Cover image for Smart cards, tokens, security and applications
Title:
Smart cards, tokens, security and applications
Publication Information:
New York, NY : Springer-Verlag, 2008
Physical Description:
xxxvii, 392 p. : ill. ; 24 cm.
ISBN:
9780387721972

Available:*

Library
Item Barcode
Call Number
Material Type
Status
Searching...
30000010184071 TK7895.S62 S62 2008 Open Access Book
Searching...

On Order

Summary

Summary

Providing a broad overview of the many card systems and solutions in practical use today, this state-of-the art work is written by contributing authors who are active researchers and acknowledged experts in their field. A single book cannot be found to match both the breadth and depth of content. The book combines a cross-discipline overview of smart cards, tokens and related security and applications plus a technical reference to support further research and study. A step-by-step approach educates the reader and by the end of the book the reader should be able to play an educated role in a smart card related project.


Table of Contents

Keith MayesClaus EbnerKonstantinos MarkantonakisKeith Mayes and Tim EvansKonstantinos Markantonakis and Keith MayesAllan TomlinsonAllan TomlinsonJohn TierneyMichael TunstallGary Waite and Keith MayesJoos CadonauDamien SauveronGerhard P. HanckeIngo LierschChris Shire
1 An Introduction to Smart Cardsp. 1
1.1 Introductionp. 1
1.2 What is a Smart Card?p. 2
1.2.1 Magnetic Stripe Cardsp. 2
1.2.2 Chip Cardsp. 5
1.2.3 Microprocessor Chip Cardsp. 6
1.2.4 Contact-less Smart Cards and RFIDsp. 6
1.2.5 Smart Tokensp. 7
1.3 Smart Card Chipsp. 8
1.4 Tamper Resistancep. 11
1.5 Smart Card Characteristicsp. 12
1.6 Issuer Controlp. 13
1.7 Current Applications for Smart Cardsp. 14
1.7.1 Mobile Telephonyp. 15
1.7.2 Bankingp. 17
1.7.3 Transportp. 17
1.7.4 Identity and Passportsp. 18
1.7.5 Entitlement and Healthp. 18
1.7.6 Physical and IT Access Controlp. 19
1.7.7 Satellite TVp. 20
1.8 Smart Card Application Developmentp. 20
1.9 Development, Roll-Out and Lifecycle Management Issuesp. 22
1.10 In Conclusionp. 23
Referencesp. 24
2 Smart Card Production Environmentp. 27
2.1 Introductionp. 27
2.2 Smart Card Production Stepsp. 29
2.2.1 Overviewp. 29
2.2.2 Card Body Manufacturingp. 29
2.2.3 Personalization and related Servicesp. 35
2.2.4 Security and Qualityp. 44
2.2.5 Current Trendsp. 46
2.3 In Conclusionp. 48
Referencesp. 50
3 Multi Application Smart Card Platforms and Operating Systemsp. 51
3.1 Introductionp. 51
3.1.1 Smart card Platform Evolutionp. 52
3.2 Java Cardp. 55
3.2.1 Java Card Forump. 55
3.2.2 Java Card Technologyp. 56
3.3 GlobalPlatformp. 64
3.3.1 The GlobalPlatform Associationp. 64
3.3.2 The GlobalPlatform Card Specificationp. 65
3.4 Multosp. 72
3.4.1 The MULTOS Consortiump. 72
3.4.2 MULTOS Specificationp. 73
3.4.3 The Multos Card Architecturep. 73
3.4.4 Multos Executable Language (MEL)p. 73
3.4.5 The Application Abstract Machinep. 75
3.4.6 Application Loading and Deletionp. 75
3.4.7 Communicating with a Multos Smart Cardp. 76
3.4.8 Multos Filesp. 76
3.4.9 Multos Security Featuresp. 76
3.5 Smartcard.NET Cardp. 77
3.6 BasicCardp. 78
3.7 WfSCp. 78
3.8 Conclusionsp. 79
Referencesp. 80
4 Smart Cards for Mobile Communicationsp. 85
4.1 Introductionp. 85
4.2 SIM/USIM Standardsp. 87
4.3 Subscriber Identity and Authenticationp. 89
4.3.1 So how does SIM Authentication Work?p. 91
4.3.2 3G/USIM Authentication/Cipheringp. 92
4.3.3 SIM/USIM Authentication Algorithmsp. 96
