DRIVERLESS CAR

Submitted by,
Pallavi Nalawade

Under the guidance of

Dr. Vinodpuri Gosavi

In partial fulfillment of the award of

Master of Technology (Electronics & Telecommunication Engineering)

Department of Electronics & Telecommunication Engineering Maharashtra

Institute of Technology,
Aurangabad (Maharashtra)
2020-2021
 CERTIFICATE

This is to certify that the project report entitled “Driverless Car”, submitted by Pallavi Ajinath
Nalawade is the bonafied work completed under my supervision and guidance in partial
fulfillment for the award of Master of Technology (Electronics & Telecommunication
Engineering) of Dr. Babasaheb Ambedkar Marathwada University, Aurangabad (M.S.).

Place: Aurangabad
Date:

Dr. Vinodpuri Gosavi Mrs. S. V. Varma Dr. G. S. Sable

Guide Project Co-Ordinator Head of Department

Dr. S. P. Bhosle
Principal
Maharashtra Institute of Technology
Aurangabad (M.S.) – 431 005
CONTENTS

CHAPTERS TITLE PAGE NO

List of Figures I
List of Tables I
Abstract II
1. INTRODUCTION 1
1.1 Introduction 1
1.2 Need of project 2
1.3 Objective of project 3
2. LITERATURE SURVEY 3
2.1 Smart card security technology 4
2.2 Strong Authentication Using Smart Card Technology for Logical 5
Access 7
2.3 Smart Card Security; Technology and Adoption
3. SYSTEM MODELING 11
3.1 Impact of covi-19 on smart card 11
3.2 Types of Smart Card 14
3.3 Smart Card operating system 19
4 Proposed Model 30
5. CONCLUSION
4.1 Advantages 35
4.2 Disadvantages 35
4.3 Conclusion
References
Acknowledgement
List of Figures

Sr. No. Illustration Page No.

2.1 Paper 1 4
2.2 Paper 2 5
3.1 Impact of covid-19 on smart card 19
3.2 Types of Smart Card 22
3.3 Card operating System 23
3.4 Smart Card Dimensions 25
3.5 Smart Card Features 26
3.6 Security Information 27
3.7 How smart cards are used 28
4.1 Competitive Analysis 32
4.2 Access control components 34
5.1 Advantages 35
5.2 Disadvantages 35
ABSTRACT
Newly, smart card technology is being used in a number of ways around the world, on the
other hand, security has become significant in information technology, especially in those
application involving data sharing and transactions through the internet. Furthermore, researches
in information technology acceptance have identified the security as one of the factors that can
influence on smart card adoption. The business for smart card specific to telecommunications,
healthcare verticals is less affected compared to other verticals. The expansion in the market size
could be seen due to the growing medical sector in the medium to long term. The upsurge of
health care data brings up new challenges in providing efficient patient care and privacy. Smart
cards solve both challenges by providing secure storage and easy distribution of data. The smart
card market witnessed a considerable decline in 2020 as a result of COVID-19, but the market
has a huge potential as the region has major manufacturing and assembling plants, which could
be an opportunity for players in the smart card market after it recovers from the COVID-19 crisis
by 2023.
Key words: Smart Card, Security, Adoption/Acceptance, Satisfaction, Privacy, Non-
repudiation, Authentication, Integrity, Verification, Information
 INTRODUCTION

1.1 Introduction
A smart card is a device that includes an embedded integrated circuit chip (ICC) that can
be either a secure microcontroller or equivalent intelligence with internal memory or a
memory chip alone. The card connects to a reader with direct physical contact or with a
remote contactless radio frequency interface. With an embedded microcontroller, smart
cards have the unique ability to store large amounts of data, carry out their own on-card
functions (e.g., encryption and mutual authentication) and interact intelligently with a
smart card reader. Smart card technology conforms to international standards (ISO/IEC
7816 and ISO/IEC 14443) and is available in a variety of form factors, including plastic
cards, fobs, subscriber identity modules (SIMs) used in GSM mobile phones, and USB-
based tokens.
Smart cards – in the form of credit cards and SIM cards - are the most common form of
IT processing power on the planet.
It's is estimated that between 30 to 50B smart cards are in circulation today. The smart
card has a microprocessor or memory chip embedded in it that, when coupled with a
smart card reader, has the processing power to serve many different applications. In the
last three decades, these tools, more than any other technology, have quietly taken us all
into a virtual world.

History:

Roland Moreno patented the memory card in 1974. By 1977, three commercial
manufacturers Bull CP8, SGS Thomson, and Schlumberger started developing smart card
products.

In March 1979, Michel Hugon from Bull CP8 was the first to design and develop a
microprocessor-based card combining a processor and local memory. He invented
the computerized smart card.
 1979: early developments for the banking sector
 1995: first SIM cards
 1999: first national eID card (Finland ID)
 1999: first smart cards for transport
 2001: The Department of Defense first issued Military CAC credentials for
physical access control and secured logical authentication
 2003: Micro-SIM launched
 2005: first ICAO-compliant electronic passport (Norway passport)
1
  2012: Nano-SIM introduced
 2018: first biometric contactless payment card, eSIM, launched (thickness is <1
mm or 0.039 in)
 2019 First 5G SIM available

Features of Smart Card:

1. Smart cards provide ways to securely identify and authenticate the holder and
third parties who want to gain access to the card. A PIN code or biometric data
can be used for authentication.

2. They also provide a way to securely store data on the card and protect
communications with encryption.

3. Smart cards provide a portable, easy-to-use form factor.

1.2 Need of Project:

 The project is a security system developed to avoid unauthorized access to any
connected device.

 The system uses smart card technology to identify the authorized person.

 This project is designed to gain access to an area or control a device by using a

valid smart card only.
1.3 Objectives:

 Advance smart card technology for seamless use of multi-application cards.

 Harmonize smart card-based infrastructure across sectors.
 Which payment system using smart card are popular and which are likely to gain
acceptance
 To mitigate ground challenges
 To create secure, IT ecosystem for financial viability of the scheme
 To provide high physical security for the data stored in the card.
2. LITERATURE SURVEY

2.1 Paper-1

Paper name: Smart card security technology.

