| Subcribe via RSS

USB Smart Card Keyboard

March 2nd, 2009 | Comments Off | Posted in USB Smart Card

Smart card keyboard usb

Introduction

Boost your security, simplify access procedures and reduce the costs associated with managing networks by preventing unauthorized access to your computers and networks using smartcard technology with the HP Smart Card Keyboard.

The USB Smart card Keyboard is a full-sized keyboard that takes advantage of digital signatures and certificates to secure the environment for transactions performed on both public and private networks. The USB Smart Card Keyboard works with all smartcards that comply with ISO standard 7816.

Smart Cards are easy-to-use credit card-sized devices which require multiple forms of information to be validated before you gain access to your accounts or resources. Used worldwide, smartcards strengthen access to a network or other resource using dual-factor authentication. Implementing a two-factor authentication (or multi-factor authentication) process reduces the risk of unauthorized access by verifying and validating your identity in one of the following ways:

* Something you know – a combination of username and password or pin
* Something you have – a Smart Card or security token.

Something you have (Smart Card) plus something you know (pin), improves user-access security within corporate network environments. Smart Cards are used in government agencies, healthcare companies and the finance industry.

HP ProtectTools Smart Card Manager provides authentication software for the Smart Card. The Smart Card Reader module works with the HP ProtectTools Security Manager and enables the user to setup, use, and manage the Smart Card. This allows strengthened security with HP patented technology.
Key Benefits

* Protects against unauthorized access with smartcard technology
* Delivers even greater security when combined with a HP ProtectTools Smart card and the HP ProtectTools Security Software
* Combination of username and password or pin with a Smart Card or security token
* Secures online transactions using digital signatures and certificates
* Conforms to industry standards for ease of setup and use
* Delivers long product life and quiet operation with high-impact materials and lubricated keys
* Spill drain feature

Compatibility

The HP USB Smart Card Keyboard is compatible with HP Compaq dc5700, dc5750, dx7300, dc7700 and dc7800 Business Desktops and all HP xw series workstations.

Tags: ,

How does a smart card programmer work?

March 2nd, 2009 | Comments Off | Posted in Smart Card Writer

Smart card writer

A smart card is a mini computer which requires programming to run. A smart card doesn’t contain an interface-like display or keyboard, so smart card readers are used to read or update the data to\from smart cards. Smart cards contain an operating system which provides a platform to run applications.

Smart card operating systems can be divided into two categories.

The first kind of operating system is based on the Disk Drive approach. This operating system contains an active memory manager which can load any file or application in the card on demand. The Card Operating System allows for active file allocation and management (JAVA Card OS is an example of this approach).

The advantage of Disk Drive based operating system is that the substitution cost for cards is less expensive, but the start-up costs are higher. This card requires a lager amount of free memory to cope with future application uploads. Due to the heavy use of expensive semiconductors, the cost is higher for these cards. The security infrastructure costs are also higher due to the multiple points of entry to card system functions.

The second approach treats the card as a secure device where, files and permissions to these files are all set by the admin. The only access to the cards is through the operating system. There is no other way to access the file structure. Data can be accessed as per the permissions set by the user. These operating systems can then run your applications. Commands can be passed to the card via the card reader and then the desired application can be accessed through the smart card.

One of the most commonly used smart card operating systems is JavaCard. It provides standard API to load and run java applets directly on a standard ISO 7816 compliant card. JavaCards enable secure and chip-independent execution of various applications.

The following requirement needs to be addressed before starting application development on smart cards:

* Smart card reader
* Software to communicate with the reader
* Software to communicate with the smart card
* Smart cards and smart card hardware

Before we address smart card programming, we have to be able to communicate with the reader. Because there are many different cards, there are many different readers. So proper interface implementation should be used for communication.

Once the above setup is complete, programming and application upload can begin utilizing the smart card. JavaCard allows applications to be loaded on demand.

In the early years of smart card development, each software application representing a product on a card was written for a specific card with a specific operating system, which in turn was specific to a hardware application. Sometimes a direct application was also installed without an operating system to make the card very specific to that application. However, the evolution of multiple application operating systems brought about a new era. JavaCard is an open, multi-application operating system for smart cards. Any person can develop applications using Java programming language. The java programs can run independently on the card and can be run on any ISO 7816 compliant smart cards. This way applications from various vendors can be combined, yet remain separate from each other.

The ISO 7816 standard was developed to define the mechanical and electrical characteristics along with the protocol for communication with the card. Unfortunately, the ISO group was unable to baseline a standard for communicating with the reader. So, in order to communicate with the smart card it is required to first understand the commands supported by the card. Then these commands need to be encapsulated into ISO standard commands.

Now, let’s take a look of the APIs which allow us to send commands from an application to a reader. The reader communicates with the card where the actual processing takes place. From a technical standpoint, the key is a smart card API. This is a layer of software that allows an application to communicate with smart cards and readers from more than one manufacturer. The API allows the programmers or users the ability to select smart cards from multiple vendors. Running an application on multiple smart cards encourages competition among card vendors and the benefits of that competition include greater quality and lower prices.

The smart card programming API provides an application layer between the smart card and the application interface. The unit of exchange with a smart card is the called as Application Protocol Data Unit (APDU) packet. Communication with the card and the reader is performed using APDUs. An APDU can be considered a data packet that contains a complete instruction for the card or a complete response from a card.

