A

SEMINAR REPORT

ON

SMART CARDS FOR SECURE SYSTEM ACCESS

(For the Partial Fulfillment of 5th Semester M.C.A)
Prepared By
NALINI KANTA PRADHAN
University Roll No: 55101DT02011

INDIRA GANDHI INSTITUTE OF TECHNOLOGY, SARANG

DIST: DHENKANAL, ORISSA PIN: 759146

1
 SYNOPSIS
As smart cards bury the old magnetic stripe cards for good, wallets
full of magnetic stripe cards will become a thing of the past

A smart card is a credit-card sized plastic card embedded with a

microprocessor/microcontroller chip that makes it smart. A large amount of
information can be stored, accessed, and processed online or offline. The
information or application stored in the chip is transferred through an
electronic module that interconnects with a terminal or card reader.
Plastic cards began to proliferate in 1950. The low-cost synthetic PVC
enabled production of robust, long-lasting cards that were more suitable for
use in everyday life than the previous conventional paper or card-board
equivalents that could not cope with mechanical or climatic damages.
The Microsoft windows for smart cards is an 8-bit, multi-
application OS with 8k ROM. This low-cost, easy-to-operate
program platform runs Visual Basic applications and is designed to
meet the criteria for extending the PC environment into smart use.
Microsoft CEO and president Steve Ballimer emphasizes that smart
cards will play an important role in Microsoft. NET initiative, providing a
secure way to access networks and the Internet. As we move to a Wed-based
lifestyle, authentification and security become crucial. Smart cards are an the
secure way to increase security of computing. enabling technology for
providing an affordable and
The smart village envisioned by Schlumberger, a major smart car
vendor, illustrates a network world where smart car based products and
services inhabit our everyday lives. This smart marketplace includes GSM
payphones/mobile telecommunications, private-site smart payphones, smart
ticket-vending machines at transit terminals, smart pay and display units at
parking lots, smart fuel-dispensers at gas stations, contactless, remote, and
prepaid card terminals in retail locations, smart healthcare management, and
network access based on secured, personalised smart cards.

2
 Contents
Sl.No. Contents Page No.
01. Smart Cards For Secure System Access :--------------1
02. The evolution:---------------------------------------------1
03. Contactless cards:----------------------------------------3

04. Windows-powered card--------------------------------5

05. Card-secured Bluetooth network:----------------------5
06. Architecture of contactless cards: ----------------------6
07. Secure network access:----------------------------------7
08. Digital signature:-----------------------------------------8
09. Research :-----------------------------------------------11
010. The future : a smart village:---------------------------13

SMART CARDS FOR SECURE SYSTEM ACCESS

3
 As smart cards bury the old magnetic stripe cards for good,
wallets full of magnetic stripe cards will become a thing of the past
A smart card is a credit-card sized plastic card embedded with a
microprocessor/microcontroller chip that makes it smart. A large amount of
information can be stored, accessed, and processed online or offline. The
information or application stored in the chip is transferred through an
electronic module that interconnects with a terminal or card reader.
The microcontroller chip is attached to the electronic module by
inserting into a cavity on the module. This is followed by the interconnection
of the terminals between the chip and the electronic module. Finally, the
chip-embedded electronic module is glued to a plastic card. Smart cards are
read by card readers or wireless terminals.
Smart cards can verify a users identity to long onto a computer
network, allow a physician to scan a patients medical records and history,
permit a harried traveler to by a new set of luggage, and could replace many
of the every-growing assortment of identification, credit, access, and travel
cards that are a seemingly in escapable drudgery of modern life. .
The evolution
Plastic cards began to proliferate in 1950. The low-cost synthetic PVC
enabled production of robust, long-lasting cards that were more suitable for
use in everyday life than the previous conventional paper or card-board
equivalents that could not cope with mechanical or climatic damages.
The entry of VIA and Master card led to a rapid proliferation of plastic
money. These cards eliminate the need of tedious currency exchange while

