standards refer to the ISO ,2 & 3 as a base reference. The International Organization For Standardization (ISO) facilitates the creation of voluntary standards through a process that is open to all parties. ISO 7816 is the international standard for integrated-circuit cards (commonly known as smart cards) that use electrical contacts on the card, as well as cards that communicate with readers and terminals without contacts, as with radio frequency (RF/Contactless) technology. Anyone interested in obtaining a technical understanding of smart cards needs to become familiar with what ISO 7816 and does NOT cover as well as what it does. Copies of these standards can be purchased through ANSI American National Standards Institute: Copies of ISO standards are for sale at Application-specific properties are being debated with many large organizations and groups proposing their standards. Open system card interoperability should apply at several levels: 1). To the card itself, 2). The card s access terminals (readers), 3). The networks and 4). The card issuers own systems. Open system card interoperability will only be achieved by conformance to international standards. This site s sponsors are committed to compliance with ISO and ITSEC security standards as well as industry initiatives such as EMV, the Global Platform and PC/SC specifications. These organizations are active in smart card standardization: The following standards and the organizations that maintain them are the most prevalent in the smart card industry: ISO/IEC is one of the worldwide standard-setting bodies for technology, including plastic cards. The primary standards for smart cards are ISO/IEC 7816, ISO/IEC 14443, ISO/IEC and ISO/IEC ISO/IEC 7816 is a multi-part international standard broken into fourteen parts. ISO/IEC 7816 Parts 1, 2 and 3 deal only with contact smart cards and define the various aspects of the card and its interfaces, including the card s physical dimensions, the electrical interface and the communications protocols. ISO/IEC 7816 Parts 4, 5, 6, 8, 9, 11, 13 and 15 are relevant to all types of smart cards (contact as well as contactless). They define the card logical structure (files and data elements), various commands used by the application programming interface for basic use, application management, biometric verification, cryptographic services and application naming. ISO/IEC 7816 Part 10 is used by memory cards for applications such as pre-paid telephone cards or vending machines. ISO/IEC 7816 Part 7 defines a secure relational database approach for smart cards based on the SQL interfaces (SCQL). ISO/IEC is an international standard that defines the interfaces to a close proximity contactless smart card, including the radio frequency (RF) interface, the electrical interface, and the communications and anticollision protocols. ISO/IEC compliant cards operate at MHz and have an operational range of up to 10 centimeters (3.94 inches). ISO/IEC is the primary contactless smart card standard being used for transit, financial, and access control applications. It is also used in electronic passports and in the FIPS 201 PIV card. ISO/IEC describes standards for vicinity cards. Specifically, it establishes standards for the physical characteristics, radio frequency power and signal interface, and anti-collision and transmission protocol for vicinity cards that operate to a maximum of 1 meter (approximately 3.3 feet). ISO/IEC 7501 describes standards for machine-readable travel documents and has made a clear recommendation on smart card topology. ICAO The International Civil Aviation Organization (ICAO) issues guidance on the standardization and specifications for Machine Readable Travel Documents (MRTD) such as passports, visas, and travel documents. ICAO has published the specification for electronic passports using a contactless smart chip to securely store traveler data. FIPS (Federal Information Processing Standards) Developed by the Computer Security Division within the National Institute of Standards and Technology (NIST). FIPS standards are designed to protect federal assets, including 17