The following are some of the classes provided for transporting APDUs and their function:

* Response
* Command
* ISOCommand
* ISOCardReader interface
* ISOCardReader

Sun has developed the Java Electronic Commerce Framework (JECF), an extension to the core Java platform that allows developers to easily and rapidly develop electronic commerce applications. JECF provides several classes that easily support communication with smart cards. It can be downloaded free of charge from Sun’s website and can be used easily by a smart card programmer.

The smart card application development process includes following steps:

* User requirements: What does the user want to accomplish?
* Software requirements: Map user requirements to software requirements.
* Architectural design: Design the architecture of the solution.
* Code Generation: Create code as per the architecture.
* Emulation: Use emulators to test the code on virtual card.
* In-card Emulation: Run the code on actual card using card reader.
* Verification and Validation: It involves the testing.
* Final testing and maintenance.

Tags: ,

How does a Smart Card Reader work?

March 2nd, 2009 | Comments Off | Posted in Smart Card Reader

Smart card reader HP

Smart Card Readers are also known as card programmers (because they can write to a card), card terminals, card acceptance device (CAD) or an interface device (IFD). There is a slight difference between the card reader and the terminal. The term ‘reader’ is generally used to describe a unit that interfaces with a PC for the majority of its processing requirements. In contrast, a ‘terminal’ is a self-contained processing device.

Smart cards are portable data cards that must communicate with another device to gain access to a display device or a network. Cards can be plugged into a reader, commonly referred to as a card terminal, or they can operate using radio frequencies (RF).

When the smart card and the card reader come into contact, each identifies itself to the other by sending and receiving information. If the messages exchanged do not match, no further processing takes place. So, unlike ordinary bank cards, smart cards can defend themselves against unauthorized users and uses in innovative security measures.
Communicating with a Smart Card Reader

The reader provides a path for your application to send and receive commands from the card. There are many types of readers available, such as serial, PCCard, and standard keyboard models. Unfortunately, the ISO group was unable to provide a standard for communicating with the readers so there is no one-size-fits-all approach to smart card communication.

Each manufacturer provides a different protocol for communication with the reader.

* First you have to communicate with the reader.
* Second, the reader communicates with the card, acting as the intermediary before sending the data to the card.
* Third, communication with a smart card is based on the APDU format. The card will process the data and return it to the reader, which will then return the data to its originating source.

The following classes are used for communicating with the reader:

* ISO command classes for communicating with 7816 protocol
* Classes for communicating with the reader
* Classes for converting data to a manufacturer-specific format
* An application for testing and using the cards for an intended and specific purpose

Readers come in many forms, factors and capabilities. The easiest way to describe a reader is by the method of its interface to a PC. Smart card readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Card readers are used to read data from – and write data to – the smart card. Readers can easily be integrated into a PC utilizing Windows 98/Me, 2000, or XP platforms. However, some computer systems already come equipped with a built-in smart card reader. Some card readers come with advanced security features such as secure PIN entry, secure display and an integrated fingerprint scanners for the next-generation of multi-layer security and three-factor authentication.

Another difference in reader types is on-board intelligence and capabilities. An extensive price and performance difference exists between an industrial strength reader that supports a wide variety of card protocols and the less expensive win-card reader that only works with microprocessor cards and performs all processing of the data in the PC.

The options in terminal choices are just as varied. Most units have their own operating systems and development tools. They typically support other functions such as magnetic-stripe reading, modem functions and transaction printing.

To process a smart card the computer has to be equipped with a smart card reader possessing the following mandatory features:

* Smart Card Interface Standard – ISO 7816 is an international standard that describes the interface requirements for contact-type smart cards. These standards have multiple parts. For instance, part 1, 2 and 3 are applicable to card readers. Part 1 defines the physical characteristics of the card. Part 2 defines dimension and location of smart card chip contacts. Part 3 defines the electronic signals and transmission protocols of the card. Card readers may be referred to as conforming to ISO 7816 1/2/3, or in its simplified term, ISO 7816.
* Driver – This refers to the software used by the operating system (OS) of a PC for managing a smart card and applicable card reader. To read a smart ID card, the driver of the card reader must be PC/SC compliant which is supported by most card reader products currently available. It should be noted that different OS would require different drivers. In acquiring card readers, the compatibility between the driver and the OS has to be determined and ensured.

Desirable Features in a Smart Card Reader

Card Contact Types refers to how the contact between a card reader and a smart card is physically made. There are two primary types of contact: landing contact and friction contact (also known as sliding or wiping). For card readers featuring friction contact, the contact part is fixed. The contact wipes on the card surface and the chip when a card is inserted. For card readers featuring the landing type, the contact part is movable. The contact “lands” on the chip after a card is wholly inserted. In general, card readers of the landing type provide better protection to the card than that of the friction type.

Smart card readers are also used as smart card programmers to configure and personalize integrated circuit cards. These programmers not only read data, but also put data into the card memory. This means that not only CPU based smart cards, but also simple memory cards can be programmed using a smart card reader. Of course the card reader must support the appropriate protocol such as the asynchronous T=0, T=1 or synchronous I2C protocols.

It won’t take long before smart card readers become an integral part of every computer – and, subsequently, the lives of computer users. Computer systems with keyboards that have smart card reader/writer integration are also available.

Smart card readers are also accessible in the form of USB dongle. USB dongles are frequently used with GSM phones, which contain a SIM smart card. Additionally, phone numbers can be edited on a PC using the USB smart card dongle.

Tags:

Smart Card FAQ

March 2nd, 2009 | Comments Off | Posted in Smart Card
Smart card faq

What is a smart card?

