Smart Cards and Applications - 2020


Objectives:

Course content:
  • Smart Cards Introduction: history, applications of smart cards, card types, smart card chip, smart card lifecycle phases
  • Communication with Contact Smart Cards: smart card and terminal, Answer to Reset, Protocol Parameter Selection, Application Protocol Data Unit, data objects, transmission of APDUs by T=0
  • Smart Card Files Management: file types, file selection, EF file structures, file access, security attributes, security status, access rules
  • Data unit/record/data object handling
  • Authentication: cardholder authentication, smart card authentication to terminal, terminal authentication to smart card, mutual authentication
  • Secure Messaging: motivation, secure messaging data objects, use of secure messaging
  • Smart Card Operating Systems and Platforms: smart card operating system tasks, operating system completion, Multos, GlobalPlatform, IDPrime .NET Card
  • Java Card: Worldwide Java Card deployment, Java Card architecture, Java Card VM, Java Card API, Java Card Runtime Environment, Java Card Firewall, transaction atomicity, persistent and transient objects
  • Applications of smart cards in Banking/Financial payment systems:
    • Worldwide EMV deployment, EMV payment system model, security for EMV card issuance
    • EMV transaction: offline data authentication - Static Data Authentication (SDA), Dynamic Data Authentication (DDA), Combined DDA (CDA), cardholder verification, terminal risk management, terminal action analysis, card action analysis, online processing and issuer authentication, script processing, completion
    • Smart Card Attacks: card skimming, PIN capturing, tools for active MitM, clone attacks, wedge attacks, eavesdropping/stealing PIN
    • 3-D Secure: 3-D Secure protocol features, global online fraud report, Verified by Visa, 3-D Model, transaction flows: cardholder enrollment and online purchase transaction, Verified by Visa benefits.
  • E-Passports: E-Passports security requirements, E-Passports evolution, data in E-Passports, Machine Readable Zone, Access to the contactless IC (BAC, PACE), E-Passports authentication (Passive Authentication, Active Authentication, Chip Authentication), Extended Access Control
  • Other applications of smart cards: transport, pay-TV systems, etc


Labs content: applications of smart cards in e-commerce; using Java Card Development Kit for developing and testing Java Card applications such as electronic purse, loyalty card, transport card, student card, cardholder verification.


Lecture Notes References
Smart Cards Introduction Wolfgang Rankl and Wolfgang Effing, Smart Card Handbook, Fourth Edition, John Wiley & Sons, 2010, Chapters 1, 2, 4, 5, 14.
Konstantinos Markantonakis, Keith Mayes, Secure Smart Embedded Devices, Platforms and Applications, Springer, 2014, Chapter 1.
Applications of Smart Cards in E-Commerce Zoran Djuric and Dragan Gasevic, FEIPS: A Secure Fair-Exchange Payment System for Internet Transactions, The Computer Journal, 2015.
Communication with Contact Smart Cards Wolfgang Rankl and Wolfgang Effing, Smart Card Handbook, Fourth Edition, John Wiley & Sons, 2010, Chapter 8, 9.
ISO/IEC 7816-3 Identification cards - Integrated circuit cards - Part 3:Cards with contacts - Electrical interface and transmission protocols, Third edition, 2006, Chapters 1-10, 12.
ISO/IEC 7816-4 Identification cards - Integrated circuit cards - Part 4:Organization, security and commands for interchange, Third Edition, 2013, Chapters 1-6.
Smart Card Files Management. Authentication Wolfgang Rankl and Wolfgang Effing, Smart Card Handbook, Fourth Edition, John Wiley & Sons, 2010, Chapters 11, 12.
Smart Card Operating Systems and Platforms Wolfgang Rankl and Wolfgang Effing, Smart Card Handbook, Fourth Edition, John Wiley & Sons, 2010, Chapter 13.
GlobalPlatform Technology Card Specification, Version 2.3.1, 2018.
Java Card Java Card Platform Specification 3.1, 2019.
Secure Messaging ISO/IEC 7816-4 Identification cards - Integrated circuit cards - Part 4:Organization, security and commands for interchange, Third Edition, 2013, Chapter 10.
Smart Cards in Payment Systems. EMV Basics EMV Integrated Circuit Card Specifications for Payment Systems, Version 4.3, 2011.
EMV (I)
EMV (II)
Smart Card Attacks
E-Passports ICAO Doc 9303, Machine Readable Travel Documents, Seventh Edition, 2015.
Smart Cards in E-Commerce. 3-D Secure

Ca urmare a deciziei UAIC de suspendare a activitatilor didactice face to face datorate COVID-19, activitatile didactice le vom desfasura in sistem online dupa urmatoarele reguli.

Labs References
Applications of Smart Cards in E-Commerce Applications of Smart Cards in E-Commerce, Lecture Notes.
Java Card Development Kit 3.1 Installing
Java Card Wallet (I) Java Card, Lecture Notes.
Complete List of APDU Responses.
Java Card Development Kit Tools
Java Card Wallet (II)
Loyalty Card
Transport Card
Student Card APDU I/O
Cardholder Verification APDU I/O