Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
The ISO 7816 standard, Identity Cards - Cards with ICs and Contacts, is by far the best known and most respected standard for general purpose microprocessor cards. On the basis of this standard, standards have been developed for the use of smart cards in certain areas of human activity, for example, healthcare, transport, banking, and object identification.
MasterCard
^? 9
There are also standards that define communication protocols for contactless cards.
In turn, standards for smart cards are based on a wide range of standards related to information processing. These include standards that determine the list and encoding of characters, the encoding of national currency, cryptographic algorithms, etc.
Finally, since many areas of application of smart cards are demanded by government agencies, for example, maintaining national payment systems, creating a national “electronic” passport, etc., in addition to international standards for smart cards, national and regional standards have been developed.
Due to the slow pace of adoption of international standards, there has been an increase in the number of specifications for smart cards issued by various laboratories, professional communities, trade associations, academic institutions and private firms not affiliated with standards bodies. Such specifications play a useful role in stimulating debate and developing consensus, which then serve as the basis for future international standards.
Smart cards are used in many areas of human activity. Cell phones, access control systems, information security systems, pay TV and the Internet are just a few examples of their uses. It can be expected that for each area of human activity, industry standards will be developed that define the requirements for the smart cards used in them.
Returning to the ISO 7816 standard, we note that it consists of one and a half dozen parts. However, the first five parts of the standard are fundamental and most commonly used:
part 1 "Physical characteristics";
part 2 "Dimensions and arrangement of contacts";
part 3 "Electronic signals and communication protocols";
part 3, amendment 2 "New version of the choice of the type of protocol";
part 4 "Commands of data exchange";
Part 5 “Application ID numbering system and registration procedure”.
The ISO 7816-1 standard expands the list of requirements for identification plastic cards ID-1, adding requirements for the physical characteristics of cards with an embedded chip. It defines the acceptable limits for external influences on the card such as X-rays, ultraviolet radiation, electromagnetic fields, static electricity fields and ambient temperature.
The standard also defines two tests for the flexibility of the microprocessor card: in Fig. 1.8 shows card bending tests, and fig. 1.9 - tests for card rotation.
this edge of the card
Rice. 1.8. Bending tests
Rice. 1.9. Torsion tests
Flexure and torsion tests simulate normal mechanical stress conditions on a card, such as when carrying a card in a wallet. When conducting tests with a microprocessor card, the possibility of damage or breakage of the chip itself or breakage of connections between the microcircuit and the contact pad is investigated. Practical test results have shown that in order to comply with the limitation on resistance to bending and torsion, the area of a square chip should not exceed 25 mm 2 .
The ISO 7816-1 standard sets relatively stringent requirements for the mechanical characteristics of a smart card. The purpose of these requirements is
Chapter 1. BASIC INFORMATION ABOUT PLASTIC CARDS 79
G
MasierCa k
ensure reliable contact between the contacts of the reader and the card. In this case, the contacts of the card should not protrude above its surface by more than 0.1 mm. The card must be strong enough to withstand prolonged deformation when bent, after which, as a result of pressure on the surface of the card, it must return to a flat state.
The ISO 7816-1 standard specifies that a microcircuit has eight electrical contacts located in standard positions on the face of the card. Some of these pins are electrically connected to a chip embedded in the card. Others are not connected to the chip and are not currently used. (See Chapter 2 for pin assignments.) ISO 7816-1 also defines the allowable resistance values for card contacts.
Contact locations and sizes are specified in ISO 7816-2. The contacts are almost always located on the face of the card (that is, the side opposite to the side with the magnetic stripe). However, the ISO 7816-2 standard does not require pins to be located exactly on the front side. Contacts can also be located on the back of the card, provided that they are not in the embossing and magnetic stripe area.
The EMV standard introduces certainty in the arrangement of contacts. The dimensions of the contacts and their location on the card in accordance with EMV are shown in Fig. 1.10.
Rice. 1.10. Smart Card Sizes and Pinouts
As a result, the appearance of the map is as shown in Fig. 1.11.
Embossing
The ISO 7816-3 standard begins the description of the logical architecture of a smart card. This standard defines asynchronous communication protocols between the card and the reader.
The ISO 7816-4 standard defines the file structure of a microprocessor card and a set of commands used to communicate between the issuer's terminal and the card.
The ISO 7816-5 standard specifies the structure of the card application identifier, as well as how this identifier and the application provider are registered.
We will refer to the ISO 7816 standard many times in the pages of this book.
EMV specifications appeared in 1996 as a product created jointly by Europay, MasterCard and VISA (the standard was named after the first letters of the names of the companies that created it). The EMV standard is an industry standard governing the operation of a microprocessor card used for cashless payments. EMV is based on the ISO 7816 standard.
Since 1999, the EMV standard has been developed and supported by the forces of a specially created company EMVCo, LLC. Originally founded by MasterCard
^? 9
The clients of this company were the payment systems Europay, MasterCard and VISA. Today the company is equally managed by four payment systems - MasterCard, VISA, JCB and American Express. JCB became a founding member of EMVCo in 2004 and American Express in 2009.