18 computer and telecommunications systems. The following FIPS standards apply to smart card technology and pertain to digital signature standards, advanced encryption standards, and security requirements for cryptographic modules. FIPS 140 (1-3): The security requirements contained in FIPS 140 (1-3) pertain to areas related to the secure design and implementation of a cryptographic module, specifically: cryptographic module specification; cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/ electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. FIPS 201: This specification covers all aspects of multifunction cards used in identity management systems throughout the U.S. government. EMV - Europay, MasterCard and Visa formed EMV Company, LLC and created the Integrated Circuit Card Specifications for Payment Systems. These specifications are related to ISO7816 and create a common technical basis for card and system implementation of a stored value system. Integrated Circuit Card Specifications for Payment Systems can be obtained from a Visa, MasterCard or Europay member bank. PC/SC - A globally implemented standard for cards and readers, called the PC/SC specification. This standard only applies to CPU contact cards. Version 2.0 also dictates PIN pad to card communications. Apple, Oracle-Sun, Linux and Microsoft all support this standard. Microsoft has built PC/SC into their smart card services as a framework that supports many security mechanisms for cards and systems. PC/SC is now a fairly common middleware interface for PC logon applications. The standard is a highly abstracted set of middleware components that allow for the most common reader card interactions. CEN (Comite Europe en de Normalisation) and ETSI (European Telecommunications Standards Institute) is focused on telecommunications, as with the GSM SIM for cellular telephones. GSM and ETSI CEN can be contacted at Rue de Stassart, 36 B-1050 Brussels, Belgium, attention to the Central Secretariat. HIPAA - The Health Insurance Portability and Accountability Act adopts national standards for implementing a secure electronic health transaction system in the U.S. Example transactions affected by this include claims, enrollment, eligibility, payment and coordination of benefits. Smart cards are governed by the requirements of HIPAA pertaining to data security and patient privacy. IC Communications Standards - These existed for non-volatile memories before the chips were adopted for smart card use. This specifically applies to the I2C and SPI EEPROM interfaces. Global System for Mobile Communication (GSM) The GSM standard is dominant in the cell phone industry and uses smart cards called Subscriber Identification Modules (SIMs) that are configured with information essential to authenticating a GSM-compliant mobile phone, thus allowing a phone to receive service whenever the phone is within coverage of a suitable network. This standard is managed by the European Telecommunication Standards Institute. The two most common standards for cards are and OpenCard Framework (Obsolete standard: for information only) The OpenCard Framework was a set of guidelines announced by IBM, Netscape, NCI, and Sun Microsystems for integrating smart cards with network computers. The guidelines were based on open standards and provided an architecture and a set of application program interfaces (APIs) that enable application developers and service providers to build and deploy smart card solutions on any OpenCard-compliant network computer. Through the use of a smart card, an OpenCard-compliant system should have enabled access to personalized data and services from any network computer and dynamically download from the Internet all device drivers that are necessary to communicate with the smart card. By providing a high-level interface which can support multiple smart card 18

19 types, the OpenCard Framework was intended to enable vendor-independent card interoperability. The system incorporated Public Key Cryptography Standard (PKCS) - 11 and was supposed to be expandable to include other public key mechanisms. Global Platform GlobalPlatform (GP) is an international, non-profit association. Its mission is to establish, maintain and drive adoption of standards to enable an open and interoperable infrastructure for smart cards, devices and systems that simplifies and accelerates development, deployment and management of applications across industries. The GP standard has been adopted by virtually all the banks worldwide for JavaCard -based loading of cryptographic data. The standard establishes mechanisms and policies that enable secure channel communications with a credential. Common Criteria Common Criteria (CC) is an internationally approved security evaluation framework providing a clear and reliable evaluation of the security capabilities of IT products, including secure ICs, smart card operating systems, and application software. CC provides an independent assessment of a product s ability to meet security standards. Security-conscious customers, such as national governments, are increasingly requiring CC certification in making purchasing decisions. Since the requirements for certification are clearly established, vendors can target very specific security needs while providing broad product offerings. Biometric Standards Many new secure ID system implementations are using both biometrics and smart cards to improve the security and privacy of an ID system. ANSI-INCITS , BioAPI Specification - (ISO/IEC ). BioAPI is intended to provide a high-level generic biometric authentication model one suited for any form of biometric technology. It covers the basic functions of enrollment, verification, and identification, and includes a database interface to allow a biometric service provider (BSP) to manage the technology device and identification population for optimum performance. It also provides primitives that allow the application to separately manage the capture of samples on a client workstation, and the enrollment, verification, and identification functions on a server. The BioAPI framework has been ported to Win32, Linux, UNIX, and WinCE. Note that BioAPI is not optimum for a microcontroller environment such as might be embedded within a door access control reader unit or within a smart card processor. BioAPI is more suitable when there is a general-purpose computer available. ANSI-INCITS 398, Common Biometric Exchange Formats Framework (CBEFF) - (ISO/IEC ). The Common Biometric Exchange Formats Framework (CBEFF) describes a set of data elements necessary to support biometric technologies and exchange data in a common way. These data can be placed in a single file used to exchange biometric information between different system components or between systems. The result promotes interoperability of biometric-based application programs and systems developed by different vendors by allowing biometric data interchange. This specification is a revised (and augmented) version of the original CBEFF, the Common Biometric Exchange File Format, originally published as NISTIR ANSI-INCITS Biometric Data Format Interchange Standards. ANSI-INCITS has created a series of standards specifying the interchange format for the exchange of biometric data. These standards specify a data record interchange format for storing, recording, and transmitting the information from a biometric sample within a CBEFF data structure. The ANSI-INCITS published data interchange standards are shown below. There are ISO equivalents to each standard listed here. ANSI-INCITS Finger Pattern Based Interchange Format ANSI-INCITS Finger Minutiae Format for Data Interchange ANSI-INCITS Iris Interchange Format 19

