20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 9 Smart and Stored-Value Cards.

Slides:



Advertisements
Similar presentations
ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 8 Smart and Stored-Value Cards.
Advertisements

Security of JavaCard smart card applets Erik Poll University of Nijmegen
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
LECTURE 7 REF: CHAPTER 11 ELECTRONIC COMMERCE PAYMENT SYSTEMS PREPARED BY : L. Nouf Almujally Copyright © 2010 Pearson Education, Inc. 1.
© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.
ATEM Service Centre Conference Smart Cards? ATEM Service Centre Conference Smart Cards? Presented by Glenn Martin - Business Development Manager.
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
FIT3105 Smart card based authentication and identity management Lecture 4.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Muhammad Wasim Raad1 2 Smart Cards & ecommerce Perceptions Were  Solution looking for a problem  Expensive and inflexible The breakthrough!  Platform.
ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 8: Stored-Value Cards.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS eCommerce Technology Lecture 10 Micropayments I.
Chapter 12 Electronic Payment Systems. Electronic CommercePrentice Hall © The Payment Revolution A number of factors impact whether a particular.
Muhammad Wasim Raad1 Smart Cards in E-payment البطاقات الذكية في أنظمة الشراء والبيع الالكترونية Dr Wasim Raad Computer Engineering Department King Fahad.
ECOMMERCE TECHNOLOGY SUMMER 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Electronic Payment Systems.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems.
Smart Card Development in Hong Kong SIMmate 2000 Product Launch 28 November 2000 Dr LM Cheng Director Smart Card Design Center Dept. of Electronic Engineering.
Chapter 8 Web Security.
ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
3.1 Business and employment. Banking and Finance.
SMARTCARDS. What we’ll cover: How does the Smart Card work (layout and operating system)? Security issues for the card holder The present and future of.
Traditional and Electronic Payment Methods Chapter 3.
Supporting Technologies III: Security 11/16 Lecture Notes.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Electronic Payment Systems
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic.
MIS 3090 IT for Financial Services Digital Cash September 4, 2015.
Information Assurance... Smart Card Interoperability Steve Haynes Phone
Epayment System using Java April, Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.
Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.
Electronic Payment Systems
Chapter 10 E- Payment.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
[1] National Institute of Science & Technology Technical Seminar Presentation Presented By : Rajashree Mohapatra (IT ) Technical Seminar.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
How can the SMART card help in new channels?
Traditional and Electronic Payment Methods Chapter 3.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Smart Card Technology & Features
© 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Electronic Payment Systems.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Wasim-1 Smart Cards and E-BUSINESS 4 What is a Smart card? 4 A smart card is the size of a conventional credit card, with an electronic microchip embedded.
A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
April 20023CSG11 Electronic Commerce Smartcards John Wordsworth Department of Computer Science The University of Reading Room.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.
E-Payment Methods Fazal rehman shamil. 2001Daniel L. Silver2 Major Architectural Components of the Web Internet Browser Database Server Client 1 Server.
1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.
Fall 2000C.Watters1 World Wide Web and E-Commerce Internet Payment Schemes.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
e-Wallet – THE FUTURE OF CARDS
Electronic Banking & Security Electronic Banking & Security.
WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.
1. 2 :Objectives What is Electronic Payment Requirements of E-Payment Methods Various E-Payment Methods ePayment Risks How can we secure ePayment 3.
A smart card is a credit card sized plastic card embedded with an integrated circuit chip that makes it "smart". This made between a convenient plastic.
Smart Money Concept.
Electronic Commerce Smartcards
UNIT 19 Data Security 2.
Smart Card Technology Why is a Smart Card So Smart?
OUTLINE Generalization - Types of Smart Card Technology
Presentation transcript:

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 9 Smart and Stored-Value Cards

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS ePayment by Smart Card Replace cash Cash is expensive to make and use –Printing, replacement –Anti-counterfeiting measures –Transportation –Security Cash is inconvenient –not machine-readable –humans carry limited amount –risk of loss, theft Additional smart card benefits

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Memory Cards Magnetic stripe –140 bytes Vanilla memory cards –1-4 KB memory, no processor Optical memory cards –4 megabytes read-only (CD-like) Microprocessor cards –Imbedded microprocessor (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM (Equivalent power to IBM XT PC) 32-bit processors now available –Intelligent, active devices with defenses

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Smart Card Costs NEW: RW Optical 500 MB 32-bit $15 Reader: $200

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Card Taxonomy SOURCE: BURGER, CAROLL & ASSOCIATESBURGER, CAROLL & ASSOCIATES

Micropayments SOURCE: SMARTCARDCENTRAL.COMSMARTCARDCENTRAL.COM

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Multi-Application Smart Card Digital Certificates Private Key(s) ACE (Active Customer Enrollment) Authentication Biometric Data Employee Data Magnetic Stripe or RF Door Access Employee Picture Encryption Key Password Cache S/Mime Secure Mail SSL Secure Web Customer PKI Application Single Sign-On Local File Encrypt Secure Screen Saver BiometricAuthentication Application Login SOURCE: SECURITY DYNAMICS

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Smart Card Structure Contacts (8) SOURCE: SMART CARD FORUM Epoxy Microprocessor Contacts Card (Upside-down) Contacts:

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Old Smart Card Architecture SOURCE: SMART CARD FORUM EEPROM: Electrically Erasable Programmable Read-Only Memory

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Cyberflex™ Java Smart Card Complete 32-bit Java run-time environment on a card Utilities for compiling and loading cardlets onto the card from a PC OPERATING SYSTEM MICROPROCESSOR JAVA VIRTUAL MACHINE CARDLETS

