Title:
Smart cards, tokens, security and applications
Publication Information:
New York, NY : Springer-Verlag, 2008
Physical Description:
xxxvii, 392 p. : ill. ; 24 cm.
ISBN:
9780387721972
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010184071 | TK7895.S62 S62 2008 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Providing a broad overview of the many card systems and solutions in practical use today, this state-of-the art work is written by contributing authors who are active researchers and acknowledged experts in their field. A single book cannot be found to match both the breadth and depth of content. The book combines a cross-discipline overview of smart cards, tokens and related security and applications plus a technical reference to support further research and study. A step-by-step approach educates the reader and by the end of the book the reader should be able to play an educated role in a smart card related project.
Table of Contents
1 An Introduction to Smart Cards | p. 1 |
1.1 Introduction | p. 1 |
1.2 What is a Smart Card? | p. 2 |
1.2.1 Magnetic Stripe Cards | p. 2 |
1.2.2 Chip Cards | p. 5 |
1.2.3 Microprocessor Chip Cards | p. 6 |
1.2.4 Contact-less Smart Cards and RFIDs | p. 6 |
1.2.5 Smart Tokens | p. 7 |
1.3 Smart Card Chips | p. 8 |
1.4 Tamper Resistance | p. 11 |
1.5 Smart Card Characteristics | p. 12 |
1.6 Issuer Control | p. 13 |
1.7 Current Applications for Smart Cards | p. 14 |
1.7.1 Mobile Telephony | p. 15 |
1.7.2 Banking | p. 17 |
1.7.3 Transport | p. 17 |
1.7.4 Identity and Passports | p. 18 |
1.7.5 Entitlement and Health | p. 18 |
1.7.6 Physical and IT Access Control | p. 19 |
1.7.7 Satellite TV | p. 20 |
1.8 Smart Card Application Development | p. 20 |
1.9 Development, Roll-Out and Lifecycle Management Issues | p. 22 |
1.10 In Conclusion | p. 23 |
References | p. 24 |
2 Smart Card Production Environment | p. 27 |
2.1 Introduction | p. 27 |
2.2 Smart Card Production Steps | p. 29 |
2.2.1 Overview | p. 29 |
2.2.2 Card Body Manufacturing | p. 29 |
2.2.3 Personalization and related Services | p. 35 |
2.2.4 Security and Quality | p. 44 |
2.2.5 Current Trends | p. 46 |
2.3 In Conclusion | p. 48 |
References | p. 50 |
3 Multi Application Smart Card Platforms and Operating Systems | p. 51 |
3.1 Introduction | p. 51 |
3.1.1 Smart card Platform Evolution | p. 52 |
3.2 Java Card | p. 55 |
3.2.1 Java Card Forum | p. 55 |
3.2.2 Java Card Technology | p. 56 |
3.3 GlobalPlatform | p. 64 |
3.3.1 The GlobalPlatform Association | p. 64 |
3.3.2 The GlobalPlatform Card Specification | p. 65 |
3.4 Multos | p. 72 |
3.4.1 The MULTOS Consortium | p. 72 |
3.4.2 MULTOS Specification | p. 73 |
3.4.3 The Multos Card Architecture | p. 73 |
3.4.4 Multos Executable Language (MEL) | p. 73 |
3.4.5 The Application Abstract Machine | p. 75 |
3.4.6 Application Loading and Deletion | p. 75 |
3.4.7 Communicating with a Multos Smart Card | p. 76 |
3.4.8 Multos Files | p. 76 |
3.4.9 Multos Security Features | p. 76 |
3.5 Smartcard.NET Card | p. 77 |
3.6 BasicCard | p. 78 |
3.7 WfSC | p. 78 |
3.8 Conclusions | p. 79 |
References | p. 80 |
4 Smart Cards for Mobile Communications | p. 85 |
4.1 Introduction | p. 85 |
4.2 SIM/USIM Standards | p. 87 |
4.3 Subscriber Identity and Authentication | p. 89 |
4.3.1 So how does SIM Authentication Work? | p. 91 |
4.3.2 3G/USIM Authentication/Ciphering | p. 92 |
4.3.3 SIM/USIM Authentication Algorithms | p. 96 |
4.4 General Added Features | p. 97 |
4.4.1 Phone Book | p. 97 |
4.4.2 Roaming list | p. 98 |
4.4.3 SMS Settings and Storage | p. 98 |
4.4.4 Last Dialled numbers | p. 99 |
4.4.5 Access Control Class | p. 99 |
4.4.6 GPRS Authentication and encryption files | p. 99 |
4.5 File Types | p. 99 |
4.6 SIMs and USIMs Some Practical Comparisons | p. 100 |
4.7 (U)SIM Value Added Services | p. 103 |