A smart card is a device that includes an embedded integrated circuit that can be either a secure microcontroller or equivalent intelligence with internal memory or a memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. With an embedded microcontroller, smart cards have the unique ability to store large amounts of data, carry out their own on-card functions (e.g., encryption and mutual authentication) and interact intelligently with a smart card reader. Smart card technology conforms to international standards (ISO/IEC 7816 and ISO/IEC 14443) and is available in a variety of form factors, including plastic cards, key fobs, watches, subscriber identification modules used in GSM mobile phones, and USB-based tokens.

For the purposes of this FAQ, “card” is used as the generic term to describe any device in which smart card technology is used.

What are the ISO/IEC 14443 and ISO/IEC 7816 standards?

ISO/IEC 14443 is the international standard for contactless smart chips and cards that operate (i.e., can be read from or written to) at a distance of less than 10 centimeters (4 inches). This standard operates at 13.56 MHz and includes specifications for the physical characteristics, radio frequency power and signal interface, initialization and anticollision protocols and transmission protocol.

ISO/IEC 7816 is the international standard for contact smart cards. ISO/IEC 7816 Parts 4 and above are used by both contact and contactless smart card applications for security operations and commands for interchange.

What is a contactless smart card?

A contactless smart card includes an embedded smart card secure microcontroller or equivalent intelligence, internal memory and a small antenna and communicates with a reader through a contactless radio frequency (RF) interface. Contactless smart card technology is used in applications that need to protect personal information and/or deliver fast, secure transactions, such as transit fare payment cards, government and corporate identification cards, documents such as electronic passports and visas, and financial payment cards. Example applications using contactless smart card technology include:

  • The U.S. FIPS 201 Personal Identity Verification (PIV) card being issued by all Federal agencies for employees and contractors;
  • The Transportation Worker Identification Credential (TWIC) being issued by the Transportation Security Administration;
  • The First Responder Authentication Card (FRAC) being issued in Department of Homeland Security pilots;
  • The new U.S. ePassport being issued by the Department of State;
  • Contactless payment cards and devices being issued by American Express, MasterCard and Visa;
  • Contactless transit fare payment systems currently operating or being installed in such cities as Washington, DC, Chicago, Boston, Atlanta, San Francisco and Los Angeles.

Contactless smart cards have the ability to securely manage, store and provide access to data on the card, perform on-card functions (e.g., encryption and mutual authentication) and interact intelligently with a contactless smart card reader. Contactless smart card technology and applications conform to international standards (ISO/IEC 14443 and ISO/IEC 7816). Contactless smart card technology is available in a variety of forms – in plastic cards, watches, key fobs, documents and other handheld devices (e.g., built into mobile phones).

How do contactless smart cards work?

Contactless smart card systems are closely related to contact smart card systems. Like contact smart card systems, information is stored on a chip embedded within the contactless smart card. However, unlike the contact smart card, the power supplied to the card as well as the data exchanged between the card and the reader are achieved without the use of contacts, using magnetic or electromagnetic fields to both power the card as well as to exchange data with the reader.

The contactless smart card contains an antenna embedded within the plastic body of the card (or within a key fob, watch or other document). When the card is brought into the electromagnetic field of the reader, the chip in the card is powered on. Once the chip is powered on, a wireless communication protocol is initiated and established between the card and the reader for data transfer.

The following four functions describe at a high level the sequence of events that happen when a contactless smart card is brought near a card reader:

  • Energy transfer to the card for powering the integrated circuit (chip)
  • Clock signal transfer
  • Data transfer to the contactless smart card
  • Data transfer from the contactless smart card

Hence, once the card is brought within range of an electromagnetic field of the required frequency, the card will be powered up, ready to communicate with the reader. Since the contactless smart cards described in this FAQ are based on the ISO/IEC 14443 standard, this frequency is 13.56 MHz and a reader that complies with the standard would have an activation field (range) of about 4 inches (approximately 10 centimeters). In other words, the card needs to be within 10 centimeters of a reader for it to be effectively powered; however, the effective range for communications for the card to be read will depend on a number of factors like the power of the reader, the antenna of the reader and the antenna of the card.

What is contactless payment?

Contactless payment is a change to the way debit or credit payment is handled when making a purchase. Contactless payment transactions require little to no physical connection between the card and the checkout device. Instead of “swiping” or “inserting” a card, the contactless card or fob is tapped on or held within an inch of a machine that reads the card, with the payment information is sent to the merchant wirelessly. Contactless credit and debit cards include a smart card chip.

In the U.S., contactless credit or debit cards or small keychain devices are being issued by a number of financial issuers (American Express, Chase, MBNA, Citibank, HSBC Bank, Keybank, Wells Fargo, Citizens Bank). For additional information on contactless payment, see the Smart Card Alliance Contactless Payments Resources.

How do smart cards help to protect privacy?

Smart cards offer a number of features that can be used to provide or enhance privacy protection in systems. The following is a brief description of some of these features and how they can be used to protect privacy.

