Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications



Similar documents
Moving to Multi-factor Authentication. Kevin Unthank

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

CryptoNET: Security Management Protocols

The Security Framework 4.1 Programming and Design

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Department of Defense PKI Use Case/Experiences

Introducing etoken. What is etoken?

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Deploying Smart Cards in Your Enterprise

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate (Personal eid) WISeKey 2010 / Alinghi 2010 Smartcards

U.S. Department of Agriculture HSPD 12 Program. USDA HSPD-12 Implementing PIV USDA

RAPIDS Self Service User Guide

Issuance and use of PIV at FAA

Using PIV Smart Cards on Linux for Authentication to Windows Active Directory

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Smart Card APDU Analysis

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Information Technology Policy

An Operational Architecture for Federated Identity Management

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

Securing Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Credit Card Processing Overview

GSA FIPS 201 Evaluation Program

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Strong Identity Authentication for First Responders

Smart Tiger STARCHIP SMART TIGER PAYMENT PRODUCT LINE. Payment. STiger SDA. STiger DDA. STiger DUAL

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Strong Authentication Protocol using PIV Card with Mobile Devices

Life After PIV. Authentication In Federated Spaces. Presented to. Card Tech/Secure Tech. May By Lynne Prince Defense Manpower Data Center

eid Security Frank Cornelis Architect eid fedict All rights reserved

Smart Card Application Development Using Java

TrustKey Tool User Manual

Executive Summary P 1. ActivIdentity

The Convergence of IT Security and Physical Access Control

CardControl. Credit Card Processing 101. Overview. Contents

Deriving a Trusted Mobile Identity from an Existing Credential

Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware

CS 356 Lecture 28 Internet Authentication. Spring 2013

The Convergence of IT Security and Physical Access Control

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal

Justice Management Division

Audio: This overview module contains an introduction, five lessons, and a conclusion.

CoSign by ARX for PIV Cards

Converged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards

Token User Guide. Version 1.0/ July 2013

Overview ActivClient for Windows 6.2

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Draft Middleware Specification. Version X.X MM/DD/YYYY

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Biometrics, Tokens, & Public Key Certificates

US Security Directive FIPS 201

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Entrust Managed Services PKI

Biometric SSO Authentication Using Java Enterprise System

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Electronic Payments Part 1

1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.

DoD CAC Middleware Requirements Release 4.0

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

Smart Card Certificate Authentication with VMware View 4.5 and Above WHITE PAPER

Outlook Web Access 2003 Remote User Guide

Finger Vein digital biometric signature: use cases

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Technical notes for HIGHSEC eid App Middleware

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

Android pay. Frequently asked questions

PkBox Technical Overview. Ver

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

Extending EMV payment smart cards with biometric on-card verification

Deploying and Managing a Public Key Infrastructure

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Strong Authentication for PIV and PIV-I using PKI and Biometrics

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

Jrsys International Corp.

How to Use ISO/IEC with Arbitrary Smart Cards

PROXKey Tool User Manual

PrivateServer HSM Integration with Microsoft IIS

Enterprise Public Key Infrastructure (EPKI) Manager. Version 3.5

EMV and Small Merchants:

Managed Services PKI 60-day Trial Quick Start Guide

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

The Canadian Migration to EMV. Prepared By:

Interwise Connect. Working with Reverse Proxy Version 7.x

Transcription:

in Open Distributed Processing s 1 in Open Distributed Processing s 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 7: 1 2 in Open Distributed Processing s 3 in Open Distributed Processing s Smart s Applications 1. Personal Identity Verification (PIV) 2. Smart access card logical security 3. Physical access control card. Secure banking applications, including purse (EMV). Secure WAP application. Ticketing 7. Memberships loyalty programs 8. Medical application 9. Training and certification 3 in Open Distributed Processing s in Open Distributed Processing s Generic smart card application (PKCS#1) Pointer references in PKCS#1 application DIR EF(DIR) Generic PKCS #1 Application DF(Generic PKCS #1 Application) Token Info Unused Space ODF EF(TokenInfo) EF(Unused Space) EF(ODF) PrKDF PuKDF TPuKDF SKDF CDF TCDF UCDF DODF AODF EF(PrKDF) EF(PuKDF) EF(CDF) EF(SKDF) EF(DODF) PrK PuK SK Cert DO AO EF(TPuKDF) EF(TCDF) EF(UCDF) EF(AODF) EF(PrK) EF(PuK) EF(Cert) EF(SK) EF(AO) EF(DO) Page 1 1

