A Seminar Report on

SMART CARDS
Submitted in partial fulfillment of award of

BACHELOR OF TECHNOLOGY

DEGREE
By
Aniket Sharma
CSE 2022
2818094

Department of Computer Science & Engineering

Panipat Institute of Engineering & Technology,

(Affiliated to Kurukshetra University Kurukshetra, India)
Samalkha, Panipat
(Session 2018-2019)
CERTIFICATE
This is to certify that the seminar report (SIM-201) entitled “SMART CARDS”submitted by
ANIKET SHARMA, 2818094. The matter embodied in this seminar report has not been
submitted earlier for the award of any degree or diploma to the best of my knowledge and
belief.

Ms. SANGEETA YADAV

Asst. Professor, CSE Dept.

Rajender Kumar, Gaurav Gambhir

Seminar Incharge, CSE Dept.

Dr. S.C. Gupta

HOD, CSE Department
INDEX
Certificate
Acknowledgement

History

Contents Page No.

1. Introduction 6-11

1.1 What is smart card? 6

1.1.1 Memory vs. Microprocessor
1.1.2 Contact vs. Contactless
1.2 Why Smart Card? 7
1.3 Classification of cards 8
1.4 OS based classification 8
1.5 Physical & Electrical Properties of Smart Card 9
1.5.1 Physical Dimension
1.5.2 Electrical properties

2. Smart Card CPU Architecture 12-17

2.1 Cryptographic capabilities 13
2.2 Data Transmission 13
2.3 Instruction Sets 13
2.4 Data Storage 14
2.5 Smart Card Readers Ports 15
2.6 Overview Current Smart Card Interfaces 16

3. Security Mechanisms 18-20

3.1 Password Verification 18
3.2 Cryptographic Verification 18
3.3 Biometric Technique 18
3.4 Working of Smart Card 19
3.5 Smart cards for Data Security 19
3.5.1 Host based system security 19
3.5.2 Card based system security 20
3.6 The Smart Card Security Advantage 20

4. The Future: Internet Smart Card 21

 4.1 What IP connectivity means 21?
4.2 Security challenges with IP connectivity 21

5. Features of Smart Card 22-25

5.1 Advantages 22
5.2 Disadvantages 22
5.3 Special Features 23
5.4 Applications 23
5.6 Smart Card Examples 24

Conclusion
Bibliography

Figure Index
Figure 1: Examples of smart card 6
Figure 2: Smart card physical dimension 9
Figure 3: Inside a smart card 10
Figure 4: Connection diagram of smart card 10
Figure 5: architecture of smart card 12

Table Index
Table 1: Functional description 11
Table 2: sample Instruction Types 14
Table 3: Parts of various readers 15
Table 4: Some special features 23
History

The smart card is one of the latest additions to the world of information technology. Similar in
size to today’s plastic payment card, the smart card has a microprocessor or memory chip
embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. As an access-control device, smart cards make personal and business
data available only to the appropriate users. Another application provides users with the ability
to make a purchase or exchange value. Smart cards provide data portability, security and
convenience.

In 1968, German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent
for using plastic as a carrier for microchips.
In 1970, Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card
concept
In 1974, Roland Moreno of France files the original patent for the IC card, later dubbed the
“smart card.”
In 1977, three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began
developing the IC card product.
In1979, Motorola developed first single chip Microcontroller for French Banking
In 1982,World's first major IC card testing is done.
In 1992,Nationwide prepaid card project started in Denmark

