Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News

More documents

Recommendations

Info

In Germany, almost all banks and bank organisations have converted to modern PIN production methods. Here the following techniques are used: 1. Thermo Sealing® - The single form is printed on special paper, folded and thermo sealed and therewith becomes a casing ready for dispatch, but which can also be put in envelopes. This method means up to 60% less paper, no elaborate handling, and no outdated technology, significantly less time, effort and waste. Data security is provided through a perfect thermo lock which cannot be opened without visible damage. 2. Single label – The back side of the printed paper has a special matrix making the PIN invisible. One or more security labels can be attached to the letter. These labels can have special security features like void effects or holograms and can either be peel-off labels or special scratch labels where the customer uses his fingernail or a coin to visualize his PIN. All these labels are designed to show attempts of manipulation. The final product could be either in the same size of the old fashioned “Dot.Matrix” solution or an A4 letter size which is folded. Scratch label with void effect Peel-off label Double label with hologram 3. Double label – The letter is printed and the first label is applied. Then the PIN is printed on the label. Immediately after printing the PIN the second label is applied so that the PIN becomes invisible. This sandwich technology has the highest security level of all processes used today. 4. Combination of Thermo Sealing® and label – In this case the PIN is hidden by a security label and then the product is sealed. This solution offers double protection of the PIN and is the most widespread form of PIN protection in Germany. A key point in using such systems is the security of the process. All described systems were supplied by Otto Künnecke – specialists for card mailing and high security systems. The machines use special black covers and a special security lock which does not enable the operator to open any cover. In case of machine problems the covers can only be opened by an operator and a supervisor. The machines can be integrated in existing HSM surroundings or could be equipped with special encryption and decryption hard and software. When designing a PIN mailer one key point is that the file sent to the printer encrypts, the PIN at the latest stage and that these PINs are not visible in any software, audit files or at any device in this process. OK offers modularly extendable systems in different security levels. Due to high demand and the excellent cost-benefit-ratio these applications are marketed worldwide. Several banks from all parts of the world want to follow the German example and use more modern, secure and economic PIN letters. The OK systems are available with and without security software like HSM. Smart Card & Identity News • January 2008 10
Versatile Hardware Security With Cryptographic RF Smartcards By Eustace Asanghanwa, Atmel Affordable True Hardware Security for Mutual Authentication and Data Security Cryptographic RF smartcards offer true hardware-based security for applications that need authentication, value storage, identification, and secure access control. It bridges the complexity and affordability gap between high-end secure microcontroller-based smartcards used in banking, and low-end cards used for loyalty tracking and access control, without giving up security. Eustace Asanghanwa Developers and service providers can now apply the desired amount of security to their applications without the complexity and unit costs associated with high-end smartcards. Additionally, there is no tradeoff in security for low-end smartcards. Example applications include: ‣ Subscription management including cable and satellite TV. ‣ Electronic purses used in Laundromats, energy meters, internet café resources and transportation. ‣ Information cards including ID cards and driver licenses. ‣ Multi-application cards, for example, a single card that combines multiple functions like hotel access, mini-bar purchases, movie purchases, and secure access to [high-value] in-room hotel safes. Smartcards are available today for a wide range of applications and are classifiable under two broad categories: Microprocessor-based and memory-based smartcards. Microprocessor-based smartcards embed a microprocessor, volatile and non-volatile memories, and communication circuitry such as Analog Front-End (AFE) in an integrated circuit that eventually embeds inside the standard smartcard. They contain cryptographic routines either in firmware or hardware accelerators to service high-end security applications like banking and passports. They require special software or operating system developed by security experts for effective security. Their complex nature allows them to command premium prices in the market. In addition, these smartcards require external power to support the energy requirements of the microprocessor, the memories and the cryptographic routines. For this reason, their connectivity to the outside world is usually contacted in nature, at least for power sourcing. Contacted connectivity demands periodical card replacement due to worn out contacts. In the rare cases where connectivity is not contacted, as in RFID cards, power limitations translate into long transaction times making them less practical for mainstream security applications. Figure 1: A high level block diagram of a microprocessor smartcard Smart Card & Identity News • January 2008 11
Page 1 and 2: dentity News • Smart Card & Ident
Page 3 and 4: Contents Regular Features Lead Stor
Page 5 and 6: Payzone To Target The 'Unbanked' Wi
Page 7 and 8: What are the changes or differences
Page 9: Carl-Otto Künnecke Growing market
Page 13 and 14: True Hardware-based Security Crypto
Page 15 and 16: It is important to note that the cr
Page 17 and 18: attacks. The Mifare card because it
Page 19 and 20: Buying into Contactless Payment By

Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News

Create successful ePaper yourself

Delete template?

Save as template?