CertiGuide to Security+ - 3.2.4.6 Smartcards

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like this CertiGuide? Get it in PDF format!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!

Get It Here!

CertiGuide to Security+
9 Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9 3.2  Media
           9 3.2.4  Removable Media

3.2.4.5 Flashcards

3.3 Security Topologies

3.2.4.6 Smartcards
(Page 1 of 3)

A smartcard is “a small device, about the size of a credit card, which contains electronic memory and possibly an embedded integrated circuit (IC), which allows them to do a small amount of processing. Smartcards containing an IC (a.k.a. microprocessor) can cost 3-6 times more than non-IC cards, and are sometimes called Integrated Circuit Cards (ICC’s).”³¹⁷ Much like flash memory, to access the data on a smartcard, you insert the card into a device known as a smart card reader.

Figure 34: Smart Cards combined with Biometrics deliver a high degree of security.
Photo courtesy of the good folks at nexwatch.com © 2002 netwatch.com.

[spacer] Smartcards Compared to Flashcards

In contrast to flash memory, smart card storage capacity is very small, generally ranging from 8K to 32K. No, this isn’t much at all! And this is complicated by the fact that if you have a programmable card, the available storage often must hold both your program code and the data you wish to store.

Smartcards can be used for a variety of purposes, including storage of personal data like medical records, newer cell phone configuration information, management of passwords and digital certificate data, electronic “cash” (school dining credits, department store gift cards, etc), access control (the widely used “card key”) and generating network authentication information (using a one-time password instead of a fixed password every time you login).

Smartcard

A smartcard is a small, credit card sized device that contains memory and sometimes an IC that allows the card to do some processing, like encryption or calculation of a password.

Smartcards containing an IC (processor) cost more than smartcards containing only memory.

Smartcards are often used for access control (“card keys”) and authentication (generating secure one-time passwords). They can also be used to store “electronic cash” (such as school dining credits) and digital certificate data.

It is estimated that as of the end of 1999, more than 1.5 billion smartcards were in use worldwide. They are managed by smartcard life cycle management software, which is generally obtained from a different source than the smart cards themselves, such as Bellid³¹⁸ or Litronic³¹⁹. Because the capabilities of smartcards differ so substantially, you need to look at a variety of areas when evaluating smart cards, including security features, supported applications, storage capacity, and standards supported, data access controls, processor support, programming methods and algorithms supported.

Security features on smartcards, in addition to the embedded memory and possible IC, may include pictures, biometric data storage, bar codes, a magnetic stripe (as in credit cards) and even a very small antenna (for wireless communication that doesn’t require the card surface actually contact the reader).

Additionally, the chip, by virtue of being embedded in the card, is tamper-resistant. Typically each card has its own serial number³²⁰.

[spacer] One Smartcard, More Than One Memory Type

An interesting aspect of smartcards is that they may contain more than one type of memory, for security purposes. For example, memory is either read only, or read/write. And within each of these types, are other types: memory which can be accessed without providing credentials (“public”), memory that can be accessed without a PIN but with other access controls (“scratch pad”), memory that can only be accessed with a PIN (“private”), “emergency” memory that can be written to or read from even after the card’s preset expiration date.

__________________

317. “Smart Card”, http://www.webopedia.com

318. http://www.bellid.com/

319. http://www.sspsolutions.com/solutions/government

320. “Smart Card Basics”, http://www.gemplus.com/basics/index.html

3.2.4.5 Flashcards

3.3 Security Topologies

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.