1

3. Smart Identification

3.1 Smart Cards

3.1.1 What Is a Smart Card?

Smart cards evolved from plastic identification and magnetic stripe cards through adding a secure, tamper-resistant single-chip microcomputer.

In the tasks of very reliable authentication, electronic signature generation, and cryptograph, smart cards are superior to traditional magnetic stripe technologies.

A patent for an identification card with an integrated circuit was filed, and the smart card was born (1968).

An important characteristic of a smart card is that the information on it cannot be copied.

Smart cards are recognized as the next generation financial transaction cards.

Today every mobile phone that complies with the GSM standard contains a smart card that identifies the phone and authenticates the owner to the telephone system.

Building access system, home banking applications

2

Magnetic Card & Smart Card

Type Magnetic Card Smart Card

용량 150~800 bit 64 Kbit

1 Kbit 당 가격 20 Cent 24 Cent

보안 정보변경이 쉽다 .정보 변경이 어렵다 .

자체 검증 기능이 있다 .

신분증명 4 자리 숫자 숫자 , 문자 , 지문 등 신체 특성 사용이 기능

외부교신 자기 전기

장점 싸고 , 널리 손쉽게 사용 중

보안 기능과 다양한 응용분야

단점보안성이 취약용량이 제한적자기 손상 가능

값이 비싸다 .

3

Components Interface OS Used

Smart Cards

Memory

Chip

Hybrid

Contactless

Contact

Multos

JavaCard

Smart Card Classification

4

3.1.2 Smart Card Hardware

3.1.2.1 Contact and Contactless Cards

Communication can take place either through the contacts on the card or via wireless (“contactless”) transmission.

3.1.2.2 The Computer on the Smart Card

The chip of a smart card consists of a microprocessor, ROM, EEPROM, and RAM.

CPU- 8 bit- 5 MHz, 5V- Optional: crypto- coprocessor

ROM (16 kb)- Operating System- Communication- Security (DES, RSA)

RAM- 4 kb

EEPROM (16 kb)- File system- Program files- Keys- Passwords- Applications

5

Standards: ISO 7816

Designation Use

Vcc Power connection through which operating power is supplied to the microprocessor chip in the card

RSTReset line through which the IFD can signal to the smart card's microprocessor chip to initiate its reset sequence of instructions

CLK

Clock signal line through which a clock signal can be provided to the microprocessor chip. This line controls the operation speed and provides a common framework for data communication between the IFD and the ICC

RFU Reserved for future use

GND Ground line providing common electrical ground between the IFD and the ICC

Vpp Programming power connection used to program EEPROM of first generation ICCs.

I/OInput/output line that provides a half-duplex communication channel between the reader and the smart card

RFU Reserved for future use

6

3.1.2.3 Hardware Security

The objective of smart card chip design is to provide high physical security for the data stored in the card.

These include slicing off layers of the chip to optically read out data, manipulating the voltage or clock to make the processor fail, attacks through using high temperature or X-rays, and several others.

3.1.2.4 Card Acceptance Devices

Many pervasive devices like set-top boxes, cellular phones, or handhelds are equipped with smart card readers.

3.1.3 Smart Card Software

The off-card part of the application is the part that resides on the host computer or terminal connected to the smart card through a smart reader device.

예 ) OCF(OpenCard Framework)

7

The on-card application is a program stored in the memory of the smart card chip. If the on-card application has executable code, this code is executed by the smart card operating system and can use operating system services, such as encrypting or decrypting data. These functions can be used to make the smart card and the communication with the smart card very secure.

The majority of current cards have a file system integrated into the operating system.

ISO 7816 File System

MIF

DF

DF

DFEF

EF

A file system consists of directory (DF) and files (EF). The root directory is referred as MF.

MF (Master File)

DF(Dedicated File)

EF(Elementary File)

8

Recently developed card operating systems enable application developers to create and download on-card application code on their own. The most important of these operating systems are Java Card and Multos.

3.1.4 Communication Between the On-Card and Off-Card Parts

3.1.4.1 Application Protocol Data Unit (APDU)

Application Protocol Data Units are used to exchange data between the host and the smart card.

ISO 7816-4 defines two types of APDUs: Command APDUs, which are sent from the off-card application to the smart card, and Response APDUs, which are sent back from the smart card to reply to commands.

Command APDU

CLA INS P1 P2 Lc Optinal Data Le

9

Response APDU

Optional Data SW1 SW2

3.1.4.2 Protocol Layer

The protocol with T=0, each character is transmitted separately, while with T=1, blocks of characters are transmitted.

3.2 Smart Labels

Bar codes

Advantages

They can be printed on labels, they are very inexpensive, and they can be reliably scanned.

Disadvantages

Since bar code are scanned optically, they must be visible on the outside of the object.

Scanning takes place at a short range – a few centimeters.

10

The objects must be separated in order to be identified.

The information conveyed by a bar code is fixed when the bar code is printed and cannot be changed.

The bar code itself is completely passive and any bar code reader can access its information, making it very difficult to fulfill security requirements demanded by some applications.

The bar code scanners are complicated – typically involving a laser, moving mirrors, and detection hardware – making them expensive.

Smart Label Block Diagram, p. 58

An RF antenna captures the radio waves and special circuitry on the chip converts the radio frequency energy to appropriate voltage.

Communication between reader and smart label takes place using open communication protocols at a frequency of 13.56 MHz. Data is typically transferred at a rate of 26 kbps, although faster speeds are possible.

Through use of collision avoidance algorithms, several smart labels can be accessed simultaneously.

11

예 – Texas Instruments Tag-it smart label inlays

Smart labels contain control logic with non-volatile read/write memory for data storage. Data capacity ranges from 64 bits to about 2K bits.

The smart label has a pre-programmed unique serial number plus storage for a user-programmable secret key. To test for validity of the smart label, the reader sends a command containing a random number to the smart label. The smart label encrypts the random number and returns it along with its unique serial number. The reader decrypts the message using the key associated with the serial number and verifies that it is the same as the random number sent.

12

3.2.1 Example Applications

전자 물품 감시 , EAS(Electronic Article Surveillance) field

Shipping industry

The smart label contains identification and destination information.

Inventory control

3.3 Smart Tokens

The need for robustness can be fulfilled by encapsulating the chips in plastic or metal.

Examples – tollbooth, gas station, security system

3.3.1 Smart Token Examples

Key fob from Gemplus

13

The chip contains 1024 bytes of EEPROM memory chip and associated antenna.

iButton iButtons can contain microprocessor chips or memory chips.

A cryptographic chip implementing the JavaCard 2.0 Standard is also available.