Smart Cards and EBUSINESS 4 What is a
Smart Cards and E-BUSINESS 4 What is a Smart card? 4 A smart card is the size of a conventional credit card, with an electronic microchip embedded in it. 4 The chip stores electronic data and programs that are protected by advanced security features 1
2
3
4
Smart Cards Standards 4 ISO 7816 defines the physical dimensions of smart cards and their electric characteristics 4 ISO 7816 establishes commands to read, write and update records 4 ISO 7816 specifies transmission protocols 5
How many kinds of smart cards exist? 1 -Contact smart card inserted into card reader 6
2 - Contactless Smart cards: should be passed near an antenna to carry out transaction 7
How many Kinds of Smart Cards with respect to Architecture 4 Memory Cards: EEPROM +security logic optimized for certain application 4 Microprocessor Cards: consist of CPU+EEPROM, RAM & I/O 4 Allows several applications to be on one card 8
Why are smart cards important? 4 To reduce fraud in finance and payments: up to 0. 2% of turnover in major credit and debit card systems around world-nearly $1 billion a year-is fraudulent 4 Many smart cards are used in sensitive areas such as personal identification and health 4 If security is compromised, the resulting publicity could affect public confidence 9
Why are smart cards secure? 4 Smart cards protect information stored on them from damage or theft by using strong encryption techniques 4 Algorithms such as RSA, DES, or triple DES can be used with very long keys up to 1024 bits 4 Hence they are much more secure than magnetic strip cards which can be copied easily 10
Smart Cards Advantages 4 Security 4 Convenience(compatible with portable electronic devices like: phones, PDAs & PCs 4 Economic Benefits 4 Customization 4 Multifunctionality 11
4 Faster 4 More reliable than magnetic cards 4 Can store 100 times more than magnetic cards 12
Can Smart Cards Support Multi. Applications? 4 Capability to download independent Applets, securely Isolated 4 Example: A card may contain Individual’s driver’s license, multiple credit card & bank accounts, stored value for company cafeteria, & health records 4 A police officer’s card reader can read driver’s license info, but not bank account 13
14
Where is Smart Card used? 4 Electronic Purse( digital Cash) 4 E-Business over the Internet 4 Telecommunication 4 Access control & personal identification 4 Credit & debit ( Visa Master card) 4 Transport( ticketless airline, bus, taxi) 4 Pay TV & loyalty 15
16
How smart is a smart card? 4 Some smart cards are smarter than others 4 Simplest cards like payphone cards, vending machine cards ( containing only memory +simple protection logic) offer no protection if stolen 4 The smarter smart cards ( CPU cards) might have several passwords restricting use for only one person ( card holder) 17
4 For added security ( especially in financial applications and in access control) 4 Authentication & encryption techniques are widely used to verify true identity of the card holder 4 Some smart cards used in sensitive areas where security cannot be compromised , use security processors embedded in the card like cryptoprocessors with RSA or DES on 18 it
What is electronic purse? 4 The electronic purse carries value on a smart card in place of notes and coins 4 The purse is designed to replace cash for small transactions 4 One of the greatest potential benefits is multifunctionality where other applications such as public telephone payment, parking and road toll payment as well as credit & 19 debit could be added
How does E-Purse Work? 4 E-purses are usually issued by banks to their customers 4 Money is loaded into the e-purse by transfer from cardholder’s bank account using: ATM, or public payphone, or a home smart phone, a mobile phone or through internet 4 Once cardholder has chosen goods, he inserts card into POS and money is debited 20
Examples Of E-Purse 4 Mondex 4 Visa Cash 4 Digi Cash 4 Cyber Coin 21
E-purse benefits 4 No need to carry loose change to buy newspaper or use vending machine 4 more convenient than checks and debit cards for small transactions 4 Offer user more privacy and freedom from recording expenditures in check book 4 Attractive to merchants: Saves time 22
23
24
25
26
