智能卡论文中英文资料外文翻译文献
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
中英文资料外文翻译文献
Introduction of smart card
A smart card, chip card, or integrated circuit card (ICC), is in any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed —by way of the ICC applications —and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting. Using smartcards also is a form of strong security authentication for single sign-on within large companies and organizations.
●Overview
A "smart card" is also characterized as follows:
◆Dimensions are normally credit card size. The ID-1 of ISO/IEC 7810
standard defines them as 85.60 × 53.98 mm. Another popular size is ID-000
which is 25 ×15 mm (commonly used in SIM cards). Both are 0.76 mm
thick.
◆Contains a security system with tamper-resistant properties (e.g. a secure
cryptoprocessor, secure file system, human-readable features) and is capable
of providing security services (e.g. confidentiality of information in the
memory).
◆Asset managed by way of a central administration system which interchanges
information and configuration settings with the card through the security
system. The latter includes card hotlisting, updates for application data.
◆Card data is transferred to the central administration system through card
reading devices, such as ticket readers, ATMs etc.
●Benefits
Smart cards can be used for identification, authentication, and data storage.[1] Smart cards provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention.
Smart card can provide strong authentication[2] for single sign-on or enterprise single sign-on to computers, laptops, data with encryption, enterprise resource planning platforms such as SAP, etc.
●History
The automated chip card was invented by German rocket scientist Helmut Gröttrup and his colleague Jürgen Dethloff in 1968; the patent was finally approved in 1982. The first mass use of the cards was for payment in French pay phones, starting in 1983 (Telecarte).
Roland Moreno actually patented his first concept of the memory card in 1974. In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced by Motorola. At that time, Bull had 1200 patents related to smart cards. In 2001, Bull sold its CP8 Division together with all its patents to Schlumberger. Subsequently, Schlumberger combined its smart card department and CP8 and created Axalto. In 2006, Axalto and Gemplus, at the time the world's no.2 and no.1 smart card manufacturers, merged and became Gemalto.
A smart card, combining credit card and debit card properties. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. The contact pads on the card enables electronic access to the chip.The second use was with the integration of microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant's terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.
Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account, so that machines accepting the card need no network connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), France (Moneo), the Netherlands (Chipknip and Chipper), Switzerland ("Cash"), Norway ("Mondex"), Sweden ("Cash"), Finland ("Avant"), UK ("Mondex"), Denmark ("Danmønt") and Portugal ("Porta-moedas Multibanco").
The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones in Europe, smart cards have become very common.
The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.
With the exception of countries such as the United States of America there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country's national payment association, in coordination with MasterCard International, Visa International, American Express and JCB,
develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.
The backers of EMV claim it is a paradigm shift in the way one looks at payment systems. In countries where banks do not currently offer a single card capable of supporting multiple account types, there may be merit to this statement. Though some banks in these countries are considering issuing one card that will serve as both a debit card and as a credit card, the business justification for this is still quite elusive. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.
For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen. The current level of fraud a country is experiencing, coupled with whether that country's laws assign the risk of fraud to the consumer or the bank, determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.
Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA. Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though the MIFARE Standard card from Philips has a considerable market share in the US and Europe.
Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and intern ational levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent; For example in Malaysia, the compulsory national ID scheme MyKad includes 8 different applications and is rolled out for 18 million users. Contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.
●Contact smart card
Contact smart cards have a contact area, comprising several gold-plated contact pads, that is about 1 cm square. When inserted into a reader, the chip makes contact with electrical connectors that can read information from the chip and write information back.[3]
The ISO/IEC 7816 and ISO/IEC 7810 series of standards define:
◆the physical shape
◆the positions and shapes of the electrical connectors
◆the electrical characteristics
◆the communications protocols, that includes the format of the commands sent
to the card and the responses returned by the card.
◆robustness of the card
the functionality
The cards do not contain batteries; energy is supplied by the card reader.
Electrical signals description
◆A smart card pinoutVCC : Power supply input
◆RST : Either used itself (reset signal supplied from the interface device) or in
combination with an internal reset control circuit (optional use by the card).
If internal reset is implemented, the voltage supply on Vcc is mandatory.
◆CLK : Clocking or timing signal (optional use by the card).
◆GND : Ground (reference voltage).
◆VPP : Programming voltage input (deprecated / optional use by the card).
◆I/O : Input or Output for serial data to the integrated circuit inside the card.