The functions of EMVCo include not only the development of the EMV standard, but also ensuring the compatibility of card applications and devices of various banks. EMVCo provides certification of POS terminals for compliance with EMV specifications (Level 1 & Level 2 Type Approval), as well as certification of CPA and CCD cards for compliance with CPA and EMV standards.
In addition, EMVCo holds the Common Payment Application (CPA), EMV Card Personalization Specification, EMV Contactless Communication Protocol Specification, EMV Entry Point Specification. Finally, the company evaluates the security of the chip and its operating environment in accordance with the EMVCo Security Evaluation Process.
The latest version of the standard to date (EMV 4.2) appeared in June 2008 and consists of four books:
Book 1. Application Independent ICC to Terminal Interface Requirements;
book 2. Security and Key Management;
Book 3. Application Specification;
Book 4. Cardholder, Attendant, and Acquirer Interface Requirements.
Below is a brief summary of each of the books listed.
Book 1. Application Independent ICC to Terminal Interface Requirements. Describes the minimum set of requirements for Integrated Circuit Cards (ICCs) and terminals that enable communication between the terminal and the card regardless of which card application is used.
The book defines the requirements for the electromechanical characteristics of the card (dimensions and arrangement of contacts, the height of the chip module above the surface of the card, characteristics of the power supply, clock frequency, signal for the initial installation of the card, the resistance value between a pair of contacts of the card and the terminal, etc.). The book describes the stages through which the microcircuit of the card passes in the process of performing an operation, from its initialization to deactivation. Book 1 also contains a description of the asynchronous communication protocols between the card and the terminal T = 0 and T = 1.
A separate section of the book is devoted to the description of the file structure of the map, data elements and commands. In particular, it describes the elements and data objects used, the structure of the commands, how to access the application files, the procedure for selecting the card application (Application Selection).
Book 2. Security and Key Management. Describes the minimum set of requirements for the logical security functions of a smart card and electronic terminal used in operations. Book 2 contains a description of procedures for static and dynamic authentication of the card application, encryption of the PIN code, ensuring the integrity and confidentiality of information exchange between the card and the issuer, principles and policies for managing the keys of the card application.
In addition, the book contains a description of the cryptographic algorithms used for signing data, verifying the signature and recovering data from the signature, encrypting data, calculating the values of data integrity control codes (Message Authentication Code), displaying card keys and session keys.
Book 3. Application Specification. Contains a description of the data items, files, and commands associated with executing a transaction. It provides a list of the payment application functions with a description of the data elements and commands used to perform these functions, and also contains a description of the sequence of events and commands that occur during the processing of a transaction.
Book 4. Cardholder, Attendant, and Acquirer Interface Requirements. Contains a description of the types of terminals and their capabilities, as well as the functional requirements for terminals, the fulfillment of which is necessary for the implementation of operations on EMV-compatible cards, and the requirements for the physical characteristics of the terminals. Book 4 describes the architecture of the terminal software, including the principles of data management, requirements for the “terminal - cardholder” and “terminal - servicing bank” interfaces.
The specifications in the book contain the requirements, the fulfillment of which makes it possible to accept magnetic stripe cards and microprocessor cards on a single terminal.
MasterCard
^? 9
Based on the EMV standard, the largest payment systems VISA and MasterCard have released their application specifications for microprocessor cards. At the end of 2009, the latest versions of these specifications implemented on chips are known under the abbreviations M / Chip 4 (MasterCard) and VIS 1.4 (VISA). However, both payment systems have developed new versions of their applications - VIS 1.5 and M / Chip 4 R2 (VIS 1.5 release has already been approved, and M / Chip 4 R2 should be approved by the end of 2009). The first cards supporting these releases are likely to appear in 2010. In addition, the VISA payment system offers its banks specifications for Java applets for their applications, compatible with the GlobalPlatform / Java Card operating environment. The releases of VSDC applets 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6 and 2.7 are known on the market.
It should be noted that the differences in the applications of the leading payment systems are quite noticeable (see Chapter 8 for details). They primarily concern:
Among the standards related to microprocessor cards are the PC / SC Workgroup Specifications, which describe how a personal computer application interacts with a microprocessor card. The microprocessor card is considered today as a general-purpose secure mobile computing platform. Therefore, the need for interaction between the card and the computer is obvious.
In September 1996, the PC / SC Workgroup was created by the manufacturers of computers, software and IPCs, which developed the open PC / SC Workgroup Specifications, which define the model of interaction of a computer program with a microprocessor card. In accordance with this model, several card readers can be connected to a computer using various physical interfaces (for example, RS-232C, PS / 2, PCMCIA, etc.). The model defines a computer software module that controls access to card and reader resources (ICC Resource Manager), as well as modules for providing services to computer applications (ICC Service Provider). These services include performing cryptographic operations, implementing file access methods, authentication, etc.
Today, the PC / SC specifications are widely used in the field of information technology. However, the trend associated with the use of the USB protocol in microprocessor cards as a high-speed means of communication with an external computer indicates that the PC / SC specifications will in the future be replaced by direct interaction of the card with a computer, for example, via TCP / IP (more about this described in section 2.9).