20 ANSI-INCITS Finger Image Based Interchange Format ANSI-INCITS Face Recognition Format for Data Interchange ANSI-INCITS Signature/Sign Image Based Interchange Format ANSI-INCITS Hand Geometry Interchange Format ISO/IEC series on biometric data interchange formats. Part 1 is the framework, Part 2 defines the finger minutiae data, Part 3 defines the finger pattern spectral data, Part 4 defines the finger image data, Part 5 defines the face image data, Part 6 defines the iris image data, and still in development, Part 7 will define the signature/sign time series data, Part 8 will define the finger pattern skeletal data and Part 8 will define the vascular image data. 20

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked

More information

W.A.R.N. Passive Biometric ID Card Solution

W.A.R.N. Passive Biometric ID Card Solution W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused

More information

Smart Card Evolution

Smart Card Evolution Smart Card Evolution Fernando Ferreira Departamento de Informática, Universidade do Minho 4710-057 Braga, Portugal fernando.ferreira4@mail.telepac.pt Abstract. This comunnication describes the state of

More information

CRESCENDO SERIES Smart Cards. Smart Card Solutions

CRESCENDO SERIES Smart Cards. Smart Card Solutions CRESCENDO SERIES Smart Cards Smart Card Solutions Crescendo offers the lowest total cost of ownership (TCO) for a combined logical and physical access control solution. Crescendo smart cards allow me to

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007 Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions Jan 23 rd, 2007 Microsoft ILM is a comprehensive, integrated, identity and access solution within the Microsoft system architecture. It includes

More information

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

22 nd NISS Conference

22 nd NISS Conference 22 nd NISS Conference Submission: Topic: Keywords: Author: Organization: Tutorial BIOMETRICS - DEVELOPING THE ARCHITECTURE, API, ENCRYPTION AND SECURITY. INSTALLING & INTEGRATING BIOMETRIC SYSTEMS INTO

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

mcard CPK Supported Solutions

mcard CPK Supported Solutions mcard CPK Supported Solutions Century Longmai White Paper All rights reserved Contents 1. MTOKEN CPK CARD INTRODUCTION... 2 PRODUCT INTRODUCTION... 2 Product appearance... 3 Hardware parameters... 4 2.

More information

PRIME IDENTITY MANAGEMENT CORE

PRIME IDENTITY MANAGEMENT CORE PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It

More information

Converged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards

Converged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards Converged Smart Card for Identity Assurance Solutions Crescendo Series Smart Cards Crescendo is the proven smart card solution for a combined logical and physical access control solution. Crescendo smart

More information

Smart Cards and Biometrics in Physical Access Control Systems

Smart Cards and Biometrics in Physical Access Control Systems Smart Cards and Biometrics in Physical Access Control Systems Robert J. Merkert, Sr. Vice President of Sales Americas Biometric Consortium 2005 Conference September 21, 2005 All Company and/or product

More information

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions.

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions. sqs.com Case Study - Banking & Financial Services Enhancing the Contactless UAT. Enabling faster and efficient transactions. A leading European Bank established successfully across various Credit/Debit

More information

Chip Terms Explained A Guide to Smart Card Terminology

Chip Terms Explained A Guide to Smart Card Terminology Chip Terms Explained A Guide to Smart Card Terminology Contents 1 AAC Application Authentication Cryptogram AID Application Identifier Applet ARQC Authorization Request Cryptogram ARPC Authorization Response

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

Security & Chip Card ICs SLE 44R35S / Mifare

Security & Chip Card ICs SLE 44R35S / Mifare Security & Chip Card ICs SLE 44R35S / Mifare Intelligent 1 Kbyte EEPROM with Interface for Contactless Transmission, Security Logic and Anticollision according to the MIFARE -System Short Product Info

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information

CONTACTLESS INTEROPERABILITY IN TRANSIT

CONTACTLESS INTEROPERABILITY IN TRANSIT NEW SCIENCE TRANSACTION SECURITY ARTICLE CONTACTLESS INTEROPERABILITY IN TRANSIT SUMMER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