◆NOTE - The use of the two remaining contacts will be defined in the
appropriate application standards.
●Reader
Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer, a point of sale terminal, or a mobile telephone.
Since the chips in the financial cards are the same as those used for mobile phone Subscriber Identity Module (SIM) cards, just programmed differently and embedded in a different shaped piece of PVC, the chip manufacturers are building to the more demanding GSM/3G standards. So, for instance, although EMV allows a chip card to draw 50 mA from its terminal, cards are normally well inside the telephone industry's 6mA limit. This is allowing financial card terminals to become smaller and cheaper, and moves are afoot to equip every home PC with a card reader and software to make internet shopping more secure.[citation needed]
●Contactless smart card
A second type is the contactless smart card, in which the chip communicates with the card reader through RFID induction technology (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where smart cards can be used without even removing them from a wallet.
The standard for contactless smart card communications is ISO/IEC 14443. It defines two types of contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There had been proposals for ISO/IEC 14443 types C, D, E and F that have been rejected by the International Organization for Standardization. An alternative standard for contactless smart cards is ISO 15693, which allows communications at distances up to 50 cm.
Examples of widely used contactless smart cards are Hong Kong's Octopus card, South Korea's T-money (Bus, Subway, Taxi), London's Oyster card, Japan Rail's Suica Card and Mumbai Bus transportation service BEST uses smart cards for bus pass, which predate the ISO/IEC 14443 standard. All of them are primarily designed for public transportation payment and other electronic purse applications.
A related contactless technology is RFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection. RFID devices usually do not include writeable memory or microcontroller processing capability as contactless smart cards often do.
Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-in inductor to capture some of the incident radio-frequency interrogation signal, rectify it, and use it to power the card's electronics.
●Cryptographic smart cards
Cryptographic smart cards are often used for single sign-on. Most advanced smart cards are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and DSA on board. Today's cryptographic smart cards are also able to generate key pairs on board, to avoid the risk of having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card).
Such smart cards are mainly used for digital signature and secure identification, (see applications section). [4]
The most common way to access cryptographic smart card functions on a computer is to use a PKCS#11 library provided by the vendor. On Microsoft Windows platforms the CSP API is also adopted.
The most widely used cryptographic algorithms in smart cards (excluding the GSM so-called "crypto algorithm") are 3DES (Triple DES) and RSA. The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage.
●Computer security
The Mozilla Firefox web browser can use smart cards to store certificates for use in secure web browsing[5].
Some disk encryption systems, such as FreeOTFE or TrueCrypt, can use smart cards to securely hold encryption keys, and also to add another layer of encryption to critical parts of the secured disk[6].
Smartcards are also used for single sign-on to log on to computers
Smartcards support functionality has been added to Windows Live Passports
●Financial
The applications of smart cards include their use as credit or ATM cards, in a fuel card, SIMs for mobile phones, authorization cards for pay television, pre-pay utilities in household, high-security identification and access-control cards, and public transport and public phone payment cards.
Smart cards may also be used as electronic wallets. The smart card chip can be loaded with funds which can be spent in parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. There is no connection to the issuing bank necessary, so the holder of the card can use it regardless of him being the owner. The German Geldkarte is also used to validate the customers age at vending machines for cigarettes.