In conclusion, we give a brief overview of the state of affairs in the field of biometric identification / authentication, which should eventually find its application as a means of authentication of the holder of a microprocessor card.
The development of technologies for identification / authentication of a person based on his biometric characteristics began to be dealt with for a long time, in the early 60s. last century. However, the main practitioners of MasterCard
^? 9
tical results have been obtained recently. The power of modern computers and improved algorithms for processing biometric information have made it possible to create products that, in terms of their technical characteristics and prices, have become interesting and accessible to a wide range of users.
Today, for biometric identification of a person (object), the following technologies are most often used, which differ in the type of biometric information used in them:
The key point in the procedure for creating the current template is the impossibility of restoring the scanned object image from the current template. The algorithm for creating the current template extracts from the scanned image the characteristic features of the object, which, however, are not enough to restore the scanned image. The one-way function of the algorithm for creating the current template allows you to protect an object from various attacks and to weaken the requirements for scanning devices.
From the point of view of the implementation of the identification / authentication process, there are three types of microprocessor cards that store the verification template:
When using the MOS map, the map not only stores the object template, but also compares the current template with the template and decides on the result of object identification / authentication. In this case, only the scanning of the object and the creation of the current template are performed by the external system. The map receives the current object template from the external system.
Finally, in the case of a SOC card, all biometric identification / authentication procedures are performed by the card chip. Obviously, for this, the SOC card must have a sensor that performs scanning of the object.
TOC cards provide the lowest level of security for the identification / authentication procedure. When using them, an attack is possible in which, in the process of transferring the verification template to the external system, the attacker replaces the card template with his own template, thereby achieving a positive result of the identification / authentication procedure for himself. Therefore, the dialogue between the card and the external system must be reliably protected by cryptographic means ensuring the confidentiality and integrity of the dialogue data, as well as mutual authentication of the card and the external system.
When using MOC cards, the attack described above becomes meaningless. ISO maps are becoming the most commonly used maps in systems
MasterCard
^? 9
biometric identification / authentication. They provide a relatively high level of security. MOS cards mainly implement fingerprint-based authentication technology. In 2006, in terms of revenue, fingerprint technology accounted for about 43.6% of all biometric identification / authentication revenues, according to the International Biometric Group. At the beginning of 2009, approximately 20% of all notebooks released were capable of recognizing their owner by a fingerprint. The International Civil Aviation Organization (ICAO) has chosen this technology to authenticate citizens in e-passport projects.
Obviously, SOCs provide the highest level of security for an entity identification / authentication procedure. In this case, the image of the object, the current template and the verification template do not go beyond the scope of the card's microcircuit. However, due to their high cost (the presence of a sensor and a microprocessor on the card), such cards are not yet widely used in the world.
An interesting example of an MOC card with a built-in sensor that operates with a separate microprocessor is the BAI Authenticator Smart Card. A high-confidence card allows an object to be authenticated in 800 ms.
A number of international standards address biometric identification / authentication issues.
BioAPI standard version 2.0, also known as ISO / IEC 19794-1 standard, in accordance with the stage of the biometric identification / authentication process described above, defines:
Another important standard in the field of biometric identification is ANSI X9.84 "Biometric Management and Security for the Financial Services Industry", which is used in the banking industry to identify customers and employees.
Since biometric data is public - an identification / authentication object can be photographed, its voice recorded, a signature copied, fingerprinted, the X9.84 standard formulates requirements for the protection of biometric data in the process of their processing, from the moment of collecting information and ending with its analysis. The standard describes mechanisms for ensuring the integrity and confidentiality of biometric data, as well as authenticating their source at all stages of the biometric information processing process.
The X9.84 standard also defines the format of identification data, the way of storing and accessing verification templates based on the PKI infrastructure that complies with the ANSI X.509 v.3 standard.
Finally, mention should be made of the CBEFF (Common Biometric Exchange File Format) standard, also known as the ISO 19785-1 standard. This standard defines the data format (a set of mandatory and optional elements) used for the exchange of biometric information between programs for processing this information. Thus, the standard enables interoperability between different biometric applications by defining a common language for this interoperability.
As noted, object fingerprint authentication is the most widely used biometric identification / authentication method. The US National Institute of Standards and Technology (NIST) has established that using a certain standard current template obtained from two fingerprints of an object and containing a set of unique characteristics of an object, it is possible to provide FRR and FAR values not higher than 1 % (see below for FRR and FAR), which is sufficient for many access control applications. In this case, the algorithm for finding a match between the current template and the verification template is implemented on a personal computer. The described authentication scheme is called MINEX.
The NIST Institute also developed the MINEX2 scheme, in which a search for a match between the current template and the object's verification template is performed on a map (ISO map). In this case, the ISO / IEC 19794-2 standard is used to represent the data of the current template.
This ensures the same confidence in fingerprint recognition as in the MINEX scheme.