In 1999 ,Federal Government began a Federal employee smart card identification

 SMART CARD TECHNOLOGY

1. Introduction

Plastic ID cards are used extensively for identification and authentication purposes in various
applications such as driving licenses, Bank ATM card, Credit card, Club membership card, and
in various Academic and commercial organizations as well. Some of these cards contain a
magnetic-strip to make it machine readable. However these cards are not secure enough and
given the right kind of equipment, the information on these cards can be modified easily.
Smart card is the youngest and cleverest one in the family of identification card. Its
characteristic feature is in an integrated circuit embedded in the card, which has components for
the transmission, storage and processing of data. Smart card offers many advantages compared
to magnetic-strip card. One of the important advantages is that stored data can be protected
against unauthorized access and modification. Smart cards can be divided into two groups
according to the underlying technology. Cards in the first group use memory based technology
and provides a secure storage of data. Cards in the second group use microprocessor cards and
provide a standardized exchange of information to implement authentication, verification,
secure storage, encryption and decryption etc. Cards in this category use an Operating System
interface.
Fig 1: Example of smart card

1.1 What is Smart Card?

A device that includes an embedded secure integrated circuit that can be either a secure
microcontroller or equivalent intelligence with internal memory or secure memory chip alone.
The card connects to a reader with a physical contact or with a remote contactless radio
frequency interface. With an embedded microcontrollers, smart cards have the unique ability to
secure the large amount of data, carry out their own on-card function & interact intelligently
with a smart card reader. Smart card confirms to international standards(ISO/IEC 7810
andISO/IEC 14443) and is available in variety of form factors,including plastic cards,SIM used
in GSM mobile phones and USB-based tokens.

1.1.1 Memory vs. microprocessor

Smart cards come in two varieties: memory and microprocessor. Memory cards simply store
data and can be viewed as a small floppy disk with optional security. A microprocessor card, on
the other hand, can add, delete and manipulate information in its memory on the card. Similar
to a miniature computer, a microprocessor card has an input/output port operating system and
hard disk with built-in security features.

1.1.2 Contact vs. contactless

Smart cards have two different types of interfaces: contact and contactless. Contact smart cards
are inserted into a smart card reader, making physical contact with the reader. However,
contactless smart cards have an antenna embedded inside the card that enables communication
with the reader without physical contact. A combi card combines the two features with a very
high level of security.

1.2 Why Smart Cards ?

High physical protection of the stored data, especially the private key.
Flexible configuration of access conditions to use the private key for signature operations.
Duplication of private keys can be prevented (this is not so with a soft PSE).
Security evaluation according ITSEC E4 high or CC EAL 4+ or even higher
Use of already available smart card infrastructures e.g. future ECC (European Citicen Cards) or
eHealth cards.
1.3 Classification Of Cards
Embossed : Textual information or designs on the card can be transferred to paper.

Magnetic-Stripe: Advantage over embossing is a reduction in the flood of paper documents.

Smart Cards: Greater capability to store.

Stored data can be protected against unauthorized access and tampering.

Memory functions such as reading, writing, and erasing can be done.

More reliable and have longer expected lifetimes.

Memory-Cards: Less expensive and much less functional than microprocessor cards. Contain
EEPROM and ROM memory, as well as some address and security logic. Applications are pre-
paid telephone cards and health insurance cards.

Microprocessor-Cards:Components of this type of architecture include a CPU, RAM, ROM,

and EEPROM.

Cryptographic-Coprocessor-Cards:A cryptographic coprocessor reduces the time required

for various operations. The coprocessors include additional arithmetic units developed
specifically for large integer math and fast exponentiation.

Drawback is the cost.

Beneficial for security.
Contactless-Smart Cards : Contacts are one of the most frequent failure points any
electromechanical system due to dirt, wear, etc.
Cards need no longer be inserted into a reader, which could improve end user acceptance.
No chip contacts are visible on the surface of the card.
Optical-Memory-Cards: These cards can carry many megabytes of data, but the cards can
only be written once and never erased with today’s technology.
1.4 OS Based Classification
Smart cards are also classified on the basis of their Operating System. There are many Smart
Card Operating Systems available in the market, the main ones being:
1. MultOS
2. JavaCard
3. Cyberflex
4. StarCOS
5. MFC
Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM
and usually occupy lesser than 16 KB. SCOS handle:
• File Handling and Manipulation.
• Memory Management
• Data Transmission Protocols.
1.5 Physical and Electrical Properties of a Smart Card
1.5.1 Physical Dimensions The physical size of a smartcard is designated as ID-1.
The dimensions are 85.6 mm by 54 mm, with a corner radius of 3.18 mm and a thickness of
0.76mm. Specifications address such things as UV radiation, X-ray radiation, the card’s surface
profile, mechanical robustness of card and contacts, electromagnetic susceptibility,
electromagnetic discharges, and temperature resistance.

