The usage of an internet and online applications have extremely improved currently and become an essential part of our daily life. For different applications like internet banking, personal information passing and online financial transactions top notch security are the prerequisite. But, in the current past cyber-attacks have become very mutual and are posing vast tasks to both the users and service workers similarly.The modus operandi of the main cyber robbery racket is takeover user credentials, especially username and key to break the security of user-based verification systems. To overcome this problem, security system with the smart card authentication is secure and consistent authentication system that safeguards user authorizations and eliminates the problems like memorizing multitude of user names and passwords.
Smart Card Authentication System
There are different methods for authentication systems, namely card or badge system; biometric data based systems such as fingerprint, iris pattern systems; username & password based systems. Though, these methods are simply disposed to to sophisticated attacks. Smart card technology offers strong verification based systems for both logical and physical access authentication by improving the safety as well as the secrecy of the information.
What is a Smart Card?
The smart card is an old technology, invented and developed by “Roland Moreno” in the year 1974. Smart cards have been used in Europe for several years in many applications like banking, healthcare, and telephone services. A lot of people in the U.S. have no awareness what these cards are and how they can be used. Even expert security professionals who have got of smart cards, several have slight or no knowledge with their use.
A smart-access card is a small pocket-sized card built with embedded ICs ( integrated circuits), used to provide authentication, data storage, identification, and capabilities of application processing. The smart card can be defined as, it is a credit card sized device with changing capabilities like contact cards, proximity, stored value and ICC (integrated circuit cards). All of these cards change in functionality from each other and from the more familiar magnetic stripe cards used by usual debit, credit, and ATM cards. These cards can store numerous 100 times more data than the conventional magnetic stripe card. The dimensions of the smart card are defined by ISO 7816.
Why use Smart Cards?
- A smart card can store 700 times more than a magnetic stripe card.
- The data which are stored on the card can be updated.
- Magnetic stripe cards are vulnerable to several types of cards.
- It enhances security by communicating with card readers using PKI algorithms
- A smart card can be used in multiple applications like ID, cash, building access, etc.
- These cards give a threefold approach to authentic ID: pin, smart card and biometrics
Smart Card Architecture Elements
The smart card architecture elements include the following.
Central Processing Unit
- Traditionally, there is a 8 bit controller, but nowadays 16 bit and 32 bit chips are also used.
- Smart Card CPUs execute machine instructions at a speed of approximately 1 MIPS. A coprocessor is often included to improve the speed of encryption computations.
- RAM. 1K. This is needed for fast computation and response. Only a tiny amount is available.
- EEPROM (Electrically Erasable PROM). Between 1 to 24K. Unlike RAM, its contents are not lost when power is. Applications can run off and write to it, but it is very slow and one can only read/write to it so many (100 000) times. ROM. Between 8 to 24K. The Operating System and other basic software like encryption algorithms are stored here.
This is via a single I/O port that is controlled by the processor to ensure that communications are standardized, in the form of APDUs (A Protocol Data Unit).
Interface Devices (IFDs)
- Smart Cards need power and a clock signal to run programs, but carry neither. Instead, these are supplied by the Interface Device – usually a Smart Card Reader – in contact with the card.
- In addition to providing the power and clock signals, the reader is responsible for opening a communication channel between application software on the computer and the operating system on the card
- The wireless communication channel to a Smart Card is half-duplex.
- The receiver is required to sample the signal on the serial line at the same rate as the transmitter sends it in order for the correct data to be received. This rate is known as the bit rate or baud rate.
- Data received by and transmitted from a Smart Card is stored in a buffer in the Smart Card’s RAM. As there isn’t very much RAM, relatively small packets (10 – 100 bytes) of data are moved in each message.
Smart Card Elements
The elements of the smart card include the following.
- Magnetic strip
- Embossing (card number, name and validity)
Smart Card Pinout
The electrical signal description of the smart card is
- VCC: Power supply unit
- RST: Reset signal supplied from the interface device
- CLK: Clocking signal
- GND: Ground
- VPP: Programming voltage input
- I/O: Input or output for serial data to the IC inside the card.
- AUX1 (C4): Auxillary contact USB devices: D+
- AUX2 (C8): Auxillary contact USB devices: D-
The typical configurations of the smart card include the following
- 256 bytes to 4KB AM
- 8KB to 32KB ROM
- 1KB to 32KB EEPROM
- 8-bit to 16-bit CPU.
How Does a Smart Card Work?
- All smart cards have essentially the same physical interface to the outside world, the smart card reader. To use a smart card, an end user simply inserts it into a read / write device where it remains for the duration of a session or transaction.
- The user provides a PIN or password as they would at an ATM machine providing the added protection of two-factor authentication.
- While still in the reader, the card interacts with security software on the local machine and the network as needed. It confines certain operations, such as those involving a user’s private key, to the card itself. That means the private key and any digital certificates never leave the card. All computations involving them happen internally and securely so only the cardholder can access the private key.
- When a session or workday is over, the user removes the card and keeps it in a safe place. Without the card, unauthorized individuals can’t hack into protected resources.
How is Authentication Done
- Insert the smart card into a reader. The smart card contains the cryptographic keys and biometric fingerprint data.
- Enter PIN (or password), in order to unlock the digital representation of the fingerprint. In the trade, this is known as the minutia data.
- Place the finger on the scanner. The scanned fingerprint is compared to the fingerprint data on the smart card.
- If the data matches, the smart-card fingerprint data is converted into a number and combined with the smart-card secret PIN (retrieved in Step 2) and used as a symmetric cryptographic key to decrypt the private key.
- A nonce (random number) is passed from the computer application to the smart card.
- The private key on the smart card is used to encrypt the nonce and pass it back to the application.
- The application verifies that a certified public key obtained from the network-based directory service or from the card does, in fact, decrypt the encrypted message from the card and reveal the same nonce that was originally passed to the card.
A Smart Card Transaction
The steps in a typical smart card transaction are set out below:
- Authentication of the card
- Authentication of the reader
- Selecting an application
- Identifying security requirements
- Authenticating the card-holder
- The transaction
- Transaction record
- Hard copy
Smart Card Applications
The applications of a smart card system include the following
- Financial services
- Affinity programs
- Government Programs
- Communication applications
- Information Security
- Secure network access
- Secure network access
- Information Technology
- Commercial Applications
- Physical Access
- Retail and Loyalty
- Health Card
- University Identification
From the above information, finally we can conclude that smart card uses an IC rather than a magnetic strip to store the information. These cards can be rep programmed to calculate the cryptographic keys. This card stores the data like private key, account numbers, biometric data. The smart card has a weakness, but it is safe enough for current needs. Furthermore, any information regarding this or to implement communication based projects, please give your valuable feedback by commenting in the comment section below. Here is a question for you, what is the function of a smart card?