Another approach for using the fingerprint recognition method is based on the ISO 7816-11 and ISO 19794-4 standards. The ISO 7816-11 standard formalizes the procedure for selecting the fingerprint recognition algorithm and the values of the algorithm parameters that determine the reliability of the biometric method (match search depth). The ISO 19794-4 standard defines the data format of the scanned object image. The essence of the approach is to provide the fingerprint recognition module with the maximum set of data (and not the current template) for the selected level of reliability of the object identification / authentication procedure.
Concluding the review of the standards used to identify / authenticate an object, mention should be made of the role of the GlobalPlatform infrastructure, which will be discussed in more detail in Section 2.7. The GlobalPlatform Device Specification, GlobalPlatform Smart Card Management System and GlobalPlatform Card Specification v.2.2 allow you to create a reliable and secure biometric identification / authentication system based on MOC cards. At the same time, the control of the biometric card applet (a program that compares the current template and the template and decides on the result of object authentication) is provided throughout its entire life cycle. This control includes secure loading, installation, personalization of the applet, changing its verification templates and other parameters while using the card. Besides,
The use of biometric methods makes it possible to build a three-factor model of authentication of a person performing a transaction, which increases the security of card transactions. This model is built on the basis of the following security elements:
Instead of the described three-tier model, a two-tier model can be used, the components of which are a microprocessor card and biometric information. This approach can be applied in the case when the card is used by semi-literate and / or elderly people, for whom entering the PIN-code value during the operation is a problem.
Depending on the type of biometric data, the size of the current template can range from 10 Kb (one fingerprint), 15-20 Kb (face drawing) to 30 Kb (iris drawing). When verifying biometric data visually, the size of the template is 1-2 KB when using a face drawing and about 5 KB if using a fingerprint.
With the indicated volumes of biometric information, the speed of data exchange between the card and the terminal becomes critical. This is due to the relatively large size of the current template. For example, to transfer the current iris pattern to a card that supports ISO / IEC 7816-3 at the highest possible data rate (115.2 Kbps) over the T = 0 protocol, it will take about 3 seconds. Real cards can receive this template from the terminal for more than 30 seconds. Therefore, to implement applications that use biometric methods, it is recommended to use cards with a radio and / or USB interface.
The reliability of identification / authentication of an object using biometric methods is usually measured by the TAR (True Accept Rate) value. It represents the probability that the correspondence between the current template and the verification template will be established, provided that the current template is obtained from an object whose template is stored on the card. It should be noted that this probability includes the event associated with the receipt of a low-quality current template. Thus, the TAR value characterizes the reliability of the main processes of biometric identification: the process of obtaining the current template and the process of finding its compliance with the standard. The TAR value is measured as a percentage. In practice, the False Rejection Rate (FRR) value is often used, in addition to TAR and equal to 100% - TAR.
Obviously, the TAR value can be made equal to 100%, if the probability of an error is not limited from above when the algorithm for finding a match between the current template and the object's verification template is running (i.e., the probability of an event that a match between the current template and the template is found when provided that the objects corresponding to the template and the template are different). Usually, the probability of recognizing an incorrect match is called FAR (False Accept Rate) and is limited from above by 0.01%. Table 1.1 shows the TAR values provided that FAR <0.01%.
The TAR values given in the second and third columns of the table. 1.1 are different. The second column corresponds to the case when a single image of the scanned object is “taken” to obtain the current template. The TAR probability values in the case when several object images are used to obtain a template are given in the third column of the table.
It should be noted that the values of FRR and FAR in terms of mathematical statistics are characteristics of the hypothesis selection algorithm and are called, respectively, the probabilities of errors of the first and second kind.
The above values of the sizes of verification templates and the reliability of identification / authentication procedures are typical for use in projects that require high reliability of client authentication (for example, in the project of an electronic passport specified by the International Civil Aviation Organization (ICAO)).
In less "critical" applications, methods that are less expensive in terms of microprocessor memory are used. In such methods, the verification template, depending on the biometric method, can take 0.25-2 KB of memory. At the same time, the reliability of biometric identification is, of course, "worse" than the values given in Table. 1.1.
Chapter 2
GENERAL INFORMATION
MasterCard
^? 9
There are also standards that define communication protocols for contactless cards.
In turn, standards for smart cards are based on a wide range of standards related to information processing. These include standards that determine the list and encoding of characters, the encoding of national currency, cryptographic algorithms, etc.
Finally, since many areas of application of smart cards are demanded by government agencies, for example, maintaining national payment systems, creating a national “electronic” passport, etc., in addition to international standards for smart cards, national and regional standards have been developed.
Due to the slow pace of adoption of international standards, there has been an increase in the number of specifications for smart cards issued by various laboratories, professional communities, trade associations, academic institutions and private firms not affiliated with standards bodies. Such specifications play a useful role in stimulating debate and developing consensus, which then serve as the basis for future international standards.
Smart cards are used in many areas of human activity. Cell phones, access control systems, information security systems, pay TV and the Internet are just a few examples of their uses. It can be expected that for each area of human activity, industry standards will be developed that define the requirements for the smart cards used in them.
