...Module 3 - Smart Cards Module 3 - Smart Cards Kari Wachs Grand Canyon University: HCA - 360 November 19, 2011 Module 3 - Smart Cards Smart card technology is becoming commonplace in todays society. Smart cards are also referred to as chip cards. The smart card is a plastic card that contains an embedded computer chip that stores and transacts data (Smart card basics, n.d.). The computer chip could function strictly as memory or as a microprocessor depending on the intended use of the smart card. “The data is usually associated with either value, information or both and is stored and processed within the card’s chip” (Smart card basics, n.d.). Smart cards are being used in several different markets currently in the United States. European countries have been utilizing smart card technology for almost three decades. (Smart card basics, n.d.). The Smart Card Alliance is a group of businesses that have a vested interest in the adoption of smart card technology. The Smart Card Alliance’s mission is to help the forward momentum of the use of smart card technology in health care in the United States (Smart card alliance, 2007). Europe initially used the smart card as a tool for reducing theft at pay phones. Their use has advanced tremendously over the last three decades. They are used for credit purchases and for record keeping instead of paper (Smart card basics, n.d.). In the United States, smart cards are being used by consumers in many ways. Several states...
Words: 1022 - Pages: 5
...all the banks in Kuwait use the smart cards instead of the regular credit and debit cards. A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside -- a normal credit card is a simple piece of plastic. The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card. The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory (RAM). The Smart Cards provides unlimited benefits to the customers, and its used recently almost in every organization and the business benefit from implementing the smart card. The most common smart card applications are: Credit cards Electronic cash Computer security systems Wireless communication Loyalty systems (like frequent flyer points) Banking Satellite TV Government identification Advantages and Disadvantages: Advantages: 1- Flexibility: Smart cards have a lot of flexibility. They can store multiple types of information including identification, credit cards, business and family contacts. 2-Cost and Availability: Smart card readers are expensive to produce...
Words: 881 - Pages: 4
...Electronic Cash and Smart Cards CMPS / ECBU 410: Management Information Systems Prepared by Joanna Carey Fall 2012 Instructor: Dr. Seta Whitby Table of Contents I. Introduction II. Body III. Advantages/Disadvantages of Electronic Cash & Smart cards and paper based currency IV. Conclusion V. References Introduction This research paper will closely investigate the relative importance between electronic and paper-based payments across the world. Although electronic payments are becoming more popular and easy to use, numerous surveys for payment instruments have shown the pace of change from an established payment method to a new payment method to be considerably slower than industry predictions. The movement to electronic payments and smart cards has been slow and has focused primarily on credit cards at the point of sale because bank emphasis is on expanding loan revenue and a historical reliance on checks which provide users with short-term credit. As technology continues to evolve the use of paper currency is becoming more obsolete. Although the modernization of digital money is changing into forms that don’t directly connect our electronic payments to our private information, such as smart cards, the transition into “cybercash” is still in the premature stages of development. This paper will highlight the advantages as well as the disadvantages...
Words: 1387 - Pages: 6
...a single smart card to be used for multiple services has been around for years. Instead of using separate access devices for different services, a user can access multiple services from different service providers by a single smart card. For example, a user can use the same smart card to log on to a remote server system, enter a secure building, and perform a financial transaction. This kind of design frees people from carrying many cards, bringing users the great convenience and at the same time saving resources and costs by manufacturing and managing less volume of cards. Therefore, multi-service smart card systems exhibit a high potential for economic and social benefits. Such a system is even more convenient if only one pass- word is used for each card so that users do not need to remember and cope with many passwords. 1.1 MULTISERVICE SMARTCARDS A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits. With a single card, and a single administration tool, organizations from government, to industry to academic institutions can deliver an array of personalized credit and loyalty-based services to their users, while generating comprehensive reports, and maintaining strict controls on usage. These cards can offer multiple applications such as: * Credit cards : These are the best known payment cards (classic plastic card): * Financial : Smart cards serve as credit or ATM cards, fuel cards...