4
travelling. At first, their functions were quite simple. The general data, such
as the issuers name, were surface-printed, while individual data elements,
like the cardholders name, card number, etc, were embossed. The holder
signed his name in the signature field. Protection against forgery was
provided with visual features, such as security printing and signature field.
As a consequence, the systems security depended on the quality and care of
the retail staff accepting these cards.
With the growth of organised crime, these rather basic features no
longer proved sufficient. Necessity of machine-readable cards to ease
handling and bank charges, card-issuers losses due to customer insolvency,
fraud, etc led to a re-think on incorporating security measures against
tampering and fraud.
A magnetic stripe on the back of the cards allowed digitised data to be
stored in machine-readable from, in addition to the visible data and that
obtainable by printing out the embossed data. This type of embossed data
unsuitable for the use of confidential data, needing further measures to with
a magnetic stripe is still the most commonly used payment mode. It is ensure
confidentiality and protection against tampering. That is why many systems
that employ a magnetic stripe card are connected to the host computer. This
places a heavy cost burden related to data transmission.
To keep the costs down a solution had to be found for enabling card
transactions to be executed offline, without jeoparding the security. Progress
in chip technology, enabling integration of data storage and arithmetic logic
on a single silicon chip, opened up vistas for solving this problem. Termed
as smart card, this device had to overcome many technical hurdles before the
first prototype could become a reliable product capable of being
manufactured with sufficient quality, in large numbers, and at reasonable
price.
Cards with built-in microprocessors have the ability to store secret keys
securely and execute cryptographic algorithms, enabling implementation of
secure, offline payment systems. The ;microprocessors can be programmed.
The functionality of processor cards is limited only by the storage space and
the arithmetic units power. The smart cards potential, boosted by its storage

5
capacity, secure storage of confidential data, and the ability to execute
cryptographic algorithms, is yet to be exhausted.
Application-related data is stored in the EEPROM of memory cards.
Access to memory is controlled by the security logic. Data is transmitted to
and from the card via the T/O port. IC bus is used in serial access
memories. A special transmission protocol enables a simple and economical
chip implementation. Optimised for a particular application, such as health
insurance and prepaid telephone cards, their flexibility is limited.
Microprocessor card includes a processor, the mask-ROM, EEPROM,
RAM, and I/O port. The mask-ROM contains the chips operating system
(OS), and is etched during manufacture. The ROMs content are identical for
all chips in one production run and cannot be changed during the cards
lifetime. The EEPROM is the chips non-volatile memory, to and from
which data and program codes are written and read under the OS control.
The RAM, working memory of the processor, is volatile. The serial I/O
interface, with a register, is used for data transfer. Smart cards OS enables
integration of several different applications in a single card. The ROM here
contains only the basic instructions. The programs application-specific part
is loaded into the EEPROM after manufacture.
The smart cards OS is tasked for data management, instruction
execution, data transmission, and management and execution of
cryptographic algorithms. The first priorities are secure program execution
and protected access to data. The lower code limit is used for special
applications, while the upper one is for multi-application OS. Program
modules written in ROM code do not allow any processor modifications
after programming and ROM manufacture. An external instruction should
not be able to interfere with its operation and security. System crashes or
interactions due to faulty instruction or failed EEPROM sections must not
occur. Trapdoors and other backdoors used by programmers, and
occurring in large systems, must not be allowed to happen. It should be
impossible to read unauthorised data by passing the OS. The cryptographic
functions, forming part of the OS, must run fast.

6
 There are many complex issues involved, which include identification
of card holder, card, card reader, terminal, system, transmission protocol,
and so on. Bio-metric identification includes analysing
physiological/behavioral features, including facial and retinal features, hand
geometry, fingerprints, writing rhythm, voice, dynamic signature, etc. Chip
hardware protection encompasses measures to protect the memory and
functional elements of the microprocessor measures to protect the memory
and functional elements of the microprocessor from analysis. Sensors are
integrated on the silicon crystal for active protection.
From the manufacturing point, the smart card has two different
components. The first is the cards body with printed and embossed text, T
module. security marks, and magnetic strip. The second is the
microprocessor
he card body and the module are created in separate processes, and at
a certain point in the production process are joined together to create a smart
card. The production stages include software engineering, wafer
manufacturing, microprocessor testing, wafer cutting, coating, testing, foil
printing, card body manufacturing, milling of module cavity, component
placement, electrical test, completion, initialisation for data transfer,
personalisation., packing, and delivery.
Contact cards use an IC that requires some inputs to be fed from the
outside environment through direct connections. Generally, these include an
electrical voltage to power the chip, a clock frequency to drive the chip, and
an I/O path for data transmission. The IC on the card is connected to a
contact plate on the surface of the card. When the smart card is placed into a
reader device, the contact plate is mated with the connections in the reader to
complete an electrical circuit.