Author: Hamed Taherdoost

Publish year: 2011

Publish on: IEEE International Conference on Granular Computing

Newly, smart card technology are being used in a number of ways around the world, on
the other
hand, security has become significant in information technology, especially in those
application involving data sharing and transactions through the internet. Furthermore,
researches in information technology acceptance have identified the security as one of the
factor that can influence on smart card adoption. This research is chiefly to study the
security principals of smart card and assess the security aspects’ affect on smart card
technology adoption. In order to achieve this purpose, a survey was conducted among the
640 university students to measure the
acceptance of smart card technology from security aspects.

2.2 Paper-2

Paper name: Strong Authentication Using Smart Card Technology for Logical Access

Author: Smart Card Alience

Published Year: Nov 2012

Published on: JOURNAL OF IEEE ACCESS

The Smart Card Alliance is a not-for-profit, multi-industry association working to

stimulate the understanding, adoption, use and widespread application of smart card
technology. Through specific projects such as education programs, market research,
advocacy, industry relations and open forums, the Alliance keeps its members connected
to industry leaders and innovative thought. The Alliance is the single industry voice for
smart cards, leading industry discussion on the impact and value of smart cards in the
U.S. and Latin America.
Smart card technology has advanced over the last 30 years: storage and processing
capabilities are improved, security has been enhanced, the management software has
matured, contactless technologies are available, and multiple applications can now be
integrated on a card. Smart cards now support a variety of the logical access applications
used by organizations, including network logon, one-time passwords (OTPs), virtual
private network (VPN) authentication, e-mail and data encryption, digital signatures,
enterprise single sign-on, secure wireless network logon, and biometric authentication.
Today, smart cards can play an essential role in the security backbone of an
organization’s identity management architecture, supporting the strong authentication
required to validate individuals accessing networked resources and providing a critical
first step in protecting against intruders.
Identity proofing is the method by which an individual proves their identity to an
identity provider and the identity credential issuer. The identity proofing process requires
significant human involvement and takes a long time. Therefore, rather than repeating the
effort for each logical or physical access attempt, the relying party issues a credential that
links to a digital identity for the individual and that can be electronically validated for
future access requests. An identity proofing process of some kind occurs millions of
times every day for people across the globe. Throughout the course of their lives, most
people hold multiple identity credentials, each with a different purpose and a different
renewal schedule.

2.3 Paper-3

Paper name: Smart Card Security; Technology and Adoption

Author: Shamsul Sahibuddin, Neda Jalaliyoon

Published Year: Aug 2004

Published on: International Conference on Instrumentation, Communications,
Information Technology

Smart cards are mostly used in security applications. Smart cards offer much higher
security compared to basic printed cards, and even magnetic stripe cards. Smart cards are
often used to prove identity, control access to protected areas, or guarantee payments.
The reason for high security in smart cards is due to the fact that the users of the system
are given access to the smart card. The security element is put into the hands of the users,
and is therefore open to attacks from hackers, clever outsiders, malicious insiders, or even
dedicated and well-funded enemies. The memory technology used in smart cards has an
influence on security, both in the card and in the overall system. Some memory
technologies have characteristics that make them particularly secure or insecure. Smart
cards also include other security measures such as holograms, security overlays,
guilloche printing, micro-printing, optically variable printing.
The system design should take into account the accessibility of data in transit and
protect it accordingly or design the transport protocol such that tampering will not affect
the overall system security. Some actions can physically secure the card terminal. For
example, building card terminal into a wall then some equipment such as motorized smart
card reader with shutter guaranties the security of card. Placing the smart card reader and
communications link in a secured environment can physically protect them.
There are several reasons one requires security in a smart card system. The principles
being enforced are namely; Privacy, Non-repudiation, Authentication, Integrity,
Verification. Smart cards use different encryption algorithms to implement these
principles. In some cases, a single mechanism can provide a number of security services.
For example, a digital signature can provide data integrity with source authentication and
non - repudiation. Most of this security needs require key management, which provides
the policies and procedures required for establishing secured information exchange, and
public key infrastructure (PKI) plays a big role. PKI includes data encryption to ensure
confidentiality, digital certificates to provide authentication, and digital signatures to
prove the transaction was completed by the originator without intervention or error . In
the following sections, we will describe the mechanisms use in smart cards to enforce
these principles: Privacy The act of ensuring the nondisclosure of data between two
parties from third party is privacy. More research on privacy and security is needed
before such a card comes into being, since the more personal and varied the information
stored on an individual’s smart card, the greater the potential for privacy loss when that
card is accessed. But even in their current incarnation, smart cards support an impressive
variety of applications, and are expected to support more as they become smaller, cheaper
and more powerful. Symmetrical cryptography and asymmetrical cryptography are used
to assure privacy. Depend on the application of cards, different processes are needed. In
spite of many physical resources, implement of multiple algorithms is impossible. Single,
standard, algorithm will be used. For symmetric key cryptography this will almost
certainly mean DES (FIPS 46-3) or maybe triple DES (ANSI X9.17) and for
asymmetric cryptography the typical algorithm of choice will be RSA . In the future there
might be moves towards using the AES (FIPS 196) as a replacement for DES, but this is
not likely any time soon. o Symmetrical Cryptography: For encrypting plain text into
enciphered text and decrypting enciphered text back into plain text the symmetrical
cryptography uses single key. To encrypt and decrypt the message the same key is used
by symmetrical therefore symmetrical cryptography is termed symmetrical. DES is
utilizable on smart card software and it is fast algorithm (FIPS 46-3). The defect of
Symmetrical encryption is the both partners need to recognize the key. For securely
transferring keys to cardholders, writing a des key at card personalization time is the
typical manner. If it is not possible the asymmetrical cryptography, that is explained
blow, must be used. o Asymmetrical Cryptography: In 1976, the idea of splitting the
encryption/decryption key instead of sharing a common key was first proposed in an
article by W. Diffie and M.E. Hellman entitled “New Directions in Cryptography”. This
idea has since become known as asymmetrical cryptography. Asymmetrical cryptography
uses two keys: one to encrypt the plain text and another to decrypt the enciphered text.
The keys are mathematically related. Only messages encrypted with one key can be
decrypted with the other key. The best-known asymmetrical cryptographic algorithm is
RSA.

