Your search keyword '"Contactless smart card"' showing total 261 results

1. The Sufficiency of the 'Contactless Cards' Security Features in Preventing Fraud-A Malaysian Study

Author

Geetha A. Rubasundram and Mansourah Banon Hosany

Subjects

Psychiatry and Mental health, Clinical Psychology, Business, Pshychiatric Mental Health, Computer security, computer.software_genre, computer, Contactless smart card

Published

2020

2. An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication

Author

Liam Murphy, Christina Thorpe, and John Tobin

Subjects

050101 languages & linguistics, General Computer Science, Exploit, Computer science, media_common.quotation_subject, Access control, 02 engineering and technology, security, Computer security, computer.software_genre, Relay attack, Near field communication, law.invention, Relay, law, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, General Materials Science, Contactless smart card, media_common, business.industry, 05 social sciences, General Engineering, relay attack, Payment, Application layer, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971, Countermeasure (computer)

Abstract

Near Field Communication (NFC) has become prevalent in access control and contactless payment systems, however, there is evidence in the literature to suggest that the technology possesses numerous vulnerabilities. Contactless bank cards are becoming commonplace in society; while there are many benefits from the use of contactless payments, there are also security issues present that could be exploited by a malicious third party. The inherently short operating distance of NFC (typically about 4 cm) is often relied upon as a means of ensuring intentional interaction on the user’s part and limiting attack vectors. However, NFC is particularly sensitive to relay attacks, which entirely negate the security usefulness of the short-range aspect of technology. The aim of this article is to demonstrate how standard hardware can be used to exploit the technology to carry out a relay attack. Considering the risk that relay attacks pose, a countermeasure is proposed to mitigate this threat. Our countermeasure yields a 100% detection rate in experiments undertaken – in which over 10,000 contactless transactions were carried out on a range of different contactless cards and devices. In these experiments, there was a false positive rate of 0.38% – 0.86%. As little as 1 in every 250 transactions were falsely classified as being the subject of a relay attack and so the user experience was not significantly impacted. With our countermeasure implemented, transaction time was lengthened by only 0.22 seconds.

Published

2020

3. The EMV Standard: Break, Fix, Verify

Author

Ralf Sasse, Jorge Toro-Pozo, and David Basin

Subjects

FOS: Computer and information sciences, Authentication, Computer Science - Cryptography and Security, business.industry, Computer science, media_common.quotation_subject, Credit card fraud, Computer security, computer.software_genre, Payment, Issuing bank, Electronic money, Smart card, business, Cryptography and Security (cs.CR), Implementation, Contactless smart card, computer, media_common

Abstract

EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard's advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV's lengthy and complex specification, running over 2,000 pages. We formalize a comprehensive symbolic model of EMV in Tamarin, a state-of-the-art protocol verifier. Our model is the first that supports a fine-grained analysis of all relevant security guarantees that EMV is intended to offer. We use our model to automatically identify flaws that lead to two critical attacks: one that defrauds the cardholder and a second that defrauds the merchant. First, criminals can use a victim's Visa contactless card to make payments for amounts that require cardholder verification, without knowledge of the card's PIN. We built a proof-of-concept Android application and successfully demonstrated this attack on real-world payment terminals. Second, criminals can trick the terminal into accepting an unauthentic offline transaction, which the issuing bank should later decline, after the criminal has walked away with the goods. This attack is possible for implementations following the standard, although we did not test it on actual terminals for ethical reasons. Finally, we propose and verify improvements to the standard that prevent these attacks, as well as any other attacks that violate the considered security properties. The proposed improvements can be easily implemented in the terminals and do not affect the cards in circulation., Comment: Accepted for IEEE S&P 2021

Published

2021

4. An Improve Three Factor Remote User Authentication Scheme Using Smart Card

Author

Nishant Doshi, Manish Shingala, and Chintan Patel

Subjects

Authentication, OpenPGP card, Biometrics, business.industry, Computer science, Data_MISCELLANEOUS, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Smart card application protocol data unit, Computer Science Applications, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Open Smart Card Development Platform, Smart card, Electrical and Electronic Engineering, business, computer, Contactless smart card, Anonymity

Abstract

In this digital era, two entities can exchange the messages over internet even through the physical distance between them is much far. Before exchange they require to authenticate each other via authentication scheme. Biometric is one of the unique feature for each entity and can be accustomed to identify the authenticity of the entity. Motivated by this, many researchers had proposed the various schemes based on biometric feature for authentication using smart card. As smart card is not a temper resistance consummately, various attacks have been identified by the researchers in the biometric based authentication schemes. In this paper we review Wen et al.’s scheme and we find that Wen et al.’s scheme is vulnerable to insider attack, denial of service attack and user anonymity cannot achieve by them. Then we propose new remote user authentication algorithm where our algorithm is secure.

Published

2017

5. Secure Smart Card Based Remote User Authentication Scheme for Multi-Server Environment to Eliminate Smart Card Security Breach

Author

S. Saraswathi, S. Renuka Devi, and P. Yogesh

Subjects

Card security code, OpenPGP card, business.industry, Computer science, General Chemistry, Condensed Matter Physics, Computer security, computer.software_genre, Smart card application protocol data unit, Computational Mathematics, MULTOS, General Materials Science, Open Smart Card Development Platform, Smart card, Electrical and Electronic Engineering, business, computer, Contactless smart card, Common Access Card

Published

2017

6. Challenge-response mutual authentication protocol for EMV contactless cards

Author

Ossama Al-Maliki and Hisham Al-Assam

Subjects

Authentication, Point of sale, General Computer Science, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, 02 engineering and technology, Challenge response, Payment, computer.software_genre, Computer security, Information sensitivity, Payment protocol, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Mobile payment, 020201 artificial intelligence & image processing, Law, computer, Contactless smart card, Protocol (object-oriented programming), media_common

Abstract

Europay MasterCard and Visa (EMV) is the most popular payment protocol with almost 7.1 billion EMV based credit and debit cards around the world. This payment protocol supports different kinds of payment transactions such as Chip & PIN, Chip & signature, contactless card, and mobile payment transactions. This paper focuses on the EMV contactless card transactions and highlights one of such transactions’ vulnerabilities that allows attackers to gain access to most of the EMV card sensitive information using off-the-shelf hardware and software. In the EMV card payment protocol, the EMV card must authenticate itself as a genuine card to the point of Sale (POS) in each transaction while the reverse is not happening. An attacker can take an advantage of such vulnerabilities in the EMV specifications especially in contactless cards due to the wireless connectivity between the cards and POSs. In this paper, we propose a cost-effective mutual-authentication solution that relies on two-way challenge-response between EMV contactless cards and POSs in order to prevent sniffing attacks launched by NFC enabled readers or smartphones. To demonstrate the viability of the proposed authentication protocol, we present a Java framework to illustrate the practicality of the proposed solution. The paper argues that the proposed protocol can be easily integrated into the EMV infrastructure with minor changes at the personalization and transaction phases.

