Types of Chip Cards. CPU/MPU Microprocessor Multifunction Cards. pdf. Identifiers and authentication – Smart Credential Choices To Protect Digital. Smart card is an equipment that comprise of an embedded integrated circuit With an embedded microcontroller, smart card have the idiomatic capability to. A smart card, chip card, or integrated circuit card (ICC) is a physical electronic authorization "Known Attacks Against Smartcards" (PDF). Discretix Technologies.
|Language:||English, Spanish, French|
|Genre:||Health & Fitness|
|ePub File Size:||18.81 MB|
|PDF File Size:||18.62 MB|
|Distribution:||Free* [*Regsitration Required]|
PDF | The article focuses on the evolution of smart cards. Just about anything found in a person's wallet has the potential to be stored on a smart card, including. and Technology iwi. NIST Special Publication Smart Card Technology: New Methods for Computer. Access Control. Martha E. Haykin and Robert B. J. Smart Card. Handbook. Third Edition. Wolfgang Rankl and Wolfgang Effing. Giesecke & Devrient GmbH, Munich, Germany. Translated by. Kenneth Cox.
Two smart card software modules are implemented that run on patient and healthcare professional smart cards respectively. In Finland, for example, the Data Protection Ombudsman prohibited the transport operator Helsinki Metropolitan Area Council YTV from collecting such information, despite YTV's argument that the card owner has the right to a list of trips paid with the card. Confidex smart media. The credit card information stolen from Target in late was one of the largest indicators that American credit card information is not safe. Many countries implement or continue to develop such systems including smart card components.
Skip to main content. Log In Sign Up. Design and implementation of a smart card based healthcare information system. Geylani Kardas. Accepted Manuscript Design and implementation of a smart card based healthcare information system Geylani Kardas, E.
Turhan Tunali DOI: Computer Methods and Programs in Biomedicine Accepted: Geylani Kardas, E. Turhan Tunali, Design and implementation of a smart card based healthcare information system, Computer Methods and Programs in Biomedicine, doi: This is a PDF file of an unedited manuscript that has been accepted for publication. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form.
Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
Smart cards are used in information technologies as portable integrated devices with data storage and data processing capabilities.
As in other fields, smart card use in health systems became popular due to their increased capacity and performance. Their efficient use with easy and fast data access facilities leads to implementation particularly widespread in security systems. In this paper, a smart card based healthcare information system is developed.
The system uses smart card for personal identification and transfer of health data and provides data communication via a distributed protocol which is particularly developed for this study.
Two smart card software modules are implemented that run on patient and healthcare professional smart cards respectively. In addition to personal information, general health information about the patient is also loaded to patient smart card. Health care providers use their own smart cards to be authenticated on the system and to access data on patient cards. Encryption keys and digital signature keys stored on smart cards of the system are used for secure and authenticated data communication between clients and database servers over distributed object protocol.
System is developed on Java platform by using object oriented architecture and design patterns. Access to accurate health data quickly is one of the main functions of these systems. To fulfill these requirements, these systems should contain an information network that acquires processes and stores patient information. There can be many sources that the information related to the patients can be obtained from: The usual way of obtaining relevant patient data is to connect to the hospital database.
In some cases, simultaneous database accesses from different terminals located in examination rooms can cause performance problems due to high data rate. In other cases patient data can be needed in an environment without network connection facility in an ambulance for example or another hospital where patient is not registered. An information network can be established so that patient data can be shared by different hospitals but mostly, factors like different IT and network solutions of hospitals, data security and network infrastructure make realization of such network difficult.
Portable media can play a key role in sharing limited amount of patient specific information, which in turn, may provide important data to a hospital automation system .
Smart cards can be described as portable integrated devices that store and process data. These tiny computers with their own memories and processors have a widespread usage especially in telecommunication and mass-transit systems . Speed, security and portability properties make smart cards a potential tool in healthcare systems.
