smart card , chip card , or integrated circuit card ( ICC ), is any pocket-sized card embed the integrated circuit. Smart cards are made of plastic, generally polyvinyl chloride, but sometimes polyethylene-terephthalate-based polyesters, acrylonitrile butadiene styrene or polycarbonate. Since April 2009, a Japanese company has produced reusable financial cards made from paper.
The smart card can be a contact, no contact, or both. They can provide personal identification, authentication, data storage, and application processing. Smart cards can provide strong security authentication for single sign-on (SSO) within the organization.
Video Smart card
History
Discovery
In 1968 and 1969 Helmut GrÃÆ'¶ttrup and JÃÆ'¼rgen Dethloff jointly filed a patent for an automatic chip card. Roland Moreno patented the concept of memory cards in 1974. Important patents for smart cards with microprocessors and memory as used today were filed by JÃÆ'¼rgen Dethloff in 1976 and awarded as USP 4105156 in 1978.
In 1977, Michel Ugon of Honeywell Bull invented the first smart microprocessor card with two chips: one microprocessor and one memory, and in 1978, he patented a self-programmed single-chip microcomputer (SPOM) that defined the architecture necessary to program the chip. Three years later, Motorola uses this patent in its "CP8". Back then, Bull had 1,200 patents related to smart cards. In 2001, Bull sold his CP8 division along with his patent to Schlumberger, which then combined the internal smart card department and CP8 itself to create Axalto. In 2006, Axalto and Gemplus, at the time of the world's top two smart card manufacturers, merged and became Gemalto. In 2008, Dexa Systems broke away from Schlumberger and acquired the Enterprise Security Services business, which includes the smart-card solutions division responsible for implementing the first large-scale smart card management system based on public key infrastructure (PKI).
The first card mass usage was as a phone card for payment on French pay phones, beginning in 1983.
Carte Bleue
After Tà © Å © là © Å © carte, the microchip was integrated into all the French Carte Bleue debit cards in 1992. Customers inserted the card into the merchant's point-of-sale (POS) terminal and typed the personal identification number ( PIN), before the transaction is accepted. Only very limited transactions (such as paying a small toll road toll) are processed without a PIN.
Smart card-based "wallet" systems store funds on the card, so readers do not require network connectivity. They entered European service in the mid-1990s. They are common in Germany (Geldkarte), Austria (Quick Wertkarte), Belgium (Proton), France (Moneo), Netherlands (Chipknip Chipper (disabled in 2001)), Switzerland ("Tunai"), Norway ("Mondex") , Spain ("Monaiero 4B"), Sweden ("Cashier", deactivated in 2004), Finland ("Avant"), United Kingdom ("Mondex"), Denmark ("DanmÃÆ'¸nt") and Portugal ("Porta-moedas Multibanco "). Personal electronic wallet systems have also been deployed such as the Marine Corps (USMC) on Parris Island which allows for small payments in the cafeteria.
Since the 1990s, smart cards have become the identity module of customers (SIMs) used in European GSM mobile phone equipment. Mobile phones are widely used in Europe, so smart cards have become very common.
EMV
Card and equipment Europay MasterCard Visa (EMV) is widespread with placements led by European countries. The United States begins to apply EMV technology in 2014, with deployments still in place by 2018. Typically, a nation's national payment association, in coordination with MasterCard International, Visa International, American Express and Japan Credit Bureau (JCB), jointly plan and apply the EMV system.
Historically, in 1993 several international payment companies agreed to develop smart-card specifications for debit and credit card. The original brands are MasterCard, Visa, and Europay. The first version of the EMV system was released in 1994. In 1998, the specifications became stable.
EMVCo maintains this specification. EMVco's goal is to ensure that financial institutions and retailers whose specifications maintain backward compatibility with the 1998 version. EMVco updated the specifications in 2000 and 2004.