Published

2021

7. Swing-Pay: One Card Meets All User Payment and Identity Needs: A Digital Card Module using NFC and Biometric Authentication for Peer-to-Peer Payment

Author

Bidyut K. Bhattacharyya, Saraju P. Mohanty, Shirsha Ghosh, Alak Majumder, Joyeeta Goswami, and Abhishek Kumar

Subjects

Card security code, OpenPGP card, business.industry, Computer science, media_common.quotation_subject, Payment system, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Payment, Computer Science Applications, Human-Computer Interaction, Hardware and Architecture, MULTOS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, Electrical and Electronic Engineering, business, computer, Contactless smart card, Merchant services, media_common

Abstract

Advancement in payment technologies has an important impact on one's quality of life. Emerging payment technologies create both opportunities and challenges for the future. Being a quick and convenient process, contactless payment gained momentum, especially with merchants, with throughput being the main parameter. However, it poses risks to issuers, as no robust customer verification method is available. Thus, efforts have been underway to evolve and sustain a well-organized, efficient, reliable, and secure unified payment system, which may contribute to the smooth functioning of the market by eliminating obstacles in business.

Published

2017

8. Automatic Recognition of Bank Security Card Using Smart Phone

Author

Jin-Ho Kim

Subjects

Card security code, Mobile banking, Smart phone, Computer science, business.industry, 05 social sciences, 050801 communication & media studies, Computer security, computer.software_genre, Smart card application protocol data unit, 0508 media and communications, MULTOS, 0502 economics and business, Open Smart Card Development Platform, Smart card, business, Contactless smart card, computer, 050203 business & management

Published

2016

9. Optimal MIFARE Classic Attack Flow on Actual Environment

Author

Yerim Lee, Hyunjin Ahn, Dong-Guk Han, and Su-Jin Lee

Subjects

Crypto-1, business.industry, Computer science, Access control, Computer security, computer.software_genre, Pre-play attack, Key (cryptography), Chosen-ciphertext attack, Electrical and Electronic Engineering, Reflection attack, business, Contactless smart card, Stream cipher, computer

Abstract

MIFARE Classic is the most popular contactless smart card, which is primarily used in the management of access control and public transport payment systems. It has several security features such as the proprietary stream cipher Crypto 1, a challenge-response mutual authentication protocol, and a random number generator. Unfortunately, multiple studies have reported structural flaws in its security features. Furthermore, various attack methods that target genuine MIFARE Classic cards or readers have been proposed to crack the card. From a practical perspective, these attacks can be partitioned according to the attacker’s ability. However, this measure is insufficient to determine the optimal attack flow due to the refined random number generator. Most card-only attack methods assume a predicted or fixed random number, whereas several commercial cards use unpredictable and unfixable random numbers. In this paper, we propose optimal MIFARE Classic attack procedures with regards to the type of random number generator, as well as an adversary’s ability. In addition, we show actual attack results from our portable experimental setup, which is comprised of a commercially developed attack device, a smartphone, and our own application retrieving secret data and sector key.

Published

2016

10. A Universal Application Storage System Based on Smart Card

Author

Jie Shen, Yang Ren, Xiao Yang, and Yingjue Cai

Subjects

Card security code, OpenPGP card, business.industry, Computer science, 020207 software engineering, Card reader, 02 engineering and technology, BasicCard, Computer security, computer.software_genre, Smart card application protocol data unit, Hardware and Architecture, 020204 information systems, MULTOS, 0202 electrical engineering, electronic engineering, information engineering, Smart card, business, Contactless smart card, computer, Software

Abstract

Nowadays, electronic commerce (e-commerce) has brought facilitation to people’s daily lives. Smart-card-based systems are widely used as an implementation, where smart cards act as a secure carrier for small-sized data. However, most of these systems are developed and managed by each service provider individually and repeatedly, which causes both unnecessary work and difficulties in future maintenance. Besides, advantages of smart card technology are not full-fledged for the lack of enough consideration in flexibility and security. To propose a solution, this article presents a Universal Application Storage System, including card side, terminal side, and back-end system. The card side provides a universal and secured infrastructure for data storage, where data are organized and stored in a card file system with several security mechanisms. In the terminal side, a framework for accessing various forms of secure element is presented to simplify the procedures involved in manipulating smart cards. Through this framework, the back-end system is able to establish a direct connection to the card, and performs authorized operations by exchanging commands in a secure channel. The validity of the proposed system is verified at the end of this article, illustrated by an e-coupon system.

Published

2016

11. The National Standard Real Situation Conformance Test System for a Nation-wide Interoperable Transportation Card

Author

Ki-Han Lee, Soo-kyung Lee, and Na-kyung Nam

Subjects

Engineering, Service (systems architecture), Terminal (telecommunication), business.industry, Interoperability, Computer security, computer.software_genre, Metropolitan area, Field (computer science), Public transport, Smart card, business, Contactless smart card, computer

Abstract

The pre-paid nation-wide interoperable transportation card, which an pay fee of bus, subway, train, and highway with just one card, released in June. 2014. It has started and operated from Seoul, Gyeonggi, and major local metropolitan area. In this paper, after starting of service, we evaluate conformance and interoperability of nation-wide interoperable transportation card system in real situation. Through this, we check the status of its technical operation. For this, we choose 6 region included Seoul, Gyeonggi which are serviced by different transport vendors and check recognition and billing result from field of transportation card terminal. As a result, we can reach that the major nation-wide interoperable transportation card operate normally and deliver CONFIG DF query command. It means nation-wide interoperable transportation card system which use only one card stably adapt the public transport system and it can make user`s public transport use convenience higher through the extension of service area.

