Smart Cards Tim Hogan, Practice Director, Unisys Unisys Technology Forum 2007 18/05/2007 Page 1
Agenda What Defines a Smart Card Types of Smart Cards What benefit do they give A trip to the Tip Privacy Concerns Questions Unisys Technology Forum 2007 18/05/2007 Page 2
What Defines a Smart Card Unisys Technology Forum 2007 18/05/2007 Page 3
What Defines a Smart Card What Defines a Smart Card A smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data Unisys Technology Forum 2007 18/05/2007 Page 4
What Defines a Smart Card But this could be extended. The same chips used in Smart Cards can be placed in other mediums. Example: Key Fob Documents Passports Unisys Technology Forum 2007 18/05/2007 Page 5
Passports New Passports now have a contact less Smart Card chip embedded in them Chip contains the information generally printed in the passport Also contains a digital image of yourself. Standard symbol on outside cover used to show if the passport is chip enabled Unisys Technology Forum 2007 18/05/2007 Page 6
Types of Smart Cards Unisys Technology Forum 2007 18/05/2007 Page 7
Types of Smart Cards Two major types Contact Has an electrical contact that is clearly visible Contact less Utilises RFID (Radio Frequency Identification) to read and write the data on the embedded chip. Usually not clearly visible Unisys Technology Forum 2007 18/05/2007 Page 8
Types of Smart Cards There are more than 30 chips sets used in Cards today Each chip set has completely different properties Examples: ID Only (Contains only a Unique Id) Memory Only Read Only Read and Write Embedded CPU and Memory Java Virtual Machine (Java Card) Unisys Technology Forum 2007 18/05/2007 Page 9
MIFARE and DESFire Card Probably the most widely used contact less Smart Card chip Designed for use as an e Purse Worlds largest installed base: 5 Million MIFARE reader components sold More the 500 million contact less and dual interface ICs sold Primarily used as a Transport Card but has also been adopted to add security to Standard 1K MIFARE contains: Contains a 48 Bit Global Unique ID on each card which cannot be overwridden 48 Bit Key required to read/write ~ 700 Bytes of read/write memory Complies with ISO 14443A standard Mutual 3 pass authentication ISO 9798 2 Can be configured with multiple keys so multiple applications can reside on one card Memory can be written once and configure to be NEVER overwritten DESFire contains triple DES for higher security Unisys Technology Forum 2007 18/05/2007 Page 10
MIFARE Card Where has it been adopted: Entitatde Transport Metropolità (etm) (Spain) Regional Transport office (Madrid) Turku in Finland Czech Railways Several transport operators is Australia MasterCard and VISA have both qualified the MIFARE card for the MasterCard Paypass and VISA MSD applications Unisys Technology Forum 2007 18/05/2007 Page 11
Types of Smart Cards (cont) Near Field Communications (NFC) PN531 chip developed by NXP (sold of by Phillips), enables mobile devices to become either Smart Cards or Smart Card readers Unisys Technology Forum 2007 18/05/2007 Page 12
Types of Smart Cards (cont) Nokia Phones Nokia has combined the NFC chip set with their 6131 and as an add on to their 3220. Ability to turn the mobile phone into either a contact less Smart Card or a contact less Smart Card reader Unisys Technology Forum 2007 18/05/2007 Page 13
Examples today Some common examples today The SIM Card in your phone Sky Decoder Box Unisys Technology Forum 2007 18/05/2007 Page 14
What Benefit to they Give Unisys Technology Forum 2007 18/05/2007 Page 15
What Benefit do they give Higher Security Portable information E Purse Loyalty implied infrastructure Satisfy PKI Faster Transactions Unisys Technology Forum 2007 18/05/2007 Page 16
Some Comparisons Mag Stripe Contact Contact Less Data Storage ~120 Bytes (Tracks 1 and 2) 1K Bytes 256K Bytes 1K Bytes 256K Bytes PKI on Card No Yes Yes Secure Access No Yes Yes Unisys Technology Forum 2007 18/05/2007 Page 17
Faster Transactions Example Mobile Visa Wave Pilot in Malaysia Step 1 Step 2 Step 3 The Visa Wave reader displays your purchase amount. Hold your Visa Wave enabled phone in front of the reader. A yellow light will illuminate while the reader processes your Visa Wave transaction. Remove your phone when the light turns green and the reader beeps. No signature is required. Unisys Technology Forum 2007 18/05/2007 Page 18
A trip to the tip Unisys Technology Forum 2007 18/05/2007 Page 19
A trip to the tip $100 $100 1376kg $100 1376kg Weight 1376kg Weight 1322kg 1376kg 1322kg = 54kg 54kg * $0.10 = $5.40 $100 1376kg $5.40 = $94.60 Unisys Technology Forum 2007 18/05/2007 Page 20
Loyalty scheme without infrastructure Unisys Technology Forum 2007 18/05/2007 Page 21
Loyalty scheme without infrastructure Typical implementation of an electronic loyalty scheme requires backend infrastructure Examples in New Zealand Fly Buys Subway A smart card can be used to store the information with NO backend infrastructure. Data remains on the card Purchase information Points or Miles Unisys Technology Forum 2007 18/05/2007 Page 22
Privacy Concerns Unisys Technology Forum 2007 18/05/2007 Page 23
Privacy Concerns Act MP Heather Roy "Privacy issues have been completely ignored in the scrutiny of this bill. Microchips have the ability to operation as Radio Frequency Identification (RFID) tags which can power up and transmit individuals' private details," Source: Stuff Thursday 10 May 2007 Unisys Technology Forum 2007 18/05/2007 Page 24
Overcome these fears Start with a user voluntary opt in program Be up front and honest about what is held on the card Let people know exactly what the card can and cannot do Clearly show what benefits the card will give the holder Unisys Technology Forum 2007 18/05/2007 Page 25
What is Unisys Doing Unisys Technology Forum 2007 18/05/2007 Page 26
What is Unisys doing? Actively involved in Smart Card solutions world wide Leveraging off our breadth in security Combines combinations of cross industry and technology expertise Security Banking and Finance RFID Supply Chain Watch this space in the coming months Building expertise around Identity Management Unisys Technology Forum 2007 18/05/2007 Page 27
Thank you Questions Please return your feedback forms Unisys Technology Forum 2007 18/05/2007 Page 28