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Smart Card Architecture File structure (ISO ) –Cyclic files Database management on a card –SCQL (Structured Card Query Language) –Provides standardized interface –No need to know file formatting details

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS OpenCard Framework (OCF) SOURCE: OPENCARD.ORGOPENCARD.ORG CardService Layer CardTerminal Layer (TALKS TO CARD) (TALKS TO READER)

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS MULTOS Administration SOURCE: MULTOSMULTOS 14-COMPANY SMART CARD CONSORTIUM

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Open Platform Card Specification SOURCE: GAMMAGAMMA

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS OP Security Assumptions OP card is merely a component Need to trust: –back-office systems –cryptographic key management –card/chip operating environment (COE) –off-card security procedures (actors and roles) There are vulnerabilities the OP card cannot protect itself against SOURCE: GAMMAGAMMA

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS OP Card Security Threats Group 1 Group 2 Group 4 Group 5 Group 6 Group 7 CAD Clone Future Past Current Group 3 DIRECT ATTACKS ON CHIP CIRCUITRY INDIRECT ATTACKS ON CHIP CIRCUITRY ATTACKS USING CARDS NOT YET ISSUED, OLD CARDS, CLONES ATTACKS ON CARD’S INTERFACE TO THE OUTSIDE, E.G. PREMATURE REMOVAL ATTACKS ON THE RUN-TIME ENVIRONMENT THROUGH THE CARD ACCEPTANCE DEVICE (CAD) THREATS FROM CARD APPS AND NEED TO SHARE RESOURCES THREATS BASED ON RTE IMPLEMENTATION SOURCE: GAMMAGAMMA

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Smart Card Security Observers Active defenses Attacks: Microprobing, microscopy Differential fault analysis –(Boneh et al. 1997) –Induce errors, observe output differences Differential power analysis SOURCE: cryptography.com SOURCE: Kömmerling et al.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Differential Power Analysis Send different inputs to the Smart Card to learn details of its encryption key When a correct key value is tried, the algorithm responds Incorrect keys have zero average response SMART CARD POWER CONSUMPTION DURING DES ENCRYPTION SOURCE: cryptography.com 16 DES ROUNDS INITIAL PERMUTATION FINAL PERMUTATION EXPANDED VIEW OF ROUNDS 2 & 3

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Smart Card Applications Ticketless travel: Seoul bus system –4M cards, 1B transactions since 1996 Authentication, ID Medical records Ecash Store loyalty programs Personal profiles Government –Licenses Mall parking...

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Hong Kong Smart Cards Octopus –8 million cards, 9000 readers –7 million transactions/day Visacash ComPass Visa (VME) Mondex GSM SIM ePark

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Octopus Transaction time < 300 milliseconds Transaction fees: HK$ % –$10 transaction costs $0.095 (0.95%) Applications –Transit –Telephones –Road tolls –Point-of-sale –Access control Anonymous / personalized How does money get to service providers? –Net settlement system operated by Creative Star

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Octopus System SOURCE: WORLD BANKWORLD BANK

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Smart Card Sales Leaders (2000) VENDOR # OF CARDS SHARE Gemplus185,000,00029% Schlumberger152,000,000 24% Oberthur Smart Cards 85,000,000 14% Giesecke & Devrient 76,000,00012% Orga Card Systems 53,000,000 8% TOTAL628,000,000 SOURCE: CARDWEB.COMCARDWEB.COM

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Mondex Subsidiary of MasterCard Smart-card-based, stored-value card (SVC) NatWest (National Westminister Bank, UK) et al. Secret chip-to-chip transfer protocol Value is not in strings alone; must be on Mondex card Loaded through ATM –ATM does not know transfer protocol; connects with secure device at bank Spending at merchants having a Mondex value transfer terminal

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Mondex Overview SOURCES: OKI, MONDEX USA

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Mondex Security Active and dormant security software –Security methods constantly changing –ITSEC E6 level (military) VTP (Value Transfer Protocol) –Globally unique card numbers –Globally unique transaction numbers –Challenge-response user identification –Digital signatures MULTOS operating system –firewalls on the chip

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Payment Cards Kb Data rate 115 Kb/sec ISO 7816 compliant Visa-certified PIN management and verification 3DES algorithm for authentication, secure messaging Epurse with payment command set (debit, credit, balance, floor limit management) SOURCE: GEMPLUSGEMPLUS EMV = EUROPAY INT’L, MASTERCARD, VISA MPCOS = MULTI PAYMENT CHIP OPERATING SYSTEM

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Contactless Cards Communicates by radio –Power supplied by reader –Data rate 106 Kb/sec –Read 2.5 ms, write 9 ms –8 Kb EEPROM, unlimited read, 100,000 writes –Effective range: 10 cm, signals encrypted –Lifetime: 2 years (data retention 10 years) –Two-way authentication, nonces, secret keys –Anticollision mechanism for multiple cards –Unique card serial number SOURCE: GEMPLUSGEMPLUS

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Wireless Card Authorization SOURCE: SAMSUNGSAMSUNG

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Comparison of Payment Methods PAYMENT TYPE ADVANTAGESDISADVANTAGES CashAnonymous, universal, free Risk of theft/loss, bulky Credit CardAlmost universalHigh transaction cost, fraud/forgery EFTPOSDirect access to cashMust be online, security only moderate Disposable smart card Fast, privateRisk of loss, limited to small amounts Personalized smart card Long useful life, security, like eCash Not anonymous, lack of international standards

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Q A &

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.