4.8 The (U)SIM as a Handset Security Module | p. 107 |
4.9 The Future Evolution of the (U)SIM | p. 108 |
4.10 Conclusions | p. 111 |
References | p. 112 |
5 Smart cards for Banking and Finance | p. 115 |
5.1 Introduction | p. 115 |
5.2 Payment Card Technologies | p. 116 |
5.2.1 Magnetic Stripe Cards | p. 118 |
5.3 Smart Cards and EMV | p. 120 |
5.3.1 Card Authentication | p. 121 |
5.4 Cardholder Not Present Transactions | p. 125 |
5.4.1 Purchase from a Genuine Merchant Using Someone Else's Payment Details | p. 126 |
5.4.2 Genuine Purchaser Buying from a Rogue Merchant | p. 126 |
5.4.3 Third Party Attacker | p. 127 |
5.5 Dynamic Passcode Authentication | p. 128 |
5.6 Could a Mobile Phone be a Token Reader? | p. 131 |
5.7 Token Authentication Examples | p. 132 |
5.8 E-Commerce Solutions | p. 133 |
5.8.1 3D-Secure | p. 133 |
5.8.2 Thoughts on 3D Secure | p. 136 |
5.9 Just Wave Your Card to Pay | p. 136 |
5.10 Concluding Remarks | p. 137 |
References | p. 137 |
6 Security For Video Broadcasting | p. 139 |
6.1 Introduction | p. 139 |
6.2 Digital Video Basics | p. 141 |
6.3 Scrambling | p. 142 |
6.4 Synchronisation | p. 143 |
6.5 Key Delivery | p. 144 |
6.6 Access Requirements | p. 145 |
6.7 Key Hierarchy | p. 146 |
6.8 Implementation | p. 147 |
6.9 In Conclusion | p. 152 |
References | p. 153 |
7 Introduction to the TPM | p. 155 |
7.1 Introduction | p. 155 |
7.2 Trusted Platforms | p. 156 |
7.2.1 Fundamental Features of a Trusted Platform | p. 157 |
7.2.2 Additional Features | p. 159 |
7.3 TPM Features | p. 160 |
7.3.1 TPM Components | p. 160 |
7.3.2 I/O Block | p. 160 |
7.3.3 Non-Volatile Storage | p. 161 |
7.3.4 Attestation Identity Keys | p. 162 |
7.3.5 Platform Configuration Registers | p. 163 |
7.3.6 Programme Code | p. 163 |
7.3.7 Execution Engine | p. 163 |
7.3.8 Random Number Generator | p. 164 |
7.3.9 SHA-1 Engine | p. 164 |
7.3.10 RSA Key Generation | p. 164 |
7.3.11 RSA Engine | p. 165 |
7.3.12 Opt-In | p. 165 |
7.3.13 Other Features | p. 167 |
7.4 TPM Services | p. 167 |
7.4.1 Roots of Trust | p. 167 |
7.4.2 Boot Process | p. 168 |
7.4.3 Secure Storage | p. 168 |
7.4.4 Attestation | p. 169 |
7.5 In Conclusion | p. 171 |
References | p. 171 |
8 Common Criteria | p. 173 |
8.1 Introduction | p. 173 |
8.2 Evolution of National and International Standards | p. 174 |
8.2.1 International Recognition | p. 175 |
8.2.2 The need for security benchmarks | p. 176 |
8.3 Evaluation Practicalities | p. 177 |
8.3.1 Types of evaluation | p. 178 |
8.3.2 Evaluation Assurance Levels | p. 179 |
8.3.3 Augmentation of Assurance Levels | p. 179 |
8.4 Evaluation Roles | p. 180 |
8.4.1 Performing Evaluations | p. 181 |
8.5 Developing Protection Profiles and Security Targets | p. 182 |
8.5.1 Establish the security environment | p. 182 |
8.5.2 Establish Security Objectives | p. 183 |
8.5.3 Establish Security Requirements | p. 183 |
8.5.4 Establish TOE Summary Specification | p. 184 |
8.5.5 Establish Rationale | p. 184 |
8.5.6 Claiming Compliance with Protection Profiles | p. 185 |
8.6 An Example | p. 185 |
8.6.1 Establish the Security Environment | p. 186 |
8.6.2 Establish security objectives | p. 186 |
8.6.3 Establish Security Requirements | p. 187 |
8.6.4 Establish TOE summary specification | p. 188 |
8.6.5 Establish Rationale | p. 189 |
8.7 Deliverables | p. 189 |
8.8 Evaluation Composition | p. 190 |
8.9 In Conclusion | p. 192 |
References | p. 193 |
9 Smart Card Security | p. 195 |
9.1 Introduction | p. 195 |
9.2 Cryptographic Algorithms | p. 197 |
9.2.1 Data Encryption Standard | p. 197 |
9.2.2 RSA | p. 199 |
9.3 Smart Card Security Features | p. 202 |
9.3.1 Communication | p. 202 |
9.3.2 Cryptographic Coprocessors | p. 203 |
9.3.3 Random Number Generators | p. 204 |
9.3.4 Anomaly Sensors | p. 205 |
9.3.5 Chip Features | p. 205 |
9.4 Side Channel Analysis | p. 207 |