Published

2016

12. Spatiotemporal Segmentation of Metro Trips Using Smart Card Data

Author

Xue Liu, Chen Tian, Lei Rao, Juanjuan Zhao, Cheng-Zhong Xu, and Fan Zhang

Subjects

050210 logistics & transportation, Engineering, Data collection, Computer Networks and Communications, business.industry, 05 social sciences, Real-time computing, Aerospace Engineering, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, Smart city, 0502 economics and business, Automotive Engineering, 0202 electrical engineering, electronic engineering, information engineering, TRIPS architecture, Segmentation, Smart card, Electrical and Electronic Engineering, business, Intelligent transportation system, computer, Contactless smart card, Transaction data

Abstract

Contactless smart card systems have gained universal prevalence in modern metros. In addition to its original goal of ticketing, the large amount of transaction data collected by the smart card system can be utilized for many operational and management purposes. This paper investigates an important problem: how to extract spatiotemporal segmentation information of trips inside a metro system. More specifically, for a given trip, we want to answer several key questions: How long does it take for a passenger to walk from the station gantry to the station platform? How much time does he/she wait for the next train? How long does he/she spend on the train? How long does it take to transfer from one line to another? This segmentation information is important for many application scenarios such as travel time prediction, travel planning, and transportation scheduling. However, in reality, we only assume that only each trip's tap-in and tap-out time can be directly obtained; all other temporal endpoints of segments are unknown. This makes the research very challenging. To the best of our knowledge, we are the first to give a practical solution to this important problem. By analyzing the tap-in/tap-out event pattern, our intuition is to pinpoint some special passengers whose transaction data can be very helpful for segmentation. A novel methodology is proposed to extract spatiotemporal segmentation information: first, for nontransfer trips, by deriving the boarding time between the gantry and the platform, and then, for with-transfer trips, by deriving the transfer time. Evaluation studies are based on large-scale real-system data of the Shenzhen metro system, which is one of the largest metro systems in China and serves millions of passengers daily. Onsite investigations validate that our algorithm is accurate and that the average estimation error is only around 15%.

Published

2016

13. Contactless Smart Card Experiments in a Cybersecurity Course

Author

Shanshan Li, Yongqiang Chen, and Xiaojun Wu

Subjects

business.industry, Computer science, ComputingMilieux_COMPUTERSANDEDUCATION, The Internet, Access control, Smart card, business, Computer security, computer.software_genre, Contactless smart card, computer, Course (navigation)

Abstract

This Innovate Practice Work in Progress paper is about education on Cybersecurity, which is essential in training of innovative talents in the era of the Internet. Besides knowledge and skills, it is important as well to enhance the students’ awareness of cybersecurity in daily life. Considering that contactless smart cards are common and widely used in various areas, one basic and two advanced contactless smart card experiments were designed innovatively and assigned to junior students in 3-people groups in an introductory cybersecurity summer course. The experimental principles, facilities, contents and arrangement are introduced successively. Classroom tests were managed before and after the experiments, and a box and whisker plot is used to describe the distributions of the scores in both tests. The experimental output and student feedback implied the learning objectives were achieved through the problem-based, active and group learning experience during the experiments.

Published

2018

14. A novel consumer-centric card management architecture and potential security issues

Author

Konstantinos Markantonakis, Raja Naeem Akram, Damien Sauveron, Smart card Centre [Egham], Royal Holloway [University of London] (RHUL), DMI (XLIM-DMI), XLIM (XLIM), and Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Information Systems and Management, Computer science, smart card, 02 engineering and technology, Computer security, computer.software_genre, Theoretical Computer Science, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Artificial Intelligence, MULTOS, 0202 electrical engineering, electronic engineering, information engineering, Multos, Contactless smart card, Card management architecture, User centric smart cards, Trusted service manager, OpenPGP card, business.industry, GlobalPlatform, 020207 software engineering, BasicCard, Smart card application protocol data unit, Computer Science Applications, Java Card, Control and Systems Engineering, 020201 artificial intelligence & image processing, Open Smart Card Development Platform, Smart card, business, computer, Software

Abstract

International audience; Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.

Published

2015

15. Public Key based Virtual Credit Card Number Payment System for Efficient Authentication in Card Present Transaction

Author

Chang-Seop Park and Chan-Ho Park

Subjects

Card security code, OpenPGP card, business.industry, Computer science, Card reader, Computer security, computer.software_genre, Smart card application protocol data unit, Credit card, Charge card, Smart card, business, Contactless smart card, computer

Abstract

Financial fraud has been increasing along with credit card usag e. Magnetic stripe cards have vulnerabilities in that credit ca rd information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech t hat combines the IT with Financi al product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on pu blic key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate effici ently in card present transaction by pre-registering virtual cr edit card number based on cardholder's public key without PKI. And w e compare and analyze our proposed scheme with EMV.Keywords: Card Present Transaction, Virtual Credit Card Number, Authenti cation, EMV, FinTech I.서 론 *

Published

2015

16. A novel verification method for payment card systems

Author

Abdulrahman Alhothaily, Rongfang Bie, Xiuzhen Cheng, and Arwa Alrawais

Subjects

Flexibility (engineering), Card security code, Authentication, Computer science, business.industry, media_common.quotation_subject, Mobile computing, Payment system, Management Science and Operations Research, Payment, Computer security, computer.software_genre, Computer Science Applications, Payment card, Hardware and Architecture, business, Security level, Contactless smart card, computer, media_common

Abstract

Security plays a crucial role in payment systems; however, some implementations of payment card security rely on weak cardholder verification methods, such as card and a signature, or use the card without having any cardholder verification process at all. Other vulnerable implementations of cardholder verification methods suffer from many security attacks, such as relay attacks and cloning attacks. In addition, the impact of these security attacks is high since they cause monetary losses for banks and consumers. In this paper, we introduce a new cardholder verification method using a multi-possession factor authentication with a distance bounding technique. It adds an extra level of security to the verification process and utilizes the idea of distance bounding which prevents many different security attacks. The proposed method gives the user the flexibility to add one or more extra devices and select the appropriate security level. This paper argues that the proposed method mitigates or removes many popular security attacks that are claimed to be effective in current card based payment systems, and that it can help to reduce fraud on payment cards. Furthermore, the proposed method provides an alternative verification technique and enables cardholders with special needs to use the payment cards and make the payment system more accessible.

