A Smart card based e-driving licence

1
A Smart card based e-driving licence ID card
By Mr Muhammad Wasim Raad
Computer Eng. Dept, KFUPM

• What is a Smart card?
• A smart card is the size of a conventional credit
  card, with an electronic microchip embedded in
  it.
• The chip stores electronic data and programs that
  are protected by advanced security features

2
(No Transcript)
3
(No Transcript)
4
(No Transcript)
5
(No Transcript)
6
(No Transcript)
7
Inside a Smart Card

• Based on ISO 7816 standards
• -Define Card Size, Contact and internal code
  used
• Non volatile memory EEPROM
• IN/Out 9600 bits/second

8
Smart Card classification

• Memory only Card( Contact or Contactless)
• Contact CPU Card
• Contactless CPU Card

9
Smart Cards Standards

• ISO 7816 defines the physical dimensions of smart
  cards and their electric characteristics
• ISO 7816 establishes commands to read, write and
  update records
• ISO 7816 specifies transmission protocols

10
Why are smart cards important?

• To reduce fraud in finance and payments up to
  0.2 of turnover in major credit and debit card
  systems around world-nearly 1 billion a year-is
  fraudulent
• Many smart cards are used in sensitive areas such
  as personal identification and health
• If security is compromised, the resulting
  publicity could affect public confidence

11
Why are smart cards secure?

• Smart cards protect information stored on them
  from damage or theft by using strong encryption
  techniques
• Algorithms such as RSA, DES, or triple DES can be
  used with very long keys up to 1024 bits
• Hence they are much more secure than magnetic
  strip cards which can be copied easily

12
Smart Cards Advantages

• Can store and protect data
• Good security against tampering and hacking
• Provides read and write capabilities
• Has greater storage capacity( compared with
  magnetic strip cards)
• Easy to carry around(like cash, but more
  secure and versatile)

13

• Faster
• More reliable than magnetic cards
• Multi functional

14
Applications of Smart Card

• ID Card. e.g. citizen ID cards, drivers license,
  voter registration card, campus card, digital
  certificate
• Bank Card. e.g. Secureremote banking
  access,electronic signature andverification

15

• Credit or Debit Card. e.g. Stored value card,
  electronic money such as Mondex, Visa Cash,
  Proton
• Travel Card. e.g. Airline boarding pass, mass
  transportation system ticket, tunnel access
  monitoring system, highway bridge toll
  collection

16
Driving License
License Expire Date is updated.
17
Identity Card
ID Card. e.g. Citizen ID cards, voter
registration card
18
The Corporate ID Card

• Control employee access to a physical building
• Guards inspect credentials (picture)
• Electronic lock access (variety of technologies)
• Parking area access
• Identify employees within an office

19

• Distinguish employees from visitors
• Determine authorization to enter restricted areas

20
Other Types of Corporate Access

• Computer networks
• E-mail system
• Web sites
• Computer access
• Business applications
• VPN

21
Emerging Corporate Access Applications

• Employee benefits enrollment
• On-line purchasing
• Secure e-mail
• Electronic expense reporting/reimbursement
• Electronic payroll submissions
• Access to sensitive electronic documents
• Electronic submission of legal and regulatory
  reports

22
ID Card Characteristics

• Printed photo
• Name
• Company name and location
• Magnetic stripe (physical access)
• Proximity chip/antenna (physical access)
• Bar code (physical access)

All designed to identify people
23
Access Control Convergence

• Employees need access to multiple physical and
  electronic corporate resources
• Identity and authorization is generally
  determined by HR and Corporate Security based on
  employees role/job
• Smart card technology enables the convergence of
  physical and logical access control in the same
  device
• Combines employee identification requirements
• Leverages existing infrastructure to issue badges
• Requires coordination between corporate security
  and IT
• Simplify employee experience

24
Is all Access Authorization the Same?

• Verification of identity and authorization at
  entry
• Physical building access
• Airport gate access
• Computer access
• Network access
• Verification of identity and authorization of an
  event at any time in the future
• Contract signature
• Medical record entry
• Tax submission
• Employee benefits enrollment

25
Trends

• More business conducted electronically on-line
• Business-to-business internet commerce will grow
  from 145 billion in 1999 to 5.9 trillion by the
  year 2004 (Gartner Group)
• Business critical systems are increasingly
  exposed to electronic threats
• Identity of individuals is essential for growth
  of B2B e-commerce
• Shift from keep the bad guys out to Identify
  and Authorize
• Cryptography with strong key protection offers
  the only viable technology approach
• Public Key Technology is the leading means for
  securing E-commerce (First Analysis)
• IDC reports that PKI is expected to become the
  standard way to perform authentication on the
  Internet

26
SmartStock

• Service provider allows subscribed customers
  (i.e. investors) to download analyzers onto their
  card..
• Customers can use the analyzers, but they cannot
  make copies of them or find out implementation
  details.
• Confidential customer-specific data are also
  stored on card.

Analyzers on card
Stock quotes
Recommendation (sell/buy)
27
(No Transcript)
28
How smart is a smart card?