The corresponding EMV card was first received in Malaysia in 2005 and then to the United States in 2014. MasterCard was the first company allowed to use technology in the United States. The United States feels compelled to use technology due to increased identity theft. Credit card information stolen from Target by the end of 2013 is one of the biggest indicators that American credit card information is not secure. The target is to make a decision on April 30, 2014 that will try to apply smart chip technology to protect against future credit card theft identity.
Before 2014, the consensus in America was that there were enough security measures to avoid credit card theft and that the smart chip was not needed. The cost of smart chip technology is significant, which is why most companies do not want to pay it in the United States. The debate arose when online credit theft was not safe enough for the United States to invest in technology. The EMV adaptation increased significantly in 2015 when a lending shift occurred in October by credit card companies.
Unsolicited system development
The No Contact Smart Card requires no physical contact between the card and the reader. They are becoming more popular for payments and tickets. Common uses include mass transit and highway tolls. Visa and MasterCard apply the version that was implemented in 2004-2006 in the US, with a current Visa offer called Contactless Visa. Most tariff charging billing systems are incompatible, although the MIFARE Standard card from NXP Semiconductors has a substantial market share in the US and Europe.
The use of "No contactless" smart cards in transportation has also evolved through the use of cheap NXP Mifare Ultralight and paper/card/PET chips rather than PVC. This has reduced media costs so that it can be used for low-cost tickets and short-term transportation tickets (up to 1 year normally). The fee is usually 10% of the PVC smart card with bigger memory. They are distributed through vending machines, ticket offices, and agents. The use of paper/PET is less harmful to the environment than the traditional [[Greenpeace |]] [[Confidex]] PVC card. See also transport/transit/ID application.
Smart cards are also introduced for identification and rights by regional, national, and international organizations. These uses include residents' cards, driver's licenses, and patient cards. In Malaysia, mandatory national ID MyKad allows eight apps and has 18 million users. The contactless smart card is part of ICAO's biometric passport to improve security for international travel.
Maps Smart card
Design
The smart card may have the following common characteristics:
- Dimensions similar to credit cards. ID-1 standard ISO/IEC 7810 defines the card as nominal 85.60 for 53.98 millimeters (3.37 at 2.13 in). Another popular measure is ID-000, which is nominally 25 by 15 millimeters (0.98 in 0.59 inches) (commonly used in SIM cards). The thickness is both 0.76 millimeters (0.030 inches).
- Contains a damage-resistant security system (eg secure cryptoprosesor and secure file system) and provides security services (eg, protecting in-memory information).
- Administered by an administration system, which securely exchange information and configuration settings with cards, controls card blacklists and app data updates.
- Communicate with external services via card reader devices, such as ticket readers, ATMs, DIP readers, etc.
Contact smart card
Smart card contacts have a contact area of ​​about 1 centimeter square (0.16 sq. Inches), consisting of several gold-plated contact pads. This pad provides electrical connectivity when inserted into the reader, which is used as a communication medium between the smart card and the host (eg, Computer, terminal of sale) or mobile phone. Card does not contain battery; power is supplied by the card reader.
The ISO/IEC 7810 and ISO/IEC 7816 standards specify:
- physical form and characteristics,
- position and shape of the power connector,
- electrical characteristics,
- the communication protocol, including the commands sent to and response from the card,
- basic functions.
Because the chips in the financial card are the same as those used in the customer identity module (SIM) in the phone, programmed differently and embedded in different parts of PVC, chip manufacturers build with more demanding GSM/3G standards. So, for example, although the EMV standard allows the chip card to pull 50 mA from its terminal, the card is usually below the 6 mA phone industry limit. This allows the smaller and cheaper financial card terminal.
The communication protocols for smart contact cards include T = 0 (character-level transmission protocol, defined in ISO/IEC 7816-3) and T = 1 (block-level transmission protocol, defined in ISO/IEC 7816-3).