Paper 4
Name: A New Design for Smart Card Security System Based on PUF Technology
Author name: Elham Kordetoodeshki and Sattar Mirzakuchak

In the presented method, because of using SRAMPUF technology, the memory is

volatile against invasive attacks and therefore makes it very hard for an outsider to obtain
the key. There are few random numbers reserved in database and
for each one there is a related response of PUF circuit that allows central system to send
different numbers for different card authentication demands from card reader. This
feature leads to more security in translating system comparing to one with a single key
allocated to each user. If attacker can find related code from translating system, this key
cannot be true for all future authentication. These benefits are the most important
superiority of proposed method comparing to conservative methods. For more
efficiency, one may use a cryptographic method prior to 128 digit code generation in
SRAMPUF which leads to higher security. Noise margin for sub-threshold
SRAMPUF is another aspect of circuit that can be examined in a future work.
This is a practical construction of a PUF on the chip and in this paper based on this
characteristic of SRAM PUF, a new method for encryption of the smart cards is
proposed. In Section II we explain SRAM PUF structure and use it to produce
unique a secret key. Section III describes novel smart card systems and their operation
for information coding. Section discusses authentication and cryptographic key
generation and section includes the paper.

Paper 5
Paper name: Smart Card based Robust Security System
Author: Aayushi Bansal
Published on: June 2010

There are two main distinguish the card types. On one hand it is based on the
application/issuer type, on the other hand it is technical features or/and physical
characteristics. For example: an ID card approved by the government the card body
having the security features. It will focus on “application view”. In banks there are the
standard credit and debit cards, its having the multi-layer card body with printed
design some optional features magnetic strip, a signature panel, a hologram and a
hologram with chip. The below figure shows the classification of the smart cards, with
processors and without such as memory cards. In case processor based again sub divided
into three contact, contactless and hybrid. The International Organization for
Standardization (ISO) standard7810 “Identification card-physical Characteristics” define
the physical properties such as flexibility, temperature and dimensions. The dimensions
three different type format cards they are ID-1, ID-2, and ID-3. These are different types
of ID-1 format cards,
specified different formats.

Some of the smartcard types are as follows:

Emboss cards: it allows for textual information and designs on the card.

Magnetic stripe: the magnetic storage capacity is 1000bits and it is consists the user
information, anyone with the appropriate device we can read/write or alter the data.

Integrated circuit cards: (Smart cards): these are the cleverest augmentations to ID-1
family. The memory limits are 16Kb, 32Kb, 64Kb, and 128Kb in this usually utilized
32Kb only. Memory roles for example reading, writing and erasing could be interfaced to
particular conditions, regulated by both equipment and programming. Furthermore,
moreover saved information can be secured. An additional point of interest of
smartcards over attractive stripe cards is that they are more dependable and have longer
needed lifetimes.
Memory cards: Memory cards are regularly a great deal less unreasonable and
substantially less practical than microchip cards. They hold EEPROM and ROM
memory, and additionally certain address and security consistency.

Contactless Smartcards: it is the enhanced version of the contact based smart cards in
light of their incessant failure rate. The failure focuses may be soil, wear, and whatnot. In
this Cards need never again be embedded into a reader, which might enhance end client
reception and which are costlier.

Optical memory cards: ISO/IEC standards 11693 and 1169 define standards for
optical memory cards. These cards having the piece of CD glued on-top. For today
technology these cards do not have processors. This type cards carry megabytes of
memory but read/write devices are expensive.

Essence of Smartcard:
- Authentication, Data storage, Validation, Self-lock mechanism these are the basic
actions of the smartcard.
3. SYSTEM MODELING

The smart card market is projected to reach USD 16.9 billion by 2026 from USD 13.9
billion in 2021; it is expected to grow at a CAGR of 4.0% from 2021 to 2026. Major
drivers for the growth of the market are surged demand for contactless card (tap-and-pay)
payments amid COVID-19, proliferation of smart cards in healthcare, transportation, and
BFSI verticals; increased penetration of smart cards in access control and personal
identification applications; and easy access to e-government services and risen demand
for online shopping and banking.

3.1.1 Impact of covid-19 On smart card

The world is facing an economic crisis caused by COVID-19 pandemic. The pandemic
has severely affected various vertical such as education, government, transportation etc.
Manufacturing units are hampered due to shutdowns and the availability of labor or raw
materials. This has resulted in a huge gap between supply and demand. Further, there is a
restriction on foreign trades due to the lockdown of international borders, non-operational
distribution channels, and various government laws to take precautionary measures for
public health and safety. However, it is expected that there will be an increasing focus on
hygiene and sanitation due to the rise in people’s concern for a better and safer lifestyle.
An increase in demand from medical and BFSI is also likely to drive the smart card
market gradually from 2021 to 2026.

The business for smart card specific to telecommunications, healthcare verticals is less
affected compared to other verticals. The expansion in the market size could be seen due
to the growing medical sector in the medium to long term. The upsurge of health care
data brings up new challenges in providing efficient patient care and privacy. Smart cards
solve both challenges by providing secure storage and easy distribution of data. The
smart card market witnessed a considerable decline in 2020 as a result of COVID-19, but
the market has a huge potential as the region has major manufacturing and assembling
plants, which could be an opportunity for players in the smart card market after it
recovers from the COVID-19 crisis by 2023. The smart card market is projected to reach
a value of USD 16.9 billion by 2026 due to the demand for increasing contactless
payments, government schemes for national ID cards, and rising e-commerce shopping.