Contactless cards
Contacts are one of the most frequent causes of failure in
electromechanical systems. Errors can result from contact wear, dirt, etc.
vibrations can result in short-term breaks in contacts of the cards used in
mobile devices. Since contacts located on the cards surface are connected

7
directly to the IC inputs, electrostatic discharges can weaken or destroy the
circuit. These technical problems are obviated by the contactless smart card
that needs not to be inserted into a card reader.
Kolkata-base Elcon implemented an e-cash card pilot project for
postal saving banks, followed by anywhere banking Dena Bank project and
smart loyalty card of Damania Airways.
The advent of mobile phones in 1995, which use smart card as SIM
card, led to the induction of Gemplus, schlumburger, Orga,
STMicroelectronics, Philipps, Shonkh, etc in the field. Realising the
potential of non-GSM applications, Syscom Goldrock Group started its non-
GSM business operation by setting up Smart Chip Limited with full
technical support from Orga. Orga, a joint venture of Bundeshrucerei,
Berlin, and DETECON GmbH, is a major international supplier of smart
cards, card readers, and related healthcare and emerging products.
Windows-powered card
The Microsoft windows for smart cards is an 8-bit, multi-application OS
with 8k ROM. This low-cost, easy-to-operate program platform runs Visual
Basic applications and is designed to meet the criteria for extending the PC
environment into smart use.
A Windows-powered smart card is a microcomputer without a graphic
user interface (GUI), capable of interoperating with various browsers and
with MS Windows 98/2000/XP/CE/NT 4.0 OS. It can run the software
written for the Windows OS. This advanced security token enables users to
reduce piracy while facilitating mobile electronic commerce. Protection of
financial data during transmission is ensured by implementation of secure
crypto-algorithms, such as RSA, DES, 3DES, COMP28, and SHA.

Card-secured Bluetooth network

Gemplus Research Labs has tested an architecture for a card-secured
Bluetooth network. To test the architecture, it developed a network of a PC
and mobile devices (PDAs, mobile phones, etc). the mobile device was
made to communicated over a Bluetooth network, carry out security

8
operations with a smart card, and run routines for the distributed computing
platform.
The communication system had to provide three essential functions.
These included processing power to executre the distributed routnes, smart
card interfrace to implement security, and a Bluetooth interface to
communicate with the wireless network. A commercial smart card reader
(GemSelf 800) was used, adding Bluetooth components and a StrongARM
processor as an execution platform. The commercial reader was stripped
down to core components to make room for the StrongARM and Bluetooth
chips.
Architecture of contactless cards
Philips MIFARE platform comprises a variety of compatible reader
modules for multi-faceted applications. Existing card ICs are tailored to
allow implementation of smart card systems based on different types to
cards, which are all compatible with the MIFARE reader infrastructure. The
three card IC types ranked by their functionality are MIFARE LIGHT (for
simple applications such as public transport, phone cards, road toll, energy
metering, etc), contactless MIFAREISFSO for complex applications, and
MIFARE PLUS (the combi card IC). Making use of both contact and
contactless infrastructure, MIFARE PRO will comprise card ICS with a
processor capable of handling both contact and contactless interfaces.

A variety of read/write modules offer different read/write distances

depending on the specific needs of metro stations, bus terminals, POS
terminals/PCs, non-stop road toll, metering units, public payphones, etc.
MIFARE PRO has a microcontroller operated via the contactless RF
interface and secured with a triple-DES co-processor. Microcontroller
functionality is open to any other protocol. The 16-bit SMARTXA controller
architecture provides faster processing times and hardware firewall security
for contactless smart card ICs.

VISA merchant card has chosen FAMEX co-processor for asymmetric

crypto algorithms for high-security implementations.

9
 MR2 D80, with an 80C51 controller, 8kB EEPROM, 20kB user
ROM, 256byte RAM, and triple-DES co-processor, has a chip size smaller
than 15mm.
Philips and Hitachi are jointly developing contactless smart card ICs
using MIFARE technology. IBMs Zurich Research Laboratory
demonstrated a dual-interface, open-platform Java card. This card combines
ease of application development using the Java programming language with
the convenience of a dual-interface card, allowing access to the same card
data using contact and contactless smart car readers. The card uses Java v
cards offer a high degree of security as the VM checks and controls every
function to be carried out and prevents direct access to the hardware.
Drawing upon the MIFARE technology, Philips and Shell have
implemented the Easypay scheme at major fuel-stations of Shell in the
Netherlands. Vehicle drivers uses a key ring that contains transponder with
an embedded MIFARE chip. The driver simply places the ring near the
MIFARE chip reader incorporated in the fuel pump and enters a personal
identification number (PIN). Through the MIFARE contactless interface, the
PIN is quickly verified and the transaction authorised, billing the customer
directly from his bank account.
irtual machine (VM) technology developed by IBM. Java-based

