White Paper - Smart Cards

Introduction

This white paper is to explain Smart Card, which is a popular automatic identification technology with the applications on smart card.

Smart cards will become as important as computer in recent years. Smart cards are computer without input and output devices.

Today smart cards are using in all industries
- Identification
- Financial / Banking
- Health Care
- Transportation
- Telecommunication
- Etc.

Brief History
Current smart card has evolved in the early 1950s, when Diner’s club produced the first all plastic card to be used for payment applications. Then VISA and MasterCard entered the market.
In 1968, German inventors Jürgen Dethloff and Helmut Grötrupp applied for the first ICC-related patents. Similar applications followed in Japan in 1970 and in France in 1974. In 1984, the French Postal and Telecommunications services (PTT) successfully carried out a field trial with telephone cards. By 1986, many millions of French telephone smart cards were in circulation. Their number reached nearly 60 million in 1990, and 150 million were projected for 1996.
Smart Card Standards
ISO 7816
The details about smart card standard are described in ISO Standard 7816.
Part 1: Physical Characteristics
Part 2: Dimensions & Locations of contacts
Part 3: Electronic signals & Transmission protocol
Part 4: Inter-industry command for interchange
Part 5: Numbering system & registration procedure for application identifiers
Part 6: Inter-industry Data Elements
Part 7: Inter-industry structured card SQL
Part 8: Security related security commands
ISO/IEC 14443
RFID cards; contact-less proximity cards operating at 13.56 MHz in up to 5 inches distance.

Part 1: Physical Characteristics
Part 2: Radio frequency power and signal interface
Part 3: Initialization and anticollision
Part 4: Transmission protocol
EMV
EMV® is a global standard for credit and debit payment cards based on chip card technology.
PC/SC
Builds upon existing industry smart card standards - ISO7816 and EMV - and complements them by defining low-level device interfaces and device-independent application APIs as well as resource management, to allow multiple applications to share smart card devices attached to a system.
GSM
Global System for Mobile Telecommunications standard.

Smart Card Operating Systems

Smart Card as mentioned is a mini computer without input & output devices. Two primary types of operating systems
Ø Fixed File Structure
File and permissions are set in advance by issuer
Ø Dynamic Application System
This type of operating system, which includes the MULTOS and JAVA card varieties, enables developers to build, test, and deploy different applications securely.

Communication Protocols

A smart card and the reader communicate via means of small data packets called APDUs (Application Protocol Data Units).

T=0
Character-level transmission protocol, defined in ISO/IEC 7816-3
T=1
Block-level transmission protocol, defined in ISO/IEC 7816-3
ISO/IEC 14443
APDU transmission via contactless interface, defined in ISO/IEC 14443-4

Security

Four aspects on security

Communication
The security on communication of data transfer between card and outside world is done via encryptions.
The most common encryption methods are symmetric DES (Data Encryption Standard), 3DES (triple DES) and public key RSA (Rivest-Shamir-Adleman’s algorithm), allowing up 56, 168 and 1024 bit long keys, respectively.

Hardware
Hardware level security is made by providing enhanced set of security mechanisms and firmware functions allow the application to detect and respond appropriately to the occurrence of conditions that might indicate an attack.

OS Security
Smart Card has file system which will allow bringing security in OS level. The attributes (access rights) allow five basic levels of access on to file in smart card.

Following are the access rights
1. Always (ALW)
2. Card Holder Verification 1(CHV1)
3. Card Holder Verification 2 (CHV2)
4. Administrative (ADM)
5. Never (NEV)

The PINs
The PINs are stored in separate elementary files, EFchv1 and EFchv2.The OS blocks the card after a wrong PIN is entered several consecutive times.

Smart Card Applications

Computer Security

The Mozilla Firefox web browser can use smart cards to store certificates for use in secure web browsing.

Smart cards are used for single sign-on to log on to computers.

Smart cards support functionality has been added to Windows Live Passports

Financial

Financial applications include
- Banking
- Customer Loyalty Cards
- Electronic wallets
- Campus Cards
- Etc.

Health Care

Smart cards in health care allow keeping patient information with privacy. Smart cards provide secure carrier for medical reports, easy access to medical information, enable compliance with government initiatives and mandates, and provide the platform to implement other applications as needed by the health care organization.

Telecommunication

Smart cards are extensively used in telecommunication industry. Smart cards are used in two primary telecommunications applications – as prepaid (stored value memory cards) telephone cards and as the microprocessor smart card-based Subscriber Identity Module (SIM) in mobile phones.

Identification
Smart card technology is currently recognized as the most appropriate technology for identity applications that must meet critical security requirements, including:
Authenticating the bearer of an identity credential when used in conjunction with personal identification numbers (PINs) or biometric technologies
Protecting privacy
Increasing the security of an identity credential
Implementing identity management controls
Transportation

Smart cards are used worldwide in transportation applications, with millions of smart cards in use for both transit fare payment and parking fee payment.