1 / 30

Smart Card Technology Presented by: Jose R. Paloschavez

Smart Card Technology Presented by: Jose R. Paloschavez. Agenda. History What is it? Manufactures of hardware Types of smart cards Smart Card classification What is inside the Card (Chip)? Smart Card technology OS Support Smart Card Standardization Why do we need this technology?

lavey
Download Presentation

Smart Card Technology Presented by: Jose R. Paloschavez

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart CardTechnologyPresented by:Jose R. Paloschavez

  2. Agenda • History • What is it? • Manufactures of hardware • Types of smart cards • Smart Card classification • What is inside the Card (Chip)? • Smart Card technology OS Support • Smart Card Standardization • Why do we need this technology? • Advantages • Disadvantages • Emerging Smart Card Technology (IP) • Conclusion

  3. History of Smart Card Technology • 1967 - Jürgen Dethloff invents the smart card computer • 1971 - Patent issued of solid state memory card • 1972 - 1993 Patents, standards and “security through obscurity” choke off applications and innovation • 1974 - New patent to integrate memory and CPU • 1976 - First commercial smart card created • 1983 - European phone applications & DOD military ID • 1984 - Smart Card technology in banking sector in France • 1990 - Phillips offer 512 bit RSA ex in 1.5sec • 1994 - Europay/Mastercard/Visa spec for electronic cash • 1994 - MAOSCO and Keycorp create programmable smart cards

  4. History of Smart Card Technology • 1995 - Korea issues 1.5 million bus fare contact less smart cards • 1996 - Zeitcontrol and Schlumberger provide high-level languages. • 1996 Java launches version 1.0 • 1996 - Atlanta Olympics uses smart cards for merchants • 1996 - SGS Thompson offers RSA in 60msec • 1997 - MS plans smart card login support for Win98/NT 5.0 • 1998 - Microsoft contributes a real file system and application development tools. • 2000 - Smart cards become Internet nodes.

  5. What is it? A typical smart card is a credit-card size embedded system containing an 8-bit microprocessor or up to 32 bits processor, ROM to hold programs such as card operating system and immutable data, EEPROM to hold customer-specific data such as user name, secret keys as well as account numbers, RAM to hold transient data during computation and serial I/O, USB or PCMCIA to communicate with the host computer through card readers.

  6. Who manufactures the hardware? • Motorola • MSC0402 chip • ROM 23K • EEPROM 8K • RAM 384 bytes • 2ms programming • Random Number Generator (RNG) • Hitachi • H8/300 chip • ROM 16K • EEPROM 8K • RAM 512bytes • 2 I/O ports

  7. Who manufactures the hardware? (cont) • GPM2K card by Gemplus • Modest data storage, with some security used for retail loyalty, low value purse, vending, general data storage (Health cards, ID cards, portable files) • 256 bits ROM • 1792 bits application storage

  8. Contact interface E²PROM memory Microprocessor Contactless interface Types of Smart Cards • Contact Cards must be inserted into a reader • Contactless Cards powered by an RF signal using inductive coils • Combi-Cards can be powered by insertion or RF Compatible ISO7816-4 ISO 14443 - A (Mifare Pro) or 14443 - B (Moto / ST)

  9. Smart Card Classification • Memory Smart Cards • Stored value cards, (pre-paid phone cards, retail, etc.) • Limited read/write capabilities • Useful when security not an overriding issue • Intelligent Smart Cards • Contain a central processing unit, 8-bit architecture • Have ability to store information • Have power to make decisions • Sophisticated protocols for read/write operations • Can implement a co-processor for arithmetic operations

  10. Fero-Electric Random Access Memory (FRAM) • Contactless ‘walk and wave’ operation • Read & write to the card by Radio Frequency • Non-volatile: maintain data for ~10 years • Card is powered by an RF signal • Store 128-512 bytes in a card • Used mostly for access control

  11. What Is Inside the Smart Card • Components inside a smart card • Power, Ground, Reset, Clock and I/O are the inputs of a smart card • Battery memory is possible

  12. Inside the Card “Chip”

  13. Smart Card Technology OS Support • *SCFS (Smart Card File System), Smart Card is considered as a a directory of a host OS • 3COM, PalmOS • *Java Virtual Machine by Sun • *Microsoft Card SDK • *MultiOS for multi-application • Friendly development environment (Compiling and Loading) at host * will discuss

  14. Smart Card File System (SCFS)

  15. Java Smart Card Technology • Java byte codes can reside in smart cards and perform predetermined tasks • A simple Java Virtual Machine is support in smart card • Simple HTTP/TCP/IP stack is support • Smart card is a server responding to requests from hosts • Possible small databases like medical records, financial information exists in smart cards • Easy to standardize, program and develop

