Presentation Title Subtitle Author TM Capitol College 2003 Smart Card Technology Presented by: Jose...

Presentation TitleSubtitle

Author

TM

Capitol College2003

Smart CardTechnology

Presented by:

Jose R. Paloschavez

Jose R. Paloschavez, Capitol College (IA 705) Individual Project: Smart Card Technology

Capitol College2003

Agenda• History• What is it?• Manufactures of hardware• Types of smart cards• Smart Card classification • What is inside the Card (Chip)?• Smart Card technology OS Support• Smart Card Standardization• Why do we need this technology?• Advantages• Disadvantages• Emerging Smart Card Technology (IP)• Conclusion


Capitol College2003History of Smart Card

Technology• 1967 - Jürgen Dethloff invents the smart card computer

• 1971 - Patent issued of solid state memory card

• 1972 - 1993 Patents, standards and “security through obscurity” choke off applications and innovation

• 1974 - New patent to integrate memory and CPU

• 1976 - First commercial smart card created

• 1983 - European phone applications & DOD military ID

• 1984 - Smart Card technology in banking sector in France

• 1990 - Phillips offer 512 bit RSA ex in 1.5sec

• 1994 - Europay/Mastercard/Visa spec for electronic cash

• 1994 - MAOSCO and Keycorp create programmable smart cards


Capitol College2003History of Smart Card

Technology• 1995 - Korea issues 1.5 million bus fare contact less smart

cards

• 1996 - Zeitcontrol and Schlumberger provide high-level languages.

• 1996 Java launches version 1.0

• 1996 - Atlanta Olympics uses smart cards for merchants

• 1996 - SGS Thompson offers RSA in 60msec

• 1997 - MS plans smart card login support for Win98/NT 5.0

• 1998 - Microsoft contributes a real file system and application development tools.

• 2000 - Smart cards become Internet nodes.


Capitol College2003

What is it?

A typical smart card is a credit-card size embedded system containing an 8-bit microprocessor or up to 32 bits processor, ROM to hold programs such as card operating system and immutable data, EEPROM to hold customer-specific data such as user name, secret keys as well as account numbers, RAM to hold transient data during computation and serial I/O, USB or PCMCIA to communicate with the host computer through card readers.


Capitol College2003

Who manufactures the hardware?• Motorola

• MSC0402 chip

• ROM 23K

• EEPROM 8K

• RAM 384 bytes

• 2ms programming

• Random Number Generator (RNG)

• Hitachi

• H8/300 chip

• ROM 16K

• EEPROM 8K

• RAM 512bytes

• 2 I/O ports


Capitol College2003

Who manufactures the hardware? (cont)

• GPM2K card by Gemplus

•Modest data storage, with some security used for retail loyalty, low value purse, vending, general data storage (Health cards, ID cards, portable files)

•256 bits ROM

•1792 bits application storage


Capitol College2003

Types of Smart Cards

•Contact Cards must be inserted into a reader

•Contactless Cards powered by an RF signal using inductive coils

•Combi-Cards can be powered by insertion or RF

Contactinterface

Contactlessinterface

E²PROMmemory

Mic

ropr

oces

sor

Compatible Compatible ISO7816-4ISO7816-4

ISO 14443 - AISO 14443 - A(Mifare Pro)(Mifare Pro)or 14443 - Bor 14443 - B(Moto / ST)(Moto / ST)


Capitol College2003

Smart Card Classification

• Memory Smart Cards • Stored value cards, (pre-paid phone cards, retail, etc.)

• Limited read/write capabilities

• Useful when security not an overriding issue

• Intelligent Smart Cards • Contain a central processing unit, 8-bit architecture

• Have ability to store information

• Have power to make decisions

• Sophisticated protocols for read/write operations

• Can implement a co-processor for arithmetic operations


Capitol College2003

Fero-Electric Random Access Memory (FRAM)• Contactless ‘walk and wave’ operation

• Read & write to the card by Radio Frequency

• Non-volatile: maintain data for ~10 years

• Card is powered by an RF signal

• Store 128-512 bytes in a card

• Used mostly for access control


Capitol College2003

What Is Inside the Smart Card• Components inside a smart card

• Power, Ground, Reset, Clock and I/O are the inputs of a smart card

• Battery memory is possible


Capitol College2003

Inside the Card “Chip”


Capitol College2003

Smart Card Technology OS Support

• *SCFS (Smart Card File System), Smart Card is considered as a a directory of a host OS

• 3COM, PalmOS• *Java Virtual Machine by Sun• *Microsoft Card SDK• *MultiOS for multi-application• Friendly development environment (Compiling and

Loading) at host* will discuss


Capitol College2003

Smart Card File System (SCFS)


Capitol College2003

Java Smart Card Technology

• Java byte codes can reside in smart cards and perform predetermined tasks

• A simple Java Virtual Machine is support in smart card

• Simple HTTP/TCP/IP stack is support

• Smart card is a server responding to requests from hosts

• Possible small databases like medical records, financial information exists in smart cards

• Easy to standardize, program and develop


Capitol College2003

SC49 Implementation Statistics•ROM

Java Card Interpreter 4KBSmart Card Primitives 8KB

•RAMJava Card Interpreter 200MBSmart Card Primitives 90MB

•CPUJava Card Interpreter 1.5 codes/secSmart Card Primitives 300K instrs/sec


Capitol College2003

How about Multi-application Technology?

