|
1 An Introduction to Smart Cards |
|
|
1 | |
|
|
|
|
|
|
1 | |
|
1.2 What is a Smart Card? |
|
|
2 | |
|
1.2.1 Magnetic Stripe Cards |
|
|
2 | |
|
|
|
5 | |
|
1.2.3 Microprocessor Chip Cards |
|
|
6 | |
|
1.2.4 Contact-less Smart Cards and RFIDs |
|
|
6 | |
|
|
|
7 | |
|
|
|
8 | |
|
|
|
11 | |
|
1.5 Smart Card Characteristics |
|
|
12 | |
|
|
|
13 | |
|
1.7 Current Applications for Smart Cards |
|
|
14 | |
|
|
|
15 | |
|
|
|
17 | |
|
|
|
17 | |
|
1.7.4 Identity and Passports |
|
|
18 | |
|
1.7.5 Entitlement and Health |
|
|
18 | |
|
1.7.6 Physical and IT Access Control |
|
|
19 | |
|
|
|
20 | |
|
1.8 Smart Card Application Development |
|
|
20 | |
|
1.9 Development, Roll-Out and Lifecycle Management Issues |
|
|
22 | |
|
|
|
23 | |
|
|
|
24 | |
|
2 Smart Card Production Environment |
|
|
27 | |
|
|
|
|
|
|
27 | |
|
2.2 Smart Card Production Steps |
|
|
29 | |
|
|
|
29 | |
|
2.2.2 Card Body Manufacturing |
|
|
29 | |
|
2.2.3 Personalization and related Services |
|
|
35 | |
|
2.2.4 Security and Quality |
|
|
44 | |
|
|
|
46 | |
|
|
|
48 | |
|
|
|
50 | |
|
3 Multi Application Smart Card Platforms and Operating Systems |
|
|
51 | |
|
Konstantinos Markantonakis |
|
|
|
|
|
51 | |
|
3.1.1 Smart card Platform Evolution |
|
|
52 | |
|
|
|
55 | |
|
|
|
55 | |
|
3.2.2 Java Card Technology |
|
|
56 | |
|
|
|
64 | |
|
3.3.1 The GlobalPlatform Association |
|
|
64 | |
|
3.3.2 The GlobalPlatform Card Specification |
|
|
65 | |
|
|
|
72 | |
|
3.4.1 The MULTOS Consortium |
|
|
72 | |
|
3.4.2 MULTOS Specification |
|
|
73 | |
|
3.4.3 The Multos Card Architecture |
|
|
73 | |
|
3.4.4 Multos Executable Language (MEL) |
|
|
73 | |
|
3.4.5 The Application Abstract Machine |
|
|
75 | |
|
3.4.6 Application Loading and Deletion |
|
|
75 | |
|
3.4.7 Communicating with a Multos Smart Card |
|
|
76 | |
|
|
|
76 | |
|
3.4.9 Multos Security Features |
|
|
76 | |
|
|
|
77 | |
|
|
|
78 | |
|
|
|
78 | |
|
|
|
79 | |
|
|
|
80 | |
|
4 Smart Cards for Mobile Communications |
|
|
85 | |
|
Keith Mayes and Tim Evans |
|
|
|
|
|
85 | |
|
|
|
87 | |
|
4.3 Subscriber Identity and Authentication |
|
|
89 | |
|
4.3.1 So how does SIM Authentication Work? |
|
|
91 | |
|
4.3.2 3G/USIM Authentication/Ciphering |
|
|
92 | |
|
4.3.3 SIM/USIM Authentication Algorithms |
|
|
96 | |
|
4.4 General Added Features |
|
|
97 | |
|
|
|
97 | |
|
|
|
98 | |
|
4.4.3 SMS Settings and Storage |
|
|
98 | |
|
4.4.4 Last Dialled numbers |
|
|
99 | |
|
4.4.5 Access Control Class |
|
|
99 | |
|
4.4.6 GPRS Authentication and encryption files |
|
|
99 | |
|
|
|
99 | |
|
4.6 SIMs and USIMs Some Practical Comparisons |
|
|
100 | |
|
4.7 (U)SIM Value Added Services |
|
|
103 | |
|
4.8 The (U)SIM as a Handset Security Module |
|
|
107 | |
|
4.9 The Future Evolution of the (U)SIM |
|
|
108 | |
|
|
|
111 | |
|
|
|
112 | |
|
5 Smart cards for Banking and Finance |
|
|
115 | |
|
Konstantinos Markantonakis and Keith Mayes |
|
|
|
|
|
115 | |
|
5.2 Payment Card Technologies |
|
|
116 | |
|
5.2.1 Magnetic Stripe Cards |
|
|
118 | |
|
|
|
120 | |
|
5.3.1 Card Authentication |
|
|
121 | |
|
5.4 Cardholder Not Present Transactions |
|
|
125 | |
|