Returning to the ISO 7816 standard, we note that it consists of one and a half dozen parts. However, the first five parts of the standard are fundamental and most commonly used:
part 1 "Physical characteristics";
part 2 "Dimensions and arrangement of contacts";
part 3 "Electronic signals and communication protocols";
part 3, amendment 2 "New version of the choice of the type of protocol";
part 4 "Commands of data exchange";
Part 5 “Application ID numbering system and registration procedure”.
The ISO 7816-1 standard expands the list of requirements for identification plastic cards ID-1, adding requirements for the physical characteristics of cards with an embedded chip. It defines the acceptable limits for external influences on the card such as X-rays, ultraviolet radiation, electromagnetic fields, static electricity fields and ambient temperature.
The standard also defines two tests for the flexibility of the microprocessor card: in Fig. 1.8 shows card bending tests, and fig. 1.9 - tests for card rotation.
this edge of the card
Rice. 1.8. Bending tests
Rice. 1.9. Torsion tests
Flexure and torsion tests simulate normal mechanical stress conditions on a card, such as when carrying a card in a wallet. When conducting tests with a microprocessor card, the possibility of damage or breakage of the chip itself or breakage of connections between the microcircuit and the contact pad is investigated. Practical test results have shown that in order to comply with the limitation on resistance to bending and torsion, the area of a square chip should not exceed 25 mm 2 .
The ISO 7816-1 standard sets relatively stringent requirements for the mechanical characteristics of a smart card. The purpose of these requirements is
Chapter 1. BASIC INFORMATION ABOUT PLASTIC CARDS 79
G
MasierCa k
ensure reliable contact between the contacts of the reader and the card. In this case, the contacts of the card should not protrude above its surface by more than 0.1 mm. The card must be strong enough to withstand prolonged deformation when bent, after which, as a result of pressure on the surface of the card, it must return to a flat state.
The ISO 7816-1 standard specifies that a microcircuit has eight electrical contacts located in standard positions on the face of the card. Some of these pins are electrically connected to a chip embedded in the card. Others are not connected to the chip and are not currently used. (See Chapter 2 for pin assignments.) ISO 7816-1 also defines the allowable resistance values for card contacts.
Contact locations and sizes are specified in ISO 7816-2. The contacts are almost always located on the face of the card (that is, the side opposite to the side with the magnetic stripe). However, the ISO 7816-2 standard does not require pins to be located exactly on the front side. Contacts can also be located on the back of the card, provided that they are not in the embossing and magnetic stripe area.
The EMV standard introduces certainty in the arrangement of contacts. The dimensions of the contacts and their location on the card in accordance with EMV are shown in Fig. 1.10.
Rice. 1.10. Smart Card Sizes and Pinouts
As a result, the appearance of the map is as shown in Fig. 1.11.
- 19 mm
- 29 mm
- 54 mm
- 10 mm
- * 1 20 mm
Embossing
- 0.76 mm
- 85.6 mm
The ISO 7816-3 standard begins the description of the logical architecture of a smart card. This standard defines asynchronous communication protocols between the card and the reader.
The ISO 7816-4 standard defines the file structure of a microprocessor card and a set of commands used to communicate between the issuer's terminal and the card.
The ISO 7816-5 standard specifies the structure of the card application identifier, as well as how this identifier and the application provider are registered.
We will refer to the ISO 7816 standard many times in the pages of this book.
EMV specifications appeared in 1996 as a product created jointly by Europay, MasterCard and VISA (the standard was named after the first letters of the names of the companies that created it). The EMV standard is an industry standard governing the operation of a microprocessor card used for cashless payments. EMV is based on the ISO 7816 standard.
Since 1999, the EMV standard has been developed and supported by the forces of a specially created company EMVCo, LLC. Originally founded by MasterCard
^? 9
The clients of this company were the payment systems Europay, MasterCard and VISA. Today the company is equally managed by four payment systems - MasterCard, VISA, JCB and American Express. JCB became a founding member of EMVCo in 2004 and American Express in 2009.
The functions of EMVCo include not only the development of the EMV standard, but also ensuring the compatibility of card applications and devices of various banks. EMVCo provides certification of POS terminals for compliance with EMV specifications (Level 1 & Level 2 Type Approval), as well as certification of CPA and CCD cards for compliance with CPA and EMV standards.
In addition, EMVCo holds the Common Payment Application (CPA), EMV Card Personalization Specification, EMV Contactless Communication Protocol Specification, EMV Entry Point Specification. Finally, the company evaluates the security of the chip and its operating environment in accordance with the EMVCo Security Evaluation Process.
The latest version of the standard to date (EMV 4.2) appeared in June 2008 and consists of four books:
Book 1. Application Independent ICC to Terminal Interface Requirements;
book 2. Security and Key Management;
Book 3. Application Specification;
Book 4. Cardholder, Attendant, and Acquirer Interface Requirements.
Below is a brief summary of each of the books listed.
Book 1. Application Independent ICC to Terminal Interface Requirements. Describes the minimum set of requirements for Integrated Circuit Cards (ICCs) and terminals that enable communication between the terminal and the card regardless of which card application is used.
The book defines the requirements for the electromechanical characteristics of the card (dimensions and arrangement of contacts, the height of the chip module above the surface of the card, characteristics of the power supply, clock frequency, signal for the initial installation of the card, the resistance value between a pair of contacts of the card and the terminal, etc.). The book describes the stages through which the microcircuit of the card passes in the process of performing an operation, from its initialization to deactivation. Book 1 also contains a description of the asynchronous communication protocols between the card and the terminal T = 0 and T = 1.
A separate section of the book is devoted to the description of the file structure of the map, data elements and commands. In particular, it describes the elements and data objects used, the structure of the commands, how to access the application files, the procedure for selecting the card application (Application Selection).
Book 2. Security and Key Management. Describes the minimum set of requirements for the logical security functions of a smart card and electronic terminal used in operations. Book 2 contains a description of procedures for static and dynamic authentication of the card application, encryption of the PIN code, ensuring the integrity and confidentiality of information exchange between the card and the issuer, principles and policies for managing the keys of the card application.
In addition, the book contains a description of the cryptographic algorithms used for signing data, verifying the signature and recovering data from the signature, encrypting data, calculating the values of data integrity control codes (Message Authentication Code), displaying card keys and session keys.
Book 3. Application Specification. Contains a description of the data items, files, and commands associated with executing a transaction. It provides a list of the payment application functions with a description of the data elements and commands used to perform these functions, and also contains a description of the sequence of events and commands that occur during the processing of a transaction.
Book 4. Cardholder, Attendant, and Acquirer Interface Requirements. Contains a description of the types of terminals and their capabilities, as well as the functional requirements for terminals, the fulfillment of which is necessary for the implementation of operations on EMV-compatible cards, and the requirements for the physical characteristics of the terminals. Book 4 describes the architecture of the terminal software, including the principles of data management, requirements for the “terminal - cardholder” and “terminal - servicing bank” interfaces.
The specifications in the book contain the requirements, the fulfillment of which makes it possible to accept magnetic stripe cards and microprocessor cards on a single terminal.
MasterCard
^? 9
Based on the EMV standard, the largest payment systems VISA and MasterCard have released their application specifications for microprocessor cards. At the end of 2009, the latest versions of these specifications implemented on chips are known under the abbreviations M / Chip 4 (MasterCard) and VIS 1.4 (VISA). However, both payment systems have developed new versions of their applications - VIS 1.5 and M / Chip 4 R2 (VIS 1.5 release has already been approved, and M / Chip 4 R2 should be approved by the end of 2009). The first cards supporting these releases are likely to appear in 2010. In addition, the VISA payment system offers its banks specifications for Java applets for their applications, compatible with the GlobalPlatform / Java Card operating environment. The releases of VSDC applets 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6 and 2.7 are known on the market.
It should be noted that the differences in the applications of the leading payment systems are quite noticeable (see Chapter 8 for details). They primarily concern:
- formats and semantics of key data elements (for example, Issuer Application Data, Card Verification Results, Issuer Authentication Data, Application Control, card risk management parameters) used in applications;
- formats of responses to commands. For example, in M / Chip 4, the data in the response to the GENERATE AC, GET PROCESSING OPTIONS, INTERNAL AUTHENTICATE commands are presented in format 2, while in VIS 1.4 the responses to the last two commands must use format 1, and the response to the GENERATE AC command is format 1 for SDA and DDA cards and format 2 for CDA cards;
- card functionality (for example, M / Chip 4 uses a mechanism for verifying the fact of offline authentication of the card application by the terminal, a special additional check of the data of the GENERATE AC command as part of the card risk management procedure, as well as an alternative to the Issuer Script Processing procedure for changing the risk management parameters);
- and even a set of commands used (for example, the EXTERNAL AUTHENTICATE command is used in VIS 1.4, but is not used in M / Chip 4), as well as the way the issuer commands are applied (in VISA cards, the issuer's commands are sent to the card only after it has executed the GENERATE AC command).
Among the standards related to microprocessor cards are the PC / SC Workgroup Specifications, which describe how a personal computer application interacts with a microprocessor card. The microprocessor card is considered today as a general-purpose secure mobile computing platform. Therefore, the need for interaction between the card and the computer is obvious.
In September 1996, the PC / SC Workgroup was created by the manufacturers of computers, software and IPCs, which developed the open PC / SC Workgroup Specifications, which define the model of interaction of a computer program with a microprocessor card. In accordance with this model, several card readers can be connected to a computer using various physical interfaces (for example, RS-232C, PS / 2, PCMCIA, etc.). The model defines a computer software module that controls access to card and reader resources (ICC Resource Manager), as well as modules for providing services to computer applications (ICC Service Provider). These services include performing cryptographic operations, implementing file access methods, authentication, etc.
Today, the PC / SC specifications are widely used in the field of information technology. However, the trend associated with the use of the USB protocol in microprocessor cards as a high-speed means of communication with an external computer indicates that the PC / SC specifications will in the future be replaced by direct interaction of the card with a computer, for example, via TCP / IP (more about this described in section 2.9).
In conclusion, we give a brief overview of the state of affairs in the field of biometric identification / authentication, which should eventually find its application as a means of authentication of the holder of a microprocessor card.
The development of technologies for identification / authentication of a person based on his biometric characteristics began to be dealt with for a long time, in the early 60s. last century. However, the main practitioners of MasterCard
^? 9
tical results have been obtained recently. The power of modern computers and improved algorithms for processing biometric information have made it possible to create products that, in terms of their technical characteristics and prices, have become interesting and accessible to a wide range of users.
Today, for biometric identification of a person (object), the following technologies are most often used, which differ in the type of biometric information used in them:
- fingerprints;
- hand geometry;
- facial features (based on optical and infrared images);
- retina;
- iris of the eyes;
- voice;
- signature.
- scanning an object in accordance with the used biometric technology and obtaining its image;
- extracting from the image of an object its characteristic features that form the current template of the object;
- comparison of the current template with the verification template - the reference image of the object stored in the authentication center of the biometric system. The authentication center can be a microprocessor card;
- making a decision on the result of identification / authentication of the object.
The key point in the procedure for creating the current template is the impossibility of restoring the scanned object image from the current template. The algorithm for creating the current template extracts from the scanned image the characteristic features of the object, which, however, are not enough to restore the scanned image. The one-way function of the algorithm for creating the current template allows you to protect an object from various attacks and to weaken the requirements for scanning devices.
From the point of view of the implementation of the identification / authentication process, there are three types of microprocessor cards that store the verification template:
- Template-on-Card (TOC);
- Match-on-Card (MOS);
- System-on-Card (SOC).
When using the MOS map, the map not only stores the object template, but also compares the current template with the template and decides on the result of object identification / authentication. In this case, only the scanning of the object and the creation of the current template are performed by the external system. The map receives the current object template from the external system.
Finally, in the case of a SOC card, all biometric identification / authentication procedures are performed by the card chip. Obviously, for this, the SOC card must have a sensor that performs scanning of the object.
TOC cards provide the lowest level of security for the identification / authentication procedure. When using them, an attack is possible in which, in the process of transferring the verification template to the external system, the attacker replaces the card template with his own template, thereby achieving a positive result of the identification / authentication procedure for himself. Therefore, the dialogue between the card and the external system must be reliably protected by cryptographic means ensuring the confidentiality and integrity of the dialogue data, as well as mutual authentication of the card and the external system.
When using MOC cards, the attack described above becomes meaningless. ISO maps are becoming the most commonly used maps in systems
MasterCard
^? 9
biometric identification / authentication. They provide a relatively high level of security. MOS cards mainly implement fingerprint-based authentication technology. In 2006, in terms of revenue, fingerprint technology accounted for about 43.6% of all biometric identification / authentication revenues, according to the International Biometric Group. At the beginning of 2009, approximately 20% of all notebooks released were capable of recognizing their owner by a fingerprint. The International Civil Aviation Organization (ICAO) has chosen this technology to authenticate citizens in e-passport projects.
Obviously, SOCs provide the highest level of security for an entity identification / authentication procedure. In this case, the image of the object, the current template and the verification template do not go beyond the scope of the card's microcircuit. However, due to their high cost (the presence of a sensor and a microprocessor on the card), such cards are not yet widely used in the world.
An interesting example of an MOC card with a built-in sensor that operates with a separate microprocessor is the BAI Authenticator Smart Card. A high-confidence card allows an object to be authenticated in 800 ms.
A number of international standards address biometric identification / authentication issues.
BioAPI standard version 2.0, also known as ISO / IEC 19794-1 standard, in accordance with the stage of the biometric identification / authentication process described above, defines:
- control of sensors - physical devices that take biometric data from an object;
- algorithms for processing object images in order to create the current template and template;
- algorithms for finding a match between the current template and the template;
- access control to the template database.
Another important standard in the field of biometric identification is ANSI X9.84 "Biometric Management and Security for the Financial Services Industry", which is used in the banking industry to identify customers and employees.
Since biometric data is public - an identification / authentication object can be photographed, its voice recorded, a signature copied, fingerprinted, the X9.84 standard formulates requirements for the protection of biometric data in the process of their processing, from the moment of collecting information and ending with its analysis. The standard describes mechanisms for ensuring the integrity and confidentiality of biometric data, as well as authenticating their source at all stages of the biometric information processing process.
The X9.84 standard also defines the format of identification data, the way of storing and accessing verification templates based on the PKI infrastructure that complies with the ANSI X.509 v.3 standard.
Finally, mention should be made of the CBEFF (Common Biometric Exchange File Format) standard, also known as the ISO 19785-1 standard. This standard defines the data format (a set of mandatory and optional elements) used for the exchange of biometric information between programs for processing this information. Thus, the standard enables interoperability between different biometric applications by defining a common language for this interoperability.
As noted, object fingerprint authentication is the most widely used biometric identification / authentication method. The US National Institute of Standards and Technology (NIST) has established that using a certain standard current template obtained from two fingerprints of an object and containing a set of unique characteristics of an object, it is possible to provide FRR and FAR values not higher than 1 % (see below for FRR and FAR), which is sufficient for many access control applications. In this case, the algorithm for finding a match between the current template and the verification template is implemented on a personal computer. The described authentication scheme is called MINEX.
