Tài liệu Sách hay về thẻ smartcards docx

104 373 0
Tài liệu Sách hay về thẻ smartcards docx

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

Contents Preface 3 1. Introduction .4 2. Smart Card Basic .8 2.1 What is smart card 8 2.2 History of smart card development 9 2.3 Different types of smart cards 9 2.3.1 Memory Cards .9 2.3.2 Contact CPU Cards 10 2.3.3 Contactless Cards .10 2.3.4 Combi-Card .11 2.4 Different standards of smart cards 12 3. Current Smart Card Applications .14 3.1 Electronic payment Applications 14 3.1.1 Electronic Purse 14 3.1.2 Stored Value Cards .15 3.2 Security and Authentication Applications 15 3.2.1 Cryptographic uses .15 3.2.2 Identity card .16 3.2.3 Access control card .16 3.2.4 Digital certificate 17 3.2.5 Computer login 17 3.3 Transportation uses 18 3.4 Telecommunication Applications .18 3.5 HealthCare Applications 19 3.6 Loyalty Applications 19 4. Technology Aspects of Smart Card .21 4.1 Overview of ISO 7816 Standards 21 4.2 Communication Protocol between Terminal and Smart Cards .22 4.3 Overview of File Systems .26 4.4 Overview of Naming Scheme 26 4.5 Overview of the Security Architecture 27 4.6 An Example of Smart Card Application : SmartFlow Internet Payment System . 28 5. Java Card Programming .32 6. Building your own smart card application 36 6.1 Plan the smart card solution .36 6.2 Understand the need of smart card 38 6.3 Managing data storage on the card .39 6.4 Determine the required back end support .43 6.5 Choosing card-side and host-side environment 45 6.6 Miscellaneous Tools 46 7. Future trend of smart card .50 7.1 Unification of smart card host-side standards on PC .50 7.1.1 Personal Computer/Smart Card standard (PC/SC) 51 7.1.2 Alternative standard of smart card in PC and Mini-computer (OpenCard Framework) .55 7.2 Trends in smart card card-side standards .58 7.2.1 Java inside 58 Guide to Smart Card Technology Page 1 7.2.2 Mondex MULTOS OS .61 7.2.3 Microsoft Windows in Smart card .62 7.2.4 Card OS future 64 7.3 Smart card in electronic commerce .64 7.3.1 Smart Card Payment Protocol 65 7.3.2 Smart card as prepaid and loyalty card 66 7.3.3 Smart card as electronic wallet .67 7.3.4 Electronic Payment over Mobile Telecommunications .67 7.4 Smart card in Internet security .68 7.4.1 Smart card as Digital ID 68 7.4.2 Smart card as Computer access logon key 74 7.4.3 Smart card in Intrusion detection System as user-profile holder 75 7.4.4 Biometric authentication 77 8. Summaries and Conclusions 78 Glossary 82 References 91 Appendix .97 A. Price Comparison of different cards and readers .97 B. Resources .101 Collections of Smart Card Books 101 Collections of General Smart Card Internet Resources 101 Collections of Java Card Technology on Internet .102 Collections of Smart Card Security Technology on Internet .102 Collections of Smart Card Payment Technology on Internet 103 Collections of Smart Card Vendors .103 Guide to Smart Card Technology Page 2 Preface This handbook aims to provide a comprehensive overview of the current state of the art in smart card software technology development, applications, and future trends. The information would be useful to IT managers and executives wishing to explore the possibility of developing smart card applications. The handbook consists of three sections. The basic concepts of smart cards and current applications are presented in the first section in layman's language. The second section gets into some of the technical aspects of smart card internals, and offers suggestions on smart card development procedures as well as general ideas in programming smart cards, including the new Java Card. This section is for programmers and IT managers who would like to go beyond the basic concepts and get an idea on what it takes to develop smart card applications. Finally, the third section presents our views on future trends in smart card development framework, standards and possible applications. A list of useful reference materials is also included. The growth of smart card adoption in Asia is increasing rapidly and we believe this technology will be an important one in the near future. The Cyberspace Center is working to develop the security, biometric identification, micropayment and other aspects of smart card technology for use over the Internet. The handbook summarizes some of our experience in this work. Many people have contributed to the handbook, especially Ricci Ieong, Andy Fung, Ivan Leung, Patrick Hung, James Pang and Ronald Chan. Ricci, Ivan, Andy and Patrick in particular, wrote parts of the handbook. This document can be accessed online from the Cyberspace Center's home page http://www.cyber.ust.hk. Some chapters are actually better viewed on-line since they provide URLs directly to sources of additional information. Finally, I would like to acknowledge the Industry Department of the Hong Kong SAR for funding the Cyberspace Center. Our objective is to help Hong Kong