9.4.1 Timing Analysis | p. 207 |
9.4.2 Power Analysis | p. 208 |
9.4.3 Electromagnetic Analysis | p. 213 |
9.4.4 Countermeasures | p. 214 |
9.5 Fault Analysis | p. 216 |
9.5.1 Fault Injection Mechanisms | p. 217 |
9.5.2 Modelling the Effect of a Fault | p. 218 |
9.5.3 Faults in Cryptographic Algorithms | p. 218 |
9.5.4 Countermeasures | p. 221 |
9.6 Embedded Software Design | p. 222 |
9.6.1 PIN Verification | p. 222 |
9.6.2 File Access | p. 224 |
9.7 In Conclusion | p. 225 |
References | p. 225 |
10 Application Development Environments for Java and SIM Toolkit | p. 229 |
10.1 Introduction | p. 229 |
10.2 Smart Cards Characteristics | p. 230 |
10.2.1 Limitations | p. 231 |
10.3 SIM Cards | p. 232 |
10.4 Java Card | p. 233 |
10.4.1 The Java Card Framework | p. 235 |
10.5 Java SIM | p. 238 |
10.5.1 sim.toolkit | p. 239 |
10.5.2 sim.access | p. 242 |
10.6 Application Development Tools | p. 243 |
10.6.1 Compilers & Integrated Development Environments | p. 243 |
10.6.2 Simulators | p. 244 |
10.6.3 Protocol Analysis (Spy) Tools | p. 245 |
10.6.4 Utilities | p. 246 |
10.7 Mobile Phone Applications and the (U)SIM | p. 247 |
10.7.1 SATSA | p. 248 |
10.7.2 A Word on Testing | p. 250 |
10.7.3 SIM Dongle Example | p. 251 |
10.8 Looking To The Future | p. 253 |
10.9 Concluding Remarks | p. 253 |
References | p. 254 |
11 OTA and Secure SIM Lifecycle Management | p. 257 |
11.1 Introduction | p. 258 |
11.2 The SIM Card As A Managed Platform | p. 258 |
11.2.1 Common Stored and Managed Data | p. 259 |
11.2.2 SIM Application Toolkit Interface SAT | p. 260 |
11.2.3 Main Differences Between a SIM and a UICC/USIM Card | p. 264 |
11.3 OTA - Over-The-Air Management | p. 265 |
11.3.1 OTA Server Capabilities | p. 267 |
11.4 Limitations and Improvements | p. 268 |
11.4.1 Customer Managed Applications | p. 270 |
11.5 SIM Lifecycle Management | p. 271 |
11.6 In Conclusion | p. 274 |
References | p. 275 |
12 Smart Card Reader APIS | p. 277 |
12.1 Terminology: Smart Card Reader, IFD, CAD and Terminal | p. 277 |
12.2 OCF: OpenCard Framework | p. 279 |
12.2.1 Overview | p. 279 |
12.2.2 Example | p. 281 |
12.3 PC/SC | p. 282 |
12.3.1 Overview | p. 282 |
12.3.2 Architecture | p. 282 |
12.3.3 Various Implementations | p. 285 |
12.3.4 Wrappers | p. 288 |
12.3.5 Examples | p. 289 |
12.4 STIP | p. 291 |
12.5 In Conclusion | p. 291 |
References | p. 292 |
13 RFID and Contactless Technology | p. 295 |
13.1 Introduction | p. 295 |
13.2 Contactless Technology | p. 296 |
13.2.1 Applications | p. 299 |
13.3 Radio Frequency Interface | p. 301 |
13.3.1 Communication Theory | p. 302 |
13.3.2 Inductive Coupling | p. 305 |
13.4 Standards | p. 311 |
13.4.1 ISO 14443 | p. 311 |
13.4.2 ISO 15693 | p. 317 |
13.4.3 ISO 18000 | p. 319 |
13.4.4 ISO 18092/NFC | p. 320 |
13.5 Conclusion | p. 321 |
References | p. 321 |
14 ID CARDS AND PASSPORTS | p. 323 |
14.1 Introduction | p. 323 |
14.2 ID Cards | p. 324 |
14.2.1 Requirements and Constituents of Modern National ID Cards | p. 324 |
14.2.2 International Standards for ID Cards | p. 331 |
14.2.3 Optical Personalisation of ID Cards | p. 333 |
14.2.4 Countries and Their ID Cards | p. 337 |
14.3 E-Passports | p. 339 |
14.3.1 Introduction | p. 339 |
14.3.2 Constituents of Passports | p. 341 |
14.3.3 EU and ICAO Requirements | p. 343 |
14.3.4 Security Protocols | p. 344 |
14.4 Conclusion | p. 345 |
References | p. 345 |
15 Smart Card Technology Trends | p. 347 |
15.1 Trends In Smart Card Technology - Today And The Future | p. 347 |
15.1.1 History | p. 348 |
15.1.2 Technology Choices | p. 351 |
15.1.3 Technology Drivers | p. 355 |
15.1.4 Technology Trends | p. 364 |
15.1.5 Emerging Applications | p. 370 |
15.2 Conclusions | p. 376 |
References | p. 377 |
A Source Code for Chapter 12 | p. 381 |
A.1 C Language | p. 381 |
A.2 Perl Language | p. 385 |
Index | p. 387 |