Cambridge Catalogue  
  • Help
Home > Catalogue > Multi-application Smart Cards
Multi-application Smart Cards
Google Book Search

Search this book

Details

  • 67 b/w illus.
  • Page extent: 266 pages
  • Size: 247 x 174 mm
  • Weight: 0.69 kg

Hardback

 (ISBN-13: 9780521873840)

Multi-application Smart Cards

Cambridge University Press
9780521873840 - Multi-application Smart Cards - Technology and Applications - by Mike Hendry
Frontmatter/Prelims


Multi-application Smart Cards

Technology and Applications

Multi-application smart cards have yet to realise their enormous potential, partly because few people understand the technology, market and behavioural issues involved. Here, Mike Hendry sets out to fill this gap with a comprehensive guide to the technology, business and implementation aspects of this pivotal technology.

Following a review of the state of the art in smart card technology, the book describes the business requirements of each smart-card-using sector, and the applications and support systems required to sustain multiple applications. Implementation aspects, including security, are treated in detail and numerous international case studies cover identity, telecoms, banking and transportation applications. Lessons are drawn from these projects to help deliver more successful applications in the future.

Invaluable for users and those responsible for specifying, evaluating and integrating multi-application systems, this book will also be useful to terminal, card and system designers, network, IT and security managers and software specialists.

Mike Hendry is a freelance consultant and industry expert on cards and payment systems. He has many years of international experience in industry, was the Technical and Operations Director of the UK Chip and PIN Programme, and is also the author of several books.


Multi-application Smart Cards

Technology and Applications

Mike Hendry


CAMBRIDGE UNIVERSITY PRESS
Cambridge, New York, Melbourne, Madrid, Cape Town, Singapore, São Paulo

Cambridge University Press
The Edinburgh Building, Cambridge CB2 8RU, UK

Published in the United States of America by Cambridge University Press, New York

www.cambridge.org
Information on this title: www.cambridge.org/9780521873840

© Cambridge University Press 2007

This publication is in copyright. Subject to statutory exception
and to the provisions of relevant collective licensing agreements,
no reproduction of any part may take place without
the written permission of Cambridge University Press.

First published 2007

Printed in the United Kingdom at the University Press, Cambridge

A catalogue record for this publication is available from the British Library

ISBN 978-0-521-87384-0 hardback

Cambridge University Press has no responsibility for the persistence or
accuracy of URLs for external or third-party internet websites referred to
in this publication, and does not guarantee that any content on such
websites is, or will remain, accurate or appropriate.


