News

Physical security assessment of a microprocessor EMV card

When evaluating the security of an information system, two questions usually arise: what is the level of security of the system and how much it costs to ensure this level of security. Over the past fifteen years, the emergence of standards that allow independent assessments of information system security has made it possible to get answers to these questions. The Information Technology Security Evaluation Criteria (ITSEC) standard was developed in Europe and recognized by France, Germany, the United Kingdom, and the Netherlands in 1991.at the...

read more

Multi-layer operating systems

There are different approaches to implementing application programs (applications) on the card. The first approach is that IPC applications are developed for a specific “native” operating system of the card’s microprocessor. These cards are called Native cards or static cards. The latter name is due to the fact that applications of such cards cannot be transferred to cards using a different operating system. On static cards, the application, using the functions of the operating system and application programming interfaces...

read more

Application layer protocol

The IS0/IEC 7816-4 standard defines the functions used by smart card and terminal applications when performing a transaction. It describes two classes of functions. First, the commands available to the terminal program for working with information stored in the card file system are defined. Second, security features are defined that can be used to restrict access to card applications and files, as well as to ensure secure data exchange. These functions include authentication of the card and an external program that works with the card,...

read more

EMV communication protocols

Information exchange between the card and terminal applications from a communication point of view is carried out in accordance with the seven level Reference model of interaction of open systems (EMBOS). EMBOS describes the General communication interaction between two objects, introducing the concept of seven different Protocol levels placed on top of each other. The EMBOS Protocol Suite provides a reliable mechanism for information exchange between two applications that are generally supported on different hardware and software platforms....

read more

Initial installation of the EMV Protocol card

The dialog between the reader and the card takes place in several consecutive stages: connecting and activating card contacts (switching the card to an idle state); initial installation (reinstalling the card); data exchange between the card and the reader; disabling (deactivating) the card. When entering the card into the reader, the terminal does not supply power to the card. This is due to the fact that the card chip can be seriously damaged if the voltage is applied to an unintended card contact. The power supply is not applied until the...

read more

Typical values of EMV operations from the RSA algorithm

Consider the execution times of various RSA operations on the [email protected] cryptoprocessor used in Infineon’s SLE88CFX1M00P and SLE88CFX8002P chips . The crypto processor has a private memory of size 880 bytes. Note that the speed of RSA operations depends linearly on the clock frequency of the cryptoprocessor. The RSA key generation time is a random variable (see the description of the algorithm in app. C), so the table shows the average values of this indicator. Finally, note that the public key exponent value F_4 = 216+ 1 = 65,537...

read more

The architecture of the Java Card standard ЕМV

The Java Card EMV The Java Card EMV architecture of the standard contactless card uses electromagnetic waves to provide information exchange between the card and the terminal. Interaction between the card and the terminal is based on the protocols described in ISO 14443, ISO 15693, ISO 18000, ISO 18092, ISO 10536, and others. in banking technologies, the IS014443 a&B standard is most often used, which is accepted by the leading payment systems VISA and MasterCard as the base for implementing financial applications of these systems. ISO...

read more

General characteristics of smart cards

A smart card is a microcomputer implemented in a single silicon chip as an integrated circuit (IC), generally consisting of: CPU (usually an 8-bit or 1B-bit RISC processor, although 32-bit processors are also available on the market); RAM (usually 256 bytes to 2 KB in size; for Java cards, the RAM size usually varies from 4 to 8 KB, and chips with 16 KB of RAM are known on the market); permanent ROM storage (usually 16-136 KB in size, there are cards with a ROM size of about 400 KB); non-volatile rewritable eepr0m memory (usually 2-64 KB in...

read more

Application Independent ICC to Terminal Interface Requirements.

Book 1. Application Independent ICC to Terminal Interface Requirements. Describes the minimum requirements for microprocessor-based cards (ICC— Integrated Circuit Card) and terminals that ensure that the terminal and the card interact, regardless of which card application is used. The book defines requirements for Electromechanical characteristics of the map (size and location of the contacts, the height ciowego module, the characteristics of supplied power, clock frequency, signal initial setup of the card, the resistance between the pair of...

read more

The problem of security of card transactions

Card fraud is understood as deliberate deceptive actions of some party based on the use of plastic card technology and aimed at unauthorized acquisition of financial resources placed on the “card” accounts of clients of banks that issue plastic cards or owed to a merchant for card transactions. Card fraud is often called fraud (from the English. fraud— fraud, deception). Fraud is usually divided into two groups: fraud from the point of view of issuing cards and fraud from the point of view of servicing cards. The first group...

read more