5.4.1 Purchase from a Genuine Merchant Using Someone Else's Payment Details |
|
|
126 | |
|
5.4.2 Genuine Purchaser Buying from a Rogue Merchant |
|
|
126 | |
|
5.4.3 Third Party Attacker |
|
|
127 | |
|
5.5 Dynamic Passcode Authentication |
|
|
128 | |
|
5.6 Could a Mobile Phone be a Token Reader? |
|
|
131 | |
|
5.7 Token Authentication Examples |
|
|
132 | |
|
|
|
133 | |
|
|
|
133 | |
|
5.8.2 Thoughts on 3D Secure |
|
|
136 | |
|
5.9 Just Wave Your Card to Pay |
|
|
136 | |
|
|
|
137 | |
|
|
|
137 | |
|
6 Security For Video Broadcasting |
|
|
139 | |
|
|
|
|
|
|
139 | |
|
|
|
141 | |
|
|
|
142 | |
|
|
|
143 | |
|
|
|
144 | |
|
|
|
145 | |
|
|
|
146 | |
|
|
|
147 | |
|
|
|
152 | |
|
|
|
153 | |
|
7 Introduction to the TPM |
|
|
155 | |
|
|
|
|
|
|
155 | |
|
|
|
156 | |
|
7.2.1 Fundamental Features of a Trusted Platform |
|
|
157 | |
|
7.2.2 Additional Features |
|
|
159 | |
|
|
|
160 | |
|
|
|
160 | |
|
|
|
160 | |
|
7.3.3 Non-Volatile Storage |
|
|
161 | |
|
7.3.4 Attestation Identity Keys |
|
|
162 | |
|
7.3.5 Platform Configuration Registers |
|
|
163 | |
|
|
|
163 | |
|
|
|
163 | |
|
7.3.8 Random Number Generator |
|
|
164 | |
|
|
|
164 | |
|
7.3.10 RSA Key Generation |
|
|
164 | |
|
|
|
165 | |
|
|
|
165 | |
|
|
|
167 | |
|
|
|
167 | |
|
|
|
167 | |
|
|
|
168 | |
|
|
|
168 | |
|
|
|
169 | |
|
|
|
171 | |
|
|
|
171 | |
|
|
|
173 | |
|
|
|
|
|
|
73 | |
|
8.2 Evolution of National and International Standards |
|
|
174 | |
|
8.2.1 International Recognition |
|
|
175 | |
|
8.2.2 The need for security benchmarks |
|
|
176 | |
|
8.3 Evaluation Practicalities |
|
|
177 | |
|
8.3.1 Types of evaluation |
|
|
178 | |
|
8.3.2 Evaluation Assurance Levels |
|
|
179 | |
|
8.3.3 Augmentation of Assurance Levels |
|
|
179 | |
|
|
|
180 | |
|
8.4.1 Performing Evaluations |
|
|
181 | |
|
8.5 Developing Protection Profiles and Security Targets |
|
|
182 | |
|
8.5.1 Establish the security environment |
|
|
182 | |
|
8.5.2 Establish Security Objectives |
|
|
183 | |
|
8.5.3 Establish Security Requirements |
|
|
183 | |
|
8.5.4 Establish TOE Summary Specification |
|
|
184 | |
|
8.5.5 Establish Rationale |
|
|
184 | |
|
8.5.6 Claiming Compliance with Protection Profiles |
|
|
185 | |
|
|
|
185 | |
|
8.6.1 Establish the Security Environment |
|
|
186 | |
|
8.6.2 Establish security objectives |
|
|
186 | |
|
8.6.3 Establish Security Requirements |
|
|
187 | |
|
8.6.4 Establish TOE summary specification |
|
|
188 | |
|
8.6.5 Establish Rationale |
|
|
189 | |
|
|
|
189 | |
|
8.8 Evaluation Composition |
|
|
190 | |
|
|
|
192 | |
|
|
|
193 | |
|
|
|
195 | |
|
|
|
|
|
|
195 | |
|
9.2 Cryptographic Algorithms |
|
|
197 | |
|
9.2.1 Data Encryption Standard |
|
|
197 | |
|
|
|
199 | |
|
9.3 Smart Card Security Features |
|
|
202 | |
|
|
|
202 | |
|
9.3.2 Cryptographic Coprocessors |
|
|
203 | |
|
9.3.3 Random Number Generators |
|
|
204 | |
|
|
|
205 | |
|
|
|
205 | |
|
9.4 Side Channel Analysis |
|
|
207 | |
|
|
|
207 | |
|
|
|
208 | |
|
9.4.3 Electromagnetic Analysis |
|
|
213 | |
|
|
|
214 | |
|
|
|
216 | |
|
9.5.1 Fault Injection Mechanisms |
|
|
217 | |
|
9.5.2 Modelling the Effect of a Fault |
