Smartcard in Future Distributed Application Scenario by Satish Devane Guide Prof' D'B' Phatak

1
Smartcard in Future Distributed Application
Scenario by - Satish DevaneGuide - Prof. D.B.
Phatak
2
Introduction

• Rapid changes in business
• Available of information tools
• Inter organization communication
• Use of Intranet
• Paperless technology
• What about Security ? Authentication ?

3
Answer

• Smartcard

4
Smartcard

• Plastic card with processor and memory
• Contact card
• Contactless card
• History
• Invented 1974
• Trial 1982 in France
• Widely used in European countries
• Spreading in other developed countries

1 Vcc 5.Gnd 2 Rst 6.Vpp 3 Clk 7.I/O 4
- 8. -
5
Architecture
Master File
Dedicated File
CPU 6805,8051
Elementary file
Protocol T0 Asynchronous half duplex Character
Transmission T1 Asynchronous half duplex Block
Transmission
6
Data stored in File

• Transparent Sequence of data unit
• Linear File with fix size record length
• Linear File with variable size record length
• Cyclic file with fix size record length

7
Security

• Status
• Global-Master File
• File- Dedicated File
• Command
• Attribute
• File Command
• Mechanism

8
Security Mechanism

• Authentication with Password
• Authentication with Key
• Data Authentication
• Public Key Interface (Public and private Key)
• Data Encipherment
• Encryption and Decryption with public and
  private key

9
Present Application

• Application
• Banking
• Telephone (GSM SIM cards)
• Satellite communication (subscriber and
  pay-per-view cards)
• Transportation Taxi,Bus,Train(access control
  cards)
• Identification (Authentication ID card)

10
Cont. Application

• Tollbooth (stored value cards)
• Vending machine (stored value cards)
• Cash purse (stored value cards)
• Health care

11
Payment System

• Electronic Purse or Wallet
• Purse Provider
• Load Agent
• Service Provider
• Acquirer
• Purse Holder

12
Payment System
Purse Provider
Merchant
A c q u i r e r
Bank 1
Load Agent
2
2
3
3
4
4
13
Payment System

• Advantages
• Less cash handling reduces theft and fraud
• Record of expenditure
• Increase in business and customer relationship
• Avoiding Waiting in Banks

14
Payment System

• Disadvantages
• Initial Technology cost
• Recurring Service Charges of Service provider

15
Transport

• Airline Ticketing
• Loyalty
• Taxi / Bus / Train
• Preloaded card

16
Emerging Distributed Application

• Internet Banking
• E Commerce
• Corporate Network

17
Internet Banking

• Bank Anywhere Anytime
• Home Banking
• Load money in smartcard
• Remote Electronics Banking
• Fund transfer
• Online Banking

18
Internet Banking

• Requirements
• Bank Web Server
• Transaction System
• Smartcard Security and Authentication System at
  client

19
Web Application

• E commerce
• Online Business Transaction
• Request,Order,Acknowledge,Payment
• On line shopping
• News Journal Subscription
• Problem Authentication and security in payment

20
Web Application

• Corporate Network
• Paperless organization
• communication network within organization
• Inter organization network
• Internet as backbone for communication
• Problem Security, Privacy, Authentication,
  Non-Repudiation

21
Solutions

• IBM DSS
• IBM Digital Signature Solution
• MISF
• Microsoft Internet Security Framework

22
IBM DSS

• Software with IBM Signcard
• Supports
• Netscape Communicator
• MS Browser
• Netscape Messenger
• Outlook Express

23
IBM DSS

• Based on Public Key Infrastructure
• Use DSA / RSA Public key Algorithm
• Support standards
• PKCS 11 ?
• PC/SC
• X.509v3
• S-MINE , S-HTTP

24
IBM DSS Example
Digital signing and verifying a document (e-mail)
25
MISF

• Based on Public Key Infrastructure
• Protocol
• SSL Secure Socket Layer
• PCT Private Communication Technology
• MISF Crypto API
• Support
• Netscape MS Explorer

26
Multiplication

• Why Multiplication ?
• One card for all application
• Payment , Healthcare card, Identification etc etc
  
• Presently Manufacture prepare specific
  application card
• reasons
• Architecture, Card OS, Standards are not proper,

27
Java Card
28
Javacard

• Third party application can be used
• application can be downloaded after manufacturing
  card.
• Support Java applet run on JVM
• Changes can be incorporated easily
• Multi application
• Platform independence

29
OCF/PCSC

• OCF Open card framework
• PC/SC Interpretability Specification for ICC and
  personal computer
• Standards for use of smartcard on PC
• PC/SC require device driver
• OCF is compatible with PC/SC and Javacard
  compatibility is added

30
Javacard

• Object oriented design and implementation in OCF
• PC/SC Work on Windows
• OCF Platform Independent
• PC/SC use C,VC,VB for programming
• OCF use Java

31
Future

• Javacard
• 32 bit processor ARM7
• FeRAM memory (20X)
• MULTOS Multi application OS
• also support PC/SC

32
Growth of smartcard at 2000
GemPlus Orga Philips Solic Bank 71 18.2 1
82 130 ID 171 210 - - Transport 142 15 -
- Health 36 5.3 157 100 Million card