PIN-on-Card

New contact-less smart card with integrated PIN pad for secure user verification at unparalleled cost effectiveness

Balancing securtiy, cost and convenience

Security• Advanced

encryption • Copying• PIN eaves-

dropping

XX = target position

Cost• Card• Reader• System

integration

Convenience• Easy to use• Contact-less• Mobility

PIN security over the Internet

• A typical PC is not secure

• PIN/Passwords entered from the computer's keyboard are easily intercepted by Trojans

• Information stored as files on a computer’s hard disc is easily copied by Trojans

• Keys must be stored outside the computer

• PINs must be entered on a device outside the computer

• Cryptographic operations must be performed outside the computer

Today - security, cost or convenience

• Smart Cards– Security: Need advanced external keypad

reader to secure PIN over the Internet– Cost: Expensive keypad readers – Convenience: Sensitive, not for outdoor use

• RFID/prox cards – Security: Information can be read out remotely

and needs advanced external keypad reader to secure PIN over the Internet.

– Cost: Expensive readers – Convenience: Robust, contact-less and

convenient

Combining security, cost and convenience

+ Smart Card– Intelligent and high security, can

not be read out remotely– Large data storage

+ RFID Card– Contact-less

+ Keypad reader– Prevents PIN interception

PIN-on-Card

• Highest level of security– Security resides on the card, not reader or system

– 128-bit AES ( RSA, 3DES )

– PIN never leaves the card

– Secure data storage (32 kBytes)

• Low cost – Robust cards and readers, no slot, no moving parts

– Low cost for readers

• High convenience– One card - multiple systems/functionality

– Contact-less

– High level of automation

Introducing PIN-on-Card

• PIN-on-Card (POC)• POC readers

– Desktop reader connects to computer’s USB port

– Wall mounted reader

– OEM components

• POC Client API

• POC controller (for physical security) – Control unit for access, control and alarm for

buildings and machinery

The PIN-on-Card system components

Cards and readers

• Cards– Integrated PIN pad– Standard ISO card size– Customized graphic design

• Readers – Multiple form factors– Reader range up to 5 mm– OEM component from 1 US– Easily integrated into non-metallic flat surfaces;

keyboard, mouse mat, Smart Phone etc.

SC Client Driver and API

• Extends functionality of the card to third-party applications

• Easy integration with event-driven COM/ActiveX interface

• Minimal coding effort required• Automatic Web-browser activation and

navigation to URL stored in card

User scenario - Internet service

1. The card is placed on a card reader connected to computer

2. Card navigates automatically to preprogrammed Internet site

3. User is verified by entering PIN on card

4. User is accepted by service

Basic challenge response

1. PIN entry2. Encrypt challenge and X with secret key Decrypt

response with secret key to determine if X is authentic

Generates longrandom numberas challenge

Card on reader

User Service

User claims to be X

User sends response

Service challenges user

Service accepted or rejected