  • Authentication. Smart cards provide mechanisms for authenticating others who want to gain access to the card. These mechanisms can be used to authenticate users, devices, or applications wishing to use the data on the card’s chip. These features can be utilized by a system to protect privacy by, for example, ensuring that a banking application has been authenticated as having the appropriate access rights before accessing financial data or functions on the card.
  • Secure data storage. Smart cards provide a means of securely storing data on the card. This data can only be accessed through the smart card operating system by those with proper access rights. This feature can be utilized by a system to enhance privacy by, for example, storing personal user data on the card rather than in a central database. In this example, the user has better knowledge and control of when and by whom their personal data is being granted access.
  • Encryption. Smart cards provide a robust set of encryption capabilities including key generation, secure key storage, hashing, and digital signing. These capabilities can be used by a system to protect privacy in a number of ways. For example, a smart card system can produce a digital signature for the content in an email, providing a means to validate the email authenticity. This protects the email message from subsequently being tampered with and provides the email recipient with an assurance of where it originated. The fact that the signing key originated from a smart card adds credibility to the origin and intent of the signer.
  • Strong device security. Smart card technology is extremely difficult to duplicate or forge and has built-in tamper-resistance. Smart card chips include a variety of hardware and software capabilities that detect and react to tampering attempts and help counter possible attacks. For example, the chips are manufactured with features such as extra metal layers, sensors to detect thermal and UV light attacks, and additional software and hardware circuitry to thwart differential power analysis.
  • Secure communications. Smart cards provide a means of secure communications between the card and card readers. Similar in concept to security protocols used in many networks, this feature allows smart cards to send and receive data in a secure and private manner. This capability can be used by a system to enhance privacy by ensuring that data sent to and from the card is not intercepted or tapped into.
  • Biometrics. Smart cards provide mechanisms to securely store biometric templates and perform biometric matching functions. These features can be used to improve privacy in systems that utilize biometrics. For example, storing fingerprint templates on a smart card rather than in a central database can be an effective way of increasing privacy in a single sign-on system that uses fingerprint biometrics as the single sign-on credential.
  • Personal device. A smart card is, of course, a personal and portable device associated with a particular cardholder. The smart card plastic is often personalized, providing an even stronger binding to the cardholder. These features, while somewhat obvious, can be leveraged by systems to improve privacy. For example, a healthcare application might elect to store drug prescription information on the card instead of in paper form to improve the accuracy and privacy of a patient’s prescriptions.
  • Certifications. Many of today’s smart cards have been certified that they comply with industry and government security standards. They obtain these certifications only after completing rigorous testing and evaluation criteria by independent certification facilities. These certifications help systems protect privacy by ensuring that the security and privacy features and functions of the smart card hardware and software operate as specified and intended.

Why are smart cards better than other ID token technologies?

Smart cards are widely acknowledged as one of the most secure and reliable forms of an electronic identification (ID) token. A smart card includes an embedded integrated circuit chip that can be either a microcontroller chip with internal memory or a secured memory chip alone. The card communicates with a reader either through direct physical contact or with a remote contactless electromagnetic field that energizes the chip and transfers data between the card and the reader. With an embedded microcontroller, smart cards have the unique ability to store large amounts of data, carry out their own on-card functions (e.g., data storage and management, encryption, decryption, and digital signature calculations) and interact intelligently with a smart card reader.

A smart card ID can combine several ID technologies, including the embedded chip, visual security markings, magnetic stripe, barcode and/or an optical stripe. By combining these various technologies into a smart card ID token, the resulting ID can support both future and legacy physical and logical access applications. They can also support other applications that have traditionally required separate ID processes and tokens.

Biometrics are used in many new identity management systems to improve the accuracy of identifying individuals. How can smart cards be used to help assure privacy in a biometrics-based system?

Smart cards provide a highly effective mechanism to protect the privacy of an individual that has a requirement to use a biometric identity system.

  • The biometric information can be stored on the smart card rather than in an online database, allowing the biometric owner the opportunity to manage the physical possession of the card holding the individual’s biometric information.
  • The biometric data can be secured with state-of-the-art encryption techniques while providing full three-factor authentication capability at the card/reader level.
    • Something you have – the card with all of its security capabilities
    • Something you know – a password or personal identification number (PIN)
    • Something you are – the biometric

In a non-smart-card-based application, the password or PIN and biometric would be stored in an online database outside the control of the individual and the biometric information would be captured and passed to an application for matching.

  • The individual’s biometric can be captured by a reader and passed to the smart card for matching, rather than passing the stored biometric information to the reader for matching. The individual’s biometric information would never leave the card, preventing virtually any possibility of compromise.

What is an RFID tag?

Radio frequency identification (RFID) tags are used in a wide range of applications such as: identifying animals, tracking goods through the supply chain, tracking assets such as gas bottles and beer kegs, and controlling access into buildings. RFID tags include a chip that typically stores a static number (an ID) and an antenna that enables the chip to transmit the stored number to a reader. Some RFID tags contain read/write memory to store dynamic data. When the tag comes within range of the appropriate RF reader, the tag is powered by the reader’s RF field and transmits its ID to the reader.

RFID tags are simple, low-cost and commonly disposable, although this is not always the case such as reusable laundry tags. There is little to no security on the RFID tag or during communication with the reader. Any reader using the appropriate RF frequency (low frequency: 125/134 KHz; high frequency: 13.56 MHz; and ultra-high frequency: 900MHz) and protocol can get the RFID tag to communicate its contents. (Note that this is not true of car keys which contain a secure RFID tag.) Passive RFID tags (i.e., those not containing a battery) can be read from distances of several inches (centimeters) to many yards (meters), depending on the frequency and strength of the RF field used with the particular tag. RFID tags have common characteristics, including:

  • Low cost designs and high volume manufacturing to minimize investment required in implementation.
  • Minimal security in many applications, with tags able to be read by any compatible reader. Some applications like car keys do have security features, most notably provisions to authenticate the RFID tag before enabling the ignition to start the car.
  • Minimal data storage comparable to bar code, usually a fixed format written once when the tag is manufactured, although read/write tags do exist.
  • Read range optimized to increase speed and utility.