NACCU 2013. Migrating to Contactless: 2013 1

NACCU 2013. Migrating to Contactless: 2013 1 NACCU 2013 Migrating to Contactless: 2013 1 AGENDA The demise of cards has been predicted for many years. When will this really happen? This presentation by two card industry experts will cover the rise

More information

Smart Card: The Computer in Your Wallet

Smart Card: The Computer in Your Wallet Smart Card: The Computer in Your Wallet MIPS Technologies, Inc. June 2002 Smart cards, credit-card-size pieces of plastic incorporating a silicon chip, comprise the highest volume computing platform. Roughly

More information

PKI Note: Smart Cards

PKI Note: Smart Cards April 2002 PKI Note: Smart Cards For many years, particularly in the United States, smart cards were considered a technology solution in search of a business problem. Recent trends, events and innovations

More information

The Canadian Migration to EMV. Prepared By:

The Canadian Migration to EMV. Prepared By: The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced

More information

Smart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment

Smart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment Smart Card Deployment in the Data Center: Best Practices for Integrating Smart Card Authentication in a Secure KVM Environment 2009, Raritan Inc. Executive Summary While many organizations have employed

More information

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER GENERAL The MIFARE contactless smart card and MIFARE card reader/writer were developed to handle payment transactions for public transportation systems.

More information

Gemalto Mifare 1K Datasheet

Gemalto Mifare 1K Datasheet Gemalto Mifare 1K Datasheet Contents 1. Overview...3 1.1 User convenience and speed...3 1.2 Security...3 1.3 Anticollision...3 2. Gemalto Mifare Features...4 2.1 Compatibility with norms...4 2.2 Electrical...4

More information

Cloud RFID UHF Gen 2

Cloud RFID UHF Gen 2 Cloud RFID UHF Gen 2 Supply chain visibility In store stock management and security. - Stock take by RFID - Stock search - Reorder report, - Dynamic reorder, Security. Introduction The Adilam RFID system

More information

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers Inside the Mobile Wallet: What It Means for Merchants and Card Issuers Welcome to the age of Universal Commerce commerce that is integrated, personalized, secure, open, and smart. The lines between in-store

More information

Smart Card Technology Capabilities

Smart Card Technology Capabilities Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards

More information

Mobile MasterCard PayPass Testing and Approval Guide. December 2009 - Version 2.0

Mobile MasterCard PayPass Testing and Approval Guide. December 2009 - Version 2.0 Mobile MasterCard PayPass Testing and Approval Guide December 2009 - Version 2.0 Proprietary Rights Trademarks The information contained in this document is proprietary and confidential to MasterCard International

More information

ACR120 Technical Specifications version 2.9 November 2005

ACR120 Technical Specifications version 2.9 November 2005 Version 2.9 11-2005, Email: info@acs.com.hk Website: www.acs.com.hk ACR120 Contactless Reader/Writer 1.0 Introduction The ACR120 is a compact and cost-effective contactless reader and writer. It is developed

More information

Banking. Extending Value to Customers. KONA Banking product matrix. KONA@I is leading the next generation of payment solutions.

Banking. Extending Value to Customers. KONA Banking product matrix. KONA@I is leading the next generation of payment solutions. Smart IC Banking Banking Extending Value to Customers KONA Banking product matrix Contact - SDA Product EEPROM Java Card Type KONA Products KONA@I is leading the next generation of payment solutions Banks,

More information

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity

More information

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201. PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize

More information

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase

More information

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

The Future is Contactless

The Future is Contactless Contactless Implementation and Benefits The Future is Contactless One of the most exciting new applications to be launched in the payment world is contactless payment. The technology is already available

More information

SmartCITIES. Smart InterOperable. Solutions for Transport Authorities

SmartCITIES. Smart InterOperable. Solutions for Transport Authorities SmartCITIES Smart InterOperable Solutions for Transport Authorities Main Modules Customer Support Services Customer Management Card Management Card Issuing & Personalization Business Support Services Revenue

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company 3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented

More information

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015 MIFARE4Mobile Public MobileKnowledge April 2015 Agenda Why MIFARE4Mobile? MIFARE in Mobile related technologies MIFARE technology NFC technology MIFARE4Mobile technology High level system architecture

More information

Enhancing Web Application Security

Enhancing Web Application Security Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor

More information

Credit card: permits consumers to purchase items while deferring payment

Credit card: permits consumers to purchase items while deferring payment General Payment Systems Cash: portable, no authentication, instant purchasing power, allows for micropayments, no transaction fee for using it, anonymous But Easily stolen, no float time, can t easily