Market Dynamics:

Driver: Surged demand for contactless (tap-and-play) payments amid COVID-19

The consumer awareness about the benefits of tap-and-pay cards and the use of these
cards was already trending upward before the pandemic. However, with the outbreak and
the spread of the COVID-19, the use of contactless payments grew quickly. Amid the
pandemic, which obligates limited contact and social distancing, people buy groceries,
household items, etc., using contactless payment options. Consumers aim to limit their
exposure during transactions. According to research carried out by Fiserv (US) in May
2020, people consider contactless (tap-and-pay) cards as the fastest and the safest way to
pay.
According to a survey conducted by the Harris Poll in May 2020 on behalf of Fiserv,
~42% of consumers considered tap-and-pay credit cards the safest in preventing the
spread of the virus. Consumers considered cash and check the least safe in preventing the
spread of the COVID-19 at 6% and 4%, respectively. According to the survey, the
general perception of tap-and-pay cards being the most secure, preferred, convenient, and
fastest payment method has expanded since 2019.

Restraint: High infrastructure costs, along with security and data theft concerns

Smart cards have generated a great deal of interest among consumers in recent years
owing to the advantages offered by them. However, their cost is one of the factors that
restrain the growth of the smart card market. The initial capital investments required for
setting up smart cards for access control and other applications are high. Smart cards
require readers to read encryptions and obtain the information to provide physical or
logical access. The deployment of these readers involves additional purchase costs. The
average price of smart card readers varies from USD 50 to USD 300. The costs of smart
cards range from USD 2 to USD 10. Costs of these cards increase with the use of chips
that have high capacity and offer highly sophisticated capabilities. Thus, equipping
employees with multifunctional smart cards is expected to require more initial
investments than those required by conventional cards.

The contactless segment projected to account for largest size of the smart card
market during the forecast period.

A contactless smart card includes an embedded smart card secure microcontroller or

equivalent intelligence, internal memory, and a small antenna; it communicates with
readers through a contactless radio frequency (RF) interface. Radio-frequency
identification (RFID) or near-field communication (NFC) communication technologies
are primarily used for contactless smart card applications. COVID-19 is positively
impacting the contactless smart card market as the World Health Organization (WHO)
and governments across the world are advocating the use of contactless smart cards for
various purposes to ensure social distancing to contain the spread of the virus.
Contactless smart cards provide ease, speed, and convenience to users. The contactless
interface has become highly relevant in the current COVID-19 situation, especially for
payment applications, as it facilitates safe and secure transactions without physical
contact.

3.1.2 Types of smart card

1. Contact Smart Card:

A contact smart card must be inserted into a smart card reader with a direct connection to
a conductive contact plate on the surface of the card (typically gold plated).
Transmission of commands, data, and card status takes place over these physical contact
points.

Contact smart cards have a contact area of approximately 1 square centimetre

(0.16 sq in), comprising several gold-plated contact pads. These pads provide electrical
connectivity when inserted into a reader,[28] which is used as a communications medium
between the smart card and a host (e.g., a computer, a point of sale terminal) or a mobile
telephone. Cards do not contain batteries; power is supplied by the card reader.

The ISO/IEC 7810 and ISO/IEC 7816 series of standards define:

 physical shape and characteristics,

 electrical connector positions and shapes,
 electrical characteristics,
 communications protocols, including commands sent to and responses from
the card,
 basic functionality.

Because the chips in financial cards are the same as those used in subscriber identity
modules (SIMs) in mobile phones, programmed differently and embedded in a different
piece of PVC, chip manufacturers are building to the more demanding GSM/3G
standards. So, for example, although the EMV standard allows a chip card to draw 50 mA
from its terminal, cards are normally well below the telephone industry's 6 mA limit. This
allows smaller and cheaper financial card terminals.
Communication protocols for contact smart cards include T=0 (character-level
transmission protocol, defined in ISO/IEC 7816-3) and T=1 (block-level transmission
protocol, defined in ISO/IEC 7816-3).

2. Contactless Smart Card:

A contactless card requires only close proximity to a reader. Both the reader and the card
have antennae, and the two communicate using radio frequencies (RF) over this
contactless link. Most contactless cards also derive power for the internal chip from this
electromagnetic signal. The range is typically one-half to three inches for non-battery-
powered cards, ideal for applications such as building entry and payment that require a
very fast card interface.

Contactless smart cards communicate with readers under protocols defined in

the ISO/IEC 14443 standard. They support data rates of 106–848 kbit/s. These cards
require only proximity to an antenna to communicate. Like smart cards with contacts,
contactless cards do not have an internal power source. Instead, they use a loop
antenna coil to capture some of the incident radio-frequency interrogation
signal, rectify it, and use it to power the card's electronics. Contactless smart media can
be made with PVC, paper/card and PET finish to meet different performance, cost and
durability requirements.
These are smart cards that employ a radio frequency (RFID) between card and reader
without physical insertion of the card. Instead, the card is passed along the exterior
of the reader and read. Types include proximity cards which are implemented as a
read-only technology for building access. These cards function with a very limited
memory and communicate at 125 MHz. Another type of limited card is the Gen 2
UHF Card that operates at 860 MHz to 960 MHz.

Variations of the ISO14443 specification include A, B, and C, which specify chips

from either specific or various manufacturers. A=NXP-(Philips) B=Everybody else
and C=Sony only chips. Contactless card drawbacks include the limits of
cryptographic functions and user memory, versus microprocessor cards and the
limited distance between card and reader required for operation.

3. Hybrid Smart Card:

Hybrid cards implement contactless and contact interfaces on a single card with
unconnected chips including dedicated modules/storage and processing.

A hybrid card has two chips, one with a contact interface and one with a contactless
interface. The two chips are not interconnected.
4. Dual-Interface Smart Card:

Dual-interface cards implement contactless and contact interfaces on a single chip with
some shared storage and processing. An example is Porto's multi-application transport
card, called Andante, which uses a chip with both contact and contactless (ISO/IEC
14443 Type B) interfaces. Numerous payment cards worldwide are based on hybrid card
technology allowing them to communicate in contactless as wall as contact modes.

A dual-interface card has a single chip with both contact and contactless interfaces. With
dual-interface cards, it is possible to access the same chip using either a contact or
contactless interface with a very high level of security.

5. Memory:

Memory cards store data and can be viewed as a small USB memory stick with optional
security.