Is contactless smart card technology the same as RFID technology?

No. There is significant confusion in discussions of RF-enabled applications, with contactless smart card technology often incorrectly categorized as ‘RFID.’ There is a wide range of RF technologies used for a variety of applications – each with different operational parameters, frequencies, read ranges and capabilities to support security and privacy features. For example, the RFID technologies that are used to add value in manufacturing, shipping and object-related tracking operate over long ranges (e.g., 25 feet), were designed for that purpose alone and have minimal built-in support for security and privacy. Contactless smart cards, on the other hand, use RF technology, but, by design, operate at a short range (less than 4 inches) and can support the equivalent security capabilities of a contact smart card chip.

What security capabilities do contactless smart cards support?

Contactless smart cards use RF technology, but, by design, operate at a short range (less than 4 inches) and can support the equivalent security capabilities of a contact smart card chip (see below). Contactless smart cards and readers conform to international standards, ISO/IEC 14443 and ISO/IEC 7816, and can implement a variety of industry-standard cryptographic protocols (e.g., AES, 3DES, RSA, ECC).

The contactless smart chip includes a smart card secure microcontroller and internal memory and has unique attributes RFID tags lack – i.e., the ability to securely manage, store and provide access to data on the card, perform complex functions (for example, encryption and mutual authentication) and interact intelligently via RF with a contactless reader. Applications using contactless smart cards support many security features that ensure the integrity, confidentiality and privacy of information stored or transmitted, including the following:

  • Mutual authentication. For applications requiring secure card access, the contactless smart card-based device can verify that the reader is authentic and can prove its own authenticity to the reader before starting a secure transaction.
  • Strong information security. For applications requiring complete data protection, information stored on cards or documents using contactless smart card technology can be encrypted and communication between the contactless smart card-based device and the reader can be encrypted to prevent eavesdropping. Hashes and/or digital signatures can be used to ensure data integrity and to authenticate the card and the credentials it contains. Cryptographically strong random number generators can be used to enable dynamic cryptographic keys, preventing replay attacks.
  • Strong contactless device security. Like contact smart cards, contactless smart card technology is extremely difficult to duplicate or forge and has built-in tamper-resistance. Smart card chips include a variety of hardware and software capabilities that detect and react to tampering attempts and help counter possible attacks. For example, the chips are manufactured with features such as extra metal layers, sensors to detect thermal and UV light attacks, and additional software and hardware circuitry to thwart differential power analysis.
  • Authenticated and authorized information access. The contactless smart card’s ability to process information and react to its environment allows it to uniquely provide authenticated information access and protect the privacy of personal information. The contactless smart card can verify the authority of the information requestor and then allow access only to the information required. Access to stored information can also be further protected by a personal identification number (PIN) or biometric to protect privacy and counter unauthorized access.
  • Support for biometric authentication. For human identification systems that require the highest degree of security and privacy, smart cards can be implemented in combination with biometric technology. Biometrics are measurable physical characteristics or personal behavioral traits that can be used to recognize the identity or verify the claimed identity of an individual. Smart cards and biometrics are a natural fit to provide two- or multi-factor authentication. A smart card is the logical secure storage medium for biometric information. During the enrollment process, the biometric template can be stored on the smart card chip for later verification. Only the authorized user with a biometric matching the stored enrollment template receives access and privileges.
  • Strong support for information privacy. The use of smart card technology strengthens the ability of a system to protect individual privacy. Unlike other technologies, smart card-based devices can implement a personal firewall for an individual, releasing only the information required and only when it is required. The ability to support authenticated and authorized information access and the strong contactless device and data security make contactless smart cards excellent guardians of personal information and individual privacy.

It is important to note that information privacy and security must be designed into an application at the system level by the organization issuing the contactless device, card or document. It is critical that issuing organizations have the appropriate policies in place to support the security and privacy requirements of the application being deployed and then implement the appropriate technology that delivers those features. The ability of contactless smart card technology to support a wide array of security features provides organizations with the flexibility to implement the level of security that is commensurate with the risk expected in the application.

Tags:

SmartMedia Flash Memory Card

March 2nd, 2009 | Comments Off | Posted in Smart Card Memory

Smart card memory

In 1995, Toshiba Corporation created the SmartMedia card in attempt to replace the floppy disk and although it failed to do so, the SmartMedia card was used in many types of storage devices. The SmartMedia card is one of the oldest of the portable media formats still in (limited) use today. It is a removable flash memory card that can be used in several different types of digital devices; including digital cameras, digital music players (mp3 players), digital voice recorders and PDAs.

The main advantage that SmartMedia cards have over the other memory cards is that because they read, write, and erase memory in small blocks of data (256 or 512 bytes at a time), you can more precisely select what data you want to save. Although the SmartMedia card was well received when it hit the market (especially the digital camera segment), SmartMedia cards have a few underlying weaknesses.

Capacities of SmartMedia cards are in sizes of 2mb, 4mb, 8mb, 16mb, 32mb, 64mb and top off at 128mb. Due to limited capacities, low transfer rates, it’s less sturdy encasing (compared to other flash memory card formats), the SmartMedia card has been replaced by other formats (primarily XD cards and SD cards).

Newer, smaller and higher capacity replacements have made it difficult for manufacturers to continue production of these aging SmartMedia Cards. It has been announced that production of the SmartMedia cards are discontinued by major manufacturers including; Toshiba, Samsung, Lexar, and SanDisk.

