Encryption of data in smart cards

Anne & Lynn Wheeler lynn at garlic.com
Wed Mar 12 13:50:06 EST 2003 

At 10:39 AM 3/11/2003 +0530, N. Raghavendra wrote:
>Can anyone point me to sources about encryption of data in smart
>cards. What I am looking for is protocols for encrypting sensitive
>data (e.g., medical information about the card-holder), so that
>even if the card falls into malicious hands, it won't be easy to
>read that data.

a lot of cards use derived (symmetric) keys ... similar to the derived key 
per transaction X9 standards. they are used to protect data from outside 
examination and in multi-function cards to provide protection domains 
between the different applications on a card.

typically there is a system wide key that you would find in a secure 
terminal (like transit systems) that read data, decrypt it, update it, 
re-encrypt it and write it back to the card. this handles situations 
involving attacks with fraudulent readers that load fraudulent value on the 
card.  given the possibility of a brute force attack on the infrastructure 
(aka getting the data out of one card, and finding the master system key) 
... many systems go to some form of derived keys. They typically amount to 
one-way function that combines the system-wide key with something like an 
account number from the card that results in the derived key. A brute force 
attack on the card data .... will only result in obtaining the 
card-specific, derived key .... and not the system-wide master key. All 
secured readers, knowing the system wide key and some card identification 
can always calculate the  derived key for a card.

misc. derived key stuff ...
http://www.garlic.com/~lynn/aadsm3.htm#cstech8 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aepay10.htm#33 pk-init draft (not yet a RFC)
http://www.garlic.com/~lynn/2002e.html#18 Opinion  on smartcard security 
requested
http://www.garlic.com/~lynn/2002f.html#22 Biometric Encryption: the 
solution for network intruders?
--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list