Smart Card

Published on March 2017 | Categories: Documents | Downloads: 50 | Comments: 0 | Views: 482
of 18
Download PDF   Embed   Report

Comments

Content

Seminar Report on
Smart card: Technology for Secure Management of Information

Submitted to:
Dr. Kanwal Garg
Assistant Professor

Submitted By:
Rohit Sharma
MCA- 4th SEM
Roll No. 92

Department of Computer Science & Applications
Kurukshetra University, Kurukshetra
2015

TABLE OF CONTENT
ABSTRACT
………………………………………………………………………………………………………………
…………….

INTRODUCTION ..
………………………………………………………………………………………………
HISTORY ..
………………………………………………………………………………………………
………….
WHY CALL IT SMART
………………………………………………………………………………………….
TYPES
………………………………………………………………………………………………
…………………
PIN CONFIGURATION
…………………………………………………………………………………………
TYPES OF MEMORY STORED IN
IT………………………………………………………………………..
STANDARDS
………………………………………………………………………………………………
………..
ADVANTAGES & DISADVANTAGES ..
……………………………………………………………………..
APPLICATIONS ..
………………………………………………………………………………………………
…….
SECURITY WITH IT ..
………………………………………………………………………………………………
.

REFERENCES ..
………………………………………………………………………………………………
………..

ABSTRACT
Newly, smart card technology are being used in a number of ways around the world, on the other
Hand, security has become significant in information technology, especially in those applications
Involving data sharing and transactions through the internet.
Furthermore, researches in Information technology acceptance have identified the security as one
of the factor that can Influence on smart card adoption.
In this report, some basic concepts about smart cards are giving. From the introduction to history,
types, applications followed by security with smart card is discussed in this report. It is believed
that smart cards offer more security and confidentiality than the other kinds of information or
transaction storage. Moreover, applications applied with smart card technologies are illustrated
which demonstrate smart card is one of the best solutions to provide and enhance their system
with security and integrity. The report also covers the contactless type smart card briefly.
At the end of the report, it shows that smart card has some disadvantages also that will overcome
soon in coming versions of smart card as per new upcoming technology. It has some applications
that is still used in our daily life.

INTRODUCTION
Being an important identity document, the Indian ID issuance authorities are seeking new
technologies to improve its security & avoid illegal duplication & frauds. As a result, Smart
card technology is becoming the first choice in the industry.
 It is a small plastic card as about the size of credit card which we normally use in our
daily life, embedded with an Integrated chips (IC).


They are also known as chip card or ICC i.e. Integrated Circuit card.



The card is made up of plastic, generally polyvinyl chloride, but sometimes polycarbonate.

 The smart card is one of the latest additions to the world of information technology. Similar
in size today’s plastic payment card, the smart card has a microprocessor or memory chip
embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. As an access-control device, smart cards make personal and business
data available only to appropriate users. Another application provides users with the ability to
make a purchase or exchange value.
 A microprocessor capable of securely storing and processing information. Although there is
diverse range of applications, but still there are 2 broad categories of Integrated circuit card:
(1) Memory card: - Memory cards can store a variety of data, including financial, personal,
and specialized information, but cannot process information. It contains only non volatile
memory (It is a type of memory that retains their contents when power is turned off. Ex: ROM) storage components.
(2) Microprocessor card: - Smart cards with microprocessors look like standard plastic
cards, but are equipped with an embedded Integrated Circuit (IC) chip. They can store
information, carry out local processing on the data stored, and perform complex
calculations. These cards take the form of either "contact" cards (which require a card
reader) or "contactless" cards (which use radio frequency signals to operate). It contains
volatile memory (It is a memory that losses its contents when the power is turned off.
Ex: - RAM) & microprocessor components.
 The microprocessor on the smart card is there for security. The host computer and card reader
actually "talk" to the microprocessor. The microprocessor enforces access to the data on the
card. If the host computer read and wrote the smart card's random access memory (RAM), it
would be no different than a diskette.
 With an embedded microcontroller, smart cards have the unique ability to store large amounts
of data, carry out their own on-card functions (e.g., encryption and mutual authentication)
and interact intelligently with a smart card reader.