Tags: , ,

BasicCard

March 2nd, 2009 | Comments Off | Posted in Smart Card Download

Basic card

BasicCard® is the first smart card programmable in BASIC. It is easy to use, open to anyone, requires no special training, and competitively priced. Using the BasicCard® anyone can program their own smart cards – and this takes only a few hours of your time.

Consider some of the benefits of using the BasicCard® OS for smart card…

Ease of Use:
With the BasicCard Development Kit, any programmer proficient in BASIC will be programming a smart card in one day, even without prior smart card experience.

Great Pricing:
A BasicCard smart card with 2 kByte E²Prom will cost 0.99 € each in small quantities.

Time to Market:
No other smart card is faster to market. While others are working with outdated emulators and worrying about E²Prom, you will be demonstrating real products to your newest customers.

Small Orders:
Many smart card projects start small. So even if your customer’s first order is only about 50 or 100 BasicCards, you can count on us to fill it without problems.

You’re In Control:
No more worries that your supplier might become your toughest competitor. With the BasicCard, you’re in control – there are no proprietary “black-boxes”. You programmed it yourself, it’s your application, your customer, and with BasicCard you’re in control.

Flexibility:
BasicCard offers virtually limitless opportunities. You can use it for the most smart card applications like: an E-Purse, Identification Card, Medical Card, Internet Security, Drivers License Network Access, Software Key, Access Control, Gift and Loyalty programs – you decide.

Security:
For many smart card applications security is the main concern, & with BasicCard you offer the best. Of course we supports standards like DES, TripleDES and AES, but now for unsurpassed security, you have the option of our 4096-bit-RSA or 512-bit Elliptic Curve Cryptography (BasicCard ZC7.5).

How it Works
The BasicCard Toolkit includes everything you need to get started. Install the software and smart card reader/writer and you are ready to start.
Follow our examples or write your own application. When you are done, use the BasicCard compiler to convert your application to P-Code and load it to the E²Prom of your BasicCard. You have just programmed your first smart card. It is that simple!

BasicCard -Toolkit
This package includes all the software you’ll need to start programming yourself. You will also get a PC/SC compatible smart card reader/writer CyberMouse®, a small balance reader, an Enhanced BasicCard ZC3.7 (2 kByte E²Prom), and two Enhanced BasicCard ZC3.9 (8 kByte E²Prom). The Windows® software package contains a fully functional symbolic double debugger to step through the source code from the BasicCard and the PC simultaneously. The BasicCard Toolkit also includes an API for 32 bit Windows® either as API for programming using C/C++ or as OCX for programming using Microsoft® Visual Basic or Delphi programs. Librarys are available for Java or .Net.

Why is BASIC the Smart Choice?
BASIC was originally developed when computers had no resources. That is exactly the same problem what we have today with smart cards. So programmers needed a language suited to the limited computing resources – and here BASIC fits perfect. When you also take into account the limitations of smart card microprocessors, BASIC becomes the smart choice. Sure, there are fancier programming languages, but when you are trying to program a smart card, anything else is just show business.

In the end, the most important difference between a BasicCard® and a Java® or MultOS®card is not the programming language – it´s the price. And the formula here is simple: the bigger the smart card chip, the higher the price. Java® and MultOS® are resource-hungry, to run a simple application they need expensive smart card chips (i.e. 1 kByte RAM, 64 kByte ROM and 32 kByte E²Prom). Using the Enhanced BasicCard (256 bytes RAM, 17 kByte ROM and 8 kByte E²Prom) costs 1/3 as much.

Here’s How to Get Started:

* 1. Click on the Free Download link below.

2. Download the BasicCard Software Tools Version: 6.xx. This will include a manual (Word File) and the programming software you’ll need for Win9x/NT/2000/XP/Vista.

3. Select the Order Online option to purchase the complete BasicCard Toolkit for 59 €. This will include a Developer Software Package for Windows® on CD-ROM, a technical manual in printed form, a CyberMouse® smart card reader/writer, a small balance reader and of course some programmable BasicCards.

4. Don’t wait. Start today. After you have ordered your BasicCard Toolkit, install the BasicCard Software Tools you just downloaded. Take a moment to review the manual and then start working with the programming tools. Review some of our examples and try writing an application yourself. Test your code using the Double Debugger and when your complete BasicCard Toolkit arrives, you will be ready to install the CyberMouse® smart card reader/writer and load your first BasicCard application.

GO TO THE DOWNLOAD

Tags:

Smartcard Benefits

March 2nd, 2009 | Comments Off | Posted in Smart Card

Smart card benefits

The primary benefit from the use of a Smartcard is increased security. Smartcards are inherently more secure than conventional magnetic stripe cards and this brings tangible benefit to both the card issuer and the card user.

The development of technology in recent years means that the cost differential between a Smartcard and a conventional magnetic stripe card has steadily eroded, particularly when the massively greater utility of the Smartcard is considered.

With the ability to securely store and update information on board the card, the Smartcard provides an ideal platform for the safe management of the cardholder’s details (such as account information). It is in effect the consumer’s own secure personal database. The processing power of the card also makes it possible to introduce levels of authentication that are simply not possible with magnetic stripe technology. Various cardholder authentication methods such as passwords, PIN, digital photograph or Biometric (e.g. fingerprint) schemes can easily be supported. Such levels of secure authentication are particularly relevant in the e-commerce world, where a consumer has to ensure that they are buying products or services from a genuine vendor as opposed to providing details to a fraudulent web site. Smartcards allow the consumer to control release of information contained on the card while also controlling who receives the information. Conversely, it is just as important for the vendor to ensure that the cardholder is not making use of a stolen card to make their purchase.