Many countries implement or continue to develop such systems including smart card components. The system is the first healthcare system which provides nation-wide use of smart cards in health sector [8 and 9]. The United States has been slow to adopt smart card technology since businesses have already invested heavily in the magnetic stripe technology used for credit cards .
However like other sectors, smart card usage in healthcare is beginning to become popular in this country and some state-based solutions are already implemented . In this study, a novel smart card based healthcare system is developed.
The system includes smart card usage in data flow and provides data communication via a distributed protocol that is also developed within the scope of this study. Smart cards are used both for mobile data transmission and security and authentication purposes in the system.
Unlike most of the other studies, in addition to system management data, smart cards of our system contain personal identification and health data.
This feature provides availability of limited but important health information at presence of the card as well as database access if possible. The paper is organized as follows.
Section two gives general specifications of the system. It is followed by the system description and software design in the third section and implementation in the fourth section. Section five includes a status report of the system. Lessons learned and future plans are presented in the sixth section.
Both patients and healthcare professionals have smart cards in SCHS. We had to take into consideration only the local requirements of the hospital due to current non-standardized healthcare system in Turkey. Health information systems in use vary especially in structure of health document and clinical process of those documents.
We mostly concentrated on the first working group studying on information models because work item, called PATCARDS of this group, involves smartcard integration on healthcare systems. A secure channel is established between terminals in examination rooms and card acceptance devices CAD which are connected to those terminals. When a doctor or a patient smart card is inserted in CAD, authentication is assured between card and host computer software by key exchange.
Following proper PIN entrance, smart card session is opened. Database accesses from client terminals are also realized via a developed secure distributed system protocol. Detailed discussion about security issues is given in subsection 3.
In smart card integrated healthcare systems, we should take into account of the following alternatives: Should we put health data on smart card or should we use smart cards just only as a media to access health data already stored on a network in a secure way? We evaluated both alternatives and introduced a hybrid approach in which smart cards are used in the system both as a mobile health data carrier and a security key to access private hospital network.
Keeping all health records in a smart card is currently impossible due to space limitation on smart cards. Even if it were possible, it would causes lack of system management in case of lost or damaged user cards.
On the other hand, considering advanced capabilities of the state of the art smart card technology, use of smart card only as a security key to access health data on a network would waist such capabilities. Maybe the most important disadvantage of such an approach would be seen in medical environments with no network access.
Examination rooms may have no Intranet connection but essential health records of a patient may be urgently needed. Let us consider an emergency situation in which a patient is carried on an ambulance. As it is mentioned before, two types of smart cards exist in system: Both patient personal information and emergency contact information are not PIN protected. Especially, in an emergency condition, it may not be possible to obtain PIN from patient. In such conditions, card provides personal data and contact information without any PIN entry.
Additional data is stored as a memo on card. Last examination information includes last examination date, clinic and doctor data doctor ID, name and surname and summary of examination. Storing database network address on patient smart cards supports distributed hospital database system such that card terminals can dynamically determine patient database for communication purpose. All data on patient card is read-only to doctors except last examination and prescription data.
After every examination, proper inspection and prescription if needed data are written to card by doctors. Card issue and last update dates, again network address of relevant hospital database server and doctor digital signature are stored as system data. Doctor digital signature is a DSA Digital Signature Algorithm private key which provides doctor authentication on system. Each terminal has a connected CAD and they can connect to specific system servers to access databases.
The software running on terminals can open doctor and patient sessions. There must be an open doctor session to accept patients and carry out examinations. Doctor session can only be opened by a doctor smart card. When a doctor card is inserted in CAD, a secure channel is established between host application and smart card.
After mutual authentication, card PIN is requested. If PIN is valid, card session will be successfully opened and terminal application communicates with the remote server over system protocol to get messages for related doctor.
Remote database server address is obtained from smart card. Doctor personal data including DSA private key is temporarily transmitted to application from smart card. This data will be available during doctor session.