Memory cards cannot manage files and have no processing power for data management.
All memory cards communicate to readers through synchronous protocols. In all memory
cards you read and write to a fixed address on the card. There are three primary types of
memory cards: Straight, Protected, and Stored Value. Before designing in these cards
into a proposed system the issuer should check to see if the readers and/or terminals
support the communication protocols of the chip. Most contactless cards are variants on
the protected memory/segmented memory card idiom.

Straight Memory Cards

These cards just store data and have no data processing capabilities. Often made
with I2C or serial flash semiconductors, these cards were traditionally the lowest
cost per bit for user memory. This has now changed with the larger quantities of
processors being built for the GSM market. This has dramatically cut into the
advantage of these types of devices. They should be regarded as floppy disks of
varying sizes without the lock mechanism. These cards cannot identify themselves
to the reader, so your host system has to know what type of card is being inserted
into a reader. These cards are easily duplicated and cannot be tracked by on-card
identifiers.

Protected / Segmented Memory Cards

These cards have built-in logic to control the access to the memory of the card.
Sometimes referred to as Intelligent Memory cards, these devices can be set to
write- protect some or the entire memory array. Some of these cards can be
configured to restrict access to both reading and writing. This is usually done
 through a password or system key. Segmented memory cards can be divided into
logical sections for planned multi-functionality. These cards are not easily
duplicated but can possibly be impersonated by hackers. They typically can be
tracked by an on-card identifier.

Stored Value Memory Cards

These cards are designed for the specific purpose of storing value or tokens. The
cards are either disposable or rechargeable. Most cards of this type incorporate
permanent security measures at the point of manufacture. These measures can
include password keys and logic that are hard-coded into the chip by the
manufacturer. The memory arrays on these devices are set-up as decrements or
counters. There is little or no memory left for any other function. For simple
applications such as a telephone card, the chip has 60 or 12 memory cells, one for
each telephone unit. A memory cell is cleared each time a telephone unit is used.
Once all the memory units are used, the card becomes useless and is thrown away.
This process can be reversed in the case of rechargeable cards.

6. Microprocessor:
microprocessor card can add, delete, and manipulate information in its memory on the
card.

Like a miniature computer, a microprocessor card has an input/output port operating

system and a hard disk with built-in security features such as encryption capabilities.
These cards have on-card dynamic data processing capabilities. Multifunction smart
cards allocate card memory into independent sections or files assigned to a
specific function or application. Within the card is a microprocessor or
microcontroller chip that manages this memory allocation and file access. This type
of chip is similar to those found inside all personal computers and when implanted
in a smart card, manages data in organized file structures, via a card operating
system (COS). Unlike other operating systems, this software controls access to the
on-card user memory. This capability permits different and multiple functions
and/or different applications to reside on the card, allowing businesses to issue and
 maintain a diversity of ‘products’ through the card. One example of this is a debit
card that also enables building access on a college campus. Multifunction cards
benefit issuers by enabling them to market their products and services via state-of-
the-art transaction and encryption technology. Specifically, the technology enables
secure identification of users and permits information updates without replacement
of the installed base of cards, simplifying program changes and reducing costs. For
the card user, multifunction means greater convenience and security, and
ultimately, consolidation of multiple cards down to a select few that serve many
purposes.

There are many configurations of chips in this category, including chips that
support cryptographic Public Key Infrastructure (PKI) functions with on-board
math co-processors with virtual machine hardware blocks. As a rule of thumb - the
more functions, the higher the cost.

3.1.3 Integrated Circuits and Card Operating Systems

The two primary types of smart card operating systems are (1) fixed file
structure and (2) dynamic application system. As with all smartcard types, the
selection of a card operating system depends on the application that the card is
intended for. The other defining difference lies in the encryption capabilities of the
operating system and the chip. The types of encryption are Symmetric
Key and Asymmetric Key (Public Key).
The chip selection for these functions is vast and supported by many semiconductor
manufacturers. What separates a smart card chip from other microcontrollers is often
referred to as trusted silicon. The device itself is designed to securely store data
withstanding outside electrical tampering or hacking. These additional security
features include a long list of mechanisms such as no test points, special protection
metal masks and irregular layouts of the silicon gate structures. The trusted silicon
semiconductor vendor list below is current for 2010:

 Atmel
 EM Systems
  Infineon
 Microchip
 NXP
 Renesas Electronics
 Samsung
 Sharp
 Sony
 ST Microelectronics
3.1.4 Smart card Dimensions and major Standard
The ISO/IEC 7810 ID-1 standard defines, in particular, the usual size of an ID card.

The ID-1 size is 85.60 × 53.98 mm (3 3⁄8 in. × 2 1⁄8 in.) and rounded corners with a
radius of 2.88–3.48 mm.
This format is being used for PET, PVC, eco-friendly PLA, polycarbonate, or even
full metal cards.
 It is used for IDs, driver licenses, and health cards in many countries.
 Credit card dimensions (with or without a chip) are the same, with a thickness of
0,03 inch or 0,76 mm.
 SIM cards have different formats: Standard SIM (15 x 25mm), Micro SIM (12 x
15mm), Nano-SIM (8.8 x 12.3mm), embedded SIM or eSIM (5x6 mm and 1
mm thick).
ISO/IEC 7816 is an international standard related to electronic identification cards with
contacts, especially smart cards, managed jointly by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO/IEC 14443 defines the standard for contactless cards.
3.2 How are Smart Cards Used:

The use of smart cards has expanded each year to include applications in various markets
and disciplines. In recent years, the information age has introduced an array of security
and privacy issues that have called for advanced smart card security applications.
3.2.1 Examples:

Information Technology

Businesses, the government, and healthcare organizations continue to move towards

storing and releasing information via networks, Intranets, extranets, and the Internet.

These organizations are turning to smart cards to make this information readily available
to those who need it while at the same time protecting the privacy of individuals and
keeping their informational assets safe from hacking and other unwanted intrusions.In
this IT area, smart cards enable:

 Secure login and authentication of users to PCs and networks,

 Secure B2B and B2C e-commerce,
 Storage of digital certificates, credentials, and passwords,
 Encryption of sensitive data.