Fig2. Smartcard physical dimensions.

 1.5.2 Electrical Properties The electrical specifications for smart cards are defined
in ISO/IEC 7816 and GSM 11.11. Most smart cards have eight contact fields on the front
face; however, two of these are reserved for future use.

ISO 7816 Design and use of identification cards having integrated circuits with contacts (1987)
This standard in its many parts is probably the most important specification for the lower layers of the
IC card. The first 3 parts in particular are well established and allow total physical and electrical
interoperability as well as defining the communication protocol between the IC card and the CAD (Card
Acceptor Device).

CLK RST
Vcc
RFU

GND

RFU
Vpp
I/O

Fig 3: Inside a Smart Card

Fig 4: Connection Diagram of Smart Card

Table1: Functional description

Position Technical Abbreviation Function
C1 Vcc Supply Voltage
C2 RST Reset
C3 CLK Clock Frequency
C4 RFU Reserved for future use
C5 GRD Ground
C6 RFU Reserved for future use
C7 I/O Serial input/output communications
C8 RFU Reserved for future use

The Vcc supply voltage is specified at 5 volts ± 10%. There is an industry push for smartcard standards to
support 3-volt technology because all mobile phone components are available in a 3-volt configuration, and
smartcards are the only remaining component, which require a mobile phone to have a charge converter.
2. Smart card CPU Architecture
A smart card is a plastic card that contains an embedded integrated circuit (IC).Examples: Our
very Own T-Card!,Credit Cards,Cell Phone SIM Cards.They store and process Information.
Smart Cards Can be used to add authentication and secure access to information systems that
require a high level of security.
The different elements of the smart card are:
CPU( Central Processing Unit ): It is the heart of the chip.
Security logic: It detects abnormal conditions,e.g. low voltage.
Serial i/o interface: Used for contact to the outside world.
Test logic: self-test procedures.
ROM: Rom is card operating system, self-test procedures and have typically 16 kbytes, future
32/64 kbytes.
RAM:‘scratch pad’ of the processor, typically 512 bytes, in future 1 kbyte.
EEPROM: It is used as cryptographic keys,PIN code,biometric template,balance,application
code. It is typically 8 kbytes & in future 32 kbytes.
 databus
s test logic
CPU

ROM
security
logic RAM
serial i/o EEPRO
interface M

Fig 5: Architecture of smart card

2.1 Cryptographic Capabilities

Smart cards have sufficient cryptographic capabilities to support popular security applications
and protocols.
RSA signatures and verifications are supported with a choice of 512, 768, or 1024 bit key
lengths.
The Digital Signature Algorithm (DSA) is less widely implemented than RSA.
Smart cards support the ability to configure multiple PINs that can have different purposes.
Random number generation (RNG) varies among card vendors. Some implement a pseudo
RNG where each card has a unique seed. Some cards have a true, hardware based RNG using
some physical aspect of the silicon.
2.2 Data Transmissions
All communications to and from the smartcard are carried out over the C7 contact.
1.A card is inserted into a terminal; it is powered up by the terminal, executes a power-on-reset,
and sends an Answer to Reset (ATR) to the terminal.
2.The ATR is passed, various parameters are extracted, and the terminal then submits the initial
instruction to the card.
3.The card generates a reply and sends it back to the terminal.
The client/server relationship continues in this manner until processing is completed and the
card is removed from the terminal.
There are several different protocols for exchanging information in the client/server
relationship. They are designated "T=" plus a number.
The two protocols most commonly seen are T=0 and T=1, T=0 being the most popular.
2.3 Instruction Sets
More than 50 instructions and their corresponding execution parameters are defined. . Typically, a smartcard
will implement only a subset of the possible instructions, specific to its application. This is due to memory or
cost limitations.