Published

2015

17. A Multi-Channel Security Card based on Cryptographically Secure Pseudo-Random Number Generator

Author

Hwajeong Seo, Seonhee Seok, Howon Kim, and Kyoung-hoon Kim

Subjects

Card security code, Pseudorandom number generator, OpenPGP card, Computer science, business.industry, Computer security, computer.software_genre, Smart card application protocol data unit, 3-D Secure, Smart card, Java Card, business, computer, Contactless smart card, Computer network

Published

2015

18. Security Issues with Contactless Bank Cards

Author

Brendan McBride, Kevin Curran, and Nigel McKelvey

Subjects

Relation (database), Data Protection Act 1998, Business, Computer security, computer.software_genre, computer, Contactless smart card

Abstract

Contactless bank cards have been issued steadily to banking customers over the past four years and this trend has continued to grow rapidly more recently. We want to highlight a list of security issues as well as privacy threats to be concerned with when using such contactless bank cards. Further advances in smartphone technology applications can lead to new threats in relation to contactless bank cards. This study contributes to the literature as it highlights data protection issues in Ireland and also highlights the major push by authorities to adopt a cashless banking society which could potentially lead to further data protection problems in Ireland.

Published

2015

19. Secure Access to Information using Smart Card

Subjects

Card security code, OpenPGP card, Computer science, business.industry, Computer security, computer.software_genre, Smart card application protocol data unit, MULTOS, Smart card, Open Smart Card Development Platform, Java Card, business, Contactless smart card, computer

Published

2017

20. A Security Solution for Bank Card

Author

Yan-Jiao Ma, Gui-Fen Zhao, and Xiang-Yi Hu

Subjects

Card security code, Hardware_MEMORYSTRUCTURES, Computer science, business.industry, media_common.quotation_subject, Payment system, Public key infrastructure, Card reader, Cryptographic protocol, Payment, Computer security, computer.software_genre, law.invention, ATM card, law, ComputingMilieux_COMPUTERSANDSOCIETY, Payment order, Smart card, business, Contactless smart card, computer, media_common, Magnetic stripe card

Abstract

Analyze the management vulnerabilities and technology vulnerabilities of current bank cards firstly, explain the technical features of the magnetic stripe and memory chip bank card, and disclose the method probably used by criminals while attacking. Meanwhile analyze the reasons why PKI may be infeasible to guarantee the security of bank cards. Vertical authentication based security solution for bank cards are proposed. Use CPU smart chip to replace the magnetic stripe card and memory chip. Set up signature and encryption protocols dealing with withdrawal form or payment order on the basis of vertical authentication in CPU smart chips, and replace current withdrawal or payment password authentication protocol. Therefore, set up a chip-level withdrawal or payment system for ATM or POS to guarantee the security of bank card withdrawal or payment.

Published

2017

21. TRAIN TICKETING SYSTEM USING SMARTCARD

Author

Abu Abraham Mathews, Iii Year, and Amal Babu P

Subjects

Engineering, Memory chip, business.industry, Computer security, computer.software_genre, law.invention, Microprocessor, law, Public transport, Key (cryptography), Revenue, Smart card, Architecture, business, Contactless smart card, computer

Abstract

The goal of our project is to attain improved travel information and electronic ticketing using smart cards. The smart cards are similar to that of an ATM, so that they can be recharged and can be reused often. Smart cards are secure portable storage devices used for several applications especially security related ones involving access to the system’s database. This looks into current trends in smart card technology and highlights what is likely to happen in the future. The smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. The smart cards are user- friendly and so it can be used for Public Transport Networks (PTNs).It can also be noted as a service-oriented architecture. Railways are the important key aspect for the development of the Indian revenue. Many people are in need of train transportation than any other means of transportation because a number of people may travel at the same time. So people may prefer smart cards for the traveling purpose instead of booking the tickets. The existing fare booking system can be replaced by smart cards.

Published

2014

22. Mining Private Information from Public Data: The Transantiago Case

Author

Javier Bustos-Jiménez, Giselle Font, Camila Montero, Jorge Bahamonde, and Alejandro Hevia

Subjects

Information privacy, Ubiquitous computing, Computer science, business.industry, Computer security, computer.software_genre, Computer Science Applications, World Wide Web, Computational Theory and Mathematics, Analytics, Public transport, Information system, Smart card, business, computer, Private information retrieval, Contactless smart card, Software

Abstract

Transantiago, the smartcard-based public transportation system in Santiago, Chile, includes both a subway system and buses. An online information system lets card holders find detailed trip information, including start time and location, as well as frequency and type of transportation used, by simply providing its card ID. This article studies the privacy implications of the availability of the Transantiago online information system. The authors explore how much of a card holder's information and behavior could be extracted from something as simple as their card ID. They concluded that, given that the corresponding card IDs are known, they can use simple statistical techniques to correctly predict the nearest public transport station to the homes of more than half of the users. This article is part of a special issue on pervasive analytics and citizen science.

Published

2014

23. 'Internet of Smart Cards': A pocket attacks scenario

Author

Luigi Sportiello

Subjects

021110 strategic, defence & security studies, Information Systems and Management, Computer science, business.industry, 020209 energy, Interface (computing), media_common.quotation_subject, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Payment, Computer Science Applications, Relay attack, Phone, Mobile phone, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, The Internet, Smart card, Safety, Risk, Reliability and Quality, business, Contactless smart card, computer, media_common

Abstract

Smart cards are secure devices used to store people sensitive data and to regulate important operations like identity proofs and payment transactions. For years people have been used to contact smart cards but in the last decade we have seen the massive introduction of contactless smart cards. At the same time we have seen a growing number of mobile phones equipped with a NFC interface in circulation, which are capable of interacting with contactless smart cards. Under different circumstances the user’s contactless cards and mobile phone are kept close together at a distance that should enable them to interact each other, for instance in pockets and bags. We describe an architecture to attack the contactless cards of a user through his NFC-equipped mobile phone. The user’s mobile phone, here defined as smart-mole, is infected and connected to the NFC-equipped one of the attacker, the proxy. The victim’s phone capabilities are exploited to run local attacks against a contactless card in its range, for instance to recover the card PIN that is then sent back to the attacker. Subsequently the attacker remotely uses the victim’s card through a relay attack putting his phone in front of a reader and providing the PIN of the victim card when needed, basically impersonating the cardholder. Infecting several phones an attacker could have under his control a large set of cards, a sort of “Internet of Smart Cards”. We show that surveying a decade of research and development in the contactless cards field such attacks look feasible according the current social context and the level of technology. We also discuss how they could be methodologically applied by an attacker to defeat the different measures currently adopted to secure contactless cards.