•One card can have multi-application for multiple purpose – one card is enough?

•Card issuer has full control of the card and can add other applications from card service providers to smart card

•Download Java Applets to smart card


Capitol College2003

Smart Card Standardization

•ISO7816 (1,2,3,4)

•Open Card Framework OCF1.2

•Java Card 2.0 Specification by Sun

•Smart Card SDK (Microsoft)


Capitol College2003

Smart Card Standardization (cont)

•ISO7816

•#1 to #3: Physical Properties: dimension , mechanical stress, power, resistant to static electronic and radiation, electronic signal and transmission protocol

•#4: a set of commands across all industries to provide access, security and transmission of card data, e.g. commands to read, write and update records


Capitol College2003


• OpenCard Framework• functions and roles of smart cards can vary widely by service

• OpenCard Framework (OCF) separates terminal software into terminal specific components and card specific components, thus making it possible to add or remove components on demand

• application developer simply uses the APIs provided by CardService, enabling the application to be shared across multiple platforms that support OCF


Capitol College2003


•Java Card• Is a standard set of APIs and classes that allows Java applets

to run directly on the ISO 7816 compliant cards

• The specifications are announced by Sun and Visa, with the support of leading smart card suppliers

• Provides all the benefits of Java – portability, security, etc.


Capitol College2003


•Smart Card SDK•Developed by Microsoft

•Provides a set of APIs for developers to write smart card-aware Windows applications to operate with smart card readers that conform to the specifications


Capitol College2003

Why do we need this technology?

•Secure Technique Point Of View

•Password based system (Kerberos) suffers from dictionary attackCreate a list of words, namesDerive keys from the words in the list Obtain a <plaintext, ciphertext> pair Decrypt ciphertext with the derived key

•Smart card is able to store long random key (password) in advance and provides it as login in


Capitol College2003

Why do we need this technology? Cont.

•Application Point Of View

•Internet and electronic business prompts the distribution of smart card

•Platform (Hardware and OS) independent programming language (Java) matches the portability of smart card

•Multi-application cards make one card be able to do everything; You do not need carry student ID, driver ID, credit card, ATM card, medical card and etc


Capitol College2003

Advantages of Smart Card Technology

•Tamper-resistant

•Store data in smart card can be protected against unauthorized access

•Loose coupling to host

•Especially attractive for use as secret key storage when hosts cannot be trusted to themselves to store secret keys

•Low cost

•Portability


Capitol College2003

Disadvantages of Smart Card Technology• Low performance

• Slow processor

• Slow I/O channel

• Small memory (ROM, EEPROM and RAM)

• Unsuitable for computation-intensive task (cryptography)

• Executable code size is strictly limited, hens OS, security algorithms and protocols should be simplified

• New technologies may improve the performance

• Interoperation and standardization is relatively difficult

• Card specific attacks (invasive or non-invasive)

• Invalid card holder• PIN + Smart Card

• Biometric + Smart Card


Capitol College2003

Emerging Smart Card Technology (IP)• End-to-End Security

• Standards-Based Card-Edge Interoperability

• Web-Based Application Development

• Direct Addressing

• More Points of Acceptance

• Remote Card Management

• Multiple Non-Proprietary Implementations


Capitol College2003

Conclusion

•Smart card modules are particularly attractive on-line identity tokens regardless of the nature of the network or the device used to connect to it.

•Smallest operating system run on smart cards

•Alternative to meet various security threats


Capitol College2003

References:

• “How much does it cost?” http://www.gemplus.com/basics/cost.html

• Jackson, William. DOD picks middleware for Common Access Cards. (DOD Computing). Government Computer News, August 26, 2002 v21 i25 p37(1).

• “Java Card” http://java.sun./products/javacard/

• “Java Card: Java on Card” http://www.citi.umich.edu/projects/smartcard/JavaCard/sld002.htm

• Messmer, Ellen. “Pentagon gets 'smart'; Military smart cards will access nets, encrypt data. (Government Activity)” Network World, Sept 20, 1999 p1.

• Microsoft SDK. http://microsoft.com/HWDEV/TECH/input/smartcard/default.asp

• Pepe, Michael. “Smart Cards Gaining Traction. (Smart Card Alliance)” Computer Reseller News, Jan 6, 2003 p55.

• Smart Card Terminology. http://www.gemplus.com/basics/terms.htm


Capitol College2003

Questions?

Slide 19 of 19

Date post:	12-Jan-2016
Category:	Documents
Upload:	madlyn-carroll
View:	213 times
Download:	0 times

Presentation Title Subtitle Author TM Capitol College 2003 Smart Card Technology Presented by: Jose...

Documents