What Is a Digital Signature ? 4 Used To Establish Authenticity of Electronically Transmitted messages 4 Only one Smart Card Can Sign a Document 4 Every One Can Verify The Signature 4 RSA algorithm is usually used to form a cryptographic checksum which is appended to the message 27
28
29
30
31
32
33
Providing Value Added services 4 GSM Cellnet and Barclaycard developped wireless finantial service smart card 4 SIM activates user’s Cellnet GSM phone 4 Provides a Barclay services menu 34
Swedish Bank Utility Bill Payment 4 SIM card allows users to access service by menu navigation 4 Users can pay their utility bills away from home by keying information such as origin and destination bank account numbers 35
Press releases 4 Cyberflex Access is the first commercial smart card to combine java programmability and strong cryptography 4 The card uses authentication, in addition to RSA, DES and triple DES algorithms. 4 Programmers can develop secure applications by calling in their Java programs cryptographic services available 36 in the card API
4 With 16 K EEPROm, you can store applets as well as cryptographic keys and digital certificates 4 Hong Kong July 29, 1999: Hong Kong mobile network company has upgraded 250, 000 subscribers for programmable multi -service Simera 32 Java compatible SIMS. 37
4 The company is the first in ASIA to allow its subscribers to download services over air 4 Master card has developed the complete Chip solution to migrate their 600 million master card credit and debit cards to chip platform 38
4 The latest edition of ST 19 , is the smart card IC from Stmicroelectronics is aimed at high end telecom, java cards and similar multi application cards 4 This new smart card complies with Javacard api 2, allows downloading huge applets to EEprom 39
4 RACAl Security and payments has introduced the DATACryptor 2000 a public key managed, triple des link encryptor to protect valuable network data. 4 It uses triple DES ( 168 bits) it transmits encrypted data at speeds of up to 512 K bits/sec 40
What Are contactless Smart Cards 4 Energy and data transferred without electrical contact between card and terminal 4 Distance: few centimeters -1 meter 4 Commonly used frequencies: 125 KHz & 13. 5 MHz 4 Power from terminal over carrier frequency 41
Main Applications 4 Access Control 4 Vehicle identification 4 Electronic driver license 4 Ski Passes 4 Airline tickets 4 Transportation: buses, taxis & underground 4 Baggage Identification 42
Advantages Of Contactless Cards 4 No need to remove from purse or pocket 4 Can Collect & analyze customer utilization data 4 Freedom of orientation of card(Increases customer acceptance) 4 Less maintenance needed than contact cards 4 Longer life cycle 43
4 Provides high passenger throughput 4 Less queuing 4 Delivering speed 4 Reliability 4 Security 44
4 MIFARE developped Combi card for public transportation(dual interface) 4 Frequency: 13. 5 MHz, data rate >100 KB/s 4 Fast Anti collision algorithm 4 Range: 10 Cms 4 Up to 16 independent applications on card 4 Access to card protected by encryption 45
4 Provides highest level of security by using 3 DES Encryption Algorithm & Cryptoprocessor 4 Mifare Prox(High speed 3 -DES coprocessor) 4 Contains true Random number generator 4 Used in Taxi, Buses, subways, electronic payment in shops. 4 85% of contactless cards are Mifare 46
47
48
SMART CARD MARKET BY THE YEAR 20 0 1 Total Smart Cards in the Market = 49
WORLD WIDE MARKET PROSPECTS OF THE STORED-VALUE CARD 1, 950 Billion dollars International Potential Market 50
The Future 4 Market researcher Dataquest forecasts that by year 2001, 3. 4 billion smart cards will be used world-wide: Multi application card 4 Main future areas are in biometrics: using retina scan 4 National identity cards: all citizens by law will be required to carry identity smart cards 4 RF contactless cards are expected to be widely used 51
4 3, 85 billion smart cards expected in 2002 4 Microprocessor smart cards ranging between 21 billion-35 billion by 2010 4 Number of microprocessor smart cards to increase at rate of 55% per year 4 25 billion ecash transactions by 2005, 30% of these are using smart cards 52
Smart Cards & Terminals Cost 4 Memory Cards: $. 1 -$. 4 4 POS Terminals: $150 -$1500 4 Microprocessor Smart Cards: $2. 00 - $10. 00(depending on capacity and complexity) 4 Smart Card Readers/Writers: $100 -$250 53
- Slides: 53