Words: 4969 - Pages: 20
...problem associated with billing consumer living in isolated area and reduces deployment of manpower for taking meter readings. Every consumer can buy a memory card (is nothing but an EEPROM IC) with a password stored inside it using a MC program. The memory card is available at various ranges (ie. Rs 50, Rs 100, Rs 200 etc).In our project we have given the name for memory card as smart card. When the consumer insert a smart card into the card reader which is connected kit.Then the card reader will read the stored information and delete the information from the EEPROM IC(smart card) using the MC program. So that the smart card cannot be reused by others. Suppose if a consumer buy a card for Rs.50/- he / she can insert this amount through the card reader so that prepaid energy meter with tariff indicator kit will be activated. According to the power consumption the amount will be reduced. When the amount is over, the relay will automatically shutdown the whole system. In our project we also have a provision to give an alarm sound to consumer before the whole amount is reduced. You can also find the Card programmer circuit and program from the download. So that you can easily create your own cards. Here's the procedure to create the cards. How to program a new card. For making a unit price card for Rs 2.50 1. Insert the card into the Programmer 2. Dial 1*0250# The format is 1 for unit price * for start process - Higher digit of the unit price - lower digot of the unit price...
Words: 2185 - Pages: 9
...1. You are preparing to implement smart cards into your organization for all users. Which Windows Server 2003 service must you install in order to support smart card authentication? A: b. Certificate Service 2. Based on strong password characteristics, what is wrong with the password TiGer01? What would you recommend changing to make this password stronger? A: Do not use a full dictionary word, make it at least 8 characters, and add a symbol/special character to the password. 3. One of your employees is unable to gain access to the network because she left her smart card at home. Keeping in mind that your network has fairly high security guidelines, which of the following choices is the most secure solution for this situation? A: d. Create a temporary smart card for her with a certificate that expires at the close of the business day. 4. You are the main administrator for an enterprise environment consisting of four domains in separate locations. Your network is becoming increasingly difficult to manage due to the number of users in separate geographic locations. Each location has people who are willing to learn to maintain their part of the network. In addition, as departments grow, you want each department to have control over their user accounts and resources. The CEO has asked you to come up with a plan to set up decentralized administration. What will you include in your plan? A: Delegation of control to each admin of each sub-domain, Standardized...
Words: 425 - Pages: 2
...THE ART OF CYBER WAR — ASYMMETRIC PAYOFFS LEAD TO MORE SPENDING ON PROTECTION 151 As Physical Security Converges With IT Security and Becomes More Network-Based, Can Cisco Compete? Cisco recently introduced new video surveillance IP cameras and monitoring software targeted for small businesses. As corporate security technology and services become increasingly network-delivered and database-driven, the physical security market presents a compelling incremental growth opportunity for Cisco that we believe can exceed the billion dollar annual revenue threshold in the next 35 years. The physical security industry has been undergoing a paradigm shift toward convergence, whereby previously disjointed functions of IT security and physical security are experiencing greater formal cooperation. Organizations continue to implement more IP-based video surveillance cameras and building access controls both to upgrade capabilities and to reduce operational costs. Deploying IP-based security upgrades capabilities and reduces operational costs. Through the IP network a security system can assign priority to data and automatically discover new nodes such as IP cameras and control sensors, eliminating the time and effort of manual provisioning. Shifting building access controls from isolated networks to existing IP networks that house data, voice, and video can improve incident detection and assessment, authenticating both the user and device to provide efficient integrity checks. • Video...