More information

EMV-TT. Now available on Android. White Paper by

EMV-TT. Now available on Android. White Paper by EMV-TT A virtualised payment system with the following benefits: MNO and TSM independence Full EMV terminal and backend compliance Scheme agnostic (MasterCard and VISA supported) Supports transactions

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

PUF Physical Unclonable Functions

PUF Physical Unclonable Functions Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

More information

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Audio: This overview module contains an introduction, five lessons, and a conclusion. Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules

More information

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR PAYMENT 4

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR PAYMENT 4 CONTACTLESS THE APPEAL FOR CONTACTLESS 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR 4 DESIGNING AN EMV LIKE CONTACTLESS SYSTEM 5 INGENICO, LEADER IN CONTACTLESS TECHNOLOGY

More information

Windows Embedded Security and Surveillance Solutions

Windows Embedded Security and Surveillance Solutions Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues

More information

Longmai Mobile PKI Solution

Longmai Mobile PKI Solution Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2

More information

IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1. User Guide IBM SC23-9950-05

IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1. User Guide IBM SC23-9950-05 IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1 User Guide IBM SC23-9950-05 IBM Security Access Manager for Enterprise Single Sign-On Version 8.2.1 User Guide IBM SC23-9950-05

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

Best Practices Provide Best Value When Implementing Key Control and Asset Management Systems

Best Practices Provide Best Value When Implementing Key Control and Asset Management Systems Attribute to: Fernando Pires VP, Sales and Marketing Morse Watchmans Best Practices Provide Best Value When Implementing Key Control and Asset Management Systems Abstract Key control and asset management

More information

Applying the NFC Secure Element in Mobile Identity Apps. RANDY VANDERHOOF Executive Director Smart Card Alliance

Applying the NFC Secure Element in Mobile Identity Apps. RANDY VANDERHOOF Executive Director Smart Card Alliance Applying the NFC Secure Element in Mobile Identity Apps RANDY VANDERHOOF Executive Director Smart Card Alliance Session ID: MBS - 403 Session Classification: Mobile Security Agenda Agenda topics NFC basics:

More information

Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics

Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics Revised October 25, 2007 These standards can be obtained (for a fee) at ANSI s estandards Store: http://webstore.ansi.org/

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Identity Protection and Access Management (IPAM) Architectural Standard Identity Management Services ITP Number ITP-SEC013 Category Recommended Policy Contact RA-ITCentral@pa.gov

More information

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Serving millions of people worldwide with electronic payment convenience. Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Copyright 2011 Euronet Worldwide, Inc. All

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Chip Card & Security ICs Mifare NRG SLE 66R35

Chip Card & Security ICs Mifare NRG SLE 66R35 Chip Card & Security ICs Mifare NRG Intelligent 1 Kbyte Memory Chip with Interface for Contactless Transmission according to the Mifare -System Short Product Information April 2007 Short Product Information

More information

A Guide to EMV Version 1.0 May 2011

A Guide to EMV Version 1.0 May 2011 Table of Contents TABLE OF CONTENTS... 2 LIST OF FIGURES... 4 1 INTRODUCTION... 5 1.1 Purpose... 5 1.2 References... 5 2 BACKGROUND... 6 2.1 What is EMV... 6 2.2 Why EMV... 7 3 THE HISTORY OF EMV... 8

More information

Training Webcast on Contactless Cards for Access Control. January 21, 2004

Training Webcast on Contactless Cards for Access Control. January 21, 2004 Training Webcast on Contactless Cards for Access Control January 21, 2004 Your presenters» Perry Garvis Business Development Manager Access Control & Security Products» Kelly Stark TI-RFid Systems Strategic

More information

RFID based Bill Generation and Payment through Mobile

RFID based Bill Generation and Payment through Mobile RFID based Bill Generation and Payment through Mobile 1 Swati R.Zope, 2 Prof. Maruti Limkar 1 EXTC Department, Mumbai University Terna college of Engineering,India Abstract Emerging electronic commerce

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Measurement and Analysis Introduction of ISO7816 (Smart Card)

Measurement and Analysis Introduction of ISO7816 (Smart Card) Measurement and Analysis Introduction of ISO7816 (Smart Card) ISO 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, managed jointly by

More information

American Express Contactless Payments

American Express Contactless Payments PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless

More information

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006 Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark

More information

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate

More information

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g

More information

Mobile Financial Services Business Ecosystem Scenarios & Consequences. Summary Document. Edited By. Juha Risikko & Bishwajit Choudhary