Added to all of the above is the ability to modify the card services (even while on line) giving the consumer the power to pick and choose the features of their own Smartcard as required.

This makes the Smartcard a clear choice for the e-Commerce market where a consumer has to ensure that they are buying products or services from a genuine vendor as opposed to providing details to a fraudulent web site. Smartcards allow the consumer to control release of information contained on the card while also controlling who receives the information. Conversely, it is just as important for the vendor to ensure that the cardholder is not making use of a stolen card to make their purchase.

Smartcards provide great opportunities for businesses as well as consumers. With the introduction of greater and more flexible card functionality, businesses can differentiate themselves through improved Customer Relationship Management. Smartcard technology allows effective card holder profiling giving the ability to furnish consumers with new products and features which best suit their lifestyle, while providing the business and/or card issuer with valuable information on customer habits.

So whether you are a merchant selling products over the World Wide Web or a consumer who wishes to buy such products, the Smartcard is enabling the implementation of solutions that consumers and businesses can use with confidence. As Smartcard Technology continues to advance, it won’t be long before we are all carrying our own Smartcard, the uses for which will only be limited by the imagination.

Solutions

The growth in the use of Smartcards has been phenomenal, the most exciting example probably being GSM telephony, where each handset has a Smartcard called a SIM. Other major growth areas include financial services (credit and debit cards), transport, healthcare and physical and virtual access control. The diagram shows the growth rate experienced in Smartcards.

Smartcard applications in units (million) worldwide

1999 2000 2001 2002 2003 2004 CARG
Wireless Communications 235.5 317 417.1 519.8 649.8 807.6 28%
Financial Cards 113.8 175.9 238.5 324 395.5 459.3 32%
Health Cards 28.7 29.4 26.8 33.5 65.6 82.6 24%
Pay TV 17.5 21.5 26.6 35.1 43.9 55.3 26%
Transport 0.3 0.6 1.7 2.5 3.9 6.2 81%
ID Cards 14.1 24.5 34.7 57.9 83 95.7 47%
Network Security 0.7 4.6 15.6 48.4 102 169.4 196%
Other 23.3 24.2 30.3 35.9 53.5 82.3 31%
Total 431.7 597.9 791.3 1057 1397 1758.4 32%
Year-on-year growth 52% 38% 32% 34% 32% 26%

Source: Gartner Dataquest

Tags:

What is a smart card?

March 2nd, 2009 | Comments Off | Posted in Smart Card

Smart card example

A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside — a normal credit card is a simple piece of plastic. The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card.

Smart cards are much more popular in Europe than in the United States. In Europe, the health insurance and banking industries use smart cards extensively. Every German citizen has a smart card for health insurance. Even though smart cards have been around in their modern form for at least a decade, they are just starting to take off in the United States.

Magnetic stripe technology remains in wide use in the United States. However, the data on the stripe can easily be read, written, deleted or changed with off-the-shelf equipment. Therefore, the stripe is really not the best place to store sensitive information. To protect the consumer, businesses in the U.S. have invested in extensive online mainframe-based computer networks for verification and processing. In Europe, such an infrastructure did not develop — instead, the card carries the intelligence.

The microprocessor on the smart card is there for security. The host computer and card reader actually “talk” to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card’s random access memory (RAM), it would be no different than a diskette.

Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.

The most common smart card applications are:

* Credit cards
* Electronic cash
* Computer security systems
* Wireless communication
* Loyalty systems (like frequent flyer points)
* Banking
* Satellite TV
* Government identification

Smart cards can be used with a smart-card reader attachment to a personal computer to authenticate a user. Web browsers also can use smart card technology to supplement Secure Sockets Layer (SSL) for improved security of Internet transactions. Visa’s Smart Card FAQ shows how online purchases work using a smart card and a PC equipped with a smart-card reader. Smart-card readers can also be found in mobile phones and vending machines.

Tags: ,

Smart Card Security

March 2nd, 2009 | Comments Off | Posted in Smart Card

Smart card security

Smart cards provide computing and business systems the enormous benefit of portable and secure storage of data and value. At the same time, the integration of smart cards into your system introduces its own security management issues, as people access card data far and wide in a variety of applications.

The following is a basic discussion of system security and smart cards, designed to familiarize you with the terminology and concepts you need in order to start your security planning.
What Is Security?

Security is basically the protection of something valuable to ensure that it is not stolen, lost, or altered. The term “data security” governs an extremely wide range of applications and touches everyone’s daily life. Concerns over data security are at an all-time high, due to the rapid advancement of technology into virtually every transaction, from parking meters to national defense.

Data is created, updated, exchanged and stored via networks. A network is any computing system where users are highly interactive and interdependent and by definition, not all in the same physical place. In any network, diversity abounds, certainly in terms of types of data, but also types of users. For that reason, a system of security is essential to maintain computing and network functions, keep sensitive data secret, or simply maintain worker safety. Any one company might provide an example of these multiple security concerns: Take, for instance, a pharmaceutical manufacturer:

Type Of Data

Security Concern

Type Of Access

Drug Formula

Basis of business income. Competitor spying

Highly selective list of executives

Accounting, Regulatory

Required by law

Relevant executives and departments

Personnel Files

Employee privacy

Relevant executives and departments

Employee ID

Non-employee access. Inaccurate payroll, benefits assignment

Relevant executives and departments

Facilities

Access authorization

Individuals per function and clearance such as customers, visitors, or vendors

Building safety, emergency response

All employees

Outside emergency response
What Is Information Security?