in Open Distributed Processing s 7 in Open Distributed Processing s 8 Multiple smart card applications Joint issuers shared data EF(DIR) DIR DF(EID) Generic PKCS#1 #1 Application_1 EF(TokenInfo) EF(Unused Space) EF(ODF) Token Info Unused Space ODF EF(PrKDF) EF(PuKDF) EF(CDF) EF(SKDF) EF(DODF) PrKDF PuKDF TPuKDF SKDF CDF TCDF UCDF DODF AODF x2 EF(TPuKDF) EF(TCDF) x2 EF(UCDF) EF(AODF) x2 PrK PuK SK Cert DO AO EF(PrK) EF(PuK) EF(Cert) EF(SK) EF(AO) EF(Personal Info) DF(Any Other PKCS #1 Application) PKCS#1 Application_2 EF(TokenInfo) EF(ODF) EF(DODF) PKCS#1 Application_3 EF(Application Specific DO's) 7 8 in Open Distributed Processing s 9 in Open Distributed Processing s 10 Components of Java card Combined Java cards 9 10 in Open Distributed Processing s 11 in Open Distributed Processing s 12 Java card framework (JCRE) Downloading applets into a card Functions of the JCRE : Providing services to applets : - installation - registration - selection - deselection. Provision of services to applications in the card reader Packages include java.lang, javacard.framework, javacardx.security and javacardx.crypto 11 12 Page 2 2

in Open Distributed Processing s 13 in Open Distributed Processing s 1 Dynamic applets management 13 1 in Open Distributed Processing s 1 in Open Distributed Processing s 1 PIV (FIPS 201) Management PIV Roles and Request Processing Issuance and Management Access Control PKI Directory & Certificate Status Responder Physical Access Control I&A Data Physical Resource Approval Authority OPM/FBI Identity Proofing & Registration Issuance & Maintenance PKI Key Management Logical Access Control I&A Logical Resource Reader / Writer I&A - Identification & Authentication Data Applicant Sponsor Registrar Adjudicator Issuer Owner holder PIN Input Device Biometric Reader Request Approved Request Completed Request Background Check Physical Access Control 1 PIV Front-End 1 Logical Access Control (PIV Authentication Protocols) in Open Distributed Processing s 17 in Open Distributed Processing s 18 PIV Architecture Enrollment Station Shared Services Environment Agency SIP OPM/FBI Agency IDMS Printing (Personalization) CA Enrollment Finalization Station ( Personalization) Agency Enrollment Station Activation Station 17 18 Page 3 3

in Open Distributed Processing s 19 Enrollment Station IDMS X.00 SAML in Open Distributed Processing s IPS 20 Directory PIV Architecture Central IDMS PKI CA XML/SAML IPS Manager IDMS SAML PIV Requests BioDocs Enroll Approval Authority IPS WorkFlow PIV Roles PIV Requests PIV BioDocs s /Print /Personalization IPS IDMS XML/SAML IPS Issuer P/P Forms Forms Engine Enterprise Services Bus (ESB) PIV Requests s IPS SOAP/SAML/SSL SOAP/SAML/SSL PIV Desktop LACS 19 20 Sponsor Registrar Adjudicator PC/Browser Enrollment Station Adjudication Station Activator Activation Station Usage Applicant PACS in Open Distributed Processing X.00 s 21 IDMS SAML ESC Directory PIV Architecture Flow of PIV Requests in Open Distributed Processing s 22 Manager IDMS PKI CA XML/SAML ESC SIP Approval Authority PIV Roles PIV Requests PIV BioDocs s 7 Enroll PIV Requests PIV BioDocs IDMS SAML ESC IDMS XML/SAML ESC 1 2 3 Printing/Personalization PIV Requests s 8 PIV Desktop 9 LACS Sponsor Registrar Adjudicator Issuer Applicant 21 PC/Browser Enrollment Station Adjudication Station Activation Station Usage PACS 22 in Open Distributed Processing s 23 in Open Distributed Processing s 2 Application (Applet) FIPS 201 PIV Client APIs PIV mandatory and optional data objects: Capability Container Holder Unique Identifier X.09 Cert for PIV Authentication Holder Fingerprint I Holder Fingerprint II Object Holder Facial Image Printed Information X.09 Cert for PIV Digital Signature X.09 Cert for PIV Key Management X.09 Cert for Authentication 23 2 Page