Published

2019

24. Application of contactless card reading technology for eauthentication of voters in Nigeria

Author

C Ogbulezie Julie and Akonjom Nsed A

Subjects

Authentication, Queueing theory, business.industry, Service time, Computer science, media_common.quotation_subject, Reading (computer), Process (computing), Computer security, computer.software_genre, Voting, Telecommunications, business, Contactless smart card, Queue, computer, media_common

Abstract

This research work is based on introducing a very important aspect of e-electioneering into Nigerian voting system, without changing the existing laws. This is the e-authentication of voters on Election Day before voting, using the contactless card technology. This work using Poisson queuing process that is M/G/S was able to show that application of contactless card reader and scanner technology for e-authentication of voters reduces the expected service time ES from 3 minutes to 0.75 minutes, the length of the queue from 2.25 voters to 0.044 voters and the average waiting time for voters to complete authentication reduced from 12 minutes to 1 minute.

Published

2014

25. Legitimate-reader-only attack on MIFARE Classic

Author

Ya Liu, Dawu Gu, Bo Qu, and Bailan Li

Subjects

Authentication, Time information, Computer science, Modeling and Simulation, Key (cryptography), Clone (computing), Adversary, Computer security, computer.software_genre, Contactless smart card, computer, Computer Science Applications

Abstract

MIFARE Classic is a contactless smart card which is widely used in several public transport systems. The researchers had presented different methods to clone a card in a practical card-only scenario. Among them, they recover the second or subsequent sector key by trying to accurately estimate the time information between two consecutive authentication attempts in a nested authentication. In this paper, we study the security of the MIFARE Classic in another practical scenario, where the adversary only communicates with a legitimate reader. The worst scenario to recover the second or subsequent sector key in a nested authentication only requires about 8 authentication attempts to the legitimate reader on average and the off-line search in about 328 s on Garcia’s ordinary computer without estimating the time information between two consecutive authentications. Following this result, it is possible for the attackers to simulate or forge a legal card to authenticate successfully with a legitimate reader. To avoid this weakness, the reader must verify some information on the legal card at the beginning and it requires to be protected in some sense.

Published

2013

26. Bio-hiding for Smart Swipe Card: A Secret Security

Author

V. Thanikaise, M. Sai Krishna Karthik, G. Aishwarya, Rengarajan Amirtharaj, and John Bosco Balaguru Rayappan

Subjects

OpenPGP card, General Computer Science, Computer science, business.industry, SwIPe, Smart card, Computer security, computer.software_genre, business, Contactless smart card, computer

Published

2013

27. Access Control Credentials and Credential Readers

Author

Thomas L. Norman

Subjects

Biometrics, Computer science, business.industry, Card reader, Access control, Computer security, computer.software_genre, Credential, World Wide Web, Electronic security, Smart card, business, Contactless smart card, computer

Abstract

The idea of the Access Credential and Credential Reader and a comparison Database of Authorized Users is the centerpiece of the concept of Access Control Systems. These elements are essential to any type of Access Control System from the most sophisticated global enterprise-wide integrated electronic security system to the most humble procedural system.

Published

2017

28. Smart Card Security

Author

Michael Tunstall

Subjects

Card security code, OpenPGP card, Computer science, business.industry, Computer security, computer.software_genre, Smart card application protocol data unit, MULTOS, Open Smart Card Development Platform, Smart card, Java Card, business, computer, Contactless smart card

Abstract

In this chapter, a description of the various attacks and countermeasures that apply to secure smart card applications is described. This chapter focuses on the attacks that could affect cryptographic algorithms, since the security of many applications is dependent on the security of these algorithms. Nevertheless, how these attacks can be applied to other security mechanisms is also described. The aim of this chapter is to demonstrate that a careful evaluation of embedded software is required to produce a secure smart card application.

Published

2017

29. A New Design for Smart Card Security System Based on PUF Technology

Author

Elham Kordetoodeshki and Sattar Mirzakuchaki

Subjects

Smart card security, Information Systems and Management, Computer science, business.industry, Computer security, computer.software_genre, Smart card application protocol data unit, Computer Science Applications, Artificial Intelligence, Embedded system, MULTOS, Smart card, Open Smart Card Development Platform, business, computer, Contactless smart card

Published

2013

30. Embedded Electronic Smart Card for Financial and Healthcare Information Transaction

Author

Lakshmisha Honnegowda, Lau, Syin Chan, and Chiew Tong

Subjects

Card security code, business.industry, Computer science, Health care, Smart card, business, Computer security, computer.software_genre, Contactless smart card, Database transaction, computer

Published

2013

31. How to Enhance MIFARE System Security in the Current Crypto-1 Broken Status

Author

Wen-Bing Horng and Ying Ching Chiu

Subjects

Engineering, Crypto-1, business.industry, Internet privacy, General Medicine, business, Encryption, Computer security, computer.software_genre, Contactless smart card, computer, Key authentication

Abstract

MIFARE is convenient contactless smart card, however a lot of studies recently indicated that, its encryption Crypto-1 can be broken. Even though the key authentication mechanism of MIFARE has been seriously affected, millions of MIFARE are still in use worldwide. Under the circumstances that, MIFARE card security vulnerability cannot be ignored while upgrading the MIFARE cards within a short period of time is impossible, it is practical to consider other ways to minimize the risk and possible damages.

Published

2013

32. Security Failures in EMV Smart Card Payment Systems

Author

Akram M. Zeki, Zubair Ahmad, and Akeem Olowolayemo

Subjects

Card security code, business.operation, Computer science, business.industry, media_common.quotation_subject, Card reader, Computer security, computer.software_genre, Payment, Payment card, ATM card, MasterCard, Smart card, business, computer, Contactless smart card, media_common

Abstract

New credit cards containing Europay, MasterCard and Visa (EMV) chips for enhanced security used in-store purchases rather than online purchases have been adopted considerably. EMV supposedly protects the payment cards in such a way that the computer chip in a card referred to as chip-and-pin cards generate a unique one time code each time the card is used. The one time code is designed such that if it is copied or stolen from the merchant system or from the system terminal cannot be used to create a counterfeit copy of that card or counterfeit chip of the transaction. However, in spite of this design, EMV technology is not entirely foolproof from failure. In this paper we discuss the issues, failures and fraudulent cases associated with EMV Chip-And-Card technology.

