D.I.Y.

Smart Card Encoding and

Reader Mangement for the
University Market

Robert M. Gailing

SMART Contactless IDentity and Security Solutions

 We're Making Identity Cards Safe,
Again!
 What is a contactless
smart card?
 What makes it safer than
another ID card
technology?
 What is encryption
/cryptography? What is
mutual authentication?
 Why should you deploy it
on your campus?
 Open Platform / Closed Platform
Open Architecture...WTF?

Open Platform Closed Platform

Definition - In computing, an open platform describes a software

system which is based on open standards, such as published and
fully documented external application programming interfaces (API)
that allow using the software to function in other ways than the
original programmer intended, without requiring modification of the
source code. Using these interfaces, a third party could integrate with
the platform to add functionality

The opposite is a closed platform.

What Smart Cards are in the
US Market Today?
DIY Card and Reader Management?
What Does it Mean?
 Create, and manage, your own secure solution designed
by, or with, you for your unique situation.
 Manage security keys on the card and reader
 Rotate keys
 Change key version
 Speed of deployment. You want, or need, to make a
change or update quickly.
 Add new application
 Transportation
 Food, etc.
 Add biometric
 LOWER PER CARD COSTS!
 Why Do It Yourself?

 Higher Security Options

 Freedom

 Flexibility

 Quicker time to deploy

 $ave Money
 Single Common Card
Multiple Applications

Physical Access/Parking

Banking Logical Access

Time & Attendance Production Control

Cashless Vending Cafeteria/Meal

Point-of-Sale IDentity Card

Copy Machines
 MIFARE® DESFire® EV1/ EV2
 Supports many different applications for the Campus and
around town, too.
Example: Multi-application Options –
Campus Card

Transport Card
(MIFARE) Upgrade

Pick the applications you want

and add them to your card

Bus / Train Car Rental Bike Rental

Current
Gym Concert Theater Sports

Laundry Retail Coffee Food Book Store

 Benefits of Contactless Smart
Cards
 Usability
 DESFire has a flexible file system whereby up to 28 applications can
run simultaneously and each application can have up to 16 files. This
means that if there are spaces left by some applications, others can
use them.
 The practical result for this is that a University can use their ID cards
for more applications and get a faster communication between the card
and the reader. Students then only need a single ID card for use
across a whole cashless campus solution, access control systems,
transport, gym memberships etc.

 Security
 The encryption used on the DESFire cards is predominantly 128-bit up to
256 Bit AES encryption (Although TripleDES is also available, we would
advise the AES option as the most secure). AES stands for Advanced
Encryption Standard and the 128/ 256 Bit refers to length of the key used.
This standard has been adopted by the US military and it is estimated that
at the projected technology improvements, will remain secure until at least
the year 2030.
 Encryption / Cryptography

 The ingredient that makes the cards secure

 The Secret Key
 Today's smart cards, and smart card, readers have a special
relationship. A Marriage of sorts.
 They share a SECRET. Card Reader
 A Key!
 When they get together, the two must share this key. If they
agree (mutual-authentication), they tell the IDs information to
the host.
 What is the importance of this key?
 In order for you to add, change, delete anything
with your card and reader system, you need this
key!
 Why should you own and manage the key yourself?
 Remember this marriage? Well, image that you
and/ or your partner's secret was also known, or
owned and controlled by a third party? What's
 Understanding Security Keys /
Key Management for Cards

A CSN is like Your House Number…..Anyone Can Read It!

If the Number is Inside Your House …… You Need A Key!

1234
What keys do you want to use?
 Default manufacturer keys (OK for many smaller organizations)
 Custom keys

If you are using custom keys,

 Do you want all sites to use the same keys?
 Who do you want to manage the keys (the supplier, in-house,
other)?
If you are managing your own keys, how will you
keep them secure and safe from loss?
 If keys become un-known so that you cannot issue new
cards/readers, you may have to change all readers and cards to
go with a new key scheme
 Keys. FAQs

 What do they look like?

 Where do they come from?
 How many are there?
 Who controls it?
 Where is it stored and how?
 How Safe is the Information?

 As shown above, even with a supercomputer, it would

take 1 billion billion years to crack the 128-bit AES key
using brute force attack. This is more than the age of the
universe (13.75 billion years). If one were to assume that
a computing system existed that could recover a DES
key in a second, it would still take that same machine
approximately 149 trillion years to crack a 128-bit AES
key.EETimes Mohit Arora, Sr. Systems Engineer & Security Architect, Freescale Semiconductor 5 /2012
 Decisions, Decisions, Decisions...

 How do I move forward?

 Do I need to change my access control system?
 What are my options for migration?
 Does my current vendor understand this enough to help
me get there?
 Develop a Strategy

 Examine the long term goals of the campus and

community
 Look outside for partnering opportunites to further reduce
your per card cost.
 DO IT YOURSELF? YES!
 CARDS  COMPATIBLE  ENCODING
PRINTER SOFTWARE
W/ENCODER APPLICATION
 MIDDLEWARE

 USB READER /
WRITER

Field Configurable
Access Card
 How Do I Get the Students Cards
Updated?

With the Client/Server version, kiosks for encoding cards can be deployed. Designed
for users to present their badge at the kiosk terminal in order for the card to be
automatically updated.

DataWriter
Basic or Kiosks
Ultimate for
configuration

Server

Very useful to rotate keys, or change from CSN to encoded number when cards are
already deployed.
 Mobility

An Android workstation has been developed enabling the encoding button using a
smartphone equipped with an NFC chip

Server

Wifi NFC

DataWriter workstation
on Android
 Web-Based Credentialing
Choice of card technology
Mifare classic, Mifare DESFire EV1/EV2, HID iClass, EM, HID Prox, …

Choice of graphic models (Front / back)

Customizing printing
Drag & drop data files to print on each card

Customizing encoding
Drag & drop data files to encode on each card

Production in real time or not

cards are printed on end user site or on central site
 Web-Based Credentialing
Remote Printer at Card Office

ID Printing Server

2 3
4

1. The end user sends the order on the server via

personalized user interface
2. Transfers the order to Server
3. Cards are print to remote card office
4. Student picks up card or is mailed
Student
 Point of Sale

 Now that you have

migrated away from mag
stripe, how do you
manage your point-of-
sale systems with the
new card?
 Simple. Just exchange
your mag stripe readers
with a USB contactless
smart card readers
configured to read your
secure data.
 Working withThird-Party's

 The local transportation agency uses similar smartcard

technology and wants to reduce costs and not provide
cards.
 How to third-parties add their application to my
card without sharing their secret key?
 Local businesses such as parking lots or copy/ship
centers would like to accept the student card for
payment?
 How do you set them up to accept the students
ID card?
 Known University Smart Card
U of Michigan Programs
Int'l Student Identity Card
MST
U of Penn

U of A
 QUESTIONS?

Contact Me

 Robert Gailing
SMARTContactless Identity and Security Solutions
Santa Ana, CA
949-514-8844 x 500
Robert@SMARTContactless.com
www.SMARTContactless.com