Secure network access

Microsoft CEO and president Steve Ballimer emphasizes that smart
cards will play an important role in Microsoft. NET initiative, providing a
secure way to access networks and the Internet. As we move to a Wed-based
lifestyle, authentification and security become crucial. Smart cards are an the
secure way to increase security of computing. enabling technology for
providing an affordable and
Sony Corporation is contemplating creation of an Internet banking
service and has begun to investigate the possibility of establishing a personal
Net-banking service. It established a Financial Service Business
Development Department to explore the details of the new business, such a s
how it will be established, the type of services it will offer, and the business

10
plan. One of the issues to be resolved in the course of its planning is whether
the company will enter the banking industry through establishing a new
bank or by taking over a failed bank. that the messages content have not
been altered since leaving the signatory. Digital signatures are the basis for
the security of smart card systems. Digital signature
Cryptography has created a number of methods for proving and verifying the
authenticity of electronic documents, messages, and transactions using a
digital signature. The purpose of digital signatures is to authenticate both the
sender and message. It provides proof to the recipient that the message stems
from the sender, and
A digital signature is based on the content of the message itself. It is a
small quantum of data that is recorded on an electronic medium. The sender
produces it by applying certain calculations to a message. This process is
called the signature function. The resulting signature, which looks like
random data, has a meaning only when read in conjunction with the message
used to create it. The recipient of the message checks the digital signature by
performing another set of calculations on the signature and the message.
This is called the verification function. The result of these calculations
reveals whether or not the signature is a genuine authentication of both the
sender and the message. A set of functions can be designed to process the
message as the input, which needs only an additional parameter for the
signature and verification processes. This simplifies both signature and
verification processes because only this parameter needs to be kept secret.
This parameter, called key allows different signatories to use the same
digital signature method but produce different results using their own unique
keys.
As with digital signatures, these keys are actually digital data. Public-
key signature methods use a secret key to sign the messages and a public key
to verify the signatures. The secret and public keys form a key pair.
In payment system, a signature-transporting method is designed to
separate the signature function into two parts. The first part is the process-
intensive part of the secret signature key function, which takes place outside

11
the smart card environment. The second part requiring limited processing
power and less security resides in the smart car.
In this way, instead of being created during each smart card
transaction, a unique signature (pre-signature) is partially created before the
transaction by the issuer in a controller in a controlled, offline, secure
environment. This pre-signature is transported to the card and stored there

for later use, hence the term signature-transporting. During a

transaction, the second part of the signature function is performed,
transforming the pre-signature and attaching it to a specific transaction
message. Using a secret key and random number seeds, the issuer creates a
number of unique signatures, which are then stored on the card. This step

12
requires a lot of processing power. Using one of the pre-signatures, the smart
This is less complex function and can be performed by any standard smart
card. Verification is done suing a The bank creates pre-signatures for a
specific card before transaction, which are referred to as cheques. It uses
the systems secret key to create these cheques, typically during the
personalisation of the card, and stores them on the cards chip. During a
transaction, the smart car transforms one cheque into a full signature on the
transaction data, requiring limited processing power. The merchants
terminal verifies the signature using the systems public key. The digital
signature given out by the smart card in the payment process is the basis for
settlement between the merchant and the user. amount, this amount is
deducted from the balance in the card. To protect the balance against fsraud,
the issuer (bank) relies on the software in the smart card and, most of all, on
the tamper-resistance characteristics of the smart card.
David Chaum, founder and chief technology officer of Digicash, has
invvented blind signatures, an important extension to the pblic-key
signature mode. Idelally suited for electronic payments over the Internet,
these enable anti-piracy features to be built into the applications. Ecash, for
instance, one of the banking applications, uses blind signatures to offer
payers anonymity. ecashT, another Digicash financial transaction scheme,
is a publickey cion-transporting system.
These systems do not rely on tamper-resistance
characteristics of the smart card to protect against fraud, and are based on
coins that are bank-produced signatures attached to fixed amounts. The
value in a smart card is represented by the stored coins. The coins signed by
the bank using secret keys are loaded into the smart card. The smart card
pays the shop by transporting a set of coins. The shop checks the
authenticity of the coins using a public key.
Cascade is a research project funded by the European Commission for chip
architecture for smart cards and portable intelligent devices. The cascade
approach is a drastically orthogonal one. It intends introducing state-of the-
art RISC processor architecture in smart cards. Microprocessors for PCs