Unclaimed smart card
The second type of card is a unattended smart card , where the card communicates with and is supported by the reader via RF induction technology (at data rates of 106-848 kbit/s). These cards only require proximity to the antenna to communicate. Like smart cards with contacts, contactless cards do not have internal resources. Instead, they use an inductor to capture some radio frequency interrogation incident signals, repair, and use it to power electronic cards. Contactless smart media can be made with PVC, paper/card and PET finishing to meet various performance, cost and durability requirements.
The APDU transmission by an interface without contact is defined in ISO/IEC 14443-4.
Hybrids
Hybrid cards implement contactless and contact interfaces on one card with module/storage and special processing.
- Double Interface
The dual interface card implements a contact interface without contacts and contacts on one card with multiple storage and processing together. An example is the multi-application Porto transport card, called Andante, which uses chips with contact and contactless interfaces (ISO/IEC 14443 Type B).
USB
CCID (Chip Card Interface Device) is a USB protocol that allows smartcards to be connected to a computer, using a standard USB interface. This allows smartcards to be used as security tokens for authentication and data encryption such as Bitlocker. CCID devices usually look like a standard USB dongle and may contain a SIM card inside a USB dongle.
Apps
Financial
Smart cards act as credit cards or ATMs, fuel cards, mobile SIM cards, authorization cards for pay TV, household utility payment cards, high security identification and access badges, as well as public transport and payphone pay cards.
The smart card can also be used as an electronic wallet. Smart card chips can be "loaded" with funds to pay for parking meters, vending machines or merchants. The cryptographic protocol protects the exchange of money between smart cards and machines. No connection required to bank. The cardholder can use it even if it is not the owner. Examples are Proton, Geldkarte, Chipknip, and Moneo. German Geldkarte is also used to validate the age of customers in vending machines for cigarettes.
This is the most famous payment card (classic plastic card):
- Visa: Contactless Visa, Quick VSDC, "qVSDC", Visa Wave, MSD, payWave
- MasterCard: PayPass Magstripe, PayPass MChip
- American Express: ExpressPay
- Find it: Zip
- Unionpay: QuickPass
Roll-out started in 2005 in the US Asia and Europe followed in 2006. Contactless (non-PIN) transactions cover payment ranges ~ $ 5-50. There is an implementation of PayPass ISO/IEC 14443. Some, but not all PayPass implementations in accordance with EMV.
The non-EMV card works like a magnetic stripe card. This is common in the US (PayPass Magstripe and MSD Visa). The card does not hold or maintain the account balance. All payments pass without PIN, usually in off-line mode. The security of such transactions is no greater than by magnetic stripe transaction.
An EMV card can have a contact interface or no contacts. They work as if they are a normal EMV card with a contact interface. Through the interface without contacts, they work somewhat differently, because the card commands enable enhanced features such as lower power and shorter transaction time.
SIM
The customer identity module used in mobile phone systems is a small size smart card, using identical technology.
Identify
Smart-cards can authenticate identity. Sometimes they use public key infrastructure (PKI). The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. Examples include the US Department of Defense (DoD) Public Access Cards (CACs), and other cards used by other governments for their citizens. If they include biometric identification data, the card can provide two or three superior authentication factors.
Smart cards do not always increase privacy, because the subject can carry information that is burdensome on the card. Unresponsive smart cards that can be read from within the wallet or even the garment simplify the authentication; however, criminals can access data from these cards.
Cryptographic smart cards are often used for single sign-on systems. The most advanced smart cards include specialized cryptographic hardware that uses algorithms such as RSA and Digital Signature Algorithm (DSA). Today's cryptographic cryptards generate key pairs on the board, to avoid the risk of having more than one copy of the key (since by design there is usually no way to extract the private key from the smart card). Such smart cards are primarily used for digital signatures and secure identification.
The most common way to access the cryptographic smart card functionality on a computer is to use the vendor-provided PKCS # 11 library. In Microsoft Windows, the Cryptographic Service Provider (CSP) API is also supported.
The most widely used cryptographic algorithms in smart cards (excluding the so-called "crypto algorithms") are Triple DES and RSA. The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage.
Some of these smart cards are also created to support the standards of the National Institute of Standards and Technology (NIST) for the Verification of Personal Identity, FIPS 201.