Contents

Foreword by Kevin Gillickpage xv
Acknowledgementsxvii
Part IIntroduction1
1Background3
1.1Smart cards in daily life3
1.2Card functions4
1.2.1From identification…4
1.2.2…to authentication4
1.2.3Data storage5
1.3Advanced applications6
1.3.1Cryptography6
1.3.2Database access and linking6
1.3.3Biometrics6
1.3.4Multiple applications7
1.3.5The universal helper7
1.4The smart-card business7
1.5Structure of this book9
2When is a card multi-application?11
2.1Single-function cards11
2.2Multi-function cards11
2.2.1Card-based functions (wired-logic cards)12
2.2.2Server-based functions12
2.2.3Multiple datasets12
2.3Multiple applications13
2.3.1Distinct and co-operative applications13
2.3.2Application selection13
2.3.3Application ownership13
2.4Operating systems14
2.4.1Application protection14
2.4.2Memory management14
2.4.3Application downloading and updating14
2.4.4Interpreter languages15
2.4.5‘Open’ features15
2.5Multiple organisations15
2.6Conclusion16
3Smart-card basics17
3.1What is a smart card?17
3.1.1Common features17
3.1.2Memory and wired-logic cards17
3.1.3Microprocessor cards18
3.1.4Memory types and sizes19
3.2Interfaces19
3.2.1Contact cards20
3.2.2Contactless cards21
3.2.3Dual interface21
3.2.4Dual-chip cards22
3.3Readers and terminals22
3.3.1Components23
3.3.2Contact sets and card transport23
3.3.3Terminals24
3.4Standards24
3.4.1Physical and magnetic stripe24
3.4.2Smart cards25
3.4.3Application standards25
3.4.4Testing standards26
3.5Smart-card manufacture and supply26
3.6References28
Part IITechnology29
4Biometrics31
4.1Identification requirements31
4.1.1Passwords, tokens and biometrics31
4.1.2Performance32
4.1.3Interoperability33
4.1.4Procedures34
4.2Biometric technologies34
4.3Biometrics in cards36
4.3.1On-card data capture37
4.4References28
5Security and cryptography39
5.1Cryptography39
5.1.1Algorithms39
5.1.2Key management41
5.2Security services41
5.2.1Confidentiality41
5.2.2Integrity42
5.2.3Authentication43
5.2.4Non-repudiation43
5.2.5Availability44
5.3Smart-card attacks44
5.3.1Trojan horses44
5.3.2Counterfeiting45
5.3.3Microprobing and electron microscopy45
5.3.4Environmental attacks45
5.3.5Differential power analysis45
5.3.6Yes-cards46
5.3.7Message interception46
5.3.8Preventing attacks46
5.4Security standards46
5.4.1Cards47
5.4.2Terminals and systems48
5.4.3Operations and management48
5.5Requirements definition48
5.6References49
6Card technology50
6.1Microcontrollers50
6.1.1Architecture50
6.1.2Feature size50
6.1.3Memory types and sizes51
6.2Cards52
6.2.1Materials52
6.2.2Construction52
6.2.3Form factors54
6.3Interfaces56
6.3.1USB56
6.3.2Contactless cards56
6.3.3Dual-interface cards57
6.3.4Legacy contactless card emulation57
6.4References58
7Readers and terminals59
7.1Reader type59
7.1.1Antennae for contactless readers59
7.2Terminals61
7.2.1Point of sale61
7.2.2Vending62
7.2.3Kiosks63
7.2.4PC-connected readers63
7.2.5Access control64
7.2.6Personal smart-card readers64
7.3Terminal management65
7.4Reference68
8Application selection: the ISO 7816 family69
8.1Scope and functions69
8.2Card initialisation69
8.2.1Power up and reset69
8.2.2Content of ATR70
8.2.3Protocol negotiation71
8.2.4Commands72
8.2.5File selection72
8.2.6Further application selection requirements73
8.3Native operating systems74
9JavaCard and GlobalPlatform76
9.1History76
9.2JavaCard77
9.2.1Scope and components77
9.2.2Applets78
9.2.3JavaCard Virtual Machine78
9.2.4JavaCard runtime environment78
9.2.5Security model79
9.3GlobalPlatform80
9.3.1GlobalPlatform architecture80
9.3.2Card Manager81
9.3.3GlobalPlatform API83
9.3.4Security domains84
9.3.5Card life-cycle management84
9.3.6GlobalPlatform device specification85
9.3.7GlobalPlatform system specification87
9.4JavaCard-based products87
9.5Status and implementations88
9.6References89
10Multos90
10.1History90
10.2Scope and functions91
10.2.1Multos executable language91
10.2.2Virtual machine92
10.2.3Application load and deletion93
10.2.4Multos step/one cards94
10.3Security94
10.3.1Common Criteria evaluation94
10.3.2Program and memory management95
10.3.3Runtime bytecode checking95
10.3.4Shell mode96
10.3.5Delegation96
10.4Status and implementations96
10.5Reference97
11Other operating systems98
11.1IBM MFC98
11.2Advantis98
11.3SECCOS99
11.4.NET100
11.5Special developments101
11.6Comparing operating systems with multi-application features102
11.7References103
12Card management systems104
12.1Legacy card management functions104
12.2Additional functions for smart-card management104
12.2.1Basic smart-card issuing105
12.2.2Links to real-time databases105
12.2.3Scripts and parameter updates106
12.2.4Customer-relationship management and the ‘segment of one’107
12.2.5Multiple application issuers107
12.2.6Post-issuance application downloads108
12.2.7Life-cycle management109
12.3Deploying a smart-card management system109
12.4Functions of a smart-card management system111
Case study A – King Fahd University of Petroleum and Minerals112
Case study B – LG Card115
12.5References116
Part IIIBusiness requirements117
13Common business requirements119
13.1Card issuing119
13.1.1Differentiation119
13.1.2Issuer control120
13.1.3Interoperability120
13.2Card and card-holder management121
13.3Application development121
13.3.1Speed and cost121
13.3.2Future-proofing122
13.3.3Platform independence122
13.4Application and memory management122
13.5Terminal management123
13.6Operations124
13.6.1Customer perspective124
13.6.2Retailer/acceptor perspective125
13.6.3Back-end systems125
13.6.4Exception handling125
13.6.5Cost and revenue management126
13.7Security126
13.8Trust and liability issues126
13.9Special needs127
13.10Reference128
14Telecommunications129
14.1Telephone cards129
14.1.1Other payment cards used in public telephones130
14.2Mobile telephony130
14.2.1Subscriber identity modules (SIMs)130
14.2.2SIM toolkit132
14.2.33G133
14.2.4Application and parameter updating133
14.2.5Near Field Communication134
14.2.6Average revenue per user – the drive to add value135
14.2.7Network–manufacturer relationships136
14.3Mobile payment136
Case study C – SK Telecom’s Moneta service137
14.4Satellite and cable television139
Case study D – SkyCard140
14.5Internet services143
14.6The future of multi-application cards in telecommunications143
14.7References143
15Banking144
15.1Types of card144
15.1.1Credit, debit and charge cards144
15.1.2ATM cards145
15.1.3Electronic purses and pre-authorised debit146
15.1.4Prepaid and gift cards147
15.1.5Customer cards147
15.1.6Commercial cards148

© Cambridge University Press


printer iconPrinter friendly version AddThis