The NIST Institute also developed the MINEX2 scheme, in which a search for a match between the current template and the object's verification template is performed on a map (ISO map). In this case, the ISO / IEC 19794-2 standard is used to represent the data of the current template.
This ensures the same confidence in fingerprint recognition as in the MINEX scheme.
Another approach for using the fingerprint recognition method is based on the ISO 7816-11 and ISO 19794-4 standards. The ISO 7816-11 standard formalizes the procedure for selecting the fingerprint recognition algorithm and the values of the algorithm parameters that determine the reliability of the biometric method (match search depth). The ISO 19794-4 standard defines the data format of the scanned object image. The essence of the approach is to provide the fingerprint recognition module with the maximum set of data (and not the current template) for the selected level of reliability of the object identification / authentication procedure.
Concluding the review of the standards used to identify / authenticate an object, mention should be made of the role of the GlobalPlatform infrastructure, which will be discussed in more detail in Section 2.7. The GlobalPlatform Device Specification, GlobalPlatform Smart Card Management System and GlobalPlatform Card Specification v.2.2 allow you to create a reliable and secure biometric identification / authentication system based on MOC cards. At the same time, the control of the biometric card applet (a program that compares the current template and the template and decides on the result of object authentication) is provided throughout its entire life cycle. This control includes secure loading, installation, personalization of the applet, changing its verification templates and other parameters while using the card. Besides,
The use of biometric methods makes it possible to build a three-factor model of authentication of a person performing a transaction, which increases the security of card transactions. This model is built on the basis of the following security elements:
- • a card confirming that the person performing the transaction has some instrument issued by an authorized bank, the authenticity of which is proved during the transaction;
- • PIN-code - a secret shared by the cardholder and the issuer (the issuer may not know the secret, but must be able to verify its correctness), the knowledge of which by the person performing the transaction verifies him as the cardholder;
Instead of the described three-tier model, a two-tier model can be used, the components of which are a microprocessor card and biometric information. This approach can be applied in the case when the card is used by semi-literate and / or elderly people, for whom entering the PIN-code value during the operation is a problem.
Depending on the type of biometric data, the size of the current template can range from 10 Kb (one fingerprint), 15-20 Kb (face drawing) to 30 Kb (iris drawing). When verifying biometric data visually, the size of the template is 1-2 KB when using a face drawing and about 5 KB if using a fingerprint.
With the indicated volumes of biometric information, the speed of data exchange between the card and the terminal becomes critical. This is due to the relatively large size of the current template. For example, to transfer the current iris pattern to a card that supports ISO / IEC 7816-3 at the highest possible data rate (115.2 Kbps) over the T = 0 protocol, it will take about 3 seconds. Real cards can receive this template from the terminal for more than 30 seconds. Therefore, to implement applications that use biometric methods, it is recommended to use cards with a radio and / or USB interface.
The reliability of identification / authentication of an object using biometric methods is usually measured by the TAR (True Accept Rate) value. It represents the probability that the correspondence between the current template and the verification template will be established, provided that the current template is obtained from an object whose template is stored on the card. It should be noted that this probability includes the event associated with the receipt of a low-quality current template. Thus, the TAR value characterizes the reliability of the main processes of biometric identification: the process of obtaining the current template and the process of finding its compliance with the standard. The TAR value is measured as a percentage. In practice, the False Rejection Rate (FRR) value is often used, in addition to TAR and equal to 100% - TAR.
Obviously, the TAR value can be made equal to 100%, if the probability of an error is not limited from above when the algorithm for finding a match between the current template and the object's verification template is running (i.e., the probability of an event that a match between the current template and the template is found when provided that the objects corresponding to the template and the template are different). Usually, the probability of recognizing an incorrect match is called FAR (False Accept Rate) and is limited from above by 0.01%. Table 1.1 shows the TAR values provided that FAR <0.01%.
| Tab. 1.1. TAR values at FAR <0.01% | ||
| Identification method | TAR (one image) | TAR (multiple images) |
| Fingerprint | 99.40% | 99.90% |
| Face drawing | 71.50% | 89.60% |
| Iris of one eye | 98.00% | 99.75% |
The TAR values given in the second and third columns of the table. 1.1 are different. The second column corresponds to the case when a single image of the scanned object is “taken” to obtain the current template. The TAR probability values in the case when several object images are used to obtain a template are given in the third column of the table.
It should be noted that the values of FRR and FAR in terms of mathematical statistics are characteristics of the hypothesis selection algorithm and are called, respectively, the probabilities of errors of the first and second kind.
The above values of the sizes of verification templates and the reliability of identification / authentication procedures are typical for use in projects that require high reliability of client authentication (for example, in the project of an electronic passport specified by the International Civil Aviation Organization (ICAO)).
In less "critical" applications, methods that are less expensive in terms of microprocessor memory are used. In such methods, the verification template, depending on the biometric method, can take 0.25-2 KB of memory. At the same time, the reliability of biometric identification is, of course, "worse" than the values given in Table. 1.1.
Chapter 2
GENERAL INFORMATION