Instructions can be classified by function as follows:

Table 2: Sample instruction types

File selection
File reading and writing
File searching
File operations
Identification
Authentication
Cryptographic functions
File management
Instructions for electronic purses or credit cards
Operating system completion
Hardware testing
Special instructions for specific applications
 Transmission protocol support

2.4 Data Storage

Data is stored in smart cards in E2PROM. Card OS provides a file structure mechanism.
File types may be in the form of Binary file (unstructured), Fixed size record file, Variable size
File structure
There are three categories of files,
Master file (MF)
Dedicated file (DF)
Elementary file (EF)
The Master file(MF) is a mandatory file for conformance with the standard and represents the root of
the file structure. It contains the file control information and allocable memory. Depending on the
particular implementation it may have dedicated files and /or elementary files as descendants .

MF

DF DF EF EF

DF EF

EF EF

A dedicated file(DF) has similar properties to the master file and may also have other dedicated files
and/orelementary files as descendants.
An elementary file(EF) is the bottom of any chain from the root MF file and may contain data as well as
file control information. An elementary file has no descendants. A number of elementary file types are
defined as follows,
. Working file
. Public file
. Application control file

2.5 Smart Card Readers Ports

All smartcard-enabled terminals, by definition, have the ability to read and write as long as the
smartcard supports it and the proper access conditions have been fulfilled.
Mechanically, readers have various options including: whether the user must insert/remove the
card versus automated insertion/ejection mechanism, sliding contacts versus landing contacts,
and provisions for displays and keystroke entry.
Table 3: Ports for various readers

Serial Port Very common; robust, inexpensive. Many desktop computers have no free
Cross platform support for serial ports. Requires external power
Can be slightly more expensive. Many
PCMCIA Excellent for traveling users with
desktop systems don't have PCMCIA
laptop computers
PS/2 Easy to install with a wedge Slower communication speeds.
Keyboard adapter. Supports protected PIN
Floppy Very easy to install Requires a battery. Communications
speed can be an issue.
USB Very high data transfer speeds. Not yet widely available. Shared bus
could pose a security issue.
Built-in No need for hardware or software Not yet widely available.
installation.
2.6 Overview current Smart Card Interfaces
Interface Available Supported Availability Integration Timing
Smartcard PC Efforts
Functionality Operating
Systems
CT-API Whole smartcard Always Available for Strongly Fast smartcard
functionality Win32 all dependent on access, but no
and on smartcards the resource
several and desired management
Unix terminals functionality
systems

PC/SC Dependence on Mostly Available for Different Strongly

the Win32 most smartcards dependent on
ServiceProviders terminals and can the
functions smartcards be supported implementation

PKCS#11 Interface only Win32, Only Easy to use Strongly

for PKI Linux, available for in dependent on
applications Solaris some combination the
combinations with PKI implementation
of smartcards applications
and
terminals

OCF Strongly All systems Available for Easy Not very fast,
dependent on the with a a few integration because of
different Card Java runtime terminals, all in Java Java-
Services environment CardServices applications
Interpreter
are seldom and
implemented Applets
3. Security Mechanisms

Password:For Card holder’s protection

Cryptographic challenge Response: Entity authentication

Biometric information: Person’s identification.

3.1 Password Verification

Terminal asks the user to provide a password. Password is sent to Card for verification.
Scheme can be used to permit user authentication. Not a person identification scheme.

