PDF | The article focuses on the evolution of smart cards. Just about anything found in a person's wallet has the potential to be stored on a smart card, including. and Technology iwi. NIST Special Publication Smart Card Technology: New Methods for Computer. Access Control. Martha E. Haykin and Robert B. J. Smart Card. Handbook. Third Edition. Wolfgang Rankl and Wolfgang Effing. Giesecke & Devrient GmbH, Munich, Germany. Translated by. Kenneth Cox.

Smart Card Pdf

Language:English, Dutch, Arabic
Published (Last):17.02.2015
ePub File Size:20.37 MB
PDF File Size:20.65 MB
Distribution:Free* [*Sign up for free]
Uploaded by: KRYSTIN

Types of Chip Cards. CPU/MPU Microprocessor Multifunction Cards. pdf. Identifiers and authentication – Smart Credential Choices To Protect Digital. Smart card is an equipment that comprise of an embedded integrated circuit With an embedded microcontroller, smart card have the idiomatic capability to. A smart card, chip card, or integrated circuit card (ICC) is a physical electronic authorization "Known Attacks Against Smartcards" (PDF). Discretix Technologies.

Private electronic purse systems have also been deployed such as the Marines corps USMC at Parris Island allowing small amount payments at the cafeteria. Mobile phones are widely used across the world, so smart cards have become very common.

The United States started later deploying the EMV technology in , with the deployment still in progress in Historically, in several international payment companies agreed to develop smart-card specifications for debit and credit cards.

The original brands were MasterCard, Visa, and Europay. The first version of the EMV system was released in In the specifications became stable. EMVCo maintains these specifications. EMVco's purpose is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the version.

EMVco upgraded the specifications in and MasterCard was the first company that was allowed to use the technology in the United States. The United States has felt pushed to use the technology because of the increase in identity theft.

The credit card information stolen from Target in late was one of the largest indicators that American credit card information is not safe. Target made the decision on April 30, that it would try to implement the smart chip technology in order to protect itself from future credit card identity theft. Before , the consensus in America was that there were enough security measures to avoid credit card theft and that the smart chip was not necessary.

The cost of the smart chip technology was significant, which was why most of the corporations did not want to pay for it in the United States. The debate came when online credit theft was insecure enough for the United States to invest in the technology. The adaptation of EMV's increased significantly in when the liability shifts occurred in October by the credit card companies. Development of contactless systems[ edit ] See also: Contactless payment Contactless smart cards do not require physical contact between a card and reader.

They are becoming more popular for payment and ticketing. Typical uses include mass transit and motorway tolls. Visa and MasterCard implemented a version deployed in — in the U.

This has reduced media cost so it can be used for low cost tickets and short term transport passes up to 1 year typically. They are distributed through vending machines, ticket offices and agents.

About Sumit Thakur

Smart cards are also being introduced for identification and entitlement by regional, national, and international organizations. In addition to general health information, decrypted clinic specific patient health data are displayed. Reverse procedure will be carried out on the server side: Notice that the required DES and DSA keys are obtained from hospital central database on server side using database network addresses sent from client terminal.

Data update on clinic database is completed if everything is in order. Result of remote process is returned to terminal and patient session is closed. Figure 2 demonstrates patient session. Figure 2 approximately here After examination, patient will apply to system administration unit to record new inspection and prescription data stored on smart card to hospital database and to realize prescription approval.

Basically that unit is responsible to manage hospital database.

However in such a system, client software components will completely depend on database server and related database software. To overcome the dependency problem, instead of the clients directly being involved in database related processes, an extra control structure is added to manage queries. This lets each component to be designed independent of the others and provides software reusability. In MVC pattern, view components communicate with system data model by means of a controller mechanism.

So, client applications only include view components user interfaces such as forms, dialogs, etc. Java RMI technology lets distributed remote objects to communicate with each other without depending on network infrastructure. Authentication of client for that operation and data update are performed by that remote object.

“Select a smart card device” error message when launching PDF Studio

Implementation of MVC pattern and RMI also provides digital signature and data encryption key usage in system authentication and data security respectively. One of the important aims of the system is to access clinic databases in a secure and authenticated way in which smart cards play an active role. Data is transmitted as encrypted and signed on protocol. RMI has already facilities like object serialization and parameter marshalling on its channel so encapsulated data are not purely transferred.

Figure 3 shows whole system architecture with components. This package contains both the Java card applet and model classes to hold patient data discussed in section 2.

This software manages bytes of patient data. Applet class and it communicates with off- card smart card applications to serve patient data in a secure way. It is called tr. OCF is expected to be integrated in most of the smart card based healthcare solutions [8].

Smart card client package running on client computer carries out both doctor and patient smart card communication.

Thus, user interface components can use prepared objects provided by this package especially in APDU byte vector formation without struggling with limited smart card data structure conversions. Hence this client software bridges the gap between graphical user interface components and on-card applications as it could be seen in data flows 1 and 2 given in Figure 3. Object model of this client software is shown in Figure 5. User interface components access card data over those objects without striving for APDU communication.