13
started with 8-bit CISC architectures 25 years age, and have since
progressed towards 64-bit engines. There has been no comparable evolution
beginnings. In the Cascade project, Gemplus has combined with ARM, UK-
based architect of RISC processors, to develop ideal features for portable
devices. These include high performance, low power consumption, small die
size, etc. Apple has chosen ARMS RISC for its Newton personal digital
of the microprocessors used in smart cards. Many existing cards used the
same 8-bit (8051 or 6805 type) microcontroller cores as in the early
The processing power of an ARM PISC is approximately a
hundred times higher than used in current smart chip
Research

implementations. The capability of handling 32-bit data words will

significantly improve the speed for the processing of complex calculations.
State-ofthe-art high-level programming language compilers are available
for ARM processors. Increased performance is possible due to higher
efficiency of code.
This design enables interrupt management functions, producing
customised answers to physical attacks on the smart card. The security
sensors used are able only to raise a software interrupt that is quite easy to
modify. A dynamic clock multiplier enables very fast internal frequency to

14
speed up specific processing steps requiring lengthy computations. The
halt mode reduces the consumption during wait state of the chip.
Texas Instruments has licenced this chip design. It will provide the
component to be used in smart cards and other secure portable electronic
devices. This component, in addition to the advantages offered by the
processor, also allows a wide supply voltage range (3-5V) to focus on GSM
applications.
Nokia has conducted a feasibility study on a banking application in
conduction with a proactive SIM application to perform a cash balance
query on an external banking system via the short message service (SMS)
of the GSM network. Dassault Automatismes et Telecommunications,
France, carried out the normalisation and testing aspects for these new
systems.
SmartMIPS MIPS Technologies has innovated a 32-bit smart card
core SmartMIPS, an extension of its MIPS32 architecture. MIPS,
California, USA, and Gemplus SA of Gemenos, France, jointly developed
the architectural extension with next-generation, multiple-application smart
card core. The two companies have optimised this architecture for open
operating systems, such as Sun Microsystems Java Card and Microsofts
windows, for smart card.
This smart MIPS application-specific architecture supports advanced
cryptography processing, application security, code compression, and
performance optimisation. The MIPS32 4KSC low-power core is
synthesiable and portable, can be used in a processor with a small die size
and performance equivalent to the Play station 1 processor. When built in a
0.18-micron process, the cores power consumption is 0.5m W per MHz at
1.8V. its frequency can reach 100 MHz.

Java technology, with its interoperability and scalability features, has

enabled the development of Java Card-based smart cards to solve this
problem. In a Java Card-based smart card, Java technology-based
applications in the form of byte-cod are loaded into the memory zone of the

15
smart card microprocessor where these are run by the VM. The executable
code is platform-independent.
Any car incorporating a Java Card interpreter can run the same
application. Multiple Java technology-based applications can reside on a
single card, each allocated to its own secure memory area to ensure its
integrity and eliminate program tampering, either by individuals or through
programmers interference.
Philippe Tartavull, president and CEO, Oberthur Card Systems of
America, predicts enormous opportunities for Java Card Platform
developers. Current markets include smart phones (talk, by, and sell on the
move), smart mobile finance, portable health-care information (records on a
chip), transportation, and T-commerce.

The future : a smart village

The smart village envisioned by Schlumberger, a major smart car
vendor, illustrates a network world where smart car based products and
services inhabit our everyday lives. This smart marketplace includes GSM
payphones/mobile telecommunications, private-site smart payphones, smart
ticket-vending machines at transit terminals, smart pay and display units at
parking lots, smart fuel-dispensers at gas stations, contactless, remote, and
prepaid card terminals in retail locations, smart healthcare management, and
network access based on secured, personalised smart cards.
The market for smart card units is estimated to reach 2.7 billion by
2003. The largest share will be in the prepayment applications, followed by
the access control and electronic cash applications. Multiple-application
cards will become a rapidly growing market, enabling people to conduct
many transactions. As smart cards bury the old magnetic stripe cards for go
od, wallets furl of magnetic stripe cards will become a thing of the past.

REFERENCES:-
http:\\www.googlesearch.com

16
17