Cambridge Catalogue  
  • Help
Home > Catalogue > Multi-application Smart Cards
Multi-application Smart Cards
Google Book Search

Search this book

Details

  • 67 b/w illus.
  • Page extent: 266 pages
  • Size: 247 x 174 mm
  • Weight: 0.69 kg

Hardback

 (ISBN-13: 9780521873840)

Multi-application Smart Cards

Cambridge University Press
9780521873840 - Multi-application Smart Cards - Technology and Applications - by Mike Hendry
Table of Contents


Contents

Foreword by Kevin Gillickpage xv
Acknowledgementsxvii
Part IIntroduction1
1Background3
1.1Smart cards in daily life3
1.2Card functions4
1.2.1From identification…4
1.2.2…to authentication4
1.2.3Data storage5
1.3Advanced applications6
1.3.1Cryptography6
1.3.2Database access and linking6
1.3.3Biometrics6
1.3.4Multiple applications7
1.3.5The universal helper7
1.4The smart-card business7
1.5Structure of this book9
2When is a card multi-application?11
2.1Single-function cards11
2.2Multi-function cards11
2.2.1Card-based functions (wired-logic cards)12
2.2.2Server-based functions12
2.2.3Multiple datasets12
2.3Multiple applications13
2.3.1Distinct and co-operative applications13
2.3.2Application selection13
2.3.3Application ownership13
2.4Operating systems14
2.4.1Application protection14
2.4.2Memory management14
2.4.3Application downloading and updating14
2.4.4Interpreter languages15
2.4.5‘Open’ features15
2.5Multiple organisations15
2.6Conclusion16
3Smart-card basics17
3.1What is a smart card?17
3.1.1Common features17
3.1.2Memory and wired-logic cards17
3.1.3Microprocessor cards18
3.1.4Memory types and sizes19
3.2Interfaces19
3.2.1Contact cards20
3.2.2Contactless cards21
3.2.3Dual interface21
3.2.4Dual-chip cards22
3.3Readers and terminals22
3.3.1Components23
3.3.2Contact sets and card transport23
3.3.3Terminals24
3.4Standards24
3.4.1Physical and magnetic stripe24
3.4.2Smart cards25
3.4.3Application standards25
3.4.4Testing standards26
3.5Smart-card manufacture and supply26
3.6References28
Part IITechnology29
4Biometrics31
4.1Identification requirements31
4.1.1Passwords, tokens and biometrics31
4.1.2Performance32
4.1.3Interoperability33
4.1.4Procedures34
4.2Biometric technologies34
4.3Biometrics in cards36
4.3.1On-card data capture37
4.4References28
5Security and cryptography39
5.1Cryptography39
5.1.1Algorithms39
5.1.2Key management41
5.2Security services41
5.2.1Confidentiality41
5.2.2Integrity42
5.2.3Authentication43
5.2.4Non-repudiation43
5.2.5Availability44
5.3Smart-card attacks44
5.3.1Trojan horses44
5.3.2Counterfeiting45
5.3.3Microprobing and electron microscopy45
5.3.4Environmental attacks45
5.3.5Differential power analysis45
5.3.6Yes-cards46
5.3.7Message interception46
5.3.8Preventing attacks46
5.4Security standards46
5.4.1Cards47
5.4.2Terminals and systems48
5.4.3Operations and management48
5.5Requirements definition48
5.6References49
6Card technology50
6.1Microcontrollers50
6.1.1Architecture50
6.1.2Feature size50
6.1.3Memory types and sizes51
6.2Cards52
6.2.1Materials52
6.2.2Construction52
6.2.3Form factors54
6.3Interfaces56
6.3.1USB56
6.3.2Contactless cards56
6.3.3Dual-interface cards57
6.3.4Legacy contactless card emulation57
6.4References58
7Readers and terminals59
7.1Reader type59
7.1.1Antennae for contactless readers59
7.2Terminals61
7.2.1Point of sale61
7.2.2Vending62
7.2.3Kiosks63
7.2.4PC-connected readers63
7.2.5Access control64
7.2.6Personal smart-card readers64
7.3Terminal management65
7.4Reference68
8Application selection: the ISO 7816 family69
8.1Scope and functions69
8.2Card initialisation69
8.2.1Power up and reset69
8.2.2Content of ATR70