Turkey implemented the first smart card driver SIM system in 1987. Turkey has a high level of road accidents and decided to develop and use digital tachograph devices on heavy vehicles instead of existing mechanics, to reduce speed violations. Since 1987, the licensed professional driver in Turkey has been issued as a smart card. A professional driver is required to insert his SIM into a digital tachograph before starting to drive. The tachograph unit records speed violations for each driver and provides printed reports. Driving hours for each driver are also monitored and reported. In 1990 the EU conducted a feasibility study through BEVAC Consulting Engineers, entitled "Feasibility study in connection with European electronic driver license (based on smart card) on behalf of the Directorate General VII". In this study, chapter seven describes the Turkish experience.
Argentina's Mendoza province began using smart card driver licenses in 1995. Mendoza also has high road accident rates, driving offenses, and a poor record of fines recovery. A smart license keeps the latest data about driving violations and unpaid penalties. They also store personal information, types and license numbers, and a photo. Emergency medical information such as blood type, allergy, and biometrics (fingerprints) can be stored on the chip if the card holder wants it. The Argentine government anticipates that this system will help collect more than $ 10 million per year in fines.
In 1999, Gujarat was the first Indian state to introduce a smart card licensing system. In 2005, it has issued 5 million SIM card smart to its people.
In 2002, the Estonian government began issuing a smart card named ID Kaart as the main identification for citizens to replace ordinary passports in domestic and EU usage. In 2010 about 1 million smart cards have been issued (total population of about 1.3 million) and they are widely used in internet banking, buying public transport tickets, authorizing on various websites etc.
In early 2009, the entire population of Belgium issued an eID card used for identification. These cards contain two certificates: one for authentication and one for signature. This signature can be legally enforceable. More and more services in Belgium are using eID for authorization.
Spain began issuing national ID cards (DNIs) in the form of Smartcards in 2006 and gradually replacing all the older ones with Smartcards. The idea is that many or most bureaucratic actions can be done online but that fails because the Administration is not adaptable and most still require paper documents and personal attendance.
On August 14, 2012, ID cards in Pakistan were changed. Smart Card is a third generation chip based identity document manufactured in accordance with international standards and requirements. This card has more than 36 physical security features and has the latest encryption code. This smart card replaces NICOP (ID card for Pakistan abroad).
Smart cards can identify emergency responders and their skills. Cards like these allow first responders to skip organizational documents and focus more time on emergency resolutions. In 2004, The Smart Card Alliance expressed its need: "to improve security, improve government efficiency, reduce identity fraud, and protect personal privacy by establishing mandatory standards, established by the Government for safe and reliable identification". emergency response personnel can carry these cards to be positively identified in emergency situations. WidePoint Corporation, the smart card provider for FEMA, generates cards containing additional personal information, such as medical records and expertise.
In 2007, the Open Mobile Alliance (OMA) proposed a new standard defining V1.0 Web Server Smart Card (SCWS), an HTTP server embedded in a SIM card intended for smartphone users. The non-profit trade association SIMalliance has promoted the development and adoption of SCWS. SIMalliance states that SCWS offers end users a well known, OS-independent browser-based interface for securing personal SIM data. In mid-2010, SIMalliance has not reported a widespread industry acceptance from SCWS. OMA has maintained the standard, approved the V1.1 standard in May 2009, and V1.2 is expected to be approved in October 2012.
Smart cards are also used to identify user accounts in arcade machines.
Public transit
Smart cards, used as transit tickets, and integrated tickets are used by many public transport operators. Card users can also make small purchases using the card. Some carriers offer points for use, redeemed at retailers or for other benefits. Examples include CEPAS Singapore, Toronto Presto Card, Hong Kong Gurita Card, London Oyster Card, Dublin Leap card, MoBIB Brussels, OPUS QuÃÆ' Â © bec card, San Francisco Clipper card, Auckland AT Hop, card go to Brisbane, SmartRider from Perth, Opal Sydney card and myki Victoria. However, this presents a privacy risk as it allows mass transit operators (and governments) to track the movement of individuals. In Finland, for example, the Data Protection Ombudsman prohibits the transport operator of the Helsinki Metropolitan Area Council (YTV) to collect such information, although there is a YTV argument that the cardholder has the right to a travel list paid with the card. Previously, such information was used in the Myyrmanni bombing investigation.