Now doctor session is open and host application waits for patient smart cards. So, a patient card can only be accepted when a doctor card is also present in reader. However this can only be possible in CADs with two slots and advanced mutual card authentication capabilities. We have used a single-slotted CAD with a simpler structure.
In our system, opening a doctor session before patient session is sufficient for operation. Figure 1 represents the doctor session. Figure 1 approximately here When an open doctor session condition is satisfied, application can accept patient smart cards and open patient sessions.
Like doctor session, a secure channel is established and mutual authentication is realized when a patient card is inserted on CAD. Entered PIN is validated and remote messages for patient are received in same manner. Using system private distributed protocol, terminal receives requested data from clinic server in an encrypted form.
Data is encrypted with patient DES key and to decrypt it on client side, terminal needs same DES key stored on patient smart card. In addition to general health information, decrypted clinic specific patient health data are displayed.
Reverse procedure will be carried out on the server side: Notice that the required DES and DSA keys are obtained from hospital central database on server side using database network addresses sent from client terminal. Data update on clinic database is completed if everything is in order.
Result of remote process is returned to terminal and patient session is closed. Figure 2 demonstrates patient session. Figure 2 approximately here After examination, patient will apply to system administration unit to record new inspection and prescription data stored on smart card to hospital database and to realize prescription approval. Basically that unit is responsible to manage hospital database.
However in such a system, client software components will completely depend on database server and related database software. To overcome the dependency problem, instead of the clients directly being involved in database related processes, an extra control structure is added to manage queries.
This lets each component to be designed independent of the others and provides software reusability. In MVC pattern, view components communicate with system data model by means of a controller mechanism.
So, client applications only include view components user interfaces such as forms, dialogs, etc. Java RMI technology lets distributed remote objects to communicate with each other without depending on network infrastructure. Authentication of client for that operation and data update are performed by that remote object.
Implementation of MVC pattern and RMI also provides digital signature and data encryption key usage in system authentication and data security respectively. One of the important aims of the system is to access clinic databases in a secure and authenticated way in which smart cards play an active role.
Data is transmitted as encrypted and signed on protocol. RMI has already facilities like object serialization and parameter marshalling on its channel so encapsulated data are not purely transferred. Figure 3 shows whole system architecture with components.
This package contains both the Java card applet and model classes to hold patient data discussed in section 2. This software manages bytes of patient data. Applet class and it communicates with off- card smart card applications to serve patient data in a secure way. It is called tr. OCF is expected to be integrated in most of the smart card based healthcare solutions . Smart card client package running on client computer carries out both doctor and patient smart card communication. Thus, user interface components can use prepared objects provided by this package especially in APDU byte vector formation without struggling with limited smart card data structure conversions.
Hence this client software bridges the gap between graphical user interface components and on-card applications as it could be seen in data flows 1 and 2 given in Figure 3. Object model of this client software is shown in Figure 5. User interface components access card data over those objects without striving for APDU communication. Therefore it could be processed in interface components in a very simple way.
As it is mentioned before, client computers do not contain any software component which is responsible to access databases and perform queries. Remote objects fulfill those operations instead of client software. Client software only contains user interface components instances of Java Foundation Classes and forms view layer of MVC architecture. Card terminals in a department take service from RMI servers located in the same department.
Remote objects, whose methods are called by clients, exist on those servers. RMI server application creates objects with remote interfaces and registers them to RMI registry on server.
When a client object wants to use a remote method, it first connects to the RMI registry on server and obtains interfaces of relevant remote objects. Then they can call remote methods by using those interfaces according to RMI protocol .
Stub prepares data and sends it to remote object. Object controls authentication of client, decrypts data, prepares proper query and updates data on remote database. Operation result or exception if occurred is returned to client over the same channel. So, all control and database connection operations are abstract to clients. Remote objects on RMI servers fulfill those operations on behalf of clients and form controller layer of MVC architecture of the system. Relational model of the central database is given in Figure 6.
Allergies, surgical operations, immunizations, medications and former diseases are stored in corresponding database tables with their unique IDs. IDs have been generated automatically during system implementation except in medications.