Published

2016

33. Access Control System in Campus Combining RFID and Biometric Based Smart Card Technologies

Author

Mohammed Amine Kasmi, Mohamed El Beqqal, and Mostafa Azizi

Subjects

Engineering, Authentication, business.industry, Access control, Computer security, computer.software_genre, Identification (information), Asynchronous communication, Embedded system, MULTOS, Open Smart Card Development Platform, Smart card, business, Contactless smart card, computer

Abstract

For universities where security is primordial and accessing to certain areas must be checked, an access control system should be used in order to enhance security in general and to reduce time-consuming in access control of an important number of candidates in the same time. RFID and smart cards are widely used technologies; RFID guarantees a simultaneous reading of the identified objects and the smartcards offer a storage capacity and enable processing information. Several problems of security remain still unresolved for both RFID and smart card used separately. We present in this paper a solution of access control, which combines specific identification and authentication technologies with synchronous and asynchronous data processing. In our case, we target the academic context. We demonstrate by two use cases how much the system security could be improved by combining RFID and Smartcards in a complementary way. For this purpose, the design of our system focuses in the first scenario on performing the verification of the presence of students in exams by using both synchronous and asynchronous techniques based on the coupling of RFID and smart card technologies. The second scenario focuses on the security of accessing sensitive areas by providing a synchronous verification method requiring immediate validation of the access based on RFID technology and the fingerprint of staff. Further technologies are also used to ensure accurate authentication, such as cameras and liveness sensors.

Published

2016

34. Multipurpose Card Using Rfid Technology

Author

D. Gayathri and S. Gayathri

Subjects

Service (systems architecture), biology, business.industry, Computer science, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Data structure, Identification (information), Order (business), 020204 information systems, Toll, 0202 electrical engineering, electronic engineering, information engineering, biology.protein, Smart card, business, computer, Contactless smart card, Implementation

Abstract

Most often in our daily life we have to carry lot of cards such as credit cards, debit cards and some other special cards for toll system ERP, parking and personal identification purpose. Currently smart card implementations can be seen around the world but they are not unified i.e. each developers uses different programming standards and data structures. The smart card will provide service to the user only within a university campus or an organization. In order to make available such multiple application access using a single card to every individual person we have planned to use RFID technology, which is cost effective. As RFID technology is used in the proposed concept, the programming standards and data structures will be unified. Unlike smart card, the RFID card can be used by every individual person to access different applications. Thus, a person needs not to carry number of cards; he can just carry a single card for different purpose. KeywordsSmart card; not unified: Multiple application access; Single card; RFID technology; Cost effective

Published

2016

35. Aware and smart member card: RFID and license plate recognition systems integrated applications at parking guidance in shopping mall

Author

Yung-hau Wang, Yu-kuang Hsieh, Ching-Ter Chang, and Cheng-kung Chung

Subjects

Authentication, Database, Computer science, business.industry, 020206 networking & telecommunications, Card reader, 02 engineering and technology, computer.software_genre, Computer security, Smart card application protocol data unit, Identification (information), 0202 electrical engineering, electronic engineering, information engineering, Ventra, Radio-frequency identification, 020201 artificial intelligence & image processing, Smart card, business, computer, Contactless smart card

Abstract

Member card can provide personal identification, authentication, data storage, and application processing. It may provide strong marketing media for customer relationship within business organizations. In this paper, the integrated applications of passive radio frequency identification (RFID) and license plate recognition (LPR) are presented. We applied RFID and LPR techniques integrated, meanwhile, we collected the vehicles self-adhered e-Tag ID data. All of these development to compile on the member card as a linking media, it provided the more premium services for card holder. By the cumulative utilization and analysis data of member card, it has become an essential connection between the customers and the companies. It is not only added card self-valued, but also do grasp customers' preference. This proposed system is composed of three main modules at RFID (3M e-Tag), LPR (Image processing), and RFID (NXP MIFARE), respectively. It is designed to meet the requirements of performance and can be generally applied to the commercial markets (e.g., other malls, marts, department stores) that also operate parking lots which face similar problems.

Published

2016

36. Data Security Analysis and Security Extension for Smart Cards Using Java Card

Author

Manali Dubal, C R Chauhan, and Mahesh Tr

Subjects

OpenPGP card, business.industry, Computer science, Card reader, Computer security, computer.software_genre, Security and safety features new to Windows Vista, Smart card application protocol data unit, Smart card, Elliptic curve cryptography, Java Card, business, Contactless smart card, computer

Abstract

Smart cards improve the convenience and security of any transaction. They provide tamper-proof storage of user and account identity. Multifunction cards are used to manage network system access, store value and other data. The cards carry personal account, credit and buying-preference information and thus, security becomes a primary issue here. Public Key Cryptography plays an essential role in electronic banking and financial transactions. ECC is one of the best public key techniques for its small key size, high security and is suitable for secure access of smart cards. This article gives principles of public key cryptography, illustrates two cryptographic algorithms RSA and ECC. The elliptic curve cryptography is implemented on smart card using Menezes-Vanstone Elliptic Curve Cryptosystem and Nyberg-Rueppel Signature Scheme [2]. The implementation of these algorithms is done using Java Card technology. The test results are analysed and comparison about the public key sizes and security aspects are also discussed.