 Smart cards can be used with a smart-card reader attachment to a personal computer to
authenticate a user. Web browsers also can use smart card technology to supplement Secure
Sockets Layer (SSL) for improved security of Internet transactions.
 Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of
programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and
receives its power from external sources like a card reader. The processor uses a limited
instruction set for applications such as cryptography. Currently manufacturers of smart cards
are moving to a 32-bit microprocessor to increase the processing power and to handle more
applications.

HISTORY
Antecedents:
 In the 1950s, charge card company Diners Club produced the first card to use for
financial payments. The company used a synthetic material called PVC which was a huge
improvement over the paper-based cards of the day. Moreover, it conferred prestige on a
select group that owned this card since members only need to hand over the card instead
of counting cash.
 By the time other companies like VISA and MasterCard entered this market, the PVC
card evolved to a machine-ready card, then to an integrated circuit card, in response to a
need for better security regarding transactions.
Patents:
 In 1968, German electrical engineer Jürgen Dethloff (1916 to 1981) and his colleague
Helmut Grötrupp applied for the first ICC-related patent, which was finally approved in
1982. Kunitaka Arimura of Japan and Roland Moreno of France followed in 1970 and
1974, respectively.
 1970s
It was not until 1977 that the smart card began to be mass-produced. Manufacturers Bull
CP8, SGS Thomson and Schlumberger spearheaded the smart card's mainstream use.
Two years later, Motorola developed the first secure single chip micro-controller.


1980s
In 1984, the smart card reached a milestone when the French Postal and
Telecommunications services (PTT) successfully tested ATM bank cards with chips.
Within two years, the use of smart cards proliferated throughout the world.



1990s to Present
In 1994, Euro pay, MasterCard and Visa came to a joint agreement on developing
specifications for the use of smart cards in banking. This is called the EMV system.
The use of smart cards continues to grow, applied to several activities from making
phone calls to ATM withdrawals.

WHY CALL IT SMART


Smart cards are not just capable of storing data but also have a processing power.



The data that is stored in it can be protected against the unauthorized access.



They are appropriate for secure & convenient data storage.



Smart cards improve the convenience and security of any transaction.



They provide tamper-proof storage of user and account identity.



Smart card systems have proven to be more reliable than other machine-readable cards,
like magnetic stripe and barcode, with many studies showing card read life and reader life
improvements demonstrating much lower cost of system maintenance.



Smart cards also provide vital components of system security for the exchange of data
throughout virtually any type of network. They protect against a full range of security
threats, from careless storage of user passwords to sophisticated system hacks.



The costs to manage password resets for an organization or enterprise are very high, thus
making smart cards a cost-effective solution in these environments.

TYPES OF SMART CARD
Smart cards are defined according to:
o How the card data is read and written

o The type of chip implanted within the card and its capabilities.

The two types of smart card are
(1) Contact Smart card
These are the most common type of smart card. Electrical contacts located on the outside
of the card connect to a card reader when the card is inserted. This connector is bonded to
the encapsulated chip in the card.

This type of card has a small gold chip about one-half inch in diameter on the front
(instead of a magnetic strip on the back like a credit card). When the card is inserted into a
smart card reader, it makes contact with the electrical connectors that read information
from the chip and write to the chip. Increased levels of processing power, flexibility and
memory will add cost.
Single function cards are usually the most cost-effective solution. Choose the right type of
smart card for your application by determining your required level of security and
evaluating cost versus functionality in relation to the cost of the other hardware elements
found in a typical workflow. All of these variables should be weighted against the
expected lifecycle of the card. On average the cards typically comprise only 10 to 15
percent of the total system cost with the infrastructure, issuance, software, readers, training
and advertising making up the other 85 percent.