Barcode number on each medication is given to the related medication as its system ID.
This record is associated with the related patient and the disease via their unique IDs. As it is mentioned before, clinic based patient data are stored on separate clinic databases to provide both flexibility and modularity of the system.
Due to non-standard form of the information systems and database structures used in clinics of many hospitals as in the Ege University Hospital, our design seems most appropriate. So, smart card terminal applications communicate with those remote objects and doctors can access the local patient data during examination as described in above sections.
Model is completely independent from use and view of data. So, databases form the model layer of the MVC architecture. Controller components map proper bean objects to tables of those databases. Hence, transmission of data is realized over secure protocols both in smart card and remote database communications. These secure communications are discussed here in detail. This involves comparing keys, which are stored in a key file.
The real value of the mother key is provided by the card manufacturer with the card. Every smart card session begins with authentication stage in which both entities perform the check: After successful authentication, a secure communication channel is established between the two entities.
Given PIN is checked by smart card itself and successful entry opens the card session. Some disk encryption systems , such as Microsoft's BitLocker , can use smart cards to securely hold encryption keys, and also to add another layer of encryption to critical parts of the secured disk.
GnuPG , the well known encryption suite, also supports storing keys in a smart card. Smart cards are also used for single sign-on to log on to computers. Smart cards are being provided to students at some schools and colleges. Smart health cards can improve the security and privacy of patient information, provide a secure carrier for portable medical records , reduce health care fraud , support new processes for portable medical records, provide secure access to emergency medical information, enable compliance with government initiatives e.
Smart cards are widely used to encrypt digital television streams. VideoGuard is a specific example of how smart card security worked. The Malaysian government promotes MyKad as a single system for all smart-card applications. MyKad started as identity cards carried by all citizens and resident non-citizens. Available applications now include identity, travel documents, drivers license, health information, an electronic wallet, ATM bank-card, public toll-road and transit payments, and public key encryption infrastructure.
Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to be tamper resistant.
The chip usually implements some cryptographic algorithm. There are, however, several methods for recovering some of the algorithm's internal state. Differential power analysis involves measuring the precise time and electric current required for certain encryption or decryption operations.
This can deduce the on-chip private key used by public key algorithms such as RSA. Some implementations of symmetric ciphers can be vulnerable to timing or power attacks as well.
Smart cards can be physically disassembled by using acid, abrasives, solvents, or some other technique to obtain unrestricted access to the on-board microprocessor.
Although such techniques may involve a risk of permanent damage to the chip, they permit much more detailed information e. The benefits of smart cards are directly related to the volume of information and applications that are programmed for use on a card. Multi-factor and proximity authentication can and has been embedded into smart cards to increase the security of all services on the card.
For example, a smart card can be programmed to only allow a contactless transaction if it is also within range of another device like a uniquely paired mobile phone. This can significantly increase the security of the smart card. Governments and regional authorities save money because of improved security, better data and reduced processing costs. These savings help reduce public budgets or enhance public services.
Individuals have better security and more convenience with using smart cards that perform multiple services. For example, they only need to replace one card if their wallet is lost or stolen. The data storage on a card can reduce duplication, and even provide emergency medical information. The first main advantage of smart cards is their flexibility.
Smart cards have multiple functions which simultaneously can be an ID, a credit card, a stored-value cash card, and a repository of personal information such as telephone numbers or medical history. The card can be easily replaced if lost, and, the requirement for a PIN or other form of security provides additional security from unauthorised access to information by others.
At the first attempt to use it illegally, the card would be deactivated by the card reader itself. The second main advantage is security. Smart cards can be electronic key rings, giving the bearer ability to access information and physical places without need for online connections.
They are encryption devices, so that the user can encrypt and decrypt information without relying on unknown, and therefore potentially untrustworthy, appliances such as ATMs. Smart cards are very flexible in providing authentication at different level of the bearer and the counterpart. Finally, with the information about the user that smart cards can provide to the other parties, they are useful devices for customizing products and services.