Mobile Telecommunications

Subscribers using the Global System for Mobile communications (GSM) standard for
mobile phones use smartcard technology as SIM cards. The smart card is inserted
(removable SIM) or integrated (eSIM, M2M SIM) into the mobile handset or the M2M
module.
Developers use the STK to define how the SIM card interacts with other applications.
Read more on What is a SIM toolkit?

The card stores personal subscriber information and preferences that can be PIN code
protected and transported from phone to phone. The SIM cards enable:
 Secure subscriber authentication,
 International roaming across networks,
 Secure mobile value-added services.
SIM cards have been regularly evolving to deliver each new generation promise, from 2G
to 5G (5G SIM).

Wireless providers benefit from reduced fraud thanks to the security offered by smart
cards. With the advent of mobile services such as mobile commerce, Internet browsing,
and information services, wireless providers rely on smart cards to act as the security
mechanism to protect those services and ensure trust.

Commercial Applications

Smart cards also provide benefits for a host of business applications in both B2B and
B2C environments. The smart card's portability and ability to be updated make it a
technology well suited for connecting the virtual and physical worlds, as well as multi-
partner card programs.

For online banking payments, new display cards are available. They come with an LCD
and optionally with a keypad.
The cards store information, money, and/or applications that can be used for:

 Banking/payment
 Loyalty and promotions
 Access control
 Identification
 Ticketing
 Parking and toll collection
The EMV payment standard had a powerful impact on smart payments worldwide.
No matter which payment method is used, EMV affords the added security of credit cards
remaining in possession of the cardholder throughout the entire transaction.
 Electronic IDs

An electronic ID (e-ID) card fulfills various roles: it acts as a traditional means of

identification, as a travel document, and finally, as a passkey to citizen's data.

Many international regulations and standards have been established on e-ID, most of
which are applied by States.The public has become accustomed to computerized smart
cards through their use in the banking system, and as a result, their reliability is no longer
questioned.

National ID cards are now also being used as a means of accessing an array of services
that were previously difficult to synchronize.

The e-ID card (aka computerized National identity cards) can be used for identification
but also for authentication and electronic signature. Thus, this system enables several
previously complex information paths to be simplified.It can be used as:

 A representation of sovereign authority certifying that the holder is in a legitimate

legal position to their national jurisdiction.
 A means for citizens to access services and exercise their rights and duties to the
public authorities.
 A genuine seal of authenticity that the citizen can use to authenticate his or her
actions regardless of the exchange formats and media used, since the data used
to ensure security and trust also guarantee the legal validity of any transactions
certified in this way.

Health and health insurance cards

Health cards, including a microprocessor, also act as a significant component of an IT

system.
They identify the holder and his/her affiliation to an organization and verify his/her
rights.
These cards are widely used. Every French and German citizen has a smart card for
health insurance.
Unlike paper documents, which can easily be forged, they are tamper-proof devices
challenging to reproduce or unlawfully manipulate.

Electronic and biometric passports

Migration to electronic passports has been in progress since 2005.

Over 1 billion e-passports are now in circulation, and more than 150 states have started
issuing this new type of travel document in mid-2019.
The electronic passport integrates smart card technology with a microprocessor that
stores a digital version of the ID photo and all of the ID data found on the paper
passport's first page.

Types of Smart Card Advantages Drawbacks

Magnetic Smart card More secure Minimal security

Adaptable Limited amount of data.

Protected storage Minimal functionality.

Memory Smart card Data Storage. Memory is limited.

Reusable. Processing power is

limited.
More secure

Optical Smart card Processing power. Less battery powered

Persistent. Absence of hand held

readers
More secure

Microprocessor Smart Data integrity. Lack of sharing.

card
Flexibility. Duplication.
 More Secure.

Dual Interface Smart card Availability. Need of Smartphones.

Easily replicated. Risk of malware attacks.

Multicomponent Smart Confidentiality. Tough to retrieve

card information.
Affordability.
Card must be recharged
More secure.

Hybrid Smart card Reliability. Increased cost of

production.
Organized information.
Vulnerable to fluids.
More secure.

Proximity Smart card User comfort. Size cannot be fixed.

Represent Liquidity. Dependence of electrical

energy
More secure.

3.2.2 Smart card security Features in detail:

 Human Readable Security Features

Human Readable Security Features of Smart Cards Smart card includes human readable
security identifiers. Smartcard falsification is prevented by features. The data in the card
do not protected by this feature, but abuse of the card as badge identification are
prevented by features.

 Security Features of the Smart Card Chip

Security Features of the Smart Card Chip Testing the microcircuit, during the production,
is the necessary act for the smart card chip. After testing the chip, it is converted to a
mode. Accessing the internal chip circuit is impossible for this mode. For example,
outside can't access the memory directly. To prevent attacks execution of some project is
necessary. For example, with interchange the conductor; deduce the function is
impossible for firms. The connections between on-chip elements are encrypted. There are
circuits in smart card which can detect external tampering. The circuit detects too high
and too low supply, too high or too low external clock frequency and too low an
operation temperature.

 Security Features of the Card Operating System

Access to smart card files can be protected with a Personal Identification Number (PIN)
or with cryptographic keys. PIN protected card access, with fine-grained access controls
to data objects so that different areas of memory can be subject to different security rules.
Likewise, functions in the card – including those realized using card applications
downloaded into multi-programmable smartcards can also be PIN enabled, to help
safeguard lost and stolen smartcards against potential abuse. When a pin isn’t entered
correctly then after number of attempts, which is setting by issuer of smartcard, the smart
card is deactivated. Some issuer of card can reset the smartcard when it is inactive. It
depends on designing of smart card.

 Security Features of the Network

The system design should take into account the accessibility of data in transit and protect
it accordingly or design the transport protocol such that tampering will not affect the
overall system security. Some actions can physically secure the card terminal. For
example, building card terminal into a wall then some equipment such as motorized smart
card reader with shutter guaranties the security of card. Placing the smart card reader and
communications link in a secured environment can physically protect them.