• Some smart cards are smarter than others
• Simplest cards like payphone cards, vending
  machine cards ( containing only memory simple
  protection logic) offer no protection if stolen
• The smarter smart cards ( CPU cards) might have
  several passwords restricting use for only one
  person ( card holder)

29

• For added security ( especially in financial
  applications and in access control)
• Authentication encryption techniques are widely
  used to verify true identity of the card holder
• Some smart cards used in sensitive areas where
  security cannot be compromised ,use security
  processors embedded in the card like
  cryptoprocessors with RSA or DES on it

30
(No Transcript)
31
Mondex

• Smart-card-based, stored-value card (SVC)
• Subsidiary of MasterCard
• NatWest (National Westminister Bank, UK) et al.
• Secret chip-to-chip transfer protocol
• Value is not in strings alone must be on Mondex
  card
• Loaded through ATM
• ATM does not know transfer protocol connects
  with secure device at bank
• Spending at merchants having a Mondex value
  transfer terminal

32
(No Transcript)
33
(No Transcript)
34
Smart Card Readers

• Serial USB or
• RS232
• PCMCIA
• Keyboard Readers
• Contactless Readers

35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
(No Transcript)
40
Can Smart Cards Support Multi-Applications?

• Capability to download independent Applets,
  securely Isolated(Java Card)
• Example A card may contain Individuals drivers
  license, multiple credit card bank accounts,
  stored value for company cafeteria, health
  records
• A police officers card reader can read drivers
  license info, but not bank account

41
WORLD WIDE MARKET PROSPECTS OF THE STORED-VALUE
CARD
1,950 Billion dollars
International Potential Market
42
Regional Breakdown of Finantial Smart
Cards,1999-2004
43
Project Objectives

• Driving License system
• Easy to Use
• Highly Secure
• Smart Card

44
Project Features

• User-Friendly
• View license info
• Check license status
• Renew license
• Pay for traffic tickets
• Pay for highway tax
• General purpose E-payment card

45
Additional Application

• Car Access ignition system using S.C
• Corporate ID

46
System Design
Client 1
S.C Reader
Server
Client 2
DB
Client n
47
M.O.S.T Card Features

• 16 KB of EEPROM (user info).
• 256 Bytes RAM.
• 8-bit micro-controller.
• Support DES 3 DES encryption algorithms SHA 1
  authentication.
• Mutual Authentication.
• Multi-level privileges.

48
Features benefits

• Securitymultiple levels of security to prevent
  unauthorized access
• Standard complies with imternational
  standards
• Paperless no need for carrying papers and
  hastle of time consuming renewal procedures

49

• The card used supports multiapplications on a
  single card
• Multiple reader types Serial,Kiosk,PCMCIA,Keyboar
  d wedge and magstripe.
• Possible to manage data integrity by creating
  host PINS

50
Case studies

• South KoreaA national citizen card introduced
  is used as a driving licence, identity card,
  pention card and medical insurance card
• Malysian government multipurpose card
• 6 applications national identification,national
  driving licence,passport details, health
  info,ecash, and PKI
• Hong KongIdentification cards

51
Potential commercial value of project

• Can be used as a multiapplication cardDriving
  licence, corporate ID, and epayment card.
• Possiblity to integrate the reader with the car
  ignition system to control access to valid
  driving licences
• Issueing card to car rental customersgiving
  multi level services based on amount paid

52
NRE cost

• Smart tools cost( including readersoftware)400
• PCaccessories1000
• Personalization embossing printer4000
• Total5400
• Additional requirementsVisual Studio,A lab for
  developping applications

53

• RACAl Security and payments has introduced the
  DATACryptor 2000 a public key managed, triple des
  link encryptor to protect valuable network data.
  
• It uses triple DES ( 168 bits) it transmits
  encrypted data at speeds of up to 512 K bits/sec

54

• In China each of 2.4 million drivers is a
  smart card holder issued by largest
  commercial Bank (ICBC) public transportation
• The card is a multiapplication card including
  bank application, traffic fining,petrol
  refueling, loyalty.

55

• The National Bank of Kuwait (NBK) has launched
  the worlds first Visa internet-only payment
  card program in Kuwait city
• Features of NBK card include preset
  spending limits, automatic insurance from
  NBK for all purchases using the card
• .

56
The Future

• Market researcher Dataquest forecasts that by
  year 2001, 3.4 billion smart cards will be used
  world-wide Multi application card
• Main future areas are in biometrics using retina
  scan
• National identity cards all citizens by law will
  be required to carry identity smart cards
• RF contactless cards are expected to be widely
  used

57

• 3,85 billion smart cards expected in 2002
• Microprocessor smart cards ranging between 21
  billion-35 billion by 2010
• Number of microprocessor smart cards to increase
  at rate of 55 per year
• 25 billion ecash transactions by 2005, 30 of
  these are using smart cards

58
Smart Card Cost
59
Conclusion

• There is a great potential for using this product
  in market
• The multiapplication is the key issue
• The problem of managing the security key without
  refering to company has to be resolved
• Integrating the smart card with the automotive
  controller opens a promising avenue

60
Thank You

• Email mwraad_at_ccse.kfupm.edu.sa