24-01-2010, 05:23 PM
[attachment=1437]
LATEST SMART CARD FEATURES
Latest Features of Smart Cards and Intelligent Tokens
Abstract
Smart Cards are plastic credit cards devices with an integrated circuit
chip with microprocessor. These smarts cards have the mechanism for
storing and/or processing
information. Intelligent Tokens (iButton) are high capacity general-
purpose electronic data carriers, each with a unique registration
number. They have the same components as
smart cards but are shielded by a steel case. This paper will show the
differences between contact smart cards, contact less smart cards and
intelligent tokens (iButton) with respect to RAM, ROM and EEPROM and
other related aspects.
Introduction
As the use of computers has been more and more widespread within
organizations and individuals all over the world, the way people thinks
has changed, and the need to apply this technology to all of daily
aspects has increased. Smart cards are becoming acceptable for user
authentication and many other purposes. The usage of smart cards has
spread in many areas such as Pay Phones, GSM and other areas as shown
below.
Annual growth of smart cards
There are lots of different kinds of smart cards: security cards (used
to identify the carrier), electronic wallet cards (with stored value),
processor cards (which carry out
proprietary calculations in a black box fashion), memory cards and even
cards with
virtual machines to run Java applets!
Smart cards and intelligent tokens uses encryption algorithms to
provide the required level of data security to prove the identity of
the person sending/receiving the message and that the message hasnâ„¢t
been altered.
There are many custom command sets used by smart cards but most of
them are based around the ISO-7816 specifications, which set out the
communication protocols ad defines the commands used by smart cards in
great details. Smart cards allow thousands of times the information
storable on magnetic stripe cards. In addition, smart cards are more
reliable, perform multiple functions and are more secure because of
high security mechanisms such as advanced encryption and biometrics.
Smart cards can and will hold a large amount of personal information,
from medical/health history to personal banking and personal
preferences.
The chip components
Below figure shows the main elements of microprocessor used in smart
cards and
intelligent tokens “ CPU, ROM RAM and EEPROM.
Smart card configuration
Central Processing Unit (CPU)
Its function is to get the right instructions from the memory, decode
them and then execute the required commands. The instruction tells the
card the type of calculations required, input and output data
requirements, storage compression techniques to use, security controls
and external signal recognition needs.
Read Only Memory (ROM)
The content of the ROM is defined during the manufacture of the silicon
and the data it stores is unchangeable during the life of the device.
Random Access Memory (RAM)
It has fast, versatile memory. We can read/write to it without any
preparation. RAM losses the information stored in it when the power is
switched off.
Electrically Erasable Programmable Read Only Memory (EEPROM)
It is the largest most complex type of Non Volatile Memory (NVM). It
makes it
possible to generate high voltage required by the silicon chip to erase
and rewrite
specific data by using a method called charge-pump. The power switch
off wonâ„¢t lose
the information stored in EEPROM.
Cryptographic algorithms
To ensure confidentiality, authentication and integrity of the data,
smart cards and
intelligent tokens uses different types of encryption systems such as
Secure Hashing
Algorithm (SHA-1), Rivest, Shamir and Adelman (RSA), Data Encryption
System
(DES) and triple DES. The type of encryption used will differ from one
application to another.
Contact Smart Cards
Contact smart cards gain their access to the out side world via pins
attached to the
outer surface of the smart card. In the case of contact smart cards
these pins has to
contact the smart card reader to get its power and gain access.
Nowadays most contact smart cards have the specifications as shown in
above table.
Contact smart cards feature
Contact-less smart cards
The contact-less smart cards are constructed the same as the contact
cards but they donâ„¢t use pins to communicate with the out side of the
world. [12] Contact-less smart cards still depends on the outside to
gain the power required to perform its functions. Using antenna for
communication neglects the need for the card insertion to the card
reader. As contact smart cards, contact-less smart cards have mainly
the same features with an added feature which is the distance required
to enable the two antenna in the contact less smart card and the reader
to communicate, and these features are:
Contact-lees smart cards features
It describe it as Mutual authentication + encrypted transmission using
session key
The risks of using smart cards
Losing value
If a stored-value smart card is lost or stolen, the value stored is
lost. Losing that kind of smart card is like losing cash, and it can
happen to the best of us. Debit cards with
liability limitations (such as are commonly found today) may present a
more attractive
alternative to some consumers. Of course, there is no anonymity with
debit cards as
there can be with certain kinds of stored-value cards.
Key compromise
Many e-commerce cards carry secret crypto keys (usually DES or RSA
private keys).
If these keys are compromised, they can be used to load value onto the
card, change
card parameters, or bilk consumers by adjusting the card balance.
Extreme care must
be taken to guard crypto keys.
Intelligent Tokens
Intelligent Tokens have their own battery as a power supply, which
makes them
independent of the outside world for their power. These batteries may
last for 10 years,
which is the lifetime of the token. They also have stainless steel
surrounding the chip.