4.4 General Added Featuresp. 97
4.4.1 Phone Bookp. 97
4.4.2 Roaming listp. 98
4.4.3 SMS Settings and Storagep. 98
4.4.4 Last Dialled numbersp. 99
4.4.5 Access Control Classp. 99
4.4.6 GPRS Authentication and encryption filesp. 99
4.5 File Typesp. 99
4.6 SIMs and USIMs Some Practical Comparisonsp. 100
4.7 (U)SIM Value Added Servicesp. 103
4.8 The (U)SIM as a Handset Security Modulep. 107
4.9 The Future Evolution of the (U)SIMp. 108
4.10 Conclusionsp. 111
Referencesp. 112
5 Smart cards for Banking and Financep. 115
5.1 Introductionp. 115
5.2 Payment Card Technologiesp. 116
5.2.1 Magnetic Stripe Cardsp. 118
5.3 Smart Cards and EMVp. 120
5.3.1 Card Authenticationp. 121
5.4 Cardholder Not Present Transactionsp. 125
5.4.1 Purchase from a Genuine Merchant Using Someone Else's Payment Detailsp. 126
5.4.2 Genuine Purchaser Buying from a Rogue Merchantp. 126
5.4.3 Third Party Attackerp. 127
5.5 Dynamic Passcode Authenticationp. 128
5.6 Could a Mobile Phone be a Token Reader?p. 131
5.7 Token Authentication Examplesp. 132
5.8 E-Commerce Solutionsp. 133
5.8.1 3D-Securep. 133
5.8.2 Thoughts on 3D Securep. 136
5.9 Just Wave Your Card to Payp. 136
5.10 Concluding Remarksp. 137
Referencesp. 137
6 Security For Video Broadcastingp. 139
6.1 Introductionp. 139
6.2 Digital Video Basicsp. 141
6.3 Scramblingp. 142
6.4 Synchronisationp. 143
6.5 Key Deliveryp. 144
6.6 Access Requirementsp. 145
6.7 Key Hierarchyp. 146
6.8 Implementationp. 147
6.9 In Conclusionp. 152
Referencesp. 153
7 Introduction to the TPMp. 155
7.1 Introductionp. 155
7.2 Trusted Platformsp. 156
7.2.1 Fundamental Features of a Trusted Platformp. 157
7.2.2 Additional Featuresp. 159
7.3 TPM Featuresp. 160
7.3.1 TPM Componentsp. 160
7.3.2 I/O Blockp. 160
7.3.3 Non-Volatile Storagep. 161
7.3.4 Attestation Identity Keysp. 162
7.3.5 Platform Configuration Registersp. 163
7.3.6 Programme Codep. 163
7.3.7 Execution Enginep. 163
7.3.8 Random Number Generatorp. 164
7.3.9 SHA-1 Enginep. 164
7.3.10 RSA Key Generationp. 164
7.3.11 RSA Enginep. 165
7.3.12 Opt-Inp. 165
7.3.13 Other Featuresp. 167
7.4 TPM Servicesp. 167
7.4.1 Roots of Trustp. 167
7.4.2 Boot Processp. 168
7.4.3 Secure Storagep. 168
7.4.4 Attestationp. 169
7.5 In Conclusionp. 171
Referencesp. 171
8 Common Criteriap. 173
8.1 Introductionp. 173
8.2 Evolution of National and International Standardsp. 174
8.2.1 International Recognitionp. 175
8.2.2 The need for security benchmarksp. 176
8.3 Evaluation Practicalitiesp. 177
8.3.1 Types of evaluationp. 178
8.3.2 Evaluation Assurance Levelsp. 179
8.3.3 Augmentation of Assurance Levelsp. 179
8.4 Evaluation Rolesp. 180
8.4.1 Performing Evaluationsp. 181
8.5 Developing Protection Profiles and Security Targetsp. 182
8.5.1 Establish the security environmentp. 182
8.5.2 Establish Security Objectivesp. 183
8.5.3 Establish Security Requirementsp. 183
8.5.4 Establish TOE Summary Specificationp. 184
8.5.5 Establish Rationalep. 184
8.5.6 Claiming Compliance with Protection Profilesp. 185
8.6 An Examplep. 185
8.6.1 Establish the Security Environmentp. 186
8.6.2 Establish security objectivesp. 186
8.6.3 Establish Security Requirementsp. 187
8.6.4 Establish TOE summary specificationp. 188
8.6.5 Establish Rationalep. 189
8.7 Deliverablesp. 189
8.8 Evaluation Compositionp. 190
8.9 In Conclusionp. 192
Referencesp. 193
9 Smart Card Securityp. 195
9.1 Introductionp. 195
9.2 Cryptographic Algorithmsp. 197
9.2.1 Data Encryption Standardp. 197
9.2.2 RSAp. 199
9.3 Smart Card Security Featuresp. 202
