Encryption of data in smart cards
Anne & Lynn Wheeler
lynn at garlic.com
Wed Mar 12 13:50:06 EST 2003
At 10:39 AM 3/11/2003 +0530, N. Raghavendra wrote:
>Can anyone point me to sources about encryption of data in smart
>cards. What I am looking for is protocols for encrypting sensitive
>data (e.g., medical information about the card-holder), so that
>even if the card falls into malicious hands, it won't be easy to
>read that data.
a lot of cards use derived (symmetric) keys ... similar to the derived key
per transaction X9 standards. they are used to protect data from outside
examination and in multi-function cards to provide protection domains
between the different applications on a card.
typically there is a system wide key that you would find in a secure
terminal (like transit systems) that read data, decrypt it, update it,
re-encrypt it and write it back to the card. this handles situations
involving attacks with fraudulent readers that load fraudulent value on the
card. given the possibility of a brute force attack on the infrastructure
(aka getting the data out of one card, and finding the master system key)
... many systems go to some form of derived keys. They typically amount to
one-way function that combines the system-wide key with something like an
account number from the card that results in the derived key. A brute force
attack on the card data .... will only result in obtaining the
card-specific, derived key .... and not the system-wide master key. All
secured readers, knowing the system wide key and some card identification
can always calculate the derived key for a card.
misc. derived key stuff ...
http://www.garlic.com/~lynn/aadsm3.htm#cstech8 cardtech/securetech & CA PKI
http://www.garlic.com/~lynn/aepay10.htm#33 pk-init draft (not yet a RFC)
http://www.garlic.com/~lynn/2002e.html#18 Opinion on smartcard security
requested
http://www.garlic.com/~lynn/2002f.html#22 Biometric Encryption: the
solution for network intruders?
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list