Types of Contactless Cards
There are three types
of contactless credentials (cards or tokens)
v Memory
v Wired
logic
v Microcontroller
(MCU)
Memory cards use a chip
or other electronic device to store authentication information. In their most
secure form, memory cards store a unique serial number and include the ability
to permanently lock sections of memory or allow write access only through password-protected
mechanisms. Other than these basic mechanisms, memory cards employ no
additional security to protect their contents.
Application Invocation and Authentication
Minor applications
should be invoked by the dominant application as they are a subset of it. A
service index file which stores identification numbers or dedicated file Ids of
available services should be implemented by the dominant application system. An
only the dominant application system has the access right on it. An invocation
algorithm between end-user, dominant and minor applications have to be provided
as well, so that different applications can be executed when requested.
Authentication of them should rely on the provided mechanism from the dominant
application system as they co-operate with each others, therefore each
application does not need to implement its own security algorithm.
PIN Presentations
The PINs are normally
stored in separate elementary files, EFCHV1 and EFCHV2 for example. Use of the
access conditions on those files can prevent the PINs from being changed. The
PIN can be changed by issuing the change PIN instruction together with the new
and old PIN. However, for most of the smart card operating systems, the
corresponding PIN will be invalidated or blocked when a fixed number of invalid
PINs are presented consecutively. The number of times will vary with different
systems.
Information Technology
Businesses, the
government and healthcare organizations continue to move towards storing and
releasing information via networks, Intranets, extranets and the Internet.
These organizations are turning to smart cards to make this information readily
available to those who need it, while at the same time protecting the privacy
of individuals and keeping their informational assets safe from hacking and
other unwanted intrusions. In this capacity, smart cards enable.
Data Ownership and Management
Ownership of the card
or data should not be the application provider as a single card contains more
than one applications. Card provider claims to be the owner is also impractical
as there may not a relationship between the card provider and application
providers. Therefore it is recommended the card holder to be the owner.
Whenever a person who wants to have services from application providers, he or
she can purchase a smart card from one of the card providers and have the
application added on it.
Abstract
In this seminar, is
giving some basic concepts about smart cards. The physical and logical
structure of the smart card and the corresponding security access control has
been discussed in this seminar. It is believed that smart cards offer more
security and confidentiality than the other kinds of information or transaction
storage. Moreover, applications applied with smart card technologies are
illustrated which demonstrate smart card is one of the best solutions to
provide and enhance their system with security and integrity. The seminar also
covers the contactless type smart card briefly. Different kinds of scheme to organise and access of multiple
application smart card are discussed. The first and second schemes are
practical and workable on these days, and there is real applications developed
using those models. For the third one, multiple independent applications in a
single card, there is still a long way to go to make it becomes feasible
because of several reasons.
Attacks on Smart Card
As discussed in all
above, the smart card seems to be a superior tool for enhancing system security
and provides a place for secure storage. One of the security features provided
by most of the smart card operating systems, is the cryptographic facilities.
They provide encryption and decryption of data for the card; some of them can
even be used to generate cryptographic keys.
The secret of the
cryptographic algorithm, the keys stored, and the access control inside the
smart card become the targets of attackers. Nowadays many companies and
cryptographers claime to be able to break the smart card and its
microcontroller. Some of them perform logical non-invasive attacks, some of
them attack the card physically while others just prove their success by
mathematical theorems.
Conclusion
It is believed that
smart cards offer more security and confidentiality than the other kinds of
information or transaction storage. Moreover, applications applied with smart
card technologies are illustrated which demonstrate smart card is one of the
best solutions to provide and enhance their system with security and integrity.
No comments:
Post a Comment