Friday, August 26, 2011

Smart card, Chip card, Integrated circuit card


Applications and Working Methods Smart card, Credit card, Debit card, SIM card, ATM card, Magnetic stripe card

A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile butadiene styrene or polycarbonate . Smart cards may also provide strong security authentication for single sign-on (SSO) within large organizations.

Applications

Computer security

The Mozilla Firefox web browser can use smart cards to store certificates for use in secure web browsing.
Some disk encryption systems, such as FreeOTFE, TrueCrypt and Microsoft Windows 7 BitLocker, can use smart cards to securely hold encryption keys, and also to add another layer of encryption to critical parts of the secured disk.
Smart cards are also used for single sign-on to log on to computers.
Smart card support functionality has been added to Windows Live passports.

Credit cards

Main articles: Contactless smart card and Credit card
These are the best known payment cards (classic plastic card):
  • Visa: Visa Contactless, Quick VSDC—"qVSDC", Visa Wave, MSD, payWave
  • MasterCard: PayPass Magstripe, PayPass MChip
  • American Express: ExpressPay
  • Discover: Zip
Roll-outs started in 2005 in USA. Asia and Europe followed in 2006. Contactless (non PIN) transactions cover a payment range of ~$5–50. There is an ISO/IEC 14443 PayPass implementation. Some, but not all PayPass implementations conform to EMV.
Non-EMV cards work like magnetic stripe cards. This is a typical USA card technology (PayPass Magstripe and VISA MSD). The cards do not hold/maintain the account balance. All payment passes without a PIN, usually in off-line mode. The security of such a transaction is no greater than with a magnetic stripe card transaction.
EMV cards have contact and contactless interfaces. They work as a normal EMV card via contact interface. Via contactless interface they work somewhat differently in that the card command sequence adopts contactless features such as low power and short transaction time.

Cryptographic smart cards

Cryptographic smart cards are often used for single sign-on. Most advanced smart cards include specialized cryptographic hardware that uses algorithms such as RSA and DSA. Today's cryptographic smart cards generate key pairs on board, to avoid the risk from having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card). Such smart cards are mainly used for digital signature and secure identification, (see applications section).
The most common way to access cryptographic smart card functions on a computer is to use a vendor-provided PKCS#11 library. On Microsoft Windows the CSP API is also supported.
The most widely used cryptographic algorithms in smart cards (excluding the GSM so-called "crypto algorithm") are Triple DES and RSA. The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage.
Some of these smart cards are also made to support the NIST standard for Personal Identity Verification, FIPS 201.

Financial

Smart cards serve as credit or ATM cards, fuel cards, mobile phone SIMs, authorization cards for pay television, household utility pre-payment cards, high-security identification and access-control cards, and public transport and public phone payment cards.
Smart cards may also be used as electronic wallets. The smart card chip can be "loaded" with funds to pay parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. No connection to the issuing bank is necessary, so the holder of the card can use it even if not the owner. Examples are Proton, Geldkarte, Chipknip and Mon€o. The German Geldkarte is also used to validate customer age at vending machines for cigarettes.


Sim Card

Health care (medical)

Smart health cards can improve the security and privacy of patient information, provide a secure carrier for portable medical records, reduce health care fraud, support new processes for portable medical records, provide secure access to emergency medical information, enable compliance with government initiatives and mandates, and provide the platform to implement other applications as needed by the health care organization.

