Unit 4 | HTCS 701 Notes | Database Security and Access Control | AKTU Notes

·


    1. Smart Card–Based Information Security

    Smart Card–Based Information Security means using smart cards to protect data and user identity. A smart card is a plastic card with an embedded chip that can store data and perform secure operations.

    • Provides strong security
    • Portable and reliable
    • Difficult to duplicate

    Examples: ATM cards, SIM cards, Aadhaar cards, Employee ID cards.


    2. Smart Card Operating System – Fundamentals

    A Smart Card Operating System (SCOS) is software that runs inside the smart card chip.

    • Manages memory
    • Controls files
    • Handles security
    • Communicates with card reader

    Example: Just like Android runs on a phone, SCOS runs inside a smart card.


    3. Design and Implementation Principles of Smart Cards

    These principles define how smart cards are designed and implemented securely.

    • Security-first design
    • Optimized for limited memory and power
    • High reliability
    • Tamper resistance

    Example: ATM cards are designed to resist physical and software attacks.


    4. Memory Organization in Smart Cards

    Smart cards have limited memory which is divided into different types.

    • ROM: Stores operating system (permanent)
    • EEPROM / Flash: Stores user data and applications
    • RAM: Temporary memory during execution

    Example: PIN stored in EEPROM, OS stored in ROM.


    5. Smart Card Files

    Smart cards store information in the form of files similar to a computer file system.

    • Master File (MF): Root directory
    • Dedicated File (DF): Sub-directory
    • Elementary File (EF): Stores actual data

    Example: EF may store user ID or account balance.


    6. File Management in Smart Cards

    File management controls how files are created, accessed, and deleted in smart cards.

    • Access controlled using security rules
    • Files protected by PIN or cryptographic keys

    Example: Only authorized applications can read balance data.


    7. PPS Security Techniques – User Identification

    User identification verifies the identity of the card holder.

    • PIN verification
    • Password
    • Biometric authentication

    Example: ATM card + PIN verifies the user.


    8. Smart Card Security

    Smart card security protects cards from unauthorized access and attacks.

    • Encryption
    • PIN protection
    • Secure chip design
    • Authentication protocols

    Example: Card gets blocked after multiple wrong PIN attempts.


    9. Quality Assurance and Testing of Smart Cards

    Quality Assurance (QA) ensures smart cards work correctly and securely.

    • Functional testing
    • Security testing
    • Performance testing
    • Stress testing

    Example: Testing how the card behaves after many incorrect PIN attempts.


    10. Smart Card Life Cycle – 5 Phases

    1. Manufacturing: Card and chip production
    2. Personalization: User data added
    3. Issuance: Card issued to user
    4. Usage: Card used for transactions
    5. Expiry / Revocation: Card expires or is blocked

    Example: ATM card expires after a fixed number of years.


    11. Smart Card Terminals

    Smart card terminals are devices that read and communicate with smart cards.

    1. ATM machines
    2. POS machines
    3. Card readers
    4. NFC-enabled mobile devices

    Example: ATM machine reads the card and verifies PIN.


    Summary

    1. Smart card provides secure authentication
    2. Smart Card OS manages memory and security
    3. Memory types: ROM, EEPROM, RAM
    4. Files: MF, DF, EF
    5. Life cycle has 5 phases
    6. Terminals enable communication with smart cards

    No comments:

    Post a Comment