3.2.3 Security Principles:

There are several reasons one requires security in a smart card system. The principles
being enforced are namely; Privacy, Non-repudiation, Authentication, Integrity,
Verification. Smart cards use different encryption algorithms to implement these
principles. In some cases, a single mechanism can provide a number of security services.
For example, a digital signature can provide data integrity with source authentication and
non - repudiation. Most of this security needs require key management, which provides
the policies and procedures required for establishing secured information exchange, and
public key infrastructure (PKI) plays a big role. PKI includes data encryption to ensure
confidentiality, digital certificates to provide authentication, and digital signatures to
prove the transaction was completed by the originator without intervention or error. In the
following sections, we will describe the mechanisms use in smart cards to enforce these
principles:

 Symmetrical Cryptography:

For encrypting plain text into enciphered text and decrypting enciphered text back into
plain text the symmetrical cryptography uses single key. To encrypt and decrypt the
message the same key is used by symmetrical therefore symmetrical cryptography is
termed symmetrical. DES is utilizable on smart card software and it is fast algorithm
(FIPS 46-3, [13]). The defect of Symmetrical encryption is the both partners need to
recognize the key. For securely transferring keys to cardholders, writing a des key at card
personalization time is the typical manner. If it is not possible the asymmetrical
cryptography, that is explained blow, must be used.

 Asymmetrical Cryptography:

In 1976, the idea of splitting the encryption/decryption key instead of sharing a common
key was first proposed in an article by W. Diffie and M.E. Hellman entitled “New
Directions in Cryptography”. This idea has since become known as asymmetrical
cryptography. Asymmetrical cryptography uses two keys: one to encrypt the plain text
and another to decrypt the enciphered text. The keys are mathematically related. Only
messages encrypted with one key can be decrypted with the other key. The best-known
asymmetrical cryptographic algorithm is RSA the credit card companies use
asymmetrical cryptography for authentication purpose. It uses rarely to perform the data
encryption. also, the symmetrical cryptography is used to this aim. For send the des key
securely from one partner to another the asymmetrical encryptions is often used. If the
Des key is known by both partners transmission of data is symmetrically encrypted. This
act improves the performance.
  Authentication

Authentication is the process which specifying identity of person. In fact it specifies that
someone or something is who or what it is claims to be. For example, before Bob accepts
a message from Alice, he wants to be assured that Alice is the owner of key. This needs a
process by the name of authentication. Certificates: Authority issuing the certificate
guaranty certificates that the holder of certificate is who she/he pretends to be. If digitally
signed message, that include copy of the holder’s public key and information about
certificate holder, is a certificate. Then a person who receiving message assure that key is
reliable because the issuing authority signed it.

 Verification

Confirming the identity of cardholder is the useful act before using a card. If two parties
want to start business, they must be assured of identify of another party. For recognizing
other parties visual and verbal clues can help us. Encryption technology is used to verify
that another person is who to pretend to be.

PIN Codes: PIN consists of four- or five-digit numbers this number attaches to smart
card. Cardholder memorizes this number. PIN is saved safely. Until accessing from the
external world is allowed, data and functions on the smartcard can be protected. This time
will took only after the correct pin code is available because of the applications of smart
card are too many therefore People are needed to remember more and more pin numbers
remember 15_20 different pin codes are difficult for all people and it could causes that
somebody write the pin number on the card. It eliminated the benefit of having PIN in the
first place that is why recent emphasis on security measures have paid attention to
biometric as means of identifying a person.

Biometrics: Biometric is the technology of measuring personal features. Users are

reluctant to memorize passwords and pin numbers. This reluctance is one of the driving
forces behind the development of biometric. Also, many people can share pin numbers
then it is not uniquely but biometrics can specify the real person because it is unique.
Some of the biological features that can be measured are:
 Signature

Fingerprint

Voiceprint

Hand geometry

Eye retina

Facial recognition

4. Proposed Model

Based on related literatures review, three main constructs are established in this research,
namely Security, Satisfaction and Adoption. Shows a research model. But, in this study
the focus is on the evaluating measurement models for security construct.

 Security Dimension

Security Dimension Some studies have reported that users’ concern about security has
increased and it has been known as one of the most significant factors for technology
acceptance. In this study security is defined as “the degree to which a person feels that
security is important to them and believes that using smart card is secure” . It has been
suggested by that the increase in system security strength would protect the overall
quality of the system perceived by users. By protecting the integrity, availability and
confidentiality of the content in the system, security controls could help to protect the
overall content quality of the system. Content quality is a major determinant of overall
information system quality, which has a positive effect on individual’s perceived ease of
use of information systems. Furthermore, found that users’ understanding of security
issues and awareness of security threats greatly affect their perception of the usefulness
of security mechanisms and the overall secured system.

There are several reasons one requires security in a smart card system. The principles
being enforced are:
 Privacy: The act of ensuring the nondisclosure of data between two parties from third
party.

Non-repudiation: To confirm the origin of data is exchanged in transaction. Certain

transaction, that is performed, never could be denied by party.

Authentication: The process which specifying identity of person. In fact it specifies

that someone or something is who or what it is claims to be.

Integrity: The correctness of message that transmitted from the original to the
recipient.

Verification: Confirming the identity of cardholder is the useful act before using a
card.

 Satisfaction Dimension

Satisfaction of the computer system will have a direct effect on usage. Bailey and
Pearson defined satisfaction as ‘‘in a given situation, is the sum of one’s feelings or
attitudes towards a variety of factors affecting that situation’’.

Relation between SIM card and Smart card

Subscriber Identification Module (SIM) is a smartcard which is being used by the mobile
phone to identify each mobile device with other. This Card is provided by the mobile
network provider. Each SIM card contains a unique key. Mobile phone will use data
encrypted with this key to communicate with its network. The Mobile equipment (ME)
will talk to the SIM card for the encryption in some standardized way. The ME talk to the
SIM in some format viz APDU (see Appendix). When the user connects to the mobile
network, the mobile equipment requires executing some command for
authorizing/authenticate the user. This is done by the application inside SIM card. For
this purpose the ME initiate a set of gsm standard commands in some particular order and
achieve the result. The GSM specification standardized the communication with the SIM.
For more details regarding the security see Appendix. For a GSM mobile phone the steps
and procedure for all the functions are standardized by the GSM mobile community. This
Standard is defined in GSM11.11. SIM card contain an application which can respond to
the command which are initiated by the ME. In short SIM card is a smartcard with an
application which implement the gsm11.11 specification. With the technological
advancement in the area of smart card especially with java card, it is possible to
implement more than one application in the same java card. This enables the java card to
be used as SIM card as well as smartcard for payment application. See appendix for more
details regarding the security of java card.