8.2.3Protocol negotiation71
8.2.4Commands72
8.2.5File selection72
8.2.6Further application selection requirements73
8.3Native operating systems74
9JavaCard and GlobalPlatform76
9.1History76
9.2JavaCard77
9.2.1Scope and components77
9.2.2Applets78
9.2.3JavaCard Virtual Machine78
9.2.4JavaCard runtime environment78
9.2.5Security model79
9.3GlobalPlatform80
9.3.1GlobalPlatform architecture80
9.3.2Card Manager81
9.3.3GlobalPlatform API83
9.3.4Security domains84
9.3.5Card life-cycle management84
9.3.6GlobalPlatform device specification85
9.3.7GlobalPlatform system specification87
9.4JavaCard-based products87
9.5Status and implementations88
9.6References89
10Multos90
10.1History90
10.2Scope and functions91
10.2.1Multos executable language91
10.2.2Virtual machine92
10.2.3Application load and deletion93
10.2.4Multos step/one cards94
10.3Security94
10.3.1Common Criteria evaluation94
10.3.2Program and memory management95
10.3.3Runtime bytecode checking95
10.3.4Shell mode96
10.3.5Delegation96
10.4Status and implementations96
10.5Reference97
11Other operating systems98
11.1IBM MFC98
11.2Advantis98
11.3SECCOS99
11.4.NET100
11.5Special developments101
11.6Comparing operating systems with multi-application features102
11.7References103
12Card management systems104
12.1Legacy card management functions104
12.2Additional functions for smart-card management104
12.2.1Basic smart-card issuing105
12.2.2Links to real-time databases105
12.2.3Scripts and parameter updates106
12.2.4Customer-relationship management and the ‘segment of one’107
12.2.5Multiple application issuers107
12.2.6Post-issuance application downloads108
12.2.7Life-cycle management109
12.3Deploying a smart-card management system109
12.4Functions of a smart-card management system111
Case study A – King Fahd University of Petroleum and Minerals112
Case study B – LG Card115
12.5References116
Part IIIBusiness requirements117
13Common business requirements119
13.1Card issuing119
13.1.1Differentiation119
13.1.2Issuer control120
13.1.3Interoperability120
13.2Card and card-holder management121
13.3Application development121
13.3.1Speed and cost121
13.3.2Future-proofing122
13.3.3Platform independence122
13.4Application and memory management122
13.5Terminal management123
13.6Operations124
13.6.1Customer perspective124
13.6.2Retailer/acceptor perspective125
13.6.3Back-end systems125
13.6.4Exception handling125
13.6.5Cost and revenue management126
13.7Security126
13.8Trust and liability issues126
13.9Special needs127
13.10Reference128
14Telecommunications129
14.1Telephone cards129
14.1.1Other payment cards used in public telephones130
14.2Mobile telephony130
14.2.1Subscriber identity modules (SIMs)130
14.2.2SIM toolkit132
14.2.33G133
14.2.4Application and parameter updating133
14.2.5Near Field Communication134
14.2.6Average revenue per user – the drive to add value135
14.2.7Network–manufacturer relationships136
14.3Mobile payment136
Case study C – SK Telecom’s Moneta service137
14.4Satellite and cable television139
Case study D – SkyCard140
14.5Internet services143
14.6The future of multi-application cards in telecommunications143
14.7References143
15Banking144
15.1Types of card144
15.1.1Credit, debit and charge cards144
15.1.2ATM cards145
15.1.3Electronic purses and pre-authorised debit146
15.1.4Prepaid and gift cards147
15.1.5Customer cards147
15.1.6Commercial cards148
15.2Micropayments and cash displacement148
15.3Threats and attacks148
15.4Standards149
15.4.1EMV149
Case study E – EMV deployment in Europe150
15.4.2Contactless cards153
15.4.3Electronic purses154