Therefore it could be processed in interface components in a very simple way. As it is mentioned before, client computers do not contain any software component which is responsible to access databases and perform queries. Remote objects fulfill those operations instead of client software.

Client software only contains user interface components instances of Java Foundation Classes and forms view layer of MVC architecture. Card terminals in a department take service from RMI servers located in the same department. Remote objects, whose methods are called by clients, exist on those servers.

RMI server application creates objects with remote interfaces and registers them to RMI registry on server. When a client object wants to use a remote method, it first connects to the RMI registry on server and obtains interfaces of relevant remote objects.

Then they can call remote methods by using those interfaces according to RMI protocol [18]. Stub prepares data and sends it to remote object. Object controls authentication of client, decrypts data, prepares proper query and updates data on remote database. Operation result or exception if occurred is returned to client over the same channel. So, all control and database connection operations are abstract to clients.

Remote objects on RMI servers fulfill those operations on behalf of clients and form controller layer of MVC architecture of the system. Relational model of the central database is given in Figure 6.

Allergies, surgical operations, immunizations, medications and former diseases are stored in corresponding database tables with their unique IDs. IDs have been generated automatically during system implementation except in medications.

Barcode number on each medication is given to the related medication as its system ID. This record is associated with the related patient and the disease via their unique IDs. As it is mentioned before, clinic based patient data are stored on separate clinic databases to provide both flexibility and modularity of the system.

Due to non-standard form of the information systems and database structures used in clinics of many hospitals as in the Ege University Hospital, our design seems most appropriate. So, smart card terminal applications communicate with those remote objects and doctors can access the local patient data during examination as described in above sections.

Model is completely independent from use and view of data. So, databases form the model layer of the MVC architecture. Controller components map proper bean objects to tables of those databases.

Hence, transmission of data is realized over secure protocols both in smart card and remote database communications. These secure communications are discussed here in detail. This involves comparing keys, which are stored in a key file.

The real value of the mother key is provided by the card manufacturer with the card. Every smart card session begins with authentication stage in which both entities perform the check: After successful authentication, a secure communication channel is established between the two entities.

Given PIN is checked by smart card itself and successful entry opens the card session. In case of three consecutive wrong entries, smart card blocks itself for any communication. This requires a network communication over a secure protocol. In RMI, incoming and outgoing data are transferred in a serialized form meaning that data encapsulated by objects are not purely transferred over RMI channel. Receiver of the data should know the type of the object to deserialize content for if otherwise, it only gets a meaningless data stream.

From this point of view, SCHS specific communication protocol provides a degree of security. SCHS presents a communication protocol in which both data security and digital identity verification are duly provided. Data to be updated is first encrypted, then signed and finally serialized before network transmission. Both signed and encrypted data is encapsulated by an object and this object is serialized and sent over the RMI channel to remote side.

Figure 8 gives flowchart of this protocol. All database communications are logged in system servers. Figure 9 approximately here On the other hand, key management should be taken into consideration.

Generation, cancellation and replacement of security and authentication keys are all managed by system administration unit within SCHS. The key is stored on card in a serialized form.

Essentially this is a byte stream and this stream is again transformed into the real DES key on authorized host applications during their processes. On the other hand, system administration unit prepares DSA key pairs for healthcare professionals so that they can work within the SCHS.

Of course DES is potentially vulnerable to a brute-force attack and it may need to be replaced with an algorithm containing multiple encryptions with multiple keys such as 3DES. However smart card programmers can only use Patient card software needs more space approximately 14K both for software and permanent data objects. Note that any smartcard that complies with JavarCard specifications and provide sufficient data space can be used in implementation of our design.

That is, our design is platform independent and by using JavaCard framework [3], our system can be ported to different platforms without modifying any software. It is connected to a terminal PC with baud data transmission rate.

It has Java 1. System administration software is also deployed and tested on this computer. Server components are deployed to a PC with Intel P4 1. It does not contain any smart card software. Over lines of code are written to develop the whole system that includes seven software modules.

To write bytes of data to smart card and receive response from card takes approximately 2 seconds. Furthermore, it takes approximately 9 seconds to start a user session and display PIN entry dialog after insertion of smart card into CAD.

To provide some flavor of the developed environment, the clinic program developed for Neurosurgery Department of Ege University Hospital is discussed with its selected screenshots.

Figure 10 is the screenshot taken in runtime of the SCHS clinic application in which a doctor has recently opened a doctor session using her personal smart card. Depending on the access information on the smart card, application has also communicated with the central hospital database to retrieve personal message for the doctor if any exists. Now the doctor is ready to accept patients for examination.

Like in doctor session, when a patient smart card is opened on a clinics application, the application immediately communicates with the central database to retrieve any existing message for the patient. The doctor can also access other patient information e. Her record request is validated at the RMI server of the neurosurgery department and patient information is transferred to the clinic application in an encrypted form.

Figure 12 approximately here 5. Hence, SCHS is currently ready to be used in Neurosurgery Department and is expected to be fully operational in near future, upon fulfillment of some system deployment issues. However, contribution of other departments into the system will be fast and easy, owing to above mentioned modular software design of the SCHS.