COVID-19 Impact on the Global Contactless Smart Card Market

The COVID-19 pandemic emerged in China and has spread to different countries around
the world. The novel coronavirus has had a significant influence on human health and the
global economy. The virus spreads when people come into close contact with people with
respiratory symptoms of COVID-19. In addition, the virus also spreads through physical
contacts, like handshakes with infected people. Governments worldwide have therefore
implemented precautionary steps, such as social distancing. Contactless payments are set
to increase during the COVID-19 pandemic. They have become the preferred method of
payment around the globe, as digital and contactless payment methods are more reliable
and require minimal physical interaction that helps prevent the spread of the pandemic.
The current COVID-19 pandemic is helping to expand the demand for contactless smart
cards by increasing the usage of contactless payments made from a safe distance,
ensuring the protection of both the payer and the payee during the payment process.
Many customers have begun to prefer contactless transactions since the pandemic.
Businesses encourage consumers to pay by contactless cards for the delivery of products
at their doorstep to protect their staff and customers while also growing sales during the
COVID-19 pandemic.

Before the outbreak of COVID-19, the US lagged in contactless payment methods

relative to other countries; however, the whole scenario was changed by the COVID-19
pandemic. The spread of the virus has increased the use of contactless payments in the
country due to the proliferation of contactless, point-of-sale devices like mobile wallets
and contactless cards. In addition, in the U.K., where the contactless payment system is
already common, limits on contactless card payments have been increased to allow
consumers to make more payments without any physical contact with the payment
terminal or currency. Asia Pacific had the largest market share due to the growing
acceptance of contactless smart cards in applications like healthcare retail and BFSI.
Banks in different countries have raised the transaction limits for contactless smart card
payments to help curb the spread of the virus via PIN pads. Post-pandemic, the market is
projected to see substantial growth over the forecast period.

Competitive Analysis

The global 4K technology industry is extremely fragmented and competitive with the
presence of a significant number of international and regional players. Market players are
intensely engaged in technological advancement, geographic expansion, and mergers and
acquisitions in order to retain their footprint in the global market.

Notable Players in The Global Contactless Smart Card Market Are:

 ASK (France)
 Oberthur Technologies (France)
 Gemalto NV (Netherlands)
 Giesecke & Devrient (Germany)
 Morpho (France)
 Watchdata System (Singapore)
 DataCard Corporation (U.S.)
 Advanced Card Systems (China)
 CardLogix (U.S.)
 DataCard Corporation (Germany)

Additional Opportunities

Ideally, an access control system provides protection for both physical and
logical access simultaneously. The credential used for physical access can also
support computer network access and public key infrastructure (PKI) (including
use for secure remote access, secure email, digital signature and secure virtual
private network (VPN)). The goal of simultaneous protection can be achieved
by commingling or sharing the secure databases dedicated to each type of
application, enabling both centralized administrative control and analysis of
unauthorized access attempts. By combining the monitoring information from
both physical and logical systems, security policies can be universally enforced
and investigated. Information collected can be invaluable in analyzing risk
enterprise-wide.

Adoption of a smart card-based access control system can result in other

advantages to an organization, including:
1. Elimination or reduction of the need for multiple cards, PINs, and access
codes.
2.Leveraging of legency systems, allowing for cost efficiencies including
reuse of some physical access system components, while providing a
significant increase in security.
3.Elimination of the need to replace cards when rights or privileges
change.

4.Centralized administration, allowing the organization to maintain or

increase security while saving time, achieving more comprehensive
distribution of information, managing global changes for access privileges
from a single point and reducing the complexities involved in synchronizing
multiple systems.

Physical Access Control System Overview

To the user, an access control system is composed of three elements:

1.A card or token (an identity credential) that is presented to a door reader
2.A door reader, which indicates whether the card is valid and entry is
authorized
3.A door or gate, which is unlocked when entry is authorized
Behind the scenes is a complex network of data, computers, and software that
incorporates robust security functionality. This section describes the operation
and components of a typical smart card-based physical access control system.
It provides a context for understanding how contact and contactless smart card
technologies are used in an access control application.

Access Control System Components

A typical access control system is made up of the following components:

1.ID credential (smart card)
2.Door reader (smart card reader1)
3.Door lock
4.Control panel
5.Access control server
6.Software
7.Database

Advantages:
 Larger memory
 Reduced fraud
 Information security
 Multiservice smartcards
 Represent liquidity
 Upper management information
 User comfort
 Privacy
 Administration & control over cash payments

Disadvantages:
 Dependance of electrical energy for use
 Need a smart card reader
 Conclusion

Smart card is an excellent technology to secure storage and

authentication. Smart cards have proven to be useful for transaction,
authorization and identification. Eventually replacing all of the things we
carry around our wallets, including credit cards, licenses and valuable
personal data. Due to covid-19 pandemic people are preferring this
technology for security purpose. Smart world is a future so this system
helps us reach those heights.
References:
1.https://www.researchgate.net/publication/226129109_Smart_Card_Sec
urity
2.https://www.securetechalliance.org/resources/lib/Physical_Access_Rep
ort.pdf
3.https://www.it.iitb.ac.in/~tijo/seminar/seminarreport.pdf
4.https://www.ripublication.com/irph/ijisaspl2019/ijisav11n1spl_17.pdf
5.https://www.researchgate.net/publication/282336851_Smart_Card_bas
ed_Robust_Security_System
6.https://www.researchgate.net/publication/286434526_A_New_Design_f
or_Smart_Card_Security_System_Based_on_PUF_Technology
7.https://www.cscjournals.org/manuscript/Journals/IJS/Volume5/Issue2/
IJS-84.pdf