The UK Department of Transport mandated smart cards to manage travel rights for elderly and disabled people. This scheme allows residents to use cards more than just bus tickets. They can also be used for taxis and other concession transportation. One example is the "Smartcare go" scheme provided by Ecebs. The British system uses the ITSO Ltd. specification. Other schemes in the UK include travel ticket periods, ticket carnivals or daily tickets and stored value that can be used to pay for travel. Other concessions for school students, students and job seekers are also supported. This is largely based on the ITSO Ltd. specification.
Many smart transport schemes include the use of cheap smart tickets for simple travel, day passes, and visitor admission. Examples include the Glasgow SPT subway. This smart ticket is made of paper or PET thinner than a PVC smart card, eg. Confidex smart media. Smart tickets can be pre-printed and printed or printed on demand.
Computer security
The smart card can be used as a security token.
The Mozilla Firefox web browser can use a smart card to store certificates for use in secure web browsing.
Some disk encryption systems, such as Microsoft BitLocker, can use smart cards to hold encryption keys securely, and also add another layer of encryption to an important part of the secured disk.
GnuPG, the famous encryption suite, also supports storing keys in smart cards.
Smart cards are also used for single sign-on to log in to a computer.
School
Smart cards are provided for students in some schools and colleges. Usage includes:
- Track student attendance
- As an electronic wallet, to pay for items in the cafeteria, vending machines, laundry facilities, etc.
- Track and monitor food choices in the cafeteria, to help students maintain a healthy diet
- Track loans from the school library
- Access controls for entrance to buildings, dormitories, and other restricted facilities. These requirements may be enforced at any time (such as for laboratories containing valuable equipment), or only during post-business periods (such as for academic buildings open during class hours but limited to nightly personnel), depending on security needs.
- Access to transport services
Healthcare
Smart cards can enhance the security and privacy of patient information, provide safe carriers for portable medical records, reduce health care scams, support new processes for portable medical records, provide secure access to emergency medical information, enable compliance with government initiatives (eg, organ donation) and mandates, and provides a platform for implementing other applications needed by health care organizations.
Other uses
Smart cards are widely used to encrypt digital television streams. VideoGuard is a specific example of how smart card security works.
Multi-use system
The Malaysian government is promoting MyKad as a single system for all smart-card applications. MyKad started out as an identity card carried by all citizens and non-citizens. Available applications now include identity, travel documents, driving license, health information, electronic wallet, ATM bank card, general and transit toll road payments, and public key encryption infrastructure. Personal information inside the MYKAD card can be read using special APDU commands.
Security
Smart cards have been advertised as suitable for personal identification tasks, as they are engineered to hold tamper. Chips usually implements some cryptographic algorithms. Nevertheless, there are several methods to recover some internal state of the algorithm.
The differential power analysis involves measuring the exact time and electrical current required for a particular encryption or decryption operation. It can infer private key on-chip used by public key algorithm like RSA. Some implementations of symmetric ciphers can be vulnerable to time or power attacks as well.
Smart cards can be physically dismantled using acid, abrasive, solvents, or other techniques to gain unlimited access to an on-board microprocessor. Although such techniques may involve the risk of permanent damage to the chip, they allow more detailed information (eg, photomicrographs of encryption hardware) to be extracted.
Benefits
The benefits of the smart card are directly related to the volume of information and applications programmed for use on the card. A contactless/contactless smart card can be programmed with multiple banking credentials, medical rights, driver's license/public transportation rights, loyalty program and club membership to name just a few. Multi-factor authentication and proximity can and have been embedded into the smart card to improve the security of all services on the card. For example, a smart card can be programmed to allow only transactions without contact if the card is also within the reach of another device like a paired phone uniquely. This can significantly increase the security of the smart card.