industries make more effective use of the Internet to enhance their competitiveness in the world markets. This and our other handbooks are part of the effort in attaining this goal. Please visit our web site to learn about some of our other activities. Samuel Chanson Director Cyberspace Center Guide to Smart Card Technology Page 3 1. INTRODUCTION Smart card technology has been around for more than 20 years. Since its first introduction into the market, its main application is for the payphone system. As card manufacturing cost decreases, smart card usage has expanded. Its use in Asia is expected to be growing at a much faster pace than in Europe. According to a survey performed by Ovum Ltd. [Microsoft1998a], the number of smart card units will reach 2.7 billion by 2003. The largest markets will be in prepayment applications, followed by access control, and electronic cash applications. According to a recent study by Dataquest [Microsoft1998c], the overall market for memory and microprocessor- based cards will grow from 544 million units in 1995 to 3.4 billion units by 2001. Of that figure, microprocessor-based smart cards, which accounted for only 84 million units in 1995 will grow to 1.2 billion units in 2001. Based on the report from Hong Kong SAR Government Industry Department on the Development and Manufacturing Technology of Smart Card [HKSAR1997], Hong Kong industries have the capability and should participate in development and manufacturing of smart card IC chips, readers and card operating systems. To promote this, Hong Kong SAR government has decided to form a Hong Kong Smart Card Forum. Under this active participation and encouragement from the Hong Kong SAR Government, smart card development and support will expand in Hong Kong. Although the Octopus card is relatively new to Hong Kong, smart cards have already been introduced in Hong Kong for at least two years. These include Mondex by Hong Kong bank and GSM cards in the mobile phone market. However, using this powerful and highly secure card on Personal computer (PC) as well as the Internet is still not common. Many international companies have identified the smart card as one of the new directions in electronic money and personal identification and authentication tools. In May 1996, several companies including Microsoft, Hewlett-Packet and Schlumberger formed a PC/SC workgroup which aimed at integrating the smart card with personal computer (PC). This workgroup mainly concentrates on producing a common smart card and PC interface standards for the smart card and PC software producers. Many of the interface standards and hierarchy have already been established. Some of these prototype products are now available on the market. Moreover, Netscape and Microsoft have also announced that the smart card will be their new direction in computer security and electronic commerce area. Microsoft has even published some documents on its role in the smart card market. Although it will not be a smart card manufacturing company, it has indicated that the smart card will be a key component in Microsoft Windows 98 and Windows NT 5.0. Together with Guide to Smart Card Technology Page 4 the latest smart card operating system announcement [Microsoft1998a], Microsoft will be actively involved in the smart card market. Furthermore, programming modules for smart cards using Visual C++, Visual J++ and Visual Basic have also been developed. The Cyberspace Center believes smart card technology will play a major role in Internet applications in the future. Therefore, we decided to start evaluating the available Smart card development tools and study the use of Smart card in Internet security and electronic commerce. With first-hand information and experience, we will be able to provide advice and assistance to the Hong Kong Industry. The smart card is expected to be used in many applications and especially in personal security related applications such as access control, computer logon, secure email sending and retrieving services. The reason for this growth lies in the smart card’s portability and security characteristics. In addition, as the recent growth of palmtop computers shows, people are looking for smaller and smaller devices for carrying their data with them. Smart card provides a good solution for many applications. Applications are the driving force behind the new smart card market. Many of these applications have already been implemented, such as prepayment for services, credit and debit card, loyalty card, and access control card. The most commonly known example is the prepayment services cards, namely, prepaid phone cards, transportation cards and parking cards. Based on the e-purse card, people could perform bank transaction from ATM machines at home or in the bank. With the use of loyalty cards, companies could store discount information and shopping preferences of their customers. Using these shopping