Tech Decrypted

                        Taking the mystery out of learning cryptography

Home
Up

 
Seminar
Smartcard Overview
Basics, Standards, Federal Mandates & Examples
 
by H.X. Mel & Doris Baker
co-authors of Cryptography Decrypted

 

Goal

Smartcard basics

Smartcard shortcomings and vulnerabilities

Smartcard’s place in fulfilling HSPD-12 and PIV-I/II and REAL-ID Act

Outline

Brief History of Smartcards

Smartcard basics

Microprocessor cards / memory cards
Contact / contactless cards

What are smartcards for and what can smartcards do?
Smartcard programs
   Programs built-in by manufacture
   Programs developed/deployed after manufacture 

VISA’s standard
Microsoft & IBM enhancements 

Other proprietary vendor’s built-in functionality you can use (API)
   E.g. Schlumberger (Axalto), Gemplus

Some attacks and defenses

Industry & Government security standards

Homeland Security Presidential Directive-12

Personal Identity Verification (PIV) I / II

REAL-ID Act

Cyber Security: A Crisis of Prioritization, President’s Info Tech Advisory Com 2005

Real-life examples of smartcard programs for: 

Authentication
Authorization
Wallet and loyalty apps

Why Learn Smartcards?

Smartcards enable Internet users to validate the authenticity of their Internet correspondent. They are the vessel that contains the digitized identity (as personal cryptographic key material) as well as other personal data (e.g. medical emergency data, authorizations, etc.) 

Security professionals (and maybe every Internet user) need to know smartcard potentials and shortfalls.  This is especially true for Federal government staff and consultants who need to evaluate smartcard applicability in satisfying Federal mandates as specified in documents like HSPD-12, FIPS 201, PIV-I and II, etc. 

In addition to covering these issues, an online real time smartcard authentication and file transfer system is illustrated. 

    Contact: hx at HXMEL.com 

 

(c) H. X. Mel & Doris Baker all rights reserved