Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic.

Slides:



Advertisements
Similar presentations
M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:
Advertisements

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Smart Card The Future Is Here… By Salman Awan. Introduction Smart cards represent a new technology that has tremendous potential for enhancing the security.
Smart Cards MD823 October 6, The Smart Card Value Proposition Secure storage for sensitive data and monetary value Decreases fraud rates compared.
Electronic Money (Micromoney) Luis Enrique Heredia Figueroa.
Trusted computing: implementing virtual identity Dave Birch. Director, Consult Hyperion. Introduction  Trusted computing  TCPA & Palladium.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.
Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Warm-up: April 11 What’s the difference between a checking and savings account?
Debit Card Plastic card that looks like a credit card
LECTURE 7 REF: CHAPTER 11 ELECTRONIC COMMERCE PAYMENT SYSTEMS PREPARED BY : L. Nouf Almujally Copyright © 2010 Pearson Education, Inc. 1.
University of Palestine Faculty of Business Administration Computer Business Application Automated Teller Machine Yosef Lubbad
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Chapter 12 Electronic Payment Systems. Electronic CommercePrentice Hall © The Payment Revolution A number of factors impact whether a particular.
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
Credit card and Debit card Working and Management.
Digital Payment Systems
Financial Transactions on Internet Financial transactions require the cooperation of more than two parties. Transaction must be very low cost so that small.
NCR 5992: Electronic Payment Terminal with Signature Capture Brian Barry Product Manager.
Payment Systems for Electronic Commerce
17-2 Financial Services and Electronic Banking. Types of financial services Savings services Financial institutions accept money for safekeeping. A broad.
Supporting Technologies III: Security 11/16 Lecture Notes.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
DEBIT CARD, CREDIT CARD & SMART CARD
Electronic Payment Systems
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
MIS 3090 IT for Financial Services Digital Cash September 4, 2015.
Session 6: Electronic Payment Systems Online banking
Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.
Mr.PRABHAT KUMAR MOHAPATRA
2.7.1.G1 © Family Economics & Financial Education – December 2005 – Get Ready To Take Charge of Your Finances – Electronic Banking Bonanza Funded by a.
EFTPOS and credit card payments The Bizgate system integrates fully with Inge NICO's PC EFTPOS Software which allows a fully functioning EFTPOS Pinpad.
E-Commerce Payment System
DO NOW:  Take packet:  Review the bank statement on page 3 of the packet.  In your notebook: What items does a bank statement include?
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
Innovations in Modern Banking
1.Understand the shifts that are occurring with regard to online payments. 2.Discuss the players and processes involved in using credit cards online.
Smart Card Technology & Features
© 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Electronic Payment Systems.
Wasim-1 Smart Cards and E-BUSINESS 4 What is a Smart card? 4 A smart card is the size of a conventional credit card, with an electronic microchip embedded.
April 20023CSG11 Electronic Commerce Smartcards John Wordsworth Department of Computer Science The University of Reading Room.
Chapter 4 E-commerce Security and Payment.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.
Computers in Banking and Retail CEL : C O M P U T E R S I N E V E R Y D A Y L I F E CEL 2 Part 3: Cashless Society [Sec 2-4] Name: _____________________.
SMART CARDS Presented By Jishnu Sasikumar Reg No : 09 PG 142.
1.7.2.G1 © Family Economics & Financial Education – Revised May 2005 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take Charge.
Electronic Commerce I. Secured Electronic Payment Systems.
What is a Smart Card Reader & Terminal. What is a smart card reader? Smart card reader, also known as smart card terminal, such as point of sale terminal,
How to Write Checks and Balance Accounts. Checking Account An account at a bank against which checks can be drawn by the account depositor Check – A document.
Electronic Banking & Security Electronic Banking & Security.
Confidential and Proprietary - NOT TO BE DISTRIBUTED WITHOUT THE EXPRESS WRITTEN PERMISSION OF BANK OF AMERICA MERCHANT SERVICES. ASTRA EMV Review/Best.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
Presented by David Cole Background to Chip. PAYMENT SYSTEMS HISTORY A POTTED HISTORY DINERS LAUNCH 1950 AMEX LAUNCH 1958 BANK AMERICARD 1959 MASTERCHARGE.
Introduction What would our society be like now if we did not have ATm’s? Not able to access money when we urgently want it. You will have to go to the.
A smart card is a credit card sized plastic card embedded with an integrated circuit chip that makes it "smart". This made between a convenient plastic.
Smart Money Concept.
Electronic Commerce Smartcards
AGENDA Introduction Kind of information smart card contain
Electronic Payment Systems
Secure Electronic Transaction
Smart Card Technology Why is a Smart Card So Smart?
Chapter 4 E-commerce Security and Payment.
Presentation transcript:

Smart Cards By Simon Siu and Russell Doyle

Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic purse cards (FSU ID card) – Security cards Processor cards require a reader

History of Smart cards Patented in 1970s (several different designs) 1983: first mass use in France for pay phone 1992: second mass use again in France for debit cards 1993: Visa, MasterCard, Europay agreed on a standard (EMV) Contactless technology is the new trend

Hardware: Chip is accessed electronically via gold plate

Smart card vs. Magnetic strip card Smart card is more secure – Data encryption ability – Difficult to access data without terminal Smart card is more expensive Smart card is less durable

Usage Banking – ATM Payment – Like credit card Access control – Certificate holder (able to do triple DES) Id Information storage

Prime examples Medical application: Germany issues smart cards to all citizens India driver’s licenses (becoming popular in other countries) China transit (GuongZhou) England tracking device in airports

Programming the Card OpenCard – Java interface, Java Electronic Commerce Framework (JECF) PC/SC – Window’s based interface

Modeling Security Threats Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards by Schneier and Shostack

Smart Card ’ s handicap Functionality is split in unusual ways compare to a computer Unable to interact with the world without outside peripherals Multiple parties

Cardholder Holding the card May or may not control the info in card Does not control the protocols, software, or hardware in the card system

Data Owner May or may not control data in the card Digital certificates Amount of money in account

Terminal Control all I/O to and from the card Phone ATM Set-top box

Card Issuer Control operating system running on the card Initial data Card manufacturer Software manufacturer

Examples of Trust Splits in Smart card systems Digital Stored Value Card – Cash card – Mondex – VisaCash Digital Check Card – Similar to cash card – Card owner is also the data owner Prepaid Phone Card – Value card Account-based Phone Card – Account number

Continues Access Token – Key to login or authenticatio protocol Web Browsing Card – Cash card – Cardholder and terminal owner are the same

Continues Digital Credential Device – Digital certificates or ther credentials – Cardholder and data owner are the same – Kerberos – DSSA/SPX Key Storage Card – Key Multi-Function Card

Threats Attack is an attempte by one or more parties involved in a smart card transaction to cheat Interfere with one or more parties Inside vs Outside Attacks – One of the parties – Outsider stealing a card

Motives for Attack Financial theft Impersonation attack: gain access Privacy attack Publicity attack

Classes of Attack Attack by the Terminal against the cardholder or data owner – Fake ATM machines – Assume we trust the terminal – Preventions Limit the time to modify Limit the amount of $ reduced at a given time Real prevention is monitering by back-end system

Continues Attack by the cardholder against the terminal – Fake cards with rogue software – Preventions Good protocol design Hard-to-forge physical aspects –Hologram on Visa

Continues Attack by the cardholder against the data owner – Pay-TV access cards – Reverse-engineering – Defeat tamper-resistance – Fault analysis Attack by the cardholder against the issuer – Randomly access an acount with account-based phone cards – If there is a key, capture the key and use it

Continues Attack by the cardholder against the software manufacturer – One application on a smard card to subvert another running on the same card.

Conclusion on Security Resistance – Make specific attacks harder: stronger cryptographic protocols, increase tamper-resistance – Few splits to eliminate certain attacks altogeter Example cardholder is also the data owner which means no cardholder attacking data owner – Adding screen and data entry to the card Increase the cost – More Transparency Open publication leads to review and analysis Cleanly separating roles –Example Mondex system with various terminals –User can check his/her account in any one of them

Evolution of Smart cards or lack there of Why is it not popular in America yet? – Social environment Split government systems Class differences Market forces – Cost vs. Benefit

Future of smart cards Security of smart card is similar with the security of PC New technology help to further secure smart system – Digital display on the card Contact vs. Contactless

References threats.pdf threats.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.