smartcards and authentication tokens
TRANSCRIPT
![Page 1: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/1.jpg)
AUTHENTICATION TOKENS
![Page 2: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/2.jpg)
Authentication tokens are used to prove one's identity electronically .
sometimes a hardware token, security token, USB token, cryptographic token, software token, virtual token etc.
![Page 3: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/3.jpg)
• The token use a password to prove that the customer is who they claim to be.
• The token acts like an electronic key to access something.
• Some may store cryptographic keys,1. digital signature2. biometric data3. fingerprint minutiaer.
![Page 4: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/4.jpg)
Time-synchronized one-time passwords
Time-synchronized one-time passwords change constantly at a set time interval, e.g. once per minute. To do this some sort of synchronization must exist between the client's token and the authentication server.
Mathematical-algorithm-based one-time passwords
Another type of one-time password uses a complex mathematical algorithm, such as a hash chain, to generate a series of one-time passwords from a secret shared key. Each password is unguessable, even when previous passwords are known.
![Page 5: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/5.jpg)
Connected tokens
•Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating. •Tokens in this category automatically transmit the authentication information to the client computer once a physical connection is made, eliminating the need for the user to manually enter the authentication information
• To use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens, which require a smart card reader and a USB port
![Page 6: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/6.jpg)
• The number must be copied into the PASSCODE field by hand.
• Disconnected tokens have neither a physical nor logical connection to the client computer.
• They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually themselves via a keyboard or keypad.
DISCONNECTED TOKENS
![Page 7: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/7.jpg)
SMART CARDSFUTURE LIFE………
![Page 8: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/8.jpg)
MAGNETIC STRIPE CARDSStandard technology for bank cards, driver’s licenses, library cards, and so on……
![Page 9: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/9.jpg)
OPTICAL CARDSUses a laser to read and write the card Photo IDFingerprint
![Page 10: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/10.jpg)
MEMORY CARDS• Can store:
Financial InfoPersonal InfoSpecialized Info
• Cannot process Info
ITECH 7215 Information Security
![Page 11: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/11.jpg)
MICROPROCESSOR CARDS/SMART CARD
• Store information• Carry out local processing• Perform Complex Calculations
![Page 12: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/12.jpg)
WHAT IS A SMART CARD?
A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data.
![Page 13: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/13.jpg)
The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits.
![Page 14: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/14.jpg)
CONTACT SMART CARDS
Requires insertion into a smart card reader with a direct connection
This physical contact allows for transmission of commands, data, and card status to take place
![Page 15: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/15.jpg)
![Page 16: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/16.jpg)
CARD ELEMENTSMagnetic Stripe
Chip
Embossing (Card Number / Name / Validity,etc.)
Logo
Hologram
![Page 17: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/17.jpg)
ELECTRICAL SIGNALS DESCRIPTION
: Clocking or timing signal (optional use by the
card).
GND : Ground (reference voltage).
VPP : Programming voltage input (deprecated /
optional use by the card).
I/O : Input or Output for serial data to the integrated
circuit inside the card.
VCC : Power supply input
: reset signal supplied from the interface deviceRST
CLK
![Page 18: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/18.jpg)
WORKING STRUCTURE
• Central Processing Unit: Heart of the Chip• All the processing of data preforms in here.
CPU
![Page 19: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/19.jpg)
WORKING STRUCTURE• security logic: detecting abnormal
conditionse.g. low voltage
CPU
security
logic
![Page 20: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/20.jpg)
WORKING STRUCTURE• serial i/o interface: contact to the
outside world
CPU
security
logicserial
i/ointerfac
e
![Page 21: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/21.jpg)
WORKING STRUCTURE• test logic: self-test procedures
CPU
security logic
serial i/ointerface
test logic
![Page 22: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/22.jpg)
WORKING STRUCTUREROM:•self-test procedures•typically 16 bytes•future 32/64 bytes
CPU
security logic
serial i/ointerface
test logicROM
![Page 23: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/23.jpg)
WORKING STRUCTURE
RAM:•‘Buffer memory’ of the processor•typically 512 bytes•future 1 byte
CPU
security
logicserial i/ointerface
test logic
ROM
RAM
![Page 24: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/24.jpg)
WORKING STRUCTUREEEPROM:•cryptographic keys•PIN code•biometric template•typically 8 bytes•future 32 bytes
CPU
security logic
serial i/ointerface
test logicROMRAM
EEPROM
![Page 25: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/25.jpg)
WORKING STRUCTURE
Databus:•connection between elements of the chip•8 or 16 bits wide
CPU
security logic
serial i/ointerface
test logic
ROM
RAMEEPRO
M
Databus
![Page 26: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/26.jpg)
SMART CARD READERS
Computer based readersConnect through USB or COM (Serial) ports
Dedicated terminalsUsually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
![Page 27: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/27.jpg)
WHY SMART CARDS?
Security: Data and codes on the card are encrypted by the chip maker.
Trust: Minimal human interaction.
Portability.
Less Paper work: Eco-Friendly
![Page 28: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/28.jpg)
WHY USE SMART CARDS?
Can store currently up to 7000 times more data than a magnetic stripe card.
Information that is stored on the card can be updated. Magnetic stripe cards are vulnerable to many types of
frauds A single card can be used for multiple applications (cash,
identification, building access, etc.) Smart cards provide a 3-fold approach to authentic
identification:• Pin (password)• Cryptographic verification• Biometrics
![Page 29: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/29.jpg)
PASSWORD VERIFICATION
Terminal asks the user to provide a password. Password is sent to Card for verification. permit user authentication.
![Page 30: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/30.jpg)
CRYPTOGRAPHIC VERIFICATION
Terminal verify card (INTERNAL AUTH) Terminal sends a random number to card to be
hashed or encrypted using a key. Card provides the hash or cyphertext.
Terminal can know that the card is authentic. Card needs to verify (EXTERNAL AUTH) Primarily for the “Entity Authentication”
![Page 31: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/31.jpg)
BIOMETRIC TECHNIQUES
Finger print identification. Features of finger prints can be kept on the card (even verified
on the card) Photograph/IRIS pattern etc.
Such information is to be verified by a person. The information can be stored in the card securely
![Page 32: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/32.jpg)
SMART CARD APPLICATIONS
Government programs Banking & Finance Mobile Communication Pay Phone Cards Transportation Electronic Tolls Passports Electronic Cash Retailer Loyalty Programs Information security
![Page 33: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/33.jpg)
STUDENT ID CARD
A student ID card, containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
![Page 34: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/34.jpg)
ADVANTAGES
Proven to be more reliable than the OTHER cards. Can store up to thousands of times of the information than the magnetic
stripe card. Reduces tampering through high security mechanisms. Can be disposable or reusable. Performs multiple functions. Has wide range of applications (e.g., banking, transportation, healthcare...) Compatible with portable electronics (e.g., PCs, telephones...)
![Page 35: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/35.jpg)
DISADVANTAGES.
In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
![Page 36: Smartcards and Authentication Tokens](https://reader035.vdocuments.site/reader035/viewer/2022062401/587b24c11a28ab736c8b7547/html5/thumbnails/36.jpg)
THANK YOU