智能卡简介
智能卡、芯片卡或IC卡(ICC ),是指任何具有嵌入式集成电路并且可处理信息的袖珍卡。
这意味着,它可以接收输入并由IC卡处理程序处理后产生输出。
IC卡有两大类:记忆卡只包含非易失性存储器存储组件,甚至只有一些具体的安全逻辑;微处理器卡含有挥发性内存和微处理器组成部分,该卡是由塑料(一般是聚氯乙烯,但有时是ABS树脂)制成,可嵌入一个全息图像,以避免伪造。
●“智能卡”的特点如下:
◆尺寸通常为信用卡大小,根据ISO / IEC 7810的ID-1标准定义为85.60 ×
53.98毫米,还有一种流行的尺寸根据ID-000标准为25 × 15毫米,两者
都是0.76毫米厚。
◆通常包含一个安全系统——防篡改属性(例如一个安全的密码,安全文
件系统,人类可读的功能等),并有能力提供安全服务(如对信息保密
的记忆)。
◆通过一个中央管理系统进行交流信息和配置设置的卡通过安全体系完成
信息管理。
后者包括信用卡更新的应用程序数据。
◆卡数据传送到中央管理系统通过卡阅读设备,如车票的读者,自动柜员
机等
●好处:
智能卡提供了一种手段,实行商业交易灵活,安全,标准方法以最小的人为干预。
智能卡可以提供强大的身份验证[2]为单点登录或企业单点登录电脑、笔记本电脑、数据加密、SAP等企业资源规划平台等。
●历史:
自动化的芯片卡是由德国火箭科学家Helmut Grottrup和他的同事Jürgen Dethloff在1968年提出,并1982年获得专利。
首次大规模使用的信用卡是开始于1983年用于在法国支付付费电话。
Roland Moreno在1974年首次提出实际概念的记忆卡。
1977年,Michel Ugon 发明了第一个微处理器的智能卡。
1978年,Bull获得SPOM (自可编程单片微机)的专利,它确定了其必要的结构,以进行芯片自动编程。
三年后,第一个“CP8 ”由摩托罗拉公司在此基础上获得专利。
到现在共有1200个有关智能
卡的专利。
智能卡结合了信用卡和借记卡的属性。
3到5毫米厚度使得安全芯片可以嵌入到卡中以存储安全信息。
卡上有可以通电的金属片。
智能卡的第二次的使用是在1992年的法国由整合芯片制成的借记卡(蓝卡)。
当在法国使用蓝卡,只需要将卡插入到商家的终端,然后输入密码,在交易被接受之后便可完成支付。
只有非常有限的交易(如支付小高速公路通行费)是使用了个人识别号码。
智能卡的电子钱包系统(信息记录在卡上,而不是在外部记录帐户,使机器识别信用卡不需要网络连接)从20世纪90年代中期开始风靡在整个欧洲:最典型的有德国(Geldkarte),奥地利(Quick),比利时(Proton),法国(Moneo),荷兰(Chipknip and Chipper),瑞士(Cash),瑞典(Cash),芬兰(Avant),英国(Mondex),丹麦(Danmønt)和葡萄牙(Porta-moedas Multibanco)。
智能卡是在20世纪90年代随着使用SIM卡的GSM移动电话设备在欧洲广泛应用。
随着手机在欧洲的普及,智能卡已成为非常普遍的。
国际支付品牌的MasterCard,Visa和Europay商定于1993年开发共同的标准,使用智能卡无论是作为借记卡还是信用卡都能在支付时使用。
EMV系统的第一个版本的公布于1994年。
在1998年发布了稳定的标准。
EMVco 公司负责系统的长期维护,并在2000年升级了标准,最近一次是在2004年。
EMVco的目标是要保证各金融机构和零售商的标准保持1998年版向后兼容。
除了一些国家坚持的EMV标准如美利坚合众国已取得EMV兼容的销售点设备和发放借记卡和信用卡部署的重大进展。
一般来说,在国家支付协会的协调下,确保同MasterCard国际组织,Visa国际组织,American Express和JCB 共同制订详细的实施计划的标准一致,使各利益相关者参与。
EMV卡的支持者声称它提供了一个支付系统的范例。
在有些国家的银行目前不提供单卡支持多个帐户类型的服务的情况系,这个声明可能是有道理的。
虽然一些银行在这些国家正在考虑发行一张卡,使其作为一个借记卡和信用卡,商业卡,但这仍然相当困难。
在所谓的EMV概念下界定的消费者如何选择支付手段成为销售点。
至于银行感兴趣的是介绍智能卡的标准化的好处是能够显着减少欺诈行为,特别是伪造,丢失和被盗。
目前许多国家正在经历欺诈行为,再加上无论是国家法律对消费者或银行或是否有商业案例的金融机构赋予的欺诈风险。
一些批评者宣称,实施EMV储蓄是远远低于成本的。