Published

2012

37. Automatic Ticket Vending via Messaging Service (ATVMS)

Author

Harshil Mayur Gandhi, Kaushal Mahesh Ambani, and Priyank Jayesh Shah

Subjects

Service (systems architecture), Computer science, business.industry, Public transport, Ticket, Coupon, Computer security, computer.software_genre, business, Contactless smart card, computer

Abstract

The passenger flow in the western division of Mumbai Suburban Railway system is multiplying day by day. The existing ticketing system is causing a considerable increase in the travel time due to a major drawback- „long queues‟, which absorbs a significant portion of the travelling time. On an average, a commuter spends around 15 minutes in the queue at the suburban booking office windows of Mumbai. In this study we aim to explain the use of mobile services by looking at an area where it has been quite successful; that is, mobile ticketing in public transportation. Firstly, this paper provides a brief glance at ATVMs (Automatic Ticket Vending Machines) and (CVM) Coupon Validating Machines; technologies which are already implemented in the Mumbai Suburban Railways, along with a statistical insight of its drawbacks. Later it provides an insight into our proposed technology ATVMS (Automatic Ticket Vending via Messaging Service) which uses SMS (Short Messaging Service) as a medium to issue tickets. We provide a comprehensive description of our proposed architecture models along with the possible hurdles in our endeavour, and also real time solutions to it. The scope of this paper is particularly for the „Mumbai Suburban Railways‟ (MSR) where cost effectiveness is of paramount importance. The challenge was to design a system that would be least costly, as MSR is massively used by middle class people who cannot afford even the slightest of increase in the ticket price. Hence something beyond NFC (Near Field Communication) and Automated Fare Collection (AFC) system (through contactless smart card technology) was needed. The concept and implementation of ATVMS put forth by the authors is completely “new and original”.

Published

2012

38. Development of T-commerce Processing Payment Module Using IC Credit Card(EMV)

Author

Byoung-Kyu Choi, Byung-Kon Kim, Dong-Bok Lee, and Shin Heu

Subjects

Card security code, business.industry, Computer science, Card reader, Answer to reset, Computer security, computer.software_genre, Smart card application protocol data unit, ATM card, Credit card, Smart card, Telecommunications, business, Contactless smart card, computer

Abstract

IC(Integrated circuits)card, generally be named smard card, embedded MPU(Micro Processor Unit) of small-size, memory, EEPROM, Card Operating System(COS) and security algorithm. The IC card is used in almost all industry such as a finance(credit, bank, stock etc.), a traffic, a communication, a medical, a electronic passport, a membership management and etc. Recently, a application field of IC card is on the increase by method for payments of T-commerce, as T-commerce is becoming a new growth engine of the broadcating industry by trend of broadcasting and telecommunication convergence, smart mechanization of TV. For example, we can pay in IC credit card(or IC cash card) on T-Commerce. or we can be provided TV banking service in IC cash card such as ATM. However, so far, T-commerce payment services have weakness in security such as storage and disclosure of card information as well as dropping sharply about custom ease because of taking advantage of card information input method using remote control. To solve this problem, This paper developed processing payment module for implementing TV electronic payment system using IC credit card payment standard, EMV.

Published

2012

39. Security Issues in Smart Card Authentication Scheme

Author

Shashikala Tapaswi, C. D. Jaidhar, and Ravi Singh Pippal

Subjects

OpenPGP card, business.industry, Computer science, Multi-factor authentication, Computer security, computer.software_genre, Smart card application protocol data unit, 3-D Secure, MULTOS, Smart card, business, computer, Contactless smart card, Common Access Card

Published

2012

40. A Trust Distributed DRM System Using Smart Cards

Author

Chi-Sung Laih, Michael Chang, Ming Kung Sun, Hui-Tang Lin, and Hsiao-Ching Lin

Subjects

Card security code, OpenPGP card, Digital rights management, business.industry, Computer science, Computer security, computer.software_genre, Smart card application protocol data unit, Artificial Intelligence, Hardware and Architecture, MULTOS, Computer Vision and Pattern Recognition, Smart card, Open Smart Card Development Platform, Electrical and Electronic Engineering, business, Contactless smart card, computer, Software

Published

2012

41. Single Board Computer Based Building Security Management System: Contactless Smart Card for Automatic Door Access Control System

Author

Udayanto Dwi Atmojo, Litasari, and Astria Nur Irfansyah

Subjects

OpenPGP card, Engineering, business.industry, Card reader, Access control, General Medicine, Computer security, computer.software_genre, Logical security, Smart card application protocol data unit, Embedded system, MULTOS, Smart card, business, Contactless smart card, computer

Abstract

A building security management system based on single board computer is currently under development. In this paper, a part of the system which is an automatic door access system using contactless smart card for identification is discussed. Running test shows that the system is working as expected. The system can identify multiple users each with different card. More specific access such as access by day, hour, even minute can be implemented. Alarm is used as indicator if the door is unlocked or any forced intrusion is happening. The corresponding system is going to be integrated in a building security management system to provide safer work environment.

Published

2011

42. A Contactless Mobile Payment Method Based on Security TF Card and NFC Technology

Author

Yang Liu, Dong Ming Zhao, Qing Lei Zhou, and Ping Li

Subjects

Card security code, Subscriber identity module, Computer science, General Engineering, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Computer security, computer.software_genre, law.invention, law, Mobile payment, Contactless smart card, Protocol (object-oriented programming), computer, Transaction data, Merchant services

Abstract

The paper presents a contactless mobile payment method based on security TF card and NFC technology, with which we can use the security TF card, instead of a special SIM card that support SWP protocol, as a security module to store the user’s important information (e.g. transaction data) in mobile payment. And because security TF card can be distributed by non-telecom operators, the method can obtain a more extensive support by units and institutions other than telecom operators. then it is meaningful to the development of NFC technology.

Published

2011

43. Development of a System Security Unit using RFID

Author

Jae-Hyuk Jang and Gab-Sig Sim

Subjects

Engineering, OpenPGP card, business.industry, Card reader, Computer security, computer.software_genre, Smart card application protocol data unit, Ventra, Smart card, business, computer, Contactless smart card, Computer hardware, Merchant services, Common Access Card

Abstract

This study developed a digital security device which power is on/off by the RFID card. This device is based on the wireless data transmit/receive circuits, built in RS-232C chip and applied to computer and other digital devices. We can check whether this device is operated or not by connecting the LED. In this system, 13.56MHz frequency circuit supplies power with ID card, and DC inputs check the proximity operating distance of the card field for verifying the existence of a card. The security level of this system is much stronger than that of a compared system[13]. Anyone cannot use the system without RFID card. All illegal access is prevented except for authorized path.