Identification

A quickly growing application is in digital identification. In this application, the cards authenticate identity. The most common example employs Public key infrastructure (PKI). The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and various identification cards used by many governments for their citizens. Combined with biometrics, cards can provide two- or three-factor authentication. Smart cards are not always privacy-enhancing, because the subject carries possibly incriminating information on the card. Contactless smart cards that can be read from within a wallet or even a garment simplify authentication.
The first smart card driver's license system in the world was implemented in 1987 in Turkey. Turkey had a high level of road accidents and decided to develop and use digital tachograph devices on heavy vehicles, instead of the existing mechanical ones, to reduce speed violations. Since 1987, the professional driver's licenses in Turkey are issued as smart cards and the driver is required to insert his driver's license into the digital tachograph before starting to drive. The tachograph unit records speed violations for each driver and gives a printed report. The driving hours for each driver is also being monitored and reported. In 1990 the European Union conducted a feasibility study through BEVAC Consulting Engineers, titled "Feasibility study with respect to a European electronic drivers licence (based on a smart-card) on behalf of Directorate General VII". In this study, chapter seven is dedicated to the experience in Turkey, stating that the electronic driver's license application, in the form of smart cards, was first implemented in Turkey in 1987.
A smart card driver's license system was later issued in 1995 in Mendoza province of Argentina. Mendoza had a high level of road accidents, driving offenses, and a poor record of recovering outstanding fines. Smart licenses hold up-to-date records of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph. Emergency medical information such as blood type, allergies, and biometrics (fingerprints) can be stored on the chip if the card holder wishes. The Argentina government anticipates that this system will help to collect more than $10 million per year in fines.
In 1999 Gujarat was the first Indian state to introduce a smart card license system. To date  it has issued 5 million smart card driving licenses to its people.
a national ID card, protected by a 1,024-bit key code, is impossible to break without a supercomputer working away for a hundred years
In 2002, the Estonian government started to issue smart cards named ID Kaart as primary identification for citizens to replace the usual passport in domestic and EU use. As of 2010 about 1 million smart cards have been issued (total population is about 1.3 million) and they are widely used in internet banking, buying public transport tickets, authorization on various websites etc.
By the start of 2009 the entire population of Spain and Belgium will have an eID card that is used for identification. These cards contain two certificates: one for authentication and one for signature. This signature is legally enforceable. More and more services in these countries use eID for authorization.
Smart cards are also beginning to be used in emergency situations. In 2004, The Smart Card Alliance issued a statement expressing the need to "to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification". In light of this, emergency response personnel have now begun to carry these cards so that they can be positively identified in emergency situations. WidePoint Corporation, a smart card provider to FEMA, produces cards that contain additional personal information, such as medical records and skill sets. Cards like these provide immediate access to information, which allows first responders to bypass organizational paperwork and focus more time on the emergency resolution.

Schools

Smart cards are being provided to students at schools and colleges. Usage includes:
  • Tracking student attendance
  • As an electronic purse, to pay for items at canteens, vending machines etc
  • Tracking and monitoring food choices at the canteen, to help the student maintain a healthy diet
  • Tracking loans from the school library

Public transit

Smart cards and integrated ticketing have become widely used by public transit operators around the world. Card users may use their cards for other purposes than for transit, such as small purchases. Some operators offer points for usage, exchanged at retailers or for other benefits. Example include the Octopus Card used in Hong Kong, London's Oyster Card, and San Francisco's Clipper card. However, they have been criticized for presenting a privacy risk because it can allow the mass transit operator (and the government) to track an individual's movement. In Finland, for example, the Data Protection Ombudsman prohibited the transport operator Helsinki Metropolitan Area Council (YTV) from collecting such information, despite YTV's argument that the card owner has the right to a list of trips paid with the card. Earlier, such information was used in the investigation of the Myyrmanni bombing.[citation needed]

Concessionary travel

A highly successful use for smart cards within the UK is in concessionary travel schemes. Mandated by the Department for Transport, travel entitlements for elderly and disabled residents are administered by local authorities and passenger transport executives. Smart cards have been issued as bus passes to qualifying residents; however these smart cards can instead now be used by elderly and disabled people who qualify for concessionary taxi travel. These schemes are part of an additional service offered by some local authorities as an alternative for residents unable to make use of their bus pass. One example is the "Smartcare go" scheme provided by Ecebs.

Other

Smart cards are widely used to protect digital television streams. VideoGuard is a specific example of how smart card security worked (and was cracked).
The Malaysian government uses smart identity cards carried by all citizens and resident non-citizens. The personal information inside the MYKAD card can be read using special APDU commands.
Since April 2009, Toppan Printing Company (Toppan insatsu?) has manufactured reusable smart cards for money transfer and made from paper instead of plastic.

0 comments:

Post a Comment