By:

Er. Amit
Mahajan
A Smart Card is a plastic card the size of a
credit card with an integrated circuit built into
it. This integrated circuit may consist only of
EEPROM in the case of a memory card, or it
may also contain ROM, RAM and even a CPU.
- A smart card is a plastic card about the size
of a credit card, with an embedded microchip
that can be loaded with data, used for
telephone calling, electronic cash payments,
and other applications, and then periodically
refreshed for additional use.
• Processor cards (and therefore memory too)
• Credit card size
•With or without contacts.
• Cards have an operating system too.
• The OS provides
•A standard way of interchanging information
•An interpretation of the commands and data.
• Cards must interface to a computer or
terminal through a standard card reader.
A smart card is a mini-computer without the
display screen and keyboard. Smart cards
contain a microchip with an integrated circuit
capable of processing and storing thousands
of bytes of electronic data. Due to the
portability and size of smart cards they are
seen as the next generation of data exchange.
Smart cards contain an operating system just
like personal computers. Smart cards can
store and process information and are fully
interactive. Advanced smart cards also contain
a file structure with secret keys and encryption
algorithms. Due to the encrypted file system,
data can be stored in separated files with full
security.
 GND
VCC
VPP
Reset
Clock I/O

Reserved
 CL RST
K Vcc
RFU

GND

RFU
Vpp
I/O
•256 bytes to 4KB RAM.
•8KB to 32KB ROM.
•1KB to 32KB EEPROM.
•Crypto-coprocessors (implementing 3DES, RSA
etc., in hardware) are optional.
•8-bit to 16-bit CPU. 8051 based designs are
common.

The price of a mid-level chip when produced in

bulk is less than US$1.
 Computer based readers


Connect through USB or COM (Serial)

ports

Dedicated terminals
Usually with a small screen,
keypad, printer, often also
have biometric devices such
as thumb print scanner.
•The terminal/PC sends commands to the card
(through the serial line).
•The card executes the command and sends back
the reply.
•The terminal/PC cannot directly access memory of
the card
data in the card is protected from unauthorized
access. This is what makes the card smart.
•Communication between smart card and reader is
standardized
ISO 7816 standard
•Commands are initiated by the terminal
Interpreted by the card OS
Card state is updated
Response is given by the card.
•Commands have the following structure
•Response from the card include 1..Le bytes followed by
Response Code
•Password
•Card holder’s protection
•Cryptographic challenge Response
•Entity authentication
•Biometric information
•Person’s identification
•A combination of one or more
•Terminal asks the user to provide a password.
•Password is sent to Card for verification.
•Scheme can be used to permit user
authentication.
•Not a person identification scheme
Cryptographic
verification
Terminal verify card (INTERNAL AUTH)
Terminal sends a random number to card to be
hashed or encrypted using a key.
Card provides the hash or cyphertext.
Terminal can know that the card is authentic.
Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the
response to card to verify
Card thus know that terminal is authentic.
Primarily for the “Entity Authentication”
Biometric techniques
Finger print identification.
Features of finger prints can be kept on the
card (even verified on the card)
Photograph/IRIS pattern etc.
Such information is to be verified by a person.
The information can be stored in the card
securely
Status of smart card
deployments
 Famous Gujarat Dairy card
 Primarily an ID card
 GSM cards (SIM cards for mobiles)
 Phone book etc. + authentication.
 Cards for “credit card” applications.
 By 2007 end all credit cards will be smart.
 EMV standard
 Card for e-purse applications
 Bank cards
 Card technology has advanced
 Contactless smart cards,
 32-bit processors and bigger memories
 JAVA cards
 ELECTRONIC
TRANSACTIONS
 Streamline Reporting Process
 Reduce burden on regulated community
 Efficient Record Retention
 Timely and Accurate Data Retrieval and
Access
 Emergency Response (24/7 access)
 Community-Right-to-Know
CAN ELECTRONIC DATA
BE TRUSTED?
Accuracy and Authenticity
 Decisions regarding Environmental Health and Impact
 Security
 Protection from unauthorized access
 Tamper-resistant
 Accidental – human errors
 Intentional - Fraud

 Credibility in Judicial Proceedings

 Effective Enforcement
 Plaintiff/Defendant Subpoena
WHAT DETERMINES A
LEGALLY BINDING
REPORT ?
1. AUTHENTICATION: the ability to prove the
sender’s identity
2. REPORT INTEGRITY: the ability to prove that
there has been no change during transmission,
storage, or retrieval
3. NON-REPUDIATION: the ability to prove that the
originator of a report intended to be bound by
the information contained in the report
NON-REPUDIATION

REPORT INTEGRITY

AUTHENTICATION
The Basics of Electronic
Payment Systems
Electronic commerce involves the exchange of
some form of money for goods and services.
Implementation of electronic payment systems
is in its infancy and still evolving.
Four technologies to be used: electronic cash,
software wallets, smart cards, and credit/debit
cards.
Electronic Cash
Concerns about electronic payment methods
include:
privacy and security
independence
portability
divisibility
convenience
Advantages of Electronic
Cash
Electronic cash transactions are more efficient
and less costly than other methods.
The distance that an electronic transaction
must travel does not affect cost.
The fixed cost of hardware to handle
electronic cash is nearly zero.
Electronic cash does not require that one
party have any special authorization.
Disadvantages of Electronic
Cash
The concept of an Internet tax poses many
problems and questions.
Because true electronic cash is not traceable,
money laundering is a problem.
Electronic cash is susceptible to forgery.
Electronic cash is, so far, a commercial flop.
Secure Electronic
Transaction (SET) Protocol
SET is a secure protocol jointly designed by
MasterCard and Visa with the backing of
Microsoft, Netscape, IBM, GTE, SAIC, and other
companies.
The purpose of SET is to provide security for
card payments as they traverse the Internet
between merchant sites and processing banks.
Secure Electronic
Transaction (SET) Protocol
The SET specification uses public key
cryptography and digital certificates for
validating both consumers and merchants.
The SET protocol provides confidentiality,
data integrity, user and merchant
authentication, and consumer nonrepudiation.
Advantages and
Disadvantages of Payment
Cards
Advantages:
Payment cards provide fraud protection
Their worldwide acceptance
They are good for online transactions
Disadvantages:
Payment card service companies charge
merchants per-transaction fee and monthly
processing fee