Smartcard Overview

Tech Decrypted

Taking the mystery out of learning cryptography

Seminar

Smartcard Overview

Basics, Standards, Federal Mandates & Examples

by H.X. Mel & Doris Baker

co-authors of Cryptography Decrypted

Goal

	Smartcard basics
	Smartcard shortcomings and vulnerabilities
	Smartcard’s place in fulfilling HSPD-12 and PIV-I/II and REAL-ID Act

Outline

Brief History of Smartcards

Smartcard basics

Microprocessor cards / memory cards
Contact / contactless cards

What are smartcards for and what can smartcards do?
Smartcard programs
Programs built-in by manufacture
Programs developed/deployed after manufacture

VISA’s standard
Microsoft & IBM enhancements

Other proprietary vendor’s built-in functionality you can use (API)
E.g. Schlumberger (Axalto), Gemplus

Some attacks and defenses

Industry & Government security standards

Homeland Security Presidential Directive-12

Personal Identity Verification (PIV) I / II

REAL-ID Act

Cyber Security: A Crisis of Prioritization, President’s Info Tech Advisory Com 2005

Real-life examples of smartcard programs for:

Authentication
Authorization
Wallet and loyalty apps

Why Learn Smartcards?

Smartcards enable Internet users to validate the authenticity of their Internet correspondent. They are the vessel that contains the digitized identity (as personal cryptographic key material) as well as other personal data (e.g. medical emergency data, authorizations, etc.)

Security professionals (and maybe every Internet user) need to know smartcard potentials and shortfalls. This is especially true for Federal government staff and consultants who need to evaluate smartcard applicability in satisfying Federal mandates as specified in documents like HSPD-12, FIPS 201, PIV-I and II, etc.

In addition to covering these issues, an online real time smartcard authentication and file transfer system is illustrated.

Contact: seminar at HXMEL.com