Lesson Title:
Contactless Smart Card Standards
Copyright © 2008, 2009 by Dale R. Thompson {d.r.thompson@ieee.org}
Dale R. Thompson
Computer Science and Computer Engineering Dept.
University of Arkansas
This material is based upon work supported by the National Science Foundation under Grant No. DUE-0736741.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not
necessarily reflect the views of the National Science Foundation (NSF).
http://rfidsecurity.uark.edu
1
What is a Contactless Smart Card?
• Components
– Secure embedded microcontroller
– Memory
– Antenna
– Contactless radio frequency interface
• Applications
– Travel documents such as E-passports
– Identification cards such as Federal PIV
– Finance contactless payment cards such as MasterCard’s PayPass
*The Smart Card Alliance prefers to distinguish contactless smart cards that have encryption and
follow the ISO/IEC 14443 or 15693 standards as being different from RFID, which are used for
simple identification as in the supply chain. However, we will use the term RFID for both
contactless smart cards and the tags used in the supply chain.
http://rfidsecurity.uark.edu
2
Contactless Smart Card Standards
• International Standards Organization (ISO)/International
Electrotechnical Commission (IEC) Standards
• Federal Information Processing Standard 201 – FIPS 201
• FIPS 140
• Common Criteria
• Global System for Mobile Communication (GSM) Standards
• Europay, MasterCard, and Visa (EMV 2000)
• …
http://rfidsecurity.uark.edu
3
ISO/IEC 7816 (several parts)
• Application-level standards
• Contact and contactless
• Covers card and interfaces
–
–
–
–
–
–
–
–
Physical dimensions
Electrical interface
Communications protocols
Numbering
Security commands
Management commands
Cryptographic services
Application naming
http://rfidsecurity.uark.edu
4
ISO/IEC 14443
•
•
•
•
•
•
Proximity contactless smart cards
– Designed for short read range and fast transactions
– Two modulation types (Type A and Type B)
Defines interfaces to card
– Radio frequency interfaces
– Electrical interfaces
– Communications interfaces
– Anti-collision protocol
– Read/write
– Ability to use security features
– Support for authentication
13.56 MHz
Range = 4 inches (10 centimeter)
106 Kbps transmission speed
Travel documents (e-passport), access control (PIV), and finance
http://rfidsecurity.uark.edu
5
ISO/IEC 15693
•
•
•
•
•
•
Vicinity contactless smart card
– Read at longer distances but slower
Defines interfaces to card
– Physical characteristics,
– Radio frequency power and signal interface
– Anti-collision and transmission protocol
– Read/write
– Ability to use security features
– Support for authentication
13.56 MHz
Range = 3 feet (1 meter)
26.6 Kbps transmission speed
Logistics, labeling and agriculture applications
http://rfidsecurity.uark.edu
6
Federal Information Processing
Standard 201 – FIPS 201
• Homeland Security Presidential Directive 12
(HSPD-12) issued August 27, 2004
• FIPS 201, Personal Identity Verification (PIV) of
Federal Employees and Contractors, on
February 25, 2005 published by National
Institute of Standards and Technology (NIST)
– Standard Federal contactless smart card
– Federal employees and contractors
– Physical and logical access
http://rfidsecurity.uark.edu
7
Smart Card Links
• Smart Card Alliance
– http://www.smartcardalliance.org/
– http://www.smartcardalliance.org/pages/smartcards-intro-standards
• U.S. General Services Administration (GSA)
Smart Card web site
– http://www.smartcard.gov
• Smart Card Basics
– http://www.smartcardbasics.com/standards.html
http://rfidsecurity.uark.edu
8
Contact Information
Dale R. Thompson, Ph.D., P.E.
Associate Professor
Computer Science and Computer Engineering Dept.
JBHT – CSCE 504
1 University of Arkansas
Fayetteville, Arkansas 72701-1201
Phone: +1 (479) 575-5090
FAX: +1 (479) 575-5339
E-mail: d.r.thompson@ieee.org
WWW: http://comp.uark.edu/~drt/
http://rfidsecurity.uark.edu
9
Copyright Notice, Acknowledgment, and Liability
Release
•
•
•
Copyright Notice
– This material is Copyright © 2008, 2009 by Dale R. Thompson. It may be freely redistributed in its
entirety provided that this copyright notice is not removed. It may not be sold for profit or
incorporated in commercial documents without the written permission of the copyright holder.
Acknowledgment
– These materials were developed through a grant from the National Science Foundation at the
University of Arkansas. Any opinions, findings, and recommendations or conclusions expressed in
these materials are those of the author(s) and do not necessarily reflect those of the National
Science Foundation or the University of Arkansas.
Liability Release
– The curriculum activities and lessons have been designed to be safe and engaging learning
experiences and have been field-tested with university students. However, due to the numerous
variables that exist, the author(s) does not assume any liability for the use of this product. These
curriculum activities and lessons are provided as is without any express or implied warranty. The
user is responsible and liable for following all stated and generally accepted safety guidelines and
practices.
http://rfidsecurity.uark.edu
10