Smartcard lecture #5

Smartcard lecture #5

• 1.
  INFORMATION SECURITY LECTURE #5 Presented By Mrs.Vasanthi Muniasamy
• 2.
  TOPIC SMART CARD
• 3.
  Smart Cards FutureLife………
• 4.
  Plastic Cards  Visual identity application  Plain plastic card is enough  Magnetic strip (e.g. credit cards)  Visual data also available in machine readable form  No security of data  Electronic memory cards  Machine readable data  Some security (vendor specific)
• 5.
  What is aSmart Card? A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, cash payments , and other applications, and then periodically refreshed for additional use.
• 6.
  What is asmart card?
• 7.
  History 70’s Smart Card FirstPatent in Germany and later in France and Japan. 80’s Mass usage in Pay Phones and Debit Cards. 90’s Smart Card based Mobiles Chips & Sim Cards.
• 8.
  History 2000’s Payment and TicketingApplications Credit cards, Mass transit (Smartrip) Healthcare and Identification Insurance information, Drivers license
• 9.
  Dimensions of smartcard. 85.6mm x 53.98mm x 0.76mm(defined by ISO 7816)
• 10.
  Card Elements Magnetic Stripe Logo Chip Hologram Embossing (Card Number / Name / Validity)
• 11.
  Smart Cards devices GND VCC VPP Reset I/O Clock Reserved
• 12.
  Electrical Signals Description VCC :Power supply input RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card) . CLK : Clocking or timing signal (optional use by the card). GND : Ground (reference voltage). Fig : A smart card pin out VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card. AUX1(C4): Auxilliary contact; USB devices: D+ AUX2(C8) : Auxilliary contact; USB devices: D-
• 13.
  CARD STRUCTURE Out of the eight contacts only six are used. Vcc is the supply voltage, Vss is the ground reference voltage against which the Vcc potential is measured, Vpp connector is used for the high voltage signal,chip receives commands & interchanges data.
• 14.
  Typical Configurations  256 bytes to 4KB RAM.  8KB to 32KB ROM.  1KB to 32KB EEPROM.  8-bit to 16-bit CPU. 8051 based designs are common.
• 15.
  Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
• 16.
  Terminal/PC Card Interaction The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply.  The terminal/PC cannot directly access memory of the card so data in the card is protected from unauthorized access. This is what makes the card smart.
• 17.
  Why Smart Cards? Security: Data and codes on the card are encrypted by the chip maker. The Smart Card’s circuit chip almost impossible to forge. Trust: Minimal human interaction. Portability. Less Paper work: Eco-Friendly
• 18.
  Two Types ofChips Memory chip Microprocessor  Acts as a small floppy  Can add, delete, and disk with optional manipulate its memory. security  Acts as a miniature  Are inexpensive computer that includes an  Offer little security operating system, hard features disk, and input/output ports.  Provides more security and memory and can even download applications.
• 19.
  From 1 billionto 4 billion units in 10 years… Worldwide smart card shipments 4500 4285 4000 3580 3500 Microprocessor cards Millions of units Memory cards 3000 2500 3325 2655 2000 1500 1000 500 925 960 925 960 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
• 20.
  Smart Cards in everyday life… Loyalty Transport Ticketing Payment Health card Smart Poster Communication
• 21.
  Contact Smart Cards Requires insertion into a smart card reader with a direct connection  This physical contact allows for transmission of commands, data, and card status to take place
• 22.
  Contactless smart card:-
• 23.
  Contactless Smart Cards  Require only close proximity to a reader  Both the reader and card have antennas through which the two communicate  Ideal for applications that require very fast card interfaces
• 24.
  ISO 14443.  International standard.  Deals – only contactless smart cards.  Defines:- a. Interface. b. Radio frequency interface. c. Electrical interface. d. Operating distance. Etc…..
• 25.
  Dual interface smartcards.  Also called Combi card.  Has a single chip over it.  Has both contact as well as contactless interfaces.  We can use the same chip using either contact or contactless interface with a high level of security.
• 26.
  Dual interface smartcard.
• 27.
  Hybrid smart card. Two chips.  One with contact interface.  Other with contactless interface.  No connection between the two chips.
• 28.
  Hybrid smart cards.
• 29.
  Categories of SmartCards Based on the type of IC chip embedded on the Smart Card. They are categorized into three types :-  IC Micro Processor Cards  IC Memory Cards  Optical Memory Cards
• 30.
  Key Attributes Security to make the Digital Life safe and enjoyable Ease of Use to enable all of us to access to the Digital World Privacy to respect each individual’s freedom and intimacy SAFE
• 31.
  So many SmartCards with us at all times…..  In our GSM phone (the SIM card)  Inside our Wallets  Credit/Debit cards  HealthCare cards  Loyalty cards  Our corporate badge  Our Passport  Our e-Banking OTP  … and the list keeps growing
• 32.
  Our Industries Israpidly changing Interactive billboards Transports New solutions leveraging on mobile contactless services eTicketing Retail
• 33.
  Smart Card Applications Governmentprograms  Banking & Finance  Mobile Communication  Pay Phone Cards  Transportation  Electronic Tolls  Passports  Electronic Cash  Retailer Loyalty Programs  Information security
• 34.
  Banking and finance Electronicpurse to replace coins for small purchases in vending machines . Credit and debit cards Securing payments across the internet
• 35.
  Smart card Payphones  Outside of the United States there is a widespread use of payphones  phone company does not have to collect coins  the users do not have to have coins or remember long access numbers and PIN codes  The risk of vandalism is very low since these payphones are smart card-based. “Generally, a phone is attacked if there is some money inside it, as in the case of coin-based payphone
• 36.
  Transportation  Driver’s license  Mass transit fare collection system  Electronic toll collection system
• 37.
  It’s no longeronly «Cards» e-Passport: the first Smart Secure Device 45 Millions e-Passport in 2009
• 38.
  Student id card  All-purpose student ID card containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
• 40.
  By 2020 … 20Billion Smart Secure Devices >4 Billion Mobile Appliances users >4 Billion e-ID documents in use