Words: 10724 - Pages: 43
...The Smart Card Detective: a hand-held EMV interceptor Omar S. Choudary University of Cambridge Computer Laboratory Darwin College June 2010 This dissertation is submitted for the degree of Master of Philosophy in Advanced Computer Science Declaration I Omar Salim Choudary of Darwin College, being a candidate for the M.Phil in Advanced Computer Science, hereby declare that this report and the work described in it are my own work, unaided except as may be specified below, and that the report does not contain material that has already been used to any substantial extent for a comparable purpose. The word count, including footnotes, bibliography and appendices is 14 978. Signed: Date: The Smart Card Detective: a hand-held EMV interceptor Omar Choudary Abstract Several vulnerabilities have been found in the EMV system (also known as Chip and PIN). Saar Drimer and Steven Murdoch have successfully implemented a relay attack against EMV using a fake terminal. Recently the same authors have found a method to successfully complete PIN transactions without actually entering the correct PIN. The press has published this vulnerability but they reported such scenario as being hard to execute in practice because it requires specialized and complex hardware. As proposed by Ross Anderson and Mike Bond in 2006, I decided to create a miniature man-in-the-middle device to defend smartcard users against relay attacks. As a result of my MPhil project work I created a hand-held...
Words: 10985 - Pages: 44
...encountered with the use of paper passports are copying and manipulation, selling of valid passports to a third party, and counterfeit or forged passports. Due to the difficulty of discerning a real passport from a fake, agents must undergo extensive training that still does not adequately protect against these threats. One of the initial attempts to increase border security by more accurately verifying identity and preventing counterfeit passports was the introduction of e-passports, or electronic passports. E-passports are identical to paper passports with the addition of an embedded, contactless smart-card containing the same information as the visual passport, including a digital version of the photograph. The contactless smart card is a tiny microprocessor that transmits information wirelessly utilizing RFID technology over distances of less than four inches. These smart-cards utilize advanced security mechanisms to prevent alterations to the embedded data. Unfortunately, these attempts did not prevent passport abuse. In response to persistent passport fraud, biometric technologies have been employed as an additional security measure. Biometric technology is an automated mechanism that verifies or identifies an individual based on physiological or behavioral characteristics (Down and Sands 1). Physiological characteristics are related to the shape of the human body and are inherited (e.g. fingerprint, retina, face, hand), while behavioral characteristics are related...
Words: 1617 - Pages: 7
...Essay Week 2 Daniel Farella I.T.T. Technical Institute Author Note: This essay is being submitted on 5/9/2013 for Earl Robinson intorduction to security class. Essay week 2 * The remote access control policy consists of * Group membership * Type of connection * Time of day * Authentication methods * Advanced conditions: * Access server identity * Access client phone number or MAC address * Whether user account dial-in properties are ignored * Whether unauthenticated access is allowed After the connection is authorized, remote access policies can also be used to specify connection restrictions, including the following: * Idle timeout time * Maximum session time * Encryption strength * IP packet filters * Advanced restrictions: * IP address for PPP connections * Static routes Additionally, you can vary connection restrictions based on the following settings: * Group membership * Type of connection * Time of day * Authentication methods * Identity of the access server * Access client phone number or MAC address * Whether unauthenticated access is allowed On this network I recommend a WAN network . Because the wan network is great for going cities to cities or state to state plus there are more security features that can be recommended. The physical and logical access controls are as follows Authentication Identification is usually...
Words: 348 - Pages: 2
...The article presents a study which aims to analyze the role of information technology (IT) in the Indian banking industry. Indian banks are investing heavily in the technologies such as automated teller machine (ATMs), net banking, mobile banking, tele -banking, credit cards, debit cards, smart cards, call centers, CRM, data warehousing etc. It is essential to evaluate the impact of information technology on the performance of Indian banks in terms of extended value added services and customer satisfaction thereby. Foreign banks and Private sector banks which took more IT initiative, were found to be more efficient and more competent force than public sector banks in India. Based on the article, technological innovations have enabled the industry to open up efficient delivery channels. It is said that IT has helped the banking industry to deal with the challenges the new economy poses. The study examines the views of banking customers on the implementation of IT in banks. According to the author, private and foreign banks use more IT-related banking services than public sector banks. Keywords and Abbreviations: Awareness level, Banking sector, Customer Satisfaction, ITeS, Security ATM – Automated Teller Machines / Any Time Money CBS – Core Banking Solution IAM – Investment and Assets Management CRM – Customer Relationship Management GRC – Governance Risk and Compliance IDRBT - Institute for Development and Research in Banking Technology...