(2) Contact-Less Smart card
These are smart cards that employ a radio frequency (RFID) between card and reader
without physical insertion of the card. Instead, the card is passed along the exterior of the
reader and read. This card looks like a typical credit card, but it has a built-in
microprocessor and an antenna coil that enables it to communicate with an external
antenna. They are used when transactions must be processed quickly, as in mass-transit
toll collection.
The following four functions describe at a high level the sequence of events that happen
when a contactless smart card is brought near a card reader:


Energy transfer to the card for powering the integrated circuit (chip)



Clock signal transfer



Data transfer to the contactless smart card



Data transfer from the contactless smart card

True read and write contactless cards were first used in transportation applications for
quick decrementing and reloading of fare values where their lower security was not an
issue. They communicate at 13.56 MHz and conform to the ISO 14443 standard. These
cards are often protected memory types. They are also gaining popularity in retail stored
value since they can speed up transactions without lowering transaction processing
revenues (i.e. Visa and MasterCard), unlike traditional smart cards.

PIN CONFIGURATION

(1) VCC: - Power supply
(2) RESET :- to reset all the configuration
(3) CLOCK: - Provides the card with a clock signal, from which data communications
timing is derived.
(4) RESERVED :- they are the pin which are for the user
(5) GND :- Ground it is a point where voltage is 0
(6) VPP :- peak to peak voltage of a wave
(7) I/O :- Input output pin
(8) RESERVED :- they are the pin which are for the user
Out of 8 contacts only six are used. VCC is the supply voltage, VSS is the ground reference
voltage against which the VCC potential is measured, VPP connector is used for high voltage
signal, chip receives commands & interchanges data.

TYPES OF MEMORY STORED IN SMART CARD
The most common and least expensive smart cards are memory cards that contain EEPROM.
And Microprocessor cards are more like the computers we use on our desktops. They have
RAM, ROM and EEPROM.

RAM (Random Access Memory)
o This is the most common one because every single desktop on the planet uses them.
o It serves as a temporary storage of results from calculations or input/output
communications.
o This memory is volatile memory (the data content is lost as soon as the power is
removed)
ROM (Read Only Memory)
o These types of memories, sometimes also referred to as persistent.
o They are fixed and can’t be changed once manufactured by company.
o This is a low cost memory, because it occupies minimum space on the silicon substrate
and the manufacturing is also less complex.
o In ROM there is an operating system to manage the file system in EEPROM and run
desired functions in RAM.
EEPROM (Electrically Erasable Programmable Read Only Memory)
o This memory is electrically erasable and programmable by the user and can be rewritten
many times (about a million times).
o You can think of EEPROM, inside, just like a normal data storage device which has a file
system and managed via a microcontroller (mostly 8 bit). This microcontroller is
responsible for accessing the files and accepting the communication. The data can be
locked with a PIN (Personal Identification Number), your password. PIN's are normally 3
to 8 digit numbers those are written to a special file on the card. Because this type is not
capable of cryptography, memory cards are used in storing telephone credits,
transportation tickets or electronic cash.
o Both ROM & EEPROM memories are non-volatile (they retain their contents when the
power is removed).

STANDARDS
Primarily, smart card standards govern physical properties, communication characteristics, and
application identifiers of the embedded chip and data. The ISO (International Organization for

Standardization) facilitates the creation of voluntary standards through a process that is open to
all parties.
ISO 7816 is the international standard for integrated-circuit cards (commonly known as smart
cards) that use electrical contacts on the card, as well as cards that communicate with readers and
terminals without contacts, as with radio frequency (RF/Contactless) technology.ISO/IEC is one
of the worldwide standard-setting bodies for technology, including plastic cards. The primary
standards for smart cards are:
ISO/IEC 7816
ISO/IEC 7816 is a multi-part international standard broken into fourteen parts. ISO/IEC 7816
Parts 1, 2 and 3 deal only with contact smart cards and define the various aspects of the card and
its interfaces, including the card’s physical dimensions, the electrical interface and the
communications protocols. ISO/IEC 7816 Parts 4, 5, 6, 8, 9, 11, 13 and 15 are relevant to all
types of smart cards (contact as well as contactless). They define the card logical structure (files
and data elements), various commands used by the application programming interface for basic
use, application management, biometric verification, cryptographic services and application
naming. ISO/IEC 7816 Part 10 is used by memory cards for applications such as pre-paid
telephone cards or vending machines. ISO/IEC 7816 Part 7 defines a secure relational database
approach for smart cards based on the SQL interfaces (SCQL).
ISO/IEC 14443
ISO/IEC 14443 is an international standard that defines the interfaces to a "close proximity"
contactless smart card, including the radio frequency (RF) interface, the electrical interface, and
the communications and anti-collision protocols. ISO/IEC 14443 compliant cards operate at
13.56 MHz and have an operational range of up to 10 centimeters (3.94 inches). ISO/IEC 14443
is the primary contactless smart card standard being used for transit, financial, and access control
applications. It is also used in electronic passports and in the FIPS 201 PIV card.
ISO/IEC 15693
ISO/IEC 15693 describes standards for "vicinity" cards. Specifically, it establishes standards for
the physical characteristics, radio frequency power and signal interface, and anti-collision and
transmission protocol for vicinity cards that operate to a maximum of 1 meter (approximately 3.3
feet).