Mobile Financial Services Business Ecosystem Scenarios & Consequences. Summary Document. Edited By. Juha Risikko & Bishwajit Choudhary Mobile Financial Services Business Ecosystem Scenarios & Consequences Summary Document Edited By Juha Risikko & Bishwajit Choudhary Mobey Forum Mobile Financial Services Ltd. Disclaimer: This document

More information

Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers

Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Online Gaming: Legalization with Protection for Minors, Adult Players, Problem Gamers Frequently Asked Questions and Answers 2011 CardLogix Corporation. All rights reserved. This document contains information

More information

The What, Who and Why of Contactless Payments

The What, Who and Why of Contactless Payments The What, Who and Why of Contactless Payments Introduction The mass market introduction of contactless technology is an important event for the payments industry. Contactless payments are already providing

More information

Android pay. Frequently asked questions

Android pay. Frequently asked questions Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and

More information

Cent ralized Out -Of-Band Aut hent ic at ion Syst em. Authentication Security for the 21 st Century

Cent ralized Out -Of-Band Aut hent ic at ion Syst em. Authentication Security for the 21 st Century Cent ralized Out -Of-Band Aut hent ic at ion Syst em Security for the 21 st Century Presented by: Southeast Europe Cybersecurity Conference Sophia, Bulgaria September 8-9, 2003 Introduction Organizations

More information

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch QUICK REFERENCE GUIDE FUTURE PROOF TERMINAL Review this Quick Reference Guide to learn how to run a sale, settle your batch and troubleshoot terminal responses. INDUSTRY Retail and Restaurant APPLICATION

More information

HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements

HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements A Smart Card Alliance White Paper September 2003 Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 www.smartcardalliance.org

More information

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Introduction RFID are systems that transmit identity (in the form of a unique serial number) of an object or person wirelessly,

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

Common Electronic Purse Specifications. Business Requirements. Version 7.0. March, 2000. Copyright CEPSCO 1999 All rights reserved

Common Electronic Purse Specifications. Business Requirements. Version 7.0. March, 2000. Copyright CEPSCO 1999 All rights reserved Common Electronic Purse Specifications Business Requirements Version 7.0 March, 2000 Copyright CEPSCO 1999 All rights reserved TABLE OF CONTENTS I. DOCUMENT SPECIFICS......1 OBJECTIVES...1 SCOPE OF DOCUMENT...1

More information

International Journal of Engineering Research & Management Technology

International Journal of Engineering Research & Management Technology International Journal of Engineering Research & Management Technology March- 2015 Volume 2, Issue-2 Radio Frequency Identification Security System Mr. Shailendra Kumar Assistant Professor Department of

More information

Euronet s Contactless Solution

Euronet s Contactless Solution Serving millions of people worldwide with electronic payment convenience. Euronet s Contactless Solution Fast, Secure and Convenient Transactions with No Swiping, PIN or Signature Copyright 2011 Euronet

More information

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients A Detailed Review EMC Information Infrastructure Solutions Abstract This white

More information

GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1. MasterCard M/Chip Mobile Solution

GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1. MasterCard M/Chip Mobile Solution INTRODUCING M/Chip Mobile SIMPLIFYING THE DEPLOYMENT OF SECURE ELEMENT MOBILE PAYMENTS OCTOBER 2015 GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY 2017. 1 Research into

More information

advant advanced contactless smart card system

advant advanced contactless smart card system LA-11-001l-en [08.2012] advant advanced contactless smart card system power Fully scalable fully flexible Key applications & standards 2 1 5 The LEGIC advant product line ideally supports the design and

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

Open Payment Fare Systems Save money through operational efficiencies.

Open Payment Fare Systems Save money through operational efficiencies. Open Payment Fare Systems Save money through operational efficiencies. Open Payment Fare Systems Save money and allow transit agencies to focus on their core mission. Like many businesses worldwide, transit

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Threat Model for Software Reconfigurable Communications Systems

Threat Model for Software Reconfigurable Communications Systems Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the

More information

solutions Biometrics integration

solutions Biometrics integration Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Quick Installation. A Series of Intelligent Bar Code Reader with NeuroFuzzy Decoding. Quick Installation

Quick Installation. A Series of Intelligent Bar Code Reader with NeuroFuzzy Decoding. Quick Installation Quick Installation A Series of Intelligent Bar Code Reader with NeuroFuzzy Decoding This chapter intends to get your new FuzzyScan scanner working with your existing system within minutes. General instructions

More information