Governments and regional authorities save money due to enhanced security, better data and reduced processing costs. These savings help reduce public spending or improve public services. There are many examples in the UK, many use the general open LASSeO specification.
Individuals have better security and are more comfortable with using smart cards that do a lot of services. For example, they only need to replace one card if their wallet is lost or stolen. Storage of data on the card can reduce duplication, and even provide emergency medical information.
Benefits
The first major advantage of smart card is its flexibility. Smart cards have several functions that can be IDs, credit cards, stored cash cards, and personal information repositories such as phone numbers or medical history. The card can be easily replaced if it is lost, and, the requirements for a PIN (or other form of security) provide additional security from unauthorized access to information by others. At the first attempt to use them illegally, the card will be disabled by the card reader itself.
The second major advantage is security. The smart card can be an electronic keychain, giving the carrier the ability to access information and physical places without the need for an online connection. They are encryption devices, so users can encrypt and decrypt information without relying on unknown equipment, and therefore potentially untrustworthy, like ATMs. Smart cards are very flexible in providing authentication at different levels of carriers and partners. Finally, with information about users that smart cards can provide to others, they are useful tools for customizing products and services.
Other common benefits of smart cards are:
- Portability
- Increase data storage capacity
- Reliability that is almost unaffected by electric and magnetic fields.
Smart card and electronic commerce
Smart cards can be used in electronic commerce, via the Internet, although business models used in electronic commerce applications today still can not use the full potential of electronic media. The advantage of smart card for electronic commerce is its use to customize the service. For example, for service suppliers to deliver customized services, users may need to provide each supplier with their profiles, tedious and time-consuming activities. Smart cards can contain unencrypted carrier profiles, so users can get customized services even without prior contact with suppliers.
Disadvantages
Plastic cards or paper where the embedded chip is flexible enough. The larger the chip, the higher the probability that normal use can damage it. Cards are often carried in purses or pockets, harsh environments for chips and antennas in contactless cards. The PVC card can be cracked or broken if it is flexed/bent overload. However, for large banking systems, the cost of failure management can be more than offset by fraudulent reductions.
The production, use and disposal of PVC plastic is known to be more harmful to the environment than to other plastics. Alternative materials include chlorine-free plastic and paper available for some smart applications.
If the account holder's computer hosts the malware, the smart card security model may be corrupt. Malware can override communications (input via keyboard and output through the application screen) between users and applications. Man-in-the-browser malware (eg, Trojan Silentbanker) can modify transactions, unnoticed by the user. Banks such as Fortis and Belfius in Belgium and Rabobank ("random readers") in the Netherlands combine smart cards with unrelated card readers to avoid this problem. The customer enters the challenge received from the bank's website, PIN and the number of transactions to the reader, The reader returns the 8-digit mark. This signature is manually entered into a personal computer and verified by the bank, preventing the malware-selling point of changing the number of transactions.
Smart cards are also the target of security attacks. These attacks range from the physical invasion of card cards, to non-invasive attacks that exploit vulnerabilities in software or card hardware. The general purpose is to expose private encryption keys and then read and manipulate secure data such as funds. After the attacker develops a non-invasive attack for a particular smart card model, he or she is usually able to attack other cards of the model in seconds, often using equipment that can be disguised as a regular smart card reader. While manufacturers can develop new card models with additional information security, it may be expensive or inconvenient for users to improve vulnerable systems. The tamper-evident and audit feature in the smart card system helps manage the risk of compromised cards.
Another problem is the lack of standards for functionality and security. To address this problem, the Berlin Group launched the ERIDANE Project to propose "new functional and security frameworks for smart card-based Point of Interaction (POI) equipment".
See also
References
Further reading
External links
- Smart card in Curlie (based on DMOZ)
Source of the article : Wikipedia
0 Comments