Académique Documents
Professionnel Documents
Culture Documents
Er. Amit
Mahajan
A Smart Card is a plastic card the size of a
credit card with an integrated circuit built into
it. This integrated circuit may consist only of
EEPROM in the case of a memory card, or it
may also contain ROM, RAM and even a CPU.
- A smart card is a plastic card about the size
of a credit card, with an embedded microchip
that can be loaded with data, used for
telephone calling, electronic cash payments,
and other applications, and then periodically
refreshed for additional use.
• Processor cards (and therefore memory too)
• Credit card size
•With or without contacts.
• Cards have an operating system too.
• The OS provides
•A standard way of interchanging information
•An interpretation of the commands and data.
• Cards must interface to a computer or
terminal through a standard card reader.
A smart card is a mini-computer without the
display screen and keyboard. Smart cards
contain a microchip with an integrated circuit
capable of processing and storing thousands
of bytes of electronic data. Due to the
portability and size of smart cards they are
seen as the next generation of data exchange.
Smart cards contain an operating system just
like personal computers. Smart cards can
store and process information and are fully
interactive. Advanced smart cards also contain
a file structure with secret keys and encryption
algorithms. Due to the encrypted file system,
data can be stored in separated files with full
security.
GND
VCC
VPP
Reset
Clock I/O
Reserved
CL RST
K Vcc
RFU
GND
RFU
Vpp
I/O
•256 bytes to 4KB RAM.
•8KB to 32KB ROM.
•1KB to 32KB EEPROM.
•Crypto-coprocessors (implementing 3DES, RSA
etc., in hardware) are optional.
•8-bit to 16-bit CPU. 8051 based designs are
common.
Dedicated terminals
Usually with a small screen,
keypad, printer, often also
have biometric devices such
as thumb print scanner.
•The terminal/PC sends commands to the card
(through the serial line).
•The card executes the command and sends back
the reply.
•The terminal/PC cannot directly access memory of
the card
data in the card is protected from unauthorized
access. This is what makes the card smart.
•Communication between smart card and reader is
standardized
ISO 7816 standard
•Commands are initiated by the terminal
Interpreted by the card OS
Card state is updated
Response is given by the card.
•Commands have the following structure
•Response from the card include 1..Le bytes followed by
Response Code
•Password
•Card holder’s protection
•Cryptographic challenge Response
•Entity authentication
•Biometric information
•Person’s identification
•A combination of one or more
•Terminal asks the user to provide a password.
•Password is sent to Card for verification.
•Scheme can be used to permit user
authentication.
•Not a person identification scheme
Cryptographic
verification
Terminal verify card (INTERNAL AUTH)
Terminal sends a random number to card to be
hashed or encrypted using a key.
Card provides the hash or cyphertext.
Terminal can know that the card is authentic.
Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the
response to card to verify
Card thus know that terminal is authentic.
Primarily for the “Entity Authentication”
Biometric techniques
Finger print identification.
Features of finger prints can be kept on the
card (even verified on the card)
Photograph/IRIS pattern etc.
Such information is to be verified by a person.
The information can be stored in the card
securely
Status of smart card
deployments
Famous Gujarat Dairy card
Primarily an ID card
GSM cards (SIM cards for mobiles)
Phone book etc. + authentication.
Cards for “credit card” applications.
By 2007 end all credit cards will be smart.
EMV standard
Card for e-purse applications
Bank cards
Card technology has advanced
Contactless smart cards,
32-bit processors and bigger memories
JAVA cards
ELECTRONIC
TRANSACTIONS
Streamline Reporting Process
Reduce burden on regulated community
Efficient Record Retention
Timely and Accurate Data Retrieval and
Access
Emergency Response (24/7 access)
Community-Right-to-Know
CAN ELECTRONIC DATA
BE TRUSTED?
Accuracy and Authenticity
Decisions regarding Environmental Health and Impact
Security
Protection from unauthorized access
Tamper-resistant
Accidental – human errors
Intentional - Fraud
REPORT INTEGRITY
AUTHENTICATION
The Basics of Electronic
Payment Systems
Electronic commerce involves the exchange of
some form of money for goods and services.
Implementation of electronic payment systems
is in its infancy and still evolving.
Four technologies to be used: electronic cash,
software wallets, smart cards, and credit/debit
cards.
Electronic Cash
Concerns about electronic payment methods
include:
privacy and security
independence
portability
divisibility
convenience
Advantages of Electronic
Cash
Electronic cash transactions are more efficient
and less costly than other methods.
The distance that an electronic transaction
must travel does not affect cost.
The fixed cost of hardware to handle
electronic cash is nearly zero.
Electronic cash does not require that one
party have any special authorization.
Disadvantages of Electronic
Cash
The concept of an Internet tax poses many
problems and questions.
Because true electronic cash is not traceable,
money laundering is a problem.
Electronic cash is susceptible to forgery.
Electronic cash is, so far, a commercial flop.
Secure Electronic
Transaction (SET) Protocol
SET is a secure protocol jointly designed by
MasterCard and Visa with the backing of
Microsoft, Netscape, IBM, GTE, SAIC, and other
companies.
The purpose of SET is to provide security for
card payments as they traverse the Internet
between merchant sites and processing banks.
Secure Electronic
Transaction (SET) Protocol
The SET specification uses public key
cryptography and digital certificates for
validating both consumers and merchants.
The SET protocol provides confidentiality,
data integrity, user and merchant
authentication, and consumer nonrepudiation.
Advantages and
Disadvantages of Payment
Cards
Advantages:
Payment cards provide fraud protection
Their worldwide acceptance
They are good for online transactions
Disadvantages:
Payment card service companies charge
merchants per-transaction fee and monthly
processing fee