Smart cards can be used in electronic commerce , over the Internet, though the business model used in current electronic commerce applications still cannot use the full potential of the electronic medium.
An advantage of smart cards for electronic commerce is their use customize services. For example, in order for the service supplier to deliver the customized service, the user may need to provide each supplier with their profile, a boring and time-consuming activity.
A smart card can contain a non-encrypted profile of the bearer, so that the user can get customized services even without previous contacts with the supplier. The plastic or paper card in which the chip is embedded is fairly flexible. The larger the chip, the higher the probability that normal use could damage it. Cards are often carried in wallets or pockets, a harsh environment for a chip and antenna in contactless cards.
However, for large banking systems, failure-management costs can be more than offset by fraud reduction. The production, use and disposal of PVC plastic is known to be more harmful to the environment than other plastics.
If the account holder's computer hosts malware , the smart card security model may be broken. Malware can override the communication both input via keyboard and output via application screen between the user and the application. Man-in-the-browser malware e. Banks like Fortis and Belfius in Belgium and Rabobank " random reader " in the Netherlands combine a smart card with an unconnected card reader to avoid this problem.
The customer enters a challenge received from the bank's website, a PIN and the transaction amount into the reader. The reader returns an 8-digit signature. This signature is manually entered into the personal computer and verified by the bank, preventing point-of-sale-malware from changing the transaction amount. Smart cards have also been the targets of security attacks. These attacks range from physical invasion of the card's electronics, to non-invasive attacks that exploit weaknesses in the card's software or hardware.
The usual goal is to expose private encryption keys and then read and manipulate secure data such as funds. Once an attacker develops a non-invasive attack for a particular smart card model, he or she is typically able to perform the attack on other cards of that model in seconds, often using equipment that can be disguised as a normal smart card reader.
Tamper-evident and audit features in a smart card system help manage the risks of compromised cards.
Another problem is the lack of standards for functionality and security. From Wikipedia, the free encyclopedia. This article's lead section does not adequately summarize key points of its contents.
Please consider expanding the lead to provide an accessible overview of all important aspects of the article. Please discuss this issue on the article's talk page. June Further information: See also: Contactless payment.
Main article: Contactless smart card. Main articles: Contactless smart card and Credit card. List of smart cards.
This section needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: Retrieved Cambridge University Press. Computerworld honors. Archived from the original on 3 March Retrieved 13 February Retrieved 29 July The Rakyat Post.
Toppan Printing Company. Archived from the original on Identification cards — Integrated circuit cards — Part 2: Cards with contacts — Dimensions and location of the contacts. Secure Technology Alliance. Retrieved 7 August A las pruebas me remito in Spanish. The electronic DNI has died: January 3, Retrieved March 20, Retrieved August 6, Retrieved 24 September Retrieved 24 April The Age.
A systematic literature review". Journal of Biomedical Informatics. Elsevier BV. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Discretix Technologies Ltd. Retrieved February 20, Home web for The Berlin Group. The Berlin Group. Rankl, W.
Effing Smart Card Handbook. Guthery, Scott B. Jurgensen SmartCard Developer's Kit. Macmillan Technical Publishing. Credit , charge and debit cards. Cash advance Charge-off. Grace period Introductory rate Universal default. Card not present transaction Chargeback Controlled payment number Dispute. Interchange fee Surcharge Card scheme. Card security code Chargeback fraud Credit card fraud Credit card hijacking. Smart cards in China. CRBE Pass. Smart cards in Japan. Edy nanaco Taspo Waon.
Osaifu-Keitai Mobile Suica. Broadcast encryption and digital rights management. Card sharing FTA Pirate decryption. EuroCrypt Videocipher VideoCrypt. See also free-to-view and pay television. Authority control BNE: XX BNF: Retrieved from " https: Hidden categories: Namespaces Article Talk. Views Read Edit View history.
In other projects Wikimedia Commons.