Sunday, 26 July 2015

What is smart card?

What is smart card?

Contact-type smart cards may have
many different contact pad layouts,
such as these SIMs

smart card , chip card , or integrated circuit
card ( ICC) is any pocket-sized card with
embedded integrated circuits . Smart cards are
made of plastic, generally polyvin chloride,
but sometimes polyethylene terephthalate
based polyesters, acrylonitrile butadiene
styrene or polycarbonate. Since April 2009, a
Japanese company has manufactured reusable
financial smart cards made from paper.

Smart cards can provide identity
documentation, authentication, data storage,

and application processing.
Smart cards
may provide strong security authentication for
single sign-on (SSO) within large
organizations.

Benefits

The benefits of smart cards are directly related
to the volume of information and applications
that are programmed for use on a card. A
single contact/contactless smart card can be
programmed with multiple banking credentials,
medical entitlement, driver’s license/public
transport entitlement, loyalty programs and
club memberships to name just a few. Multi-
factor and proximity authentication can and
has been embedded into smart cards to
increase the security of all services on the
card. For example, a smart card can be
programmed to only allow a contactless
transaction if it is also within range of another
device like a uniquely paired mobile phone.
This can significantly increase the security of
the smart card.
Governments and regional authorities save
money because of improved security, better
data and reduced processing costs. These
savings help reduce public budgets or enhance
public services. There are many examples in
the UK, many using a common open LASSeO
specification. [27]
Individuals have better security and more
convenience with using smart cards that
perform multiple services. For example, they
only need to replace one card if their wallet is
lost or stolen. The data storage on a card can
reduce duplication, and even provide
emergency medical information.

Problems

The plastic card in which the chip is embedded
is fairly flexible. The larger the chip, the higher
the probability that normal use could damage
it. Cards are often carried in wallets or
pockets, a harsh environment for a chip.
However, for large banking systems, failure-
management costs can be more than offset by
fraud reduction. [citation needed ]
If the account holder's computer hosts
malware , the smart card security model may
be broken. Malware can override the
communication (both input via keyboard and
output via application screen) between the
user and the application. Man-in-the-browser
malware (e.g. the trojan Silentbanker ) could
modify a transaction, unnoticed by the user.
Banks like Fortis and Belfius in Belgium and
Rabobank (" random reader") in the Netherlands
combine a smart card with an unconnected
card reader to avoid this problem. The
customer enters a challenge received from the
bank's website, a PIN and the transaction
amount into the reader, The reader returns an
8-digit signature. This signature is manually
entered into the personal computer and verified
by the bank, preventing malware from
changing the transaction amount.
Smart cards have also been the targets of
security attacks. These attacks range from
physical invasion of the card's electronics, to
non-invasive attacks that exploit weaknesses
in the card's software or hardware. The usual
goal is to expose private encryption keys and
then read and manipulate secure data such as
funds. Once an attacker develops a non-
invasive attack for a particular smart card
model, he is typically able to perform the
attack on other cards of that model in seconds,
often using equipment that can be disguised
as a normal smart card reader.[28] While
manufacturers may develop new card models
with additional security, it may be costly or
inconvenient for users to upgrade vulnerable
systems. Tamper-evident and audit features in
a smart card system help manage the risks of
compromised cards.
Another problem is the lack of standards for
functionality and security. To address this
problem, The Berlin Group launched the
ERIDANE Project to propose "a new functional
and security framework for smart-card based
Point of Interaction (POI) equipment"

See also

Access badge

ATM card Debit card

BasicCard

Credit card

Keycard

lock

List of smart cards
Proximitycard
Transit pass
Travel card Other

Access control Biometric

passportCardprinter

Electronic
money

GlobalPlatform

Identity
document

Java Card

MULTOS
Open

Smart Card
Development
Platform

Payment
Card Industry

Data Security
Standard

Radio-frequency

identification Self-
service Security engineering SNAPI

Payment Card Industry Data Security Standard

No comments:

Post a Comment