SCHS can be considered as a powerful healthcare automation with integration of smart card use into existing hospital information systems. Its distributed protocol enables mobile and secure access to the patient records and facilitates roles of both healthcare professionals and patients. Similar studies introduced in Section 1 also aim to provide system enhancements via smart card use. However, contribution of smart cards in those studies is limited even in the systems that are currently in use.

For example system in [11] has a restricted design in which smart cards only behave as a portable health report card. Potential security and authorization features are not fully presented. Excessive hardware dependency in the second generation led developers to moving toward operating systems that can be implemented with minimal changes on different hardware.

The result was the design and implementation of a layered operating system that are largely independent of the hardware. Layered operating system is a modern operating system that has functions such as memory management, multiple file tree and state machine [3]. Features that these operating systems provide are very similar to common operating systems in personal computers.

Layered operating system that can handle independent multiple programs and prevent interference between programs. Many of these operating systems have complex state machine and wide instruction set, so that some of them can support multiple transport protocols. Today, all modern operating systems have a layered structure with an interface layer to communicate with the hardware.

Figure 1 shows three generations of these types of operating systems. Simple architecture of three different generations of smart card operating systems [3] 4. This means that description data is kept inside the file and each file before can be used must be selected.

The file structure is divided into two parts. The first part, named header file, kept the file information like internal file structure and access conditions. The second part, named body, is responsible for storing user or programs information. These two parts usually due to security issues are stored in different pages of memory and linked together by a pointer [3, 17]. File tree that is used in the card is made logically based on header files.

The header files typically have pre-defined fields that can be managed in two ways: static and dynamic. In static mode, information of file header is fixed and unchangeable. Using this structure increases the speed of file access but reduces flexibility.

To fix this problem dynamic structure can be used, this structure provides the modify ability in the file tree.

Smart card

Static file management systems are commonly used when operating system is used for a set of pre-defined targets so that possible changes in the structure of the file system such as adding or deleting a file will not exist. These file management systems for having a fixed header structure can act as a very effective and reliable and boost operating system performance in terms of speed.

Most operating systems of first generation can be considered in this category. This type of operating system, because they use a dynamic file management system, called dynamic operating systems.

Dynamic operating systems provide ability for developers to load or delete files with high- security. Application developers must use from low-level language that used in these operating systems for developing applications, it is the main reason that why the operating system is called closed.

Because closed operating systems designed and implemented tailored to specific hardware and applications then they are highly effective performance and their memory consumption is optimized.

From the perspective of the developers closed operating systems are completely under control, and if that is required it can be changes or added new features.

But, the drawback associated with this operating system is that applications must be written in low-level language that is recognized by the operating system. Security of cards that use the native operating system fully depends on the operating system. Therefore, usually closed operating systems are under different evaluation and tests such as Common Criteria CC [19].

Closed operating systems developer companies for security reasons often prefer to publish only general information about their operating system and usually avoid from expression of the details.

Table 1 presents review of general characteristics of the closed operating system. The reason of naming these operating systems is their open architecture that enables the developers to use high-level languages for writing their applications for the operating system.

Open operating systems usually have an interpreter or virtual machine that can convert high level program codes into machine level language [26]. Due to variety features that supported by open operating systems, they are typically have more complexity and heavier code size than closed operating systems. Because the use of the virtual machine or interpreter, open operating systems are considered largely independent of hardware.

The concept of hardware-independent, meaning that developers can simply write their desired applications for operating system, by using high level known languages and without detailed knowledge about the hardware. Of course it is important to note that due to the complexity of the operations, such as running virtual machines, in this type of operating systems, often open operating systems require more sophisticated hardware than closed operating systems.

For example, we can note to use of the 16 or 32 bit processor on open operating systems compared with the 8-bit processor used in most closed operating systems. As mentioned, the remarkable thing about the open operating system is that allow to applications developers, even those who don't have a role in the development of the operating system, to write their applications in high level languages such as C, ISSN: Print 17 ISSN: Online R.

In contrast to closed operating systems, developers of open operating systems usually publish comprehensive information about the operating system. Then in Java Card Forum [27] with membership of several companies in the field of smart cards was formed and formally undertook the responsibility of standardization and development of Java Card. If we want to present a definition of the Java Card must say that: Java Card is a smart card that its microcontroller can provide possibility of running java virtual machine and java card runtime environment [3].

Java Card is a multi-application smart card that provides ability of management and implementation of several programs that are written in the java language java applets.Retrieved EMVCo maintains these specifications. Contactless smart cards that can be read from within a wallet or even a garment simplify authentication; however, criminals may access data from these cards.

Mobile phones are widely used across the world, so smart cards have become very common. Mohseni, S. Smart Card Forum Consumer Research, published in early , provides additional insights into consumer attitudes towards application and use of smart cards. The subscriber identity modules used in mobile-phone systems are reduced-size smart cards, using otherwise identical technologies.

Cards are often carried in wallets or pockets, a harsh environment for a chip and antenna in contactless cards.

HELENE from Orem
Also read my other articles. One of my hobbies is collecting hats. I do love studying docunments voluntarily.