3.2Cryptographic verification
Terminal verify card (INTERNAL AUTH)

Terminal sends a random number to card to be hashed or encrypted using a key. Card provides
the hash or cyphertext. Terminal can know that the card is authentic.

Card needs to verify (EXTERNAL AUTH)

 Terminal asks for a challenge and sends the response to card to verify Card thus know that
terminal is authentic.Primarily for the “Entity Authentication”.

3.3 Biometric Technique

Finger print identification: Features of finger prints can be kept on the card (even verified on
the card). Photograph/IRIS pattern etc.such information is to be verified by a person. The
information can be stored in the card securely.

3.4 Working of Smart Card

Card is inserted in the

terminal Card gets power. OS boots
up. Sends ATR (Answer to
ATR negotiations take place reset)
to set up data transfer
speeds, capability
negotiations etc.
Terminal sends first Card responds with an error
command to select MF (because MF selection is only
on password presentation)
Terminal prompts the user to
provide password
Terminal sends password for Card verifies P2. Stores a
verification status “P2 Verified”.
Responds “OK”“OK”
Card responds
Terminal sends command to
select MF again

Terminal sends command to read

EF1

3.5 Smart Cards For Data Security

There are two methods of using cards for data system security, host-based and card-based. The
safest systems employ both methodologies.
3.5.1Host Based System Security
It treats a card as a simple data carrier. All protection of the data is done from the host
computer. The card data may be encrypted but the transmission to the host can be vulnerable to
attack. A common method of increasing the security is to write in the clear (not encrypted) a
key that usually contains a date and/or time along with a secret reference to a set of keys on the
host. Each time the card is re-written the host can write a reference to the keys. This way each
transmission is different.
3.5.2 Card Based System Security
These systems are typically microprocessor card-based. A card, or token-based system treats a
card as an active computing device. The Interaction between the host and the card can be a
series of steps to determine if the card is authorized to be used in the system. The access to
specific information in the card is controlled by A) the card’s internal Operating System and B)
The preset permissions set by the card issuer regarding the files conditions. There are
predominately two types of card operating systems. First type of card OS is Classic approach .
The second methodology is the Disk Drive approach

3.6 The Smart Card Security Advantage

Some reasons why smartcards can enhance the security of modern day systems are:
PKI is better than passwords ,
Portability of Keys and Certificates,
Auto-disabling PINs Versus Dictionary Attacks,
Counting the Number of Private Key Usages.
4. The Future : Internet Smart Card
Internet smart cards is one of the latest additions to the world of information technology.
Similar in size to today’s plastic payment card, the smart card has a microprocessor or memory
chip embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. This card is connected with Internet protocols & having some IP
Address. It is connected as like a GSM –SIM cards.
4.1 What IP Connectivity Means
Future smart cards will act as network devices (server or client):
i. Implementation of a TCP/IP stack on the smart card.
ii. Support of network management/configuration
iii. Availability of on-card services via application-level
iv. protocols (at least HTTP)
v. Triggering of different applications via communication channels, allowing concurrent
program execution
4.2 Security Challenges with IP Connectivity
 i. A simple port scan cannot be misused to analyze the smart card and gain information about
active services and servers on the smart card.
ii. Typical attacks which use buffer overflows in a server to execute malicious code will be
impossible on smart cards.
iii. Unauthorized commands which manipulate input in HTML forms processed by a Common
Gateway Interface (CGI) on the smart card will be impossible.
iv. The network management necessary for organizing the IP connectivity of the smart cards
cannot be used for attacks, as the case in other IT systems.
v. Authentication and encryption is mandatory for safe connections which are resistant against
known attacks (e.g., Man-In-The-Middle prevented from sniffing and spoofing).
vi. Standard security protocols such as SSL/TLS are used in a high-performance
implementation to ensure interoperability to other network devices.
vii. Vendors of smart card operating systems will assure that the wide variety of network attacks
(e.g., spoofing, sniffing, fragmentation attacks, session hijacking, D/DoS, etc.) cannot be
transferred to the future TCP/IP based smart card world.