Words: 318 - Pages: 2
...Securing and Protecting Information CMGT 400 April 8, 2013 Securing and Protecting Information Authentication With the advances in technology, authentication has become part of our everyday lives, whether scanning your badge at work, signing for a credit card purchase, or logging into your Facebook/Twitter accounts. Authentication is the act of validating your identity while requesting access to software, purchases, or entry to a secured facility. There are four types of authentication; something you know, something you have, something you are, and something you can produce. When a service requests two or more types of authentication, it is called strong authentication, such as inserting an identification card and providing a password to access a computer workstation. “Something you know” refers to the use of passwords, passphrases, and codes or PINs. When creating a password, the user must make the decision to create a string of alphanumeric and special characters with differing cases. The longer and more complicated a password the user creates drastically reduces the risk of cracking or brute force attacks. The same password must also be something easily remembered by the user to dissuade it from being written down and stored onsite or left at the workstation. A solution to this is creating a passphrase, a common phrase or date abbreviated and linked together with special characters to create a personal passphrase difficult to crack but easy to remember. An example...
Words: 1768 - Pages: 8
...system unit with a business user specification would be prefect for this usage. In detail, Server or PC with i5 Processor, Windows 7, a 500 GB hard drive, 4 GB of fast DDR3 RAM memory, and a LCD display. Hardware which would be even necessary would be like the finger print reader where this can used to scan and read finger print of students who want to borrow books just have to place their finger to be scanned as their details and data would appear in the monitor’s screen of the librarian. This would be necessary as scanning wouldn’t take a very long time and its even precise compared to filing data manually. The only disadvantage of using the deivce would be where if the if the finger is dirty or injured the reader cant read its print. A smart card reader would also do the...
Words: 888 - Pages: 4
...considerations and situations in which physical security measures are valuable (for example, limiting access within a facility and/or to specific assets and controls to reduce physical incidents such as fires). Security unavoidably incurs costs and, in reality, it can never be perfect or complete - in other words, security can reduce but cannot entirely eliminate risks. Given that controls are imperfect, strong physical security applies using appropriate combinations of overlapping and complementary controls. For instance, physical access controls for protected facilities are generally intended to: • deter potential intruders (e.g. warning signs and perimeter markings); • distinguish authorized from unauthorized people (e.g. using pass cards/badges and keys) • delay and ideally prevent intrusion attempts (e.g. strong walls, door locks and safes); • detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV systems); and • trigger appropriate incident responses (e.g. by security guards and police). It is up to security designers to balance security controls against risks, taking into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the controls. Physical access control is a matter of who, where, and when. An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to enter or exit. Historically this was partially accomplished...
Words: 2097 - Pages: 9
...Use Cases As an intern software developer for a retail bank, you have been tasked with developing use cases to support the ATM service. Prepare a 5-6 page paper in which you: 1. Describe (in a one to two (1-2) page narrative) a use case, complete with typical and alternate courses, that documents the event of a bank customer withdrawing money from an ATM. 2. Illustrate the use case using Visio or a similar product. 3. Describe (in a one to two (1-2) page narrative) a use case dependency for making an account deposit. Illustrate this use case with Visio or a similar product. 4. Describe (in a one to two (1-2) page narrative) a use case dependency for making an account transfer. Illustrate this use case with Visio or a similar product. 5. Identify and explain at least one (1) ethical issue that the use case exposes in connection with the development or use of the ATM system. 6. Research and cite at least three (3) authoritative academic sources Use case diagrams in ATM usage CIS210 Use case diagrams of an ATM system Use case diagrams are pictorial representations of different process involved during a specific operation. They are used in modeling real world interaction of system modules and the outside user during the systems analysis stage of software development. They are used mainly in the representation of how the software works in defining the requirements analysis. Use case diagrams in this field are used...
Words: 1140 - Pages: 5