This shell protects the chip against environment changes and any
attempt to attack the chip. They can be manufactured in many shapes
like rings, key fobs and badges.
Intelligent tokens use more encryption systems then are used in smart
cards which
makes them more secure. Some of the characteristics of the intelligent
tokens are:
Intelligent Tokens features
Security of Intelligent tokens
When software and PC hardware are hacked, the keys remain safe in the
digitally and physically secure iButton chip. The cryptographic
boundary for the iButton is its
surrounding steel shell. If the iButton is physically attacked, it
triggers a tamper response that quickly "zeroes" to erase the contents
of the memory rather than reveal private keys and other sensitive
information to the intruder. The iButton's cryptographic services
include secure private key storage and secure message digest
("hashing") for digital signatures and certificates. Users can sign
electronic documents and generate certificates to access restricted Web
sites without ever revealing their private keys. Add to security the
fact that owner can guard the token closely by wearing it as a ring or
as a chain.
Analyses
The above three tableâ„¢s show the different characteristics of contact
smart cards, contact-less smart cards and intelligent tokens
respectively.
From first table we can see the following characteristics of contact
smart cards:
¢ ROM: 24 - 64 Kbytes
¢ RAM: 512 Bytes “ 3 Kbytes
¢ EEPROM: 2.25 “ 8 Kbytes
¢ Speed of Operation: 100 nanoseconds “ 9 ms
¢ Cryptographic algorithm: Triple DES and Hardwire cryptographic
algorithm
¢ Frequency: 13.56 MHZ
From second table we get the characteristics of contact-less smart
cards
¢ ROM: 24 “ 64 Kbytes
¢ RAM: 512 Byte “ 3 Kbytes
¢ EEPROM: 2.25 “ 8 Kbytes
¢ Speed of Operation: 100 nanoseconds “ 9 ms
¢ Cryptographic algorithm: Triple DES and Hardwire cryptographic
algorithm
¢ Frequency: 13.56 MHZ
¢ Distance: 10 “ 50 cm
From last table gives the characteristics of intelligent tokens and
they are as follow:
¢ ROM: 64 Kbytes
¢ RAM: 6-134 Kbytes
¢ Clock speed: 100 nanoseconds
¢ Cryptographic algorithms: SHA-1, RSA, DES and Triple DES
By comparing firsat and second tables , we can conclude that the
characteristics of both contact/contact-less smart cards are the same
with one difference that is the distance
required by the contact-less smart cards to be able to communicate with
the card reader
and that difference is 10 cm when using High Frequency (HF) and 50 cm
when Low
Frequency (LF) is used.
The large RAM in intelligent tokens is one of the major differences
between the
intelligent tokens and smart cards. Also intelligent tokens are capable
of using more
advanced cryptographic algorithms than smart cards. Intelligent tokens
uses its own
power supply attached to the token that last for at least 10 years.
Intelligent tokens are much faster than most of smart cards. The only
smart card, which has a speed of 100 nanoseconds, is the Samsung Mono-
chip where by most of the
intelligent tokens has a clock speed of 100 nanoseconds.
Conclusions
Most of the smart cards these days are capable of running java codes,
because the
minimum requirement for that is 16K of ROM, 8K of EEPROM and 256 RAM
Most of the iButton has a 64 Kbytes RAM, 134 ROM and can store over 30
certificates with 1024-bit keys using ISO X.509v3, the most widely
recognized publickey
certificate format.
In both smart cards and intelligent tokens the maximum ROM is 64 Kbytes
and the minimum is 24 Kbytes in smart cards. ROM in other hand has a
maximum of 134
Kbytes in intelligent tokens and a minimum of 512 Bytes in some smart
cards. The maximum EEPROM is 8 Kbytes in smart cards and the minimum is
2.25 Kbytes
in smart cards also. I did not find any information about EEPROM with
Intelligent
tokens. I would like to mention that the blank places in above tables
means that this feature hasnâ„¢t been given for that item. I have found
many sites that have smart cards and intelligent tokens features, but I
have included only those sites that give at least two features and I
tried to join items that have relatively the same features and
manufacturer in one group, like the Hitachi semiconductors smart cards.
I think the use of smart cards will increase in the future especially
the contact-less type and also the use of intelligent tokens.
References
[1] Gary McGraw,â„¢ Smart cards, Java cards and securityâ„¢, Earthweb IT
Management:
Encryption: Smart cards, Java cards and security,
URL:
http://itmanagement.earthwebsecu/encr/ar...01661,00.h
tml ,
11/5/2001
[2] Gary Ellis, 2000, ˜ Wearable Java Computer™, Corp,
URL:http://dalseminews/pr/product/2000/usbfob.html , 1/5/2001
[3] Dallas Semiconductor, 2001,â„¢iButton Online Storeâ„¢, Dallas
Semiconductor,
URL: https://store.ibuttoncgibin/
ncommerce3/CategoryDisplay?cgrfnbr=808&cgmenbr=776&cg=808, 1/5/2001