Published

2011

44. A security privacy aware architecture and protocol for a single smart card used for multiple services

Author

Jan H. P. Eloff, Derrick G. Kourie, A. M. Rossudowski, and Hein S. Venter

Subjects

Password, OpenPGP card, General Computer Science, Computer science, business.industry, Computer security, computer.software_genre, One-time password, Smart card application protocol data unit, MULTOS, Smart card, Open Smart Card Development Platform, Java Card, business, Law, Contactless smart card, computer, Personally identifiable information

Abstract

In the face of the expanding Internet and an ever-growing number of threats, today's society is becoming more geared towards greater security and protection of privacy and personal information. Smart cards provide protection for information at the hardware level, however, smart cards are designed for use with a single specific application. In this paper we introduce the concept of utilising a single smart card with multiple applications. Such a scheme would, however, increase the reward of an attack on the smart card due to the amount of information stored on a smart card. This paper proposes an architecture to allow a single smart card to be used in a dynamic multiple application environment. In conjunction with the architecture, a protocol messaging scheme is provided to protect all information communicated between the smart card and an application through the use of one-time passwords, whilst maintaining the privacy of one's personal information.

Published

2010

45. Smart card applications and security

Author

Xuefei Leng

Subjects

OpenPGP card, Computer Networks and Communications, business.industry, Computer science, Card reader, Computer security, computer.software_genre, Smart card application protocol data unit, MULTOS, Smart card, Open Smart Card Development Platform, Java Card, Safety, Risk, Reliability and Quality, business, Contactless smart card, computer, Software

Abstract

This article gives brief introduction to the security mechanisms used in smart card technology. Firstly we introduce the properties of contact and contactless smart cards; then we give the anatomy of smart card hardware and the popular security features implemented. These security features are arranged in the attack and countermeasure pairs, so it is easier for the readers to understand the security issues in the smart card technology.

Published

2009

46. Attacking smart card systems: Theory and practice

Author

Ioannis G. Askoxylakis, Konstantinos Markantonakis, Gerhard P. Hancke, Michael Tunstall, and Keith Mayes

Subjects

OpenPGP card, Computer Networks and Communications, Computer science, business.industry, Computer security, computer.software_genre, Smart card application protocol data unit, Identification (information), MULTOS, Smart card, Open Smart Card Development Platform, Java Card, Safety, Risk, Reliability and Quality, business, computer, Contactless smart card, Software

Abstract

Smart card technology has evolved over the last few years following notable improvements in the underlying hardware and software platforms. Advanced smart card microprocessors, along with robust smart card operating systems and platforms, contribute towards a broader acceptance of the technology. These improvements have eliminated some of the traditional smart card security concerns. However, researchers and hackers are constantly looking for new issues and vulnerabilities. In this article we provide a brief overview of the main smart card attack categories and their corresponding countermeasures. We also provide examples of well-documented attacks on systems that use smart card technology (e.g. satellite TV, EMV, proximity identification) in an attempt to highlight the importance of the security of the overall system rather than just the smart card.

Published

2009

47. Privacy features of European eID card specifications

Author

Ingo Naumann and Giles Hogben

Subjects

Government, Information Systems and Management, Computer Networks and Communications, business.industry, Interface (Java), Internet privacy, EFTPOS, Computer security, computer.software_genre, ATM card, Smart card, Date of birth, Safety, Risk, Reliability and Quality, business, Data page, Contactless smart card, computer

Abstract

Following the introduction of ICAO-compliant electronic passports, electronic national identity cards are now being planned and deployed on a large scale in Europe as well as worldwide. Whereas electronic passports contain a contactless chip in the booklet, electronic ID cards are usually plastic cards the size of a regular ATM card, using a chip with a contactless and/or contact interface. Like the data page of a passport, an ID card is personalised with at least a serial number, a photo and the owner's name and date of birth. Some EU countries, including Austria, Belgium, Estonia, Finland, Italy, the Netherlands, Spain, and Sweden have already started issuing electronic ID cards. Others, for example, Germany, France, and the UK, are currently drafting technical specifications for their future ID card schemes. Besides national ID cards, there are many other government and commercial eID card schemes, such as electronic health cards or chip and signature cards.

Published

2008

48. Send your smart cards to graduate school

Author

J. Lowell Mooney, Robert C. Newman, and Harry R. Wright

Subjects

Card security code, SIMPLE (military communications protocol), Computer science, business.industry, Advertising, Computer security, computer.software_genre, Minicomputer, law.invention, Credit card, law, Accounting, MULTOS, Smart card, Java Card, business, General Economics, Econometrics and Finance, computer, Contactless smart card

Abstract

A smart card looks and feels like a simple credit card but it is actually a minicomputer without a display screen or keyboard. And due to their proliferation in corporate environments, smart cards represent a major security risk. How can you reduce that risk while still reaping their benefits? © 2008 Wiley Periodicals, Inc.

Published

2008

49. A Multi-Application Smart Card System with Authentic Post-Issuance Program Modification

Author

Mohammad Mesbah Uddin, Hiroto Yasuura, Daisuke Ikeda, and Yasunobu Nohara

Subjects

OpenPGP card, Computer science, business.industry, Applied Mathematics, Card reader, BasicCard, Computer security, computer.software_genre, Computer Graphics and Computer-Aided Design, Smart card application protocol data unit, MULTOS, Signal Processing, Smart card, Open Smart Card Development Platform, Electrical and Electronic Engineering, business, Contactless smart card, computer

Abstract

A multi-application smart card system consists of an issuer, service vendors and cardholders, where cardholders are recipients of smart cards (from the issuer) to be used in connection with applications offered by service vendors. Authentic post-issuance program modification is necessary for a multi-application smart card system because applications in the system are realized after the issuance of a smart card. In this paper, we propose a system where only authentic modification is possible. In the proposed system, the smart card issuer stores a unique long bitstring called PID in a smart card. The smart card is then given to the cardholder. A unique substring of the PID (subPID) is shared between the cardholder and a corresponding service vendor. Another subPID is shared between the issuer and the cardholder. During program modification, a protocol using the subPIDs, a one-way hash function and a pseudorandom number generator function verifies the identity of the parties and the authenticity of the program.

Published

2008

50. Identification method of student card chip based on Internet of things radio frequency identification

Author

Haiyun Xiang and Xiao Fu

Subjects

Engineering, 020205 medical informatics, business.industry, 02 engineering and technology, Identity recognition, Computer security, computer.software_genre, Chip, Identification (information), Campus network, 0202 electrical engineering, electronic engineering, information engineering, Radio-frequency identification, 020201 artificial intelligence & image processing, Smart card, business, Internet of Things, Contactless smart card, computer

Published

2016