preferences, companies could design new strategies for the users. Access control systems to buildings, computers or other secure areas will soon be handled by a single smart card. In this handbook, we shall briefly describe what smart card is and how it can be used in different applications. The aim of this handbook is to provide a business and executive overview to companies that wish to join the smart card era. This handbook is divided into 8 chapters classified into 3 sections – Smart card Overview, Smart card in Details, and Smart card in the Future. In the first section, basic concepts of smart cards will be described. In chapter 2, we review the history of smart cards. Then we outline the different types of smart cards and their standards. Current applications and uses of smart cards are mentioned in chapter 3. In the second section, technical aspects of smart card internals as well as programming tips are briefly described in chapter 4. Because programming and design methodology for the Java card is different from traditional card programming, in chapter 5, we describe the basics in Java Card programming. In chapter 6, procedures of smart card development are given. Guide to Smart Card Technology Page 5 In the last section of this handbook, the future of smart card development is presented. Different ideas on future smart card applications are used in formulating a forecast in chapter 7. Lastly, we conclude the handbook with a summary of different research, survey and reports on smart cards. References and glossaries are provided at the end of this handbook. We hope that based on our handbook, company executives, technical managers and software developers would gain knowledge and insight into the emerging smart card technology and applications. Guide to Smart Card Technology Page 6 Part I. Smart card Overview Guide to Smart Card Technology Page 7 2. SMART CARD BASIC A smart card is a plastic card with a microprocessor chip embedded in it. The card looks like a normal credit card except for its metal contact (in contact card only), but applications performed could be totally different. Other than normal credit card and bankcard functions, a smart card could act as an electronic wallet where electronic cash is kept. With the appropriate software, it could also be used as a secure access control token ranging from door access control to computer authentication. The term “smart card” has different meanings in different books [Guthery1998, Rankl1997] because smart cards have been used in different applications. In this chapter, we provide our definition of “smart card” to put the subsequent chapters in context. We also describe the development history of smart cards and depict the types of card available on market. Finally, descriptions on different smart card standards, such as ISO and EMV are given at the end of this chapter. 2.1 What is smar t card In the article “Smart cards: A primer” [DiGiorgio1997a], the smart card is defined as a “credit card” with a “brain” on it, the brain being a small embedded computer chip. Because of this “embedded brain”, smart card is also known as chip or integrated circuit (IC) card. Some types of smart card may have a microprocessor embedded, while others may only have a non-volatile memory content included. In general, a plastic card with a chip embedded inside can be considered as a smart card. In either type of smart card, the storage capacity of its memory content is much larger than that in magnetic stripe cards. The total storage capacity of a magnetic stripe card is 125 bytes while the typical storage capacity of a smart card ranges from 1K bytes to 64K bytes. In other words, the memory content of a large capacity smart card can hold the data content of more than 500 magnetic stripe cards. Obviously, large storage capacity is one of the advantages in using smart card, but the single-most important feature of smart card consists of the fact that their stored data can be protected against unauthorized access and tampering. Inside a smart card, access to the memory content is controlled by a secure logic circuit within the chip. As access to data can only be performed via a serial interface supervised by the operating system and the secure logic system, confidential data written onto the card is prevented from unauthorized external access. This secret data can only be processed internally by the microprocessor. Due to the high security level of smart cards and its off-line nature, it is extremely difficult to "hack" the value off a card, or otherwise put unauthorized information on Guide to Smart Card Technology Page 8 the card. Because it is hard to get the data without authorization, and because it fits in one’s pocket, a smart card is uniquely appropriate for secure and convenient data storage. Without permission of the card holder, data could not be captured or modified. Therefore, smart card could further enhance the data privacy of user. Therefore, smart card is not only a data store, but also a programmable, portable, tamper-resistant memory storage. Microsoft considers smart card as an extension of a personal computer and the key component of the public-key infrastructure in Microsoft Windows 98 and 2000 (previous known as Windows NT 5.0) [Microsoft1997a]. 