in Open Distributed Processing s 2 in Open Distributed Processing s 2 Middleware APIs and SDK Applications, Middleware and s 2 Java OCF object methods: PIV Client APIs: GSC Basic Services Interface: Application CCI: onecard = OneCARD.newInstance(); onecard.close(); onecard.selectapplet("a000000112000"); onecard.chekpin( 12378 ); pivconnect() pivdisconnect() pivselectapplication() pivlogintoapplication() gscbsiutilconnect() gscbsiutildisconnect() SELECT GET DATA VERIFY 2 Smart s Middleware SC Applications Win Login (Local) PIV CSP PKCS#11 CAC OTP Win Login (Remote) PIV + PIV + FoA Outlook I Explorer W Explorer Acrobat Thunderbird Firefox Applications APIs SC APDUs PIV + MoC MoC Other CAC TWIC FRAC RT in Open Distributed Processing s 27 in Open Distributed Processing s 28 Windows Login 27 28 in Open Distributed Processing s 29 in Open Distributed Processing s 30 Integration with Windows Explorer Certificate Chain Domain Administrator Domain Registration LDAP/X.00 Directory PKI Certificate Authority Smart Administrator (or ) (or Client) 2 3 1 Certificate Chain Private Key Public Key 29 30 Page

in Open Distributed Processing s 31 in Open Distributed Processing s 32 Client (Workstation) Mobility bob.wright@company.com Client Signed email Client Client Hello Bob: You may sign and encrypt your E-mail using smart card. Chris 31 Supported applications: authentication based on Application Microsoft Windows login, Secure Email (S/MIME) for Microsoft Outlook and Secure browser (SSL) for Microsoft Internet Explorer using SC CSP 32 Private Key Private Key Public Key Public Key Full PKI certificate chain stored in the card enables user mobility ity and cross domain single sign on protocol in Open Distributed Processing s 33 in Open Distributed Processing s 3 EMV Europay, Mastercard and Visa Standard for smartcard based payment applications Insures global interoperability of smartcards, terminals and applications Based on ISO 781 High-level API: not only basic communication protocol, but also identification and interoperability of common applications in terminal and card 33 3 in Open Distributed Processing s 3 in Open Distributed Processing s 3 EMV Interoperability EMV Requirements A reader will be able to process any payment card regardless of: payment scheme location device technology EMV Level 1 Requirements: Minimum requirements that smarcards and readers must meet in order to communicate to each other Physical characteristics Logical interface Transmission protocols Based on ISO 781 Debit Credit On-line 3 3 Page

in Open Distributed Processing s 37 in Open Distributed Processing s 38 EMV Requirements EMV Conclusions EMV Level 2 Requirements: Standard way of performing debit and credit transactions once the physical contact has been established Application selection (multi-application support) Data elements Commands Global standard for migration from magnetic strip credit cards to chip based credit cards Multi-application capable High interoperability (ATM, Point-of-Sale) Capable of on-line transactions 37 38 in Open Distributed Processing s 39 in Open Distributed Processing s 0 Questions 39 0? Page 7 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information