Smart Cards

 Types of Contactless Cards

There are three types of contactless credentials (cards or tokens)

v Memory

v Wired logic

v Microcontroller (MCU)

Memory cards use a chip or other electronic device to store authentication information. In their most secure form, memory cards store a unique serial number and include the ability to permanently lock sections of memory or allow write access only through password-protected mechanisms. Other than these basic mechanisms, memory cards employ no additional security to protect their contents.

Application Invocation and Authentication

Minor applications should be invoked by the dominant application as they are a subset of it. A service index file which stores identification numbers or dedicated file Ids of available services should be implemented by the dominant application system. An only the dominant application system has the access right on it. An invocation algorithm between end-user, dominant and minor applications have to be provided as well, so that different applications can be executed when requested. Authentication of them should rely on the provided mechanism from the dominant application system as they co-operate with each others, therefore each application does not need to implement its own security algorithm.

PIN Presentations

The PINs are normally stored in separate elementary files, EFCHV1 and EFCHV2 for example. Use of the access conditions on those files can prevent the PINs from being changed. The PIN can be changed by issuing the change PIN instruction together with the new and old PIN. However, for most of the smart card operating systems, the corresponding PIN will be invalidated or blocked when a fixed number of invalid PINs are presented consecutively. The number of times will vary with different systems.

Information Technology

Businesses, the government and healthcare organizations continue to move towards storing and releasing information via networks, Intranets, extranets and the Internet. These organizations are turning to smart cards to make this information readily available to those who need it, while at the same time protecting the privacy of individuals and keeping their informational assets safe from hacking and other unwanted intrusions. In this capacity, smart cards enable.

Data Ownership and Management

Ownership of the card or data should not be the application provider as a single card contains more than one applications. Card provider claims to be the owner is also impractical as there may not a relationship between the card provider and application providers. Therefore it is recommended the card holder to be the owner. Whenever a person who wants to have services from application providers, he or she can purchase a smart card from one of the card providers and have the application added on it.

Abstract

In this seminar, is giving some basic concepts about smart cards. The physical and logical structure of the smart card and the corresponding security access control has been discussed in this seminar. It is believed that smart cards offer more security and confidentiality than the other kinds of information or transaction storage. Moreover, applications applied with smart card technologies are illustrated which demonstrate smart card is one of the best solutions to provide and enhance their system with security and integrity. The seminar also covers the contactless type smart card briefly. Different kinds of  scheme to organise and access of multiple application smart card are discussed. The first and second schemes are practical and workable on these days, and there is real applications developed using those models. For the third one, multiple independent applications in a single card, there is still a long way to go to make it becomes feasible because of several reasons.

Attacks on Smart Card

As discussed in all above, the smart card seems to be a superior tool for enhancing system security and provides a place for secure storage. One of the security features provided by most of the smart card operating systems, is the cryptographic facilities. They provide encryption and decryption of data for the card; some of them can even be used to generate cryptographic keys.

The secret of the cryptographic algorithm, the keys stored, and the access control inside the smart card become the targets of attackers. Nowadays many companies and cryptographers claime to be able to break the smart card and its microcontroller. Some of them perform logical non-invasive attacks, some of them attack the card physically while others just prove their success by mathematical theorems.

Conclusion

It is believed that smart cards offer more security and confidentiality than the other kinds of information or transaction storage. Moreover, applications applied with smart card technologies are illustrated which demonstrate smart card is one of the best solutions to provide and enhance their system with security and integrity.