2.2 Histor y of smar t card development A card embedded with a microprocessor was first invented by 2 German engineers in 1967. It was not publicized until Roland Moreno, a French journalist, announced the Smart Card patent in France in 1974 [Rankl1997]. With the advances in microprocessor manufacturing technology, the development cost of the smart card has been greatly reduced. In 1984, a breakthrough was achieved when French Postal and Telecommunications services (PTT) successfully carried out a field trial with telephone cards. Since then, smart cards are no longer tied to the traditional bankcard market even though the phone card market is still the largest market of smart cards in 1997. Due to the establishment of the ISO-7816 specification in 1987 (a worldwide smart card interface standard), the smart card format is now standardized. Nowadays, smart cards from different vendors could communicate with the host machine using a common set of language. 2.3 Different types of smar t cards According to the definitions of “smart card” in the Smart card technology frequently asked questions list [Priisalu1995], the word smart card has three different meanings: • IC card with ISO 7816 interface • Processor IC card • Personal identity token containing ICs Basically, based on their physical characteristics, IC cards can be categorized into 4 main types, memory card, contact CPU card, contactless card and combi card. 2.3.1 Memory Cards A memory card is a card with only memory and access logic onboard. Similar to the magnetic stripe card, a memory card can only be used for data storage. No data Guide to Smart Card Technology Page 9 processing capability should be expected. Without the on-board CPU, memory cards use a synchronous communication mechanism between the reader and the card where the communication channel is always under the direct control of the card reader. Data stored on the card can be retrieved with an appropriate command to the card. In traditional memory cards, no security control logic is included. Therefore, unauthorized access to the memory content on the card could not be prevented. While in current memory cards, with the security control logic programmed on the card, access to the protection zone is restricted to users with the proper password only. 2.3.2 Contact CPU Cards A more sophisticated version of smart card is the contact CPU card. A microprocessor is embedded in the card. With this real “brain”, program stored inside the chip can be executed. Inside the same chip, there are four other functional blocks: the mask-ROM, Non-volatile memory, RAM and I/O port [HKSAR1997, Rankl1997]. Except for the microprocessor unit, a memory card contains almost all components that are included in a contact CPU card. Both of them consist of Non- volatile memory, RAM, ROM and I/O unit. Based on ISO 7816 specifications, the external appearance of these contact smart cards is exactly the same. The only difference is the existence of the CPU and the use of ROM. In the CPU card, ROM is masked with the chip’s operating system which executes the commands issued by the terminal, and returns the corresponding results. Data and application program codes are stored in the non-volatile memory, usually EEPROM, which could be modified after the card manufacturing stage. One of the main features of a CPU card is security. In fact, contact CPU card has been mainly adopted for secure data transaction. If a user could not successfully authenticate him/herself to the CPU, data kept on the card could not be retrieved. Therefore, even when a smart card is lost, the data stored inside the card will not be exposed if the data is properly stored [Rankl1997]. Also, as a secure portable computer, a CPU card can process any internal data securely and outputs the calculated result to the terminal. 2.3.3 Contactless Cards Even though contact CPU smart card is more secure than memory card, it may not be suitable for all kinds of applications, especially where massive transactions are involved, such as transportation uses. Because in public transport uses, personal data must be captured by the reader within a short period of time, contact smart card which requires the user to insert the card to the reader before the data can be captured from the card would not be a suitable choice. With the use of radio frequency, the contactless smart card can transmit user data from a fairly long Guide to Smart Card Technology Page 1 0

Ngày đăng: 09/12/2013, 21:15

Từ khóa liên quan

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan