Smart Cards in Access Control

?Access control refers to the process of granting access to certain entities or persons and refusing access to others. Access used to be primarily physical and was controlled via gates, locks, and security guards. Keys, passwords, PIN numbers and...


?Access control refers to the process of granting access to certain entities or persons and refusing access to others. Access used to be primarily physical and was controlled via gates, locks, and security guards. Keys, passwords, PIN numbers and encryption are all currently commonplace mechanisms for limiting access to valuables, files and other forms of data. As we've evolved, access control has moved to new technologies, including the technology of smart cards.


?Understanding Smart Cards
Smart cards generally look like credit cards. What makes the smart card different from an ordinary plastic card is the technology embedded in it that makes it "smart," provides storage capacity of 1K to 64K and enables it to be used in controlling access by identifying and authenticating the user.


In addition to memory or a microprocessor chip, smart cards incorporate RAM, ROM, EEPROM and a serial communications interface. They provide secure information storage and information processing; they respond to tampering by inhibiting the output function. Generally, a secure microprocessor chip is embedded in the smart card. The microprocessor chip is capable of implementing a secure file system, computing cryptographic functions and detecting invalid access attempts.?


The smart card processing unit implements a hierarchical file system on the non-volatile memory of the card and a set of access and control operations for both the card and the file system. The hierarchical file system supports a special root (master) directory file, optional sub-directory (dedicated) files and data (elementary) files according to ISO 7816-4. The identifiers of all files from the master file down to a specific file unambiguously identify the specific file. The three categories of files all contain control information such as the file identifier, file name and record specifications.?


Smart cards implement three levels of logical access control. The first level includes the association of a set of privileges with a user's password and the ability to control access to files on the card based on those privileges. The second level is the ability to detect and respond to a sequence of invalid access attempts. The third level is the "logic channel" that constitutes a logical link between the host system and a file on the smart card.????


Smart cards are dependent on an outside power source provided by a reader interface. Therefore, any information held in conventional RAM is lost every time the card is removed from the reader. The microprocessor uses only a few hundred bytes of RAM for working transactions. ROM contents are fixed in the chip when it is manufactured. Data that is unalterable resides in EEPROM between 1K and 16K.??????????????????????????????????????????????????????????????????????????????????????????


Types of Smart Cards
Contact smart cards. A contact smart card has a single, embedded integrated circuit chip that contains either just memory or memory plus a microprocessor. This chip and/or microprocessor takes up only a small portion of the card and is protected by a plastic cover or emblem.?


Cards with memory-only chips have a limited amount of logic circuitry for control and security and contain non-volatile memory. These cards' chips can hold from 103 bits to 16,000 bits of data. Generally less expensive than cards containing microprocessors, memory smart cards have a corresponding decrease in data management security. All memory smart cards require a card reader and depend on the security of the card reader for their processing.?


Cards with microprocessor chips contain an "intelligent" controller that is used for the secure addition, deletion, modification, and updating of information contained in the memory. The more sophisticated the microprocessor chip, the more sophisticated the features for protecting the memory from unauthorized access.


This content continues onto the next page...