5. Features of Smart Card

5.1 Advantages
In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages
including:

i. Life of a smart card is longer

ii. A single smart card can house multiple applications. Just one card can be used as your
license, passport, credit card, ATM card, ID Card, etc.
iii. Smart cards cannot be easily replicated and are, as a general rule much more secure than
magnetic stripe cards
iv. Data on a smart card can be protected against unauthorized viewing. As a result of this
confidential data, PINs and passwords can be stored on a smart card. This means,
merchants do not have to go online every time to authenticate a transaction
v. Chip is tamper-resistant
- information stored on the card can be PIN code and/or read-write protected
 - capable of performing encryption
- each smart card has its own, unique serial number

vi. Capable of processing, not just storing information

- Smart cards can communicate with computing devices through a smart card reader
- information and applications on a card can be updated without having to issue new
cards

vii. A smart card carries more information than can be accommodated on a magnetic stripe
card. It can make a decision, as it has relatively powerful processing capabilities that
allow it to do more than a magnetic stripe card (e.g., data encryption).

5.2 Disadvantages
i. Can be lost/stolen
ii. Lack of user mobility – only possible if user has smart card reader every he goes
iii. Working from PC – software based token will be better
iv. No benefits to using a token on multiple PCs to using a smart card
v. Still working on bugs
5.3 Special Features:
Table 4: Some special features

Hardware Software
Closed package decoupling applications and operating system
memory encapsulation application separation (Java card)
Fuses restricted file access
Curity logic (sensors) life cycle control

cryptographic coprocessors and random various cryptographic algorithms and

generator protocols
5.4 Applications
People worldwide are now using smart cards for a wide variety of daily tasks, these include:
1. Loyalty And Stored Value: Stored value is more convenient and safer than cash.
2. Security Information And Physical Assets: Smart cards achieve great physical security,
because the card restricts access to all but the authorized user(s).
E-mail and PCs are being locked-down with smart cards.
3. E-Commerce: Smart cards make it easy for consumers to securely store information and
cash for purchasing.
4. Personal Finance: This will improve customer service by availing 24-hour electronic funds
transfers over the Internet.
Reduction in cost as transaction can be managed electronically saving time and paperwork.
5. Health Care: Smart cards provide secure storage and distribution of everything from
emergency data to benefits status.
6. Telecommuting And Corporate Network Security: Users can be authenticated and
authorized to have access to specific information based on preset privileges.
7. Campus Badging And Access: Identity cards of employees and students can be enhanced to
incorporate identity with access privileges and store value for cafeterias and stores.
8. Retail: Sale of goods using Electronic Purses, Credit / Debit
Vending machines, Loyalty programs, Tags & smart labels
9.Entertainment: Pay-TV & Public event access control & Car Protection
10. Government: Identification ,Passport & Driving license & Copiers

5.6 Smart Card Examples

5.6.1 Travel Card Example

An example of the services that might be included on a multi-function travel card:

Services that are permanently installed in the card by the card issuer might include:
Electronic ticketing ,Air miles ,Cash replacement
Services that might be added for a particular trip include: Hotel coupons & Car vouchers
5.6.2 Student Card Example

An example of the services that might be included on a Student card:

Services that are permanently installed in the card by the card issuer might include:
School computer access ,Vending machines ,Phone, & Library
Services that might be added on later include: E-mail security & Carpool roster .
 Conclusion

Smart cards have proven to be useful for transaction, authorization, and identification media.

They will soon replace all of the things we carry around in our wallets, including credit cards,
licenses, cash, and even family photographs.

Smart cards could be used to voluntarily identify attributes of ourselves no matter where we are
or to which computer network we are attached.

Smart card technology is emerging, applications are everywhere.

Smart cards enhance service and security.
Perfect security does not exist, even not for smart cards.
Risk analysis is essential.