15.4.4Token authentication154
15.4.5Others155
15.5E-payment and m-payment155
15.6Loyalty156
Case study F – Mashreqbank WOW! card157
Case study G – United Bank Limited160
15.7Co-branding161
15.8The future of multi-application cards in banking162
15.9Reference162
16Transportation163
16.1Existing public-transport card schemes163
16.1.1Revenue management163
16.1.2Speed and convenience164
16.1.3Operating costs164
16.1.4Interoperability164
Case study H – Lisboa Viva and 7 Colinas166
16.2Non-transit usage168
Case study I – Kaohsiung City Government ‘TaiwanMoney’ card169
Case study J – EZ-Link/QB171
16.3Inter-modal use172
16.3.1Trains173
16.3.2Taxis173
16.3.3Road tolling173
16.3.4Parking175
16.3.5Air travel176
16.4Card and system requirements177
16.4.1Standards177
16.4.2Security178
16.4.3Dual-interface cards178
16.4.4Operational aspects179
16.4.5Upgrading systems179
16.5The future of multi-application cards in transportation180
16.6References180
17Government and citizens’ cards181
17.1Databases and cards181
17.2Electronic passports181
17.3Identity cards183
Case study K – The Sultanate of Oman – national ID programme184
17.4‘Cartes ville’185
17.5Health cards186
17.6Student cards189
17.7Additional functions on government cards190
17.7.1Proof of age190
17.7.2Driving licences190
17.7.3Access to government services190
Case study L – A UK local authority citizens’ card scheme191
17.7.4E-commerce authentication194
17.7.5Payment195
Case study M – Malaysian Government multipurpose smart card (MyKad)195
17.7.6Record of qualifications198
17.8Data protection and privacy issues198
17.9The future for multi-application government and citizens’ cards199
17.10References199
18Campus cards and closed user groups201
18.1Identification201
18.2Physical access control202
18.3PC and systems access202
Case study N – Shibboleth203
18.4Authorisation and signing204
18.5Cashless payment205
Case study O – Gwernyfed High School205
18.6Operational requirements207
18.6.1Card issuance and card management207
18.6.2Biometric enrolment207
18.6.3Registration, certification and verification207
18.6.4Terminal management208
18.6.5Transaction processing209
18.7Card requirements209
18.8The future of multi-application campus cards209
Part IVImplementation211
19Organisation and structure213
19.1Corporate culture213
19.2Identifying stakeholders214
19.3Trust hierarchies214
19.4Liability215
19.5Commercial requirements216
19.5.1Co-branding216
19.5.2Rôles of partners216
19.5.3Understanding each other’s business216
19.6Card-holder ‘domains of use’217
20Implementation219
20.1Defining the project scope and road-map219
20.2Business case and risk analysis220
20.3Choosing partners220
20.4Identifying and managing stakeholders221
20.5Project organisation221
20.6Timescales221
20.7Standards and specifications222
20.8Procurement222
20.9Operational process design223
20.10Managing risks, problem and learning223
Case study P – UK Chip and PIN programme223
20.11Testing226
20.12Going live226
20.13Communication226
21Prognosis228
21.1Technology228
21.1.1Microcontrollers228
21.1.2Cards229
21.1.3Terminals229
21.1.4Card and terminal management systems230
21.1.5Security230
21.1.6Standards230
21.2Applications230
21.2.1Key sectors231
21.2.2Inter-sector and intra-sector cards232
21.3Towards a more customer-focused view233
Appendix A – Glossary235
Appendix B – Further reading239
B.1Smart-card technology239
B.2Biometrics239
B.3Cryptography and card security239
B.4JavaCard240
Appendix C – Standards241
Index245

© Cambridge University Press


printer iconPrinter friendly version AddThis