|
|
218 | |
|
9.5.3 Faults in Cryptographic Algorithms |
|
|
218 | |
|
|
|
221 | |
|
9.6 Embedded Software Design |
|
|
222 | |
|
|
|
222 | |
|
|
|
224 | |
|
|
|
225 | |
|
|
|
225 | |
| 10 Application Development Environments for Java and SIM Toolkit |
|
229 | |
|
Gary Waite and Keith Mayes |
|
|
|
|
|
229 | |
|
10.2 Smart Cards Characteristics |
|
|
230 | |
|
|
|
231 | |
|
|
|
232 | |
|
|
|
233 | |
|
10.4.1 The Java Card Framework |
|
|
235 | |
|
|
|
238 | |
|
|
|
239 | |
|
|
|
242 | |
|
10.6 Application Development Tools |
|
|
243 | |
|
10.6.1 Compilers & Integrated Development Environments |
|
|
243 | |
|
|
|
244 | |
|
10.6.3 Protocol Analysis (Spy) Tools |
|
|
245 | |
|
|
|
246 | |
|
10.7 Mobile Phone Applications and the (U)SIM |
|
|
247 | |
|
|
|
248 | |
|
|
|
250 | |
|
10.7.3 SIM Dongle Example |
|
|
251 | |
|
10.8 Looking To The Future |
|
|
253 | |
|
|
|
253 | |
|
|
|
254 | |
| 11 OTA and Secure SIM Lifecycle Management |
|
257 | |
|
|
|
|
|
|
258 | |
|
11.2 The SIM Card As A Managed Platform |
|
|
258 | |
|
11.2.1 Common Stored and Managed Data |
|
|
259 | |
|
11.2.2 SIM Application Toolkit Interface SAT |
|
|
260 | |
|
11.2.3 Main Differences Between a SIM and a LI-CC/USW Card |
|
|
264 | |
|
11.3 OTA - Over-The-Air Management |
|
|
265 | |
|
11.3.1 OTA Server Capabilities |
|
|
267 | |
|
11.4 Limitations and Improvements |
|
|
268 | |
|
11.4.1 Customer Managed Applications |
|
|
270 | |
|
11.5 SIM Lifecycle Management |
|
|
271 | |
|
|
|
274 | |
|
|
|
275 | |
| 12 Smart Card Reader APIS |
|
277 | |
|
|
|
|
12.1 Terminology: Smart Card Reader, IFD, CAD and Terminal |
|
|
277 | |
|
12.2 OCF: OpenCard Framework |
|
|
279 | |
|
|
|
279 | |
|
|
|
281 | |
|
|
|
282 | |
|
|
|
282 | |
|
|
|
282 | |
|
12.3.3 Various Implementations |
|
|
285 | |
|
|
|
288 | |
|
|
|
289 | |
|
|
|
291 | |
|
|
|
291 | |
|
|
|
292 | |
| 13 RFID and Contactless Technology |
|
295 | |
|
|
|
|
|
|
295 | |
|
13.2 Contactless Technology |
|
|
296 | |
|
|
|
299 | |
|
13.3 Radio Frequency Interface |
|
|
301 | |
|
13.3.1 Communication Theory |
|
|
302 | |
|
13.3.2 Inductive Coupling |
|
|
305 | |
|
|
|
311 | |
|
|
|
311 | |
|
|
|
317 | |
|
|
|
319 | |
|
|
|
320 | |
|
|
|
321 | |
|
|
|
321 | |
| 14 ID CARDS AND PASSPORTS |
|
323 | |
|
|
|
|
|
|
323 | |
|
|
|
324 | |
|
14.2.1 Requirements and Constituents of Modern National ID Cards |
|
|
324 | |
|
14.2.2 International Standards for ID Cards |
|
|
331 | |
|
14.2.3 Optical Personalisation of ID Cards |
|
|
333 | |
|
14.2.4 Countries and Their ID Cards |
|
|
337 | |
|
|
|
339 | |
|
|
|
339 | |
|
14.3.2 Constituents of Passports |
|
|
341 | |
|
14.3.3 EU and ICAO Requirements |
|
|
343 | |
|
14.3.4 Security Protocols |
|
|
344 | |
|
|
|
345 | |
|
|
|
345 | |
| 15 Smart Card Technology Trends |
|
347 | |
|
|
|
|
15.1 Trends In Smart Card Technology — Today And The Future |
|
|
347 | |
|
|
|
348 | |
|
15.1.2 Technology Choices |
|
|
351 | |
|
15.1.3 Technology Drivers |
|
|
355 | |
|
|
|
364 | |
|
15.1.5 Emerging Applications |
|
|
370 | |
|
|
|
376 | |
|
|
|
377 | |
A Source Code for
Chapter 12 |
|
381 | |
|
|
|
381 | |
|
|
|
385 | |
| Index |
|
387 | |