9.3.1 Communicationp. 202
9.3.2 Cryptographic Coprocessorsp. 203
9.3.3 Random Number Generatorsp. 204
9.3.4 Anomaly Sensorsp. 205
9.3.5 Chip Featuresp. 205
9.4 Side Channel Analysisp. 207
9.4.1 Timing Analysisp. 207
9.4.2 Power Analysisp. 208
9.4.3 Electromagnetic Analysisp. 213
9.4.4 Countermeasuresp. 214
9.5 Fault Analysisp. 216
9.5.1 Fault Injection Mechanismsp. 217
9.5.2 Modelling the Effect of a Faultp. 218
9.5.3 Faults in Cryptographic Algorithmsp. 218
9.5.4 Countermeasuresp. 221
9.6 Embedded Software Designp. 222
9.6.1 PIN Verificationp. 222
9.6.2 File Accessp. 224
9.7 In Conclusionp. 225
Referencesp. 225
10 Application Development Environments for Java and SIM Toolkitp. 229
10.1 Introductionp. 229
10.2 Smart Cards Characteristicsp. 230
10.2.1 Limitationsp. 231
10.3 SIM Cardsp. 232
10.4 Java Cardp. 233
10.4.1 The Java Card Frameworkp. 235
10.5 Java SIMp. 238
10.5.1 sim.toolkitp. 239
10.5.2 sim.accessp. 242
10.6 Application Development Toolsp. 243
10.6.1 Compilers & Integrated Development Environmentsp. 243
10.6.2 Simulatorsp. 244
10.6.3 Protocol Analysis (Spy) Toolsp. 245
10.6.4 Utilitiesp. 246
10.7 Mobile Phone Applications and the (U)SIMp. 247
10.7.1 SATSAp. 248
10.7.2 A Word on Testingp. 250
10.7.3 SIM Dongle Examplep. 251
10.8 Looking To The Futurep. 253
10.9 Concluding Remarksp. 253
Referencesp. 254
11 OTA and Secure SIM Lifecycle Managementp. 257
11.1 Introductionp. 258
11.2 The SIM Card As A Managed Platformp. 258
11.2.1 Common Stored and Managed Datap. 259
11.2.2 SIM Application Toolkit Interface SATp. 260
11.2.3 Main Differences Between a SIM and a UICC/USIM Cardp. 264
11.3 OTA - Over-The-Air Managementp. 265
11.3.1 OTA Server Capabilitiesp. 267
11.4 Limitations and Improvementsp. 268
11.4.1 Customer Managed Applicationsp. 270
11.5 SIM Lifecycle Managementp. 271
11.6 In Conclusionp. 274
Referencesp. 275
12 Smart Card Reader APISp. 277
12.1 Terminology: Smart Card Reader, IFD, CAD and Terminalp. 277
12.2 OCF: OpenCard Frameworkp. 279
12.2.1 Overviewp. 279
12.2.2 Examplep. 281
12.3 PC/SCp. 282
12.3.1 Overviewp. 282
12.3.2 Architecturep. 282
12.3.3 Various Implementationsp. 285
12.3.4 Wrappersp. 288
12.3.5 Examplesp. 289
12.4 STIPp. 291
12.5 In Conclusionp. 291
Referencesp. 292
13 RFID and Contactless Technologyp. 295
13.1 Introductionp. 295
13.2 Contactless Technologyp. 296
13.2.1 Applicationsp. 299
13.3 Radio Frequency Interfacep. 301
13.3.1 Communication Theoryp. 302
13.3.2 Inductive Couplingp. 305
13.4 Standardsp. 311
13.4.1 ISO 14443p. 311
13.4.2 ISO 15693p. 317
13.4.3 ISO 18000p. 319
13.4.4 ISO 18092/NFCp. 320
13.5 Conclusionp. 321
Referencesp. 321
14 ID CARDS AND PASSPORTSp. 323
14.1 Introductionp. 323
14.2 ID Cardsp. 324
14.2.1 Requirements and Constituents of Modern National ID Cardsp. 324
14.2.2 International Standards for ID Cardsp. 331
14.2.3 Optical Personalisation of ID Cardsp. 333
14.2.4 Countries and Their ID Cardsp. 337
14.3 E-Passportsp. 339
14.3.1 Introductionp. 339
14.3.2 Constituents of Passportsp. 341
14.3.3 EU and ICAO Requirementsp. 343
14.3.4 Security Protocolsp. 344
14.4 Conclusionp. 345
Referencesp. 345
15 Smart Card Technology Trendsp. 347
15.1 Trends In Smart Card Technology - Today And The Futurep. 347
15.1.1 Historyp. 348
15.1.2 Technology Choicesp. 351
15.1.3 Technology Driversp. 355
15.1.4 Technology Trendsp. 364
15.1.5 Emerging Applicationsp. 370
15.2 Conclusionsp. 376
Referencesp. 377
A Source Code for Chapter 12p. 381
A.1 C Languagep. 381
A.2 Perl Languagep. 385
Indexp. 387