Making inroads in security, smart cards have gained market momentum with the passing of federal programs and clear advantages of multiple technology credentials. Multi-technology credentials and multi-function applications bring convenience, security and safety to an ever growing range of applications.
Schools are one vertical market where you are seeing the smart card application in wide use. Smart cards are used worldwide as campus IDs at colleges and universities, often combining access, identification and payment functions. Uses can include:
• Parking access.
• Guard tour.
• Academic Building Access.
• Faculties Management Access.
• Event Access.
• Dorm Access.
• Library and Network Access.
• Book Store purchases.
• Vending machines.
• Local Community participating vendor transactions.
• Spot check identity verification.
A Typical Smart Card Deployment
Eastern Illinois University is using smart cards in its Panther Card Program. With the credential having a computer chip on the front surface of the card and a magnetic stripe on the back, the combination allows for multiple functions with just one card. It serves the following functions at present and new applications may be added in the future.
Identification: The Official University Identification card, which is required for all students, staff and faculty.
Cash: Smart Chip technology brings the convenience of electronic cash for on-campus purchases.
Checking: A Unique partnership with First Mid Illinois Bank, designed to bring the best possible financial services to students and staff.
Dining: The card provides access to the university meal plan options - Meal swipes and Dining Dollars.
With the smart card market poised for 30% growth over the next five years (Frost & Sullivan), the issue of balancing security with usability has moved to the forefront. This month's offering of case histories, new products and experts will give you additional insight into multi-technology credentials.
Protecting the Data
While smart card technology brings numerous advantages, security still represents a significant issue. Security Dealer interviewed Paul Kocher, president and chief scientist, Crytpography Research, regarding encryption solutions to this problem.
SD: What is the background of Cryptography Research?
Paul Kocher: Cryptography Research Inc. specializes in solving complex data security problems. In addition to security evaluation and applied engineering work, CRI is actively involved in long-term research and technology licensing in areas including tamper resistance, content protection, network security, and financial services.
SD: What is CRI's role in smart card security? What issues does your company address?
CR: We provide technology and services used by companies that make smart cards. Our job is to help improve the cryptographic and physical security of the cards. One area that is a particular focus is making sure that smart cards are protected against power analysis attacks, which are the digital equivalent to picking a combination lock using a stethoscope.
SD: What are the defacto encryption standards for smart cards, and how do they differ or what are their similarities to other encryption schemes such as that used on proximity and magstripe access control credentials?
CR: Proximity cards and magnetic stripes generally do not use any encryption at all. As a result, anyone who can gain access to the credential can copy it.
For smart cards, there are two main classes of cryptographic algorithms that are used:
• Symmetric, or secret-key, algorithms use the same key in the card and the verification device. These methods reduce the cost of the card slightly, but require that each accepting device be able to communicate with a secure server that can verify the card. Virtually all products using symmetric cryptography use either AES or triple DES (3DES), which are U.S. Government standards and are extremely secure