ISO/IEC 7501
It describes standards for machine-readable travel documents and has
made a clear recommendation on smart card topology.

ETSI is European Telecommunication Standard Institute, which focuses on
telecommunication as with the GSM SIM for cellular telephones.

EMV stands for Euro pay MasterCard Visa, a global standard for interoperation of Integrated
circuit card (ICC) & ATM’s for authenticating credit & debit card transaction.

Java card refers to a technology that allows Java application to be run securely on smart card.
The main goals of design this card are portability & security. At the present time, the amount of
memory on a smart card is very limited but Java programs which are designed for smart cards
are able to accommodate the limit of 8 Kbytes. In fact, that is enough room for several useful
applications to reside.

ADVANTAGES & DISADVANTAGES OF SMART CARD
 ADVANTAGES


Proven to be more reliable than the magnetic strip card & can store
up to 100 times more information than the magnetic strip card.



Smart cards have a lot of flexibility. They can store multiple types
of information including identification, credit cards, business and
family contacts.



Reduce tampering and counterfeiting through high security
mechanisms



Can be reusable & are compatible with portable electronics (PCs,
telephones, PDAs, etc...)



Can store many types of information (finger print data, credit, debit
and loyalty card details, self-authorization data, access control
information, etc...)



Evolves rapidly applying semi-conductor technology.

 DISADVANTAGES


Cost & Availability :- Smart card readers are expensive to produce. These readers are not
available in all locations and may have compatibility issues due to the differences of each
smart card brand.



Easily Lost :- Like a credit card, smart cards are small, lightweight and can be easily lost
if the person is irresponsible. Unlike credit cards, smart cards can have multiple uses and
so the loss may be much more inconvenient. If you lose a card that doubles as a debit
card, bus pass and key to the office, you could be severely inconvenienced for a number
of days.



Slow Adoption :- If used as a payment card, not every store or restaurant will have the
hardware necessary to use these cards. One of the reasons for this is since the technology

is more secure, it is also more expensive to produce and use. Therefore, some stores may
charge a basic minimum fee for using smart cards for payment, rather than cash.


Possible Risk of Identify Theft :- When used correctly for identification purposes, they
make the jobs of law enforcement and healthcare professionals easier. However, for
criminals seeking a new identity, they are like gold, based on the amount of information it
can contain on an individual.

APPLICATIONS OF SMART CARD
Smart cards currently exist for a vast array of applications. However, the expected growth in the
industry will not be due merely to growth in these segments, but also to the addition of the
Internet and electronic commerce with their myriad of uses.
A smart card, as mentioned above, is a portable computational device with data storage ability.
As such, they can be a very reliable form of personal identification and a tamper-proof, secure
information repository. The main possible applications of smart cards are the following:

Payphones
Outside of the United States there is a widespread use of payphones equipped with card readers
rather than p; or in addition to p; coin recognition and storage. The main advantages are that the
phone company does not have to collect coins, and the users do not have to have coins or
remember long access numbers and PIN codes. Smart cards have the further advantage over
magnetic stripe cards of being reloadable, and allowing advanced features like phone banking,
automatic memory dialing and on-line services.
Mobile Communications
Smart cards are used as identification device for GSM digital mobile phones. The card stores all
the necessary information in order to properly identify and bill the user, so that any user can use
any phone terminal.
Banking & Retail
Smart banking cards can be used as credit, direct debit or stored value cards, offering a
counterfeit- and tamper-proof device. The intelligent microchip on the card and the card readers
use mutual authentication procedures that protect users, merchants and banks from fraudulent
use. Other services enabled by smart cards are advanced loyalty programs and electronic
coupons.
Electronic Purse
A smart card can be used to store a monetary value for small purchases. Card readers retrieve the

amount currently stored, and subtract the amount for the goods or services being purchased.
Groceries, transportation tickets, parking, Laundromats, cafeterias, taxis and all types of vending
machines are only some of the purchases that often do not reach amounts to justify the hassle of
using a credit card (a cash card reader does not require a permanent phone connection with a host
computer). Radio-read smart cards will allow the free flow of people through transportation
systems, avoiding the need of ticketing machines or validation gates.

Health Care
Smart cards allow the information for a patient's history to be reliably and safely stored. Health
care professionals can instantaneously access such information when needed, and update the
content. Instant patient verification allows immediate insurance processing and refund. Doctors
and nurses themselves can carry smart card-based IDs that allow secure, multi-level access to
private information.
ID Verification and Access Control
The computational power of smart cards allows running mutual authentication and public-key
encryption software in order to reliably identify the bearer of the card. For higher security needs,
a smart card is a tamper-proof device to store such information as a user's picture or fingerprints.
Smart cards can be used also for network access: in addition or in alternative to user IDs and
passwords, a networked computer equipped with a smart card reader can reliably identify the
user.
Set-top boxes
Subscription satellite and cable services suffer from fraud problems similar to those in the
cellular phone business. Once again, Java Cards offer security and the ability to add/update
customer functions available to consumers in real time.
AADHAR CARD
The most famous & recently use of smart card by UIDAI i.e. Unique Identification Authority
of India. UIDAI is a government of India agency responsible for implementing Aadhaar- a
unique identification project in India which means basically a Single ID card for multi-purpose
usage. It was set up in 2009 will operate the unique identification number database.
METRO CARD
Smart Cards used by Delhi Metro commuters could automatically get recharged at AFC
(Automatic Fare Collection) gates. For this purpose, DMRC is procuring the AFC gates with new
technologies which will have the capacity of automatic top up of smart cards through the bank
accounts of card holders (electronic clearance system (ECS).

SECURITY WITH SMART CARD
Security is basically the protection of something valuable to ensure that it is not stolen, lost, or
altered. The term "data security" governs an extremely wide range of applications and touches
everyone's daily life.
(1) Authentication: - This inspects, then confirms, the proper identity of people involved in
a transaction of data or value. In authentication systems, authentication is measured by
assessing the mechanisms strength and how many factors are used to confirm the identity .
For ex: - by using appropriate Pin code of ATM card a user can easily able to take out the
cash.
(2) Confidentially: - Confidentiality is the use of encryption to protect information from
unauthorized disclosure. Plain text is turned into cipher text via an algorithm, and then
decrypted back into plain text using the same method. So it means the information stored in
card is confidential & only being access by authorized user.
(3) Data Integrity: - For many applications and particularly in the financial world the
preservation of data integrity is the principle security requirement. Here we are concerned
with thwarting any event that results in the unauthorized tampering of the data. This
includes not only modification of data but also addition or deletion of data.
(4) Non-repudiation:- Non - repudiation relates to that security service which ensures that a
correspondent in some data interchange cannot subsequently deny his actions. Where trusted
entities are communicating this facility is not required.

Smart cards are improving every year & have a steady future for at least
9 to 10 years until a new technology appears & replaces them. But for
now, “Smart cards are the Backbone of our digital life & personal
identification.”

REFERENCES
http://en.wikipedia.org/wiki/Smart_card
http://www.smartcardbasics.com/
http://www.smartcardindia.in/
http://computer.howstuffworks.com/question332.htm
http://www.cse.iitk.ac.in/users/moona/smartcard//

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close