  16. SC49 Implementation Statistics • ROM • Java Card Interpreter 4KB • Smart Card Primitives 8KB • RAM • Java Card Interpreter 200MB • Smart Card Primitives 90MB • CPU • Java Card Interpreter 1.5 codes/sec • Smart Card Primitives 300K instrs/sec

  17. How about Multi-application Technology? • One card can have multi-application for multiple purpose – one card is enough? • Card issuer has full control of the card and can add other applications from card service providers to smart card • Download Java Applets to smart card

  18. Smart Card Standardization • ISO7816 (1,2,3,4) • Open Card Framework OCF1.2 • Java Card 2.0 Specification by Sun • Smart Card SDK (Microsoft)

  19. Smart Card Standardization (cont) • ISO7816 • #1 to #3: Physical Properties: dimension , mechanical stress, power, resistant to static electronic and radiation, electronic signal and transmission protocol • #4: a set of commands across all industries to provide access, security and transmission of card data, e.g. commands to read, write and update records

  20. Smart Card Standardization (cont) • OpenCard Framework • functions and roles of smart cards can vary widely by service • OpenCard Framework (OCF) separates terminal software into terminal specific components and card specific components, thus making it possible to add or remove components on demand • application developer simply uses the APIs provided by CardService, enabling the application to be shared across multiple platforms that support OCF

  21. Smart Card Standardization (cont) • Java Card • Is a standard set of APIs and classes that allows Java applets to run directly on the ISO 7816 compliant cards • The specifications are announced by Sun and Visa, with the support of leading smart card suppliers • Provides all the benefits of Java – portability, security, etc.

  22. Smart Card Standardization (cont) • Smart Card SDK • Developed by Microsoft • Provides a set of APIs for developers to write smart card-aware Windows applications to operate with smart card readers that conform to the specifications

  23. Why do we need this technology? • Secure Technique Point Of View • Password based system (Kerberos) suffers from dictionary attack • Create a list of words, names • Derive keys from the words in the list • Obtain a <plaintext, ciphertext> pair • Decrypt ciphertext with the derived key • Smart card is able to store long random key (password) in advance and provides it as login in

  24. Why do we need this technology? Cont. • Application Point Of View • Internet and electronic business prompts the distribution of smart card • Platform (Hardware and OS) independent programming language (Java) matches the portability of smart card • Multi-application cards make one card be able to do everything; You do not need carry student ID, driver ID, credit card, ATM card, medical card and etc

  25. Advantages of Smart Card Technology • Tamper-resistant • Store data in smart card can be protected against unauthorized access • Loose coupling to host • Especially attractive for use as secret key storage when hosts cannot be trusted to themselves to store secret keys • Low cost • Portability

  26. Disadvantages of Smart Card Technology • Low performance • Slow processor • Slow I/O channel • Small memory (ROM, EEPROM and RAM) • Unsuitable for computation-intensive task (cryptography) • Executable code size is strictly limited, hens OS, security algorithms and protocols should be simplified • New technologies may improve the performance • Interoperation and standardization is relatively difficult • Card specific attacks (invasive or non-invasive) • Invalid card holder • PIN + Smart Card • Biometric + Smart Card

  27. Emerging Smart Card Technology (IP) • End-to-End Security • Standards-Based Card-Edge Interoperability • Web-Based Application Development • Direct Addressing • More Points of Acceptance • Remote Card Management • Multiple Non-Proprietary Implementations

  28. Conclusion • Smart card modules are particularly attractive on-line identity tokens regardless of the nature of the network or the device used to connect to it. • Smallest operating system run on smart cards • Alternative to meet various security threats

  29. References: • “How much does it cost?” http://www.gemplus.com/basics/cost.html • Jackson, William. DOD picks middleware for Common Access Cards. (DOD Computing). Government Computer News, August 26, 2002 v21 i25 p37(1). • “Java Card” http://java.sun./products/javacard/ • “Java Card: Java on Card” http://www.citi.umich.edu/projects/smartcard/JavaCard/sld002.htm • Messmer, Ellen. “Pentagon gets 'smart'; Military smart cards will access nets, encrypt data. (Government Activity)” Network World, Sept 20, 1999 p1. • Microsoft SDK. http://microsoft.com/HWDEV/TECH/input/smartcard/default.asp • Pepe, Michael. “Smart Cards Gaining Traction. (Smart Card Alliance)” Computer Reseller News, Jan 6, 2003 p55. • Smart Card Terminology. http://www.gemplus.com/basics/terms.htm

  30. Questions? Thank You! Slide 19 of 19

More Related