Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
True Hardware-based Security<br />
Cryptographic RF smartcards offer true hardware-based security for authentication, encryption, <strong>and</strong> secure<br />
data storage. They contain a 64-bit hardware-based cryptographic engine embedded in the silicon, with up to<br />
four sets of non-readable 64-bit authentication keys, four sets of non-readable 64-bit session encryption keys,<br />
<strong>and</strong> 2K bits of configuration memory. The configuration memory provides application developers with true<br />
flexibility for customizing security <strong>and</strong> data protection options <strong>and</strong> then blowing fuses to permanently lock in<br />
the configuration <strong>and</strong> custom security keys in the hardware.<br />
Secure Dynamic Mutual Authentication Capability<br />
Up to now, when there was a need to prove authenticity, as in trying to gain access (TV subscription program<br />
access or secure building access) or to claim value (cash registers, laundry machines, pay-per-use copier<br />
machines), only high-end microprocessor based smartcards were able to provide true authentication.<br />
Cryptographic RF smartcards can establish authenticity securely through a cryptographic dynamic mutual<br />
authentication process using the non-readable keys. They use the authentication keys, session encryption<br />
keys <strong>and</strong> a r<strong>and</strong>om number to generate a unique identity, or “cryptogram”, for each transaction. Both the RF<br />
smartcard reader <strong>and</strong> the RF smartcard must be able to duplicate each other’s cryptograms before any data<br />
can be accessed or written. The keys are completely inaccessible, even to the owner of the device or original<br />
silicon manufacturer. A unique cryptogram is generated for each transaction, so a cryptogram, intercepted<br />
during a transaction, cannot be used to effect a second transaction. In the extremely unlikely event that the<br />
non-readable key(s) from one smartcard becomes known, they cannot be used with any other smartcard<br />
because each cryptographic RF smartcard has its own unique set of authentication keys. Fuse bits are blown<br />
to permanently lock the security information in the smartcard such that even the card silicon manufacturer<br />
cannot access it.<br />
Dual Authentication Supports Cash-equivalent <strong><strong>Card</strong>s</strong><br />
Uniquely, cryptographic RF smartcards allow two completely independent users to access the same section of<br />
the memory, using completely separate authentication keys with different access levels for adding <strong>and</strong><br />
deducting cash. As an example, energy meter applications that happen to be very popular in developing<br />
countries using pre-pay models, the energy company will use a higher privilege access key to add energy<br />
credits to the card from its offices. The energy meter at the purchaser’s home is then equipped with a less<br />
privileged key that can only allow for reduction of energy credits <strong>and</strong> never vice-versa.<br />
Multiple Sectors with Configurable Access<br />
Cryptographic RF smartcards are available as a complete family in densities from 1 Kbit to 64 Kbits of<br />
completely usable memory to accommodate a wide range of information storage <strong>and</strong> cost requirements. The<br />
user memory itself may be divided into as many as 16 separate sections, each of which can independently<br />
customized to allow different levels of read <strong>and</strong> write access. For example, a smartcard that contains health<br />
records might keep the patient’s ID <strong>and</strong> billing address in a portion that is accessible by the billing<br />
department <strong>and</strong> insurance company, while diagnostic information is stored in another area that is accessible<br />
only by the doctor, <strong>and</strong> prescription information is stored in yet another section that can be written to by the<br />
doctor <strong>and</strong> only read by the insurance company <strong>and</strong> the pharmacist.<br />
Multitude of Data Protection Options<br />
Be it cash credits or private health records, cryptographic RF smartcards provide many protection options<br />
customizable by the application developer at deployment time. These include one-time-program (OTP)<br />
modes, read-only modes <strong>and</strong> program-only modes. In addition to protection by pre-authentication<br />
requirements, cryptographic RF smartcards can fully encrypt data during transmission to protect<br />
confidentiality <strong>and</strong> dynamically generate Message Authentication Codes (MAC) to verify message source <strong>and</strong><br />
integrity. To top off, cryptographic RF smartcards are implemented in hardened silicon using secure product<br />
strategies that include content scrambling, tamper monitors for environmental factors, <strong>and</strong> detection<br />
capabilities for physical <strong>and</strong> systematic security attacks.<br />
Cryptographic RF smartcards are innovative in their approach to true hardware security <strong>and</strong> bridge the<br />
complexity <strong>and</strong> affordability gaps between microprocessor <strong>and</strong> memory based smartcards. Laden with usable<br />
memory <strong>and</strong> security options, cryptographic RF smartcards offer an unrivaled level of flexibility for<br />
application developers, allowing full customization to enable adaptability to virtually any application in the<br />
smartcard space.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
13