Information security is the application of measures to ensure the safety and privacy of data by managing it’s storage and distribution. Information security has both technical and social implications. The first simply deals with the ‘how’ and ‘how much’ question of applying secure measures at a reasonable cost. The second grapples with issues of individual freedom, public concerns, legal standards and how the need for privacy intersects them. This discussion covers a range of options open to business managers, system planners and programmers that will contribute to your ultimate security strategy. The eventual choice rests with the system designer and issuer.
The Elements Of Data Security

In implementing a security system, all data networks deal with the following main elements:

1. Hardware, including servers, redundant mass storage devices, communication channels and lines, hardware tokens (smart cards) and remotely located devices (e.g., thin clients or Internet appliances) serving as interfaces between users and computers
2. Software, including operating systems, database management systems, communication and security application programs
3. Data, including databases containing customer – related information.
4. Personnel, to act as originators and/or users of the data; professional personnel, clerical staff, administrative personnel, and computer staff

The Mechanisms Of Data Security

Working with the above elements, an effective data security system works with the following key mechanisms to answer:

1. Has My Data Arrived Intact? (Data Integrity) This mechanism ensures that data was not lost or corrupted when it was sent to you
2. Is The Data Correct And Does It Come From The Right Person? (Authentication) This proves user or system identities
3. Can I Confirm Receipt Of The Data And Sender Identity Back To The Sender? (Non-Repudiation)
4. Can I Keep This Data Private? (Confidentiality) – Ensures only senders and receivers access the data. This is typically done by employing one or more encryption techniques to secure your data
5. Can I Safely Share This Data If I Choose? (Authorization and Delegation) You can set and manage access privileges for additional users and groups
6. Can I Verify The That The System Is Working? (Auditing and Logging) Provides a constant monitor and troubleshooting of security system function
7. Can I Actively Manage The System? (Management) Allows administration of your security system

Tags:

Smart Card System Planning & Deployment

March 2nd, 2009 | Comments Off | Posted in Smart Card Software

Smart card system design requires advance planning to be successful and to avoid problems. It is highly recommended that you graphically diagram the flow of information for your new system. The first question to consider is ‘will the card and system transact information, or value, or both?’ If it stores keys or value (i.e.; gift certificates or sports tickets), greater design detail is required than in data-only systems. When you combine information types on a single card, other issues arise. The key to success is not to overrun the system with features that can confuse users and cause problems in management. We recommend that you phase-in each feature set as each one is working. To properly implement a functional smart card system you should be able to answer the following questions. NOTE: These are only general guidelines, provided as a basis for your individual planning. Many other steps may be involved and are not mentioned here. For more extensive planning information regarding identity management and national IDs we recommend that you review the GSA Smart Card Handbook.
Basic Set-Up

1. Is there a clear business case? Including financial and consumer behavior factors?
2. Will the system be single or multi-application?
3. What type of information do I want to store in the cards (ie; data or value)?
4. How much memory is required for each application?
5. If multi-application, how will I separate different types of data?
6. Will card data be obtained from a database? Or loaded every time?
7. Will this data concurrently reside on a database?
8. How many cards will be needed?
9. Are card/infrastructure vendors identified? What are the lead times?

Security Planning

1. What are the security requirements?
2. Does all, or only some of the data need to be secure?
3. Who will have access to this information?
4. Who will be allowed to change this information?
5. In what manner shall I secure this data i.e. encryption, Host passwords, card passwords/PINs or all of these?
6. Should the keys/PINs be customer or system-activated?
7. What form of version control do I want?

Value Applications

1. Should the value in the cards be re-loadable or will the cards be disposable?
2. How will I distribute the cards?
3. How will cards be activated and loaded with value?
4. What type of card traceability should I implement?
5. What is the minimum and maximum value to store on each card?
6. Will there be a refund policy?

General Issuance

1. How many types of artwork will be included in the issuance?
2. Who will do the artwork?
3. What is needed on the card? For example signature panels, Magnetic-Stripe, Embossing etc.

Multi-Application Card Systems

It is highly recommended that you graphically diagram the flow of information as shown below.

Smart card app flow

Building a smart card system that stores value i.e. gift certificates, show tickets, redemption points or cash equivalents requires an attention to detail not necessary in other information management systems. The key to success is not to overrun the system with features that can confuse users and cause problems in management. We recommend that you phase-in each feature set after the first one is working. Here is a list of some questions that are pertinent to these systems in addition to the above questions.
Deployment

As the minimum steps in deploying a stored value or multi-application system, establish clear achievable program objectives;

1. Make sure the organization has a stake in the project’s success and that management buys into the project
2. Set a budget
3. Name a project manager
4. Assemble a project team and create a team vision
5. Graphically create an information – card and funds-flow diagram
6. Assess the card and reader options
7. Write a detailed specification for the system
8. Set a realistic schedule with inch-stones and mile-stones
9. Establish the security parameters for both people and the system
10. Phase-in each system element, testing as you deploy
11. Reassess for security leaks
12. Deploy the first phase of cards and test, test
13. Train the key employees responsible for each area
14. Set-up a system user manual
15. Check the reporting structures
16. Have contingency plans should problems arise
17. Deploy and announce
18. Advertise and market your system

Tags: , ,
« Older Entries