因此许多人认为,美国支付行业将选择等待目前的EMV的生命周期以便实施新的非接触式技术。
非接触式接口智能卡在支付和票务应用方面变得越来越普遍,如大众交通。
Visa和MasterCard已同意在美国部署一个易于执行的版本(2004-2006 )。
在全
球范围内,非接触式收费系统正在实施,以推动公共交通的效率。
新出现的各种标准的重点是和本地的不兼容,兼容MIFARE标准卡的飞利浦在美国和欧洲具有相当的市场份额。
智能卡还介绍了个人身份和在区域,国家和国际水平权利。
市民卡,驾驶执照,和病人卡计划正变得越来越普遍,例如在马来西亚,国家强制性身份证计划MyKad 包含8个不同的应用,并推向了18万用户。
非接触式智能卡正被纳入国际民航组织生物识别护照,以加强国际旅行安全。
●接触式智能卡
接触式智能卡具有包括一些镀金接触焊盘约1厘米平方米的接触面积,使得该芯片插入阅读器时与其连接可以读取信息和写入信息。
ISO / IEC 7816和ISO / IEC 7810系列标准确定:
◆物理形状;
◆电器连接的位置和形状;
◆电气特性;
◆包括发送到卡和答复命令格式的通信协议;
◆卡的健壮性。
功能:该卡不包含电池,能源由读卡器提供。
电子信号描述:
◆VCC:电源输入,
◆RST:复位信号,
◆CLK:时钟信号,
◆GND:接地端,
◆VPP:编程电压,
◆I/O:数据输入/输出端口,
◆NOTE:两个未使用端口。
●阅读器
接触式智能卡阅读器是用来作为智能卡和主机之间的通信媒介,例如:一部个人电脑,销售点终端,或移动电话。
由于芯片金融卡和用于移动电话用户识别模块(SIM卡)卡是相同的,只是程序不同,植根于不同形状的PVC片,芯片制造商正在建设的标准,更严格的GSM/3G 。
因此,虽然允许的EMV芯片卡从终端提供(举例来说)50毫安的电流也适用于电话行业的6毫安的限制。
这是使金融卡终端更小,更便宜,而且读卡器和软件的后面,使每个家庭电脑网上购物更安全。
●非接触式智能卡
第二类是非接触式智能卡,在该芯片进行通信与读卡器通过RFID感应技术(数据传输速率在106到848 kbit / s时)。
这些卡只需要靠近天线就可以完成交易。
它们通常用于必须迅速处理或免接触的交易,如大众运输系统,其中智能卡可以使他们从一个钱包中解放出来。
标准的非接触式智能卡通信的ISO / IEC 14443标准,它定义两种类型的非接触卡(“A”和“B“),使通信距离长达10厘米。
有ISO 14443建议的C ,D ,E和F类型的已经被国际标准化组织拒绝了。
另一种标准的非接触式智能卡标准是ISO 15693 使通信距离长达50厘米。
例如广泛使用的非接触式智能卡是香港的Octopus通卡,日本铁路的Suica 卡是基于SO / IEC 14443标准。
一个相关的非接触式技术是射频识别(RFID )。
在某些情况下,它可用于类似非接触式智能卡的应用程序,如电子收费。
RFID设备通常不包括写入存储器或微控制器处理能力的非接触式智能卡。
相比于接触智能卡,非接触卡没有电池。
相反,它们使用内置的感应器捕捉一些事件无线电频率信号,用它来驱动卡的电子设备。
●加密智能卡
加密智能卡通常用于单点登录。
最先进的智能卡配有专门的加密硬件,让你可以使用算法RSA、DSA等。
今天的密码智能卡也能够生成密钥对,避免多个副本的风险(因为通常没有办法从智能卡中提取私钥)。
这种智能卡主要用于数字签名和安全标识、应用(见部分)。
[4]
最常见的方式来访问加密的智能卡功能在电脑上是使用PKCS # 11图书馆由供应商提供。
在Microsoft Windows平台上CSP API也采用。
智能卡中最广泛使用的加密算法(不包括GSM所谓“加密算法”)3 DES和RSA(三重DES)。
关键的设置通常是加载(DES)或生成(RSA)卡在个性化阶段。
●计算机安全
Mozilla Firefox web浏览器可以使用智能卡存储证书用于安全浏览网页[5]。
一些磁盘加密系统,如FreeOTFE或软件,可以使用智能卡安全加密密钥,并添加一层加密保护的关键部分磁盘[6]。
智能卡也用于单点登录电脑
智能卡支持功能已添加到Windows Live护照
金融智能卡的应用包括使用信用卡或借记卡,在燃料卡西姆斯的手机、授权卡付费电视,预付公用事业家庭,戒备森严的识别和访问控制卡,和公共交通和公共电话支付卡片。
智能卡也可能作为电子钱包。
智能卡芯片可以装满基金可在停
车计时器和自动售货机或在不同的商家。
密码协议保护之间的钱交换智能卡和接受机。
没有必要联系开证行,所以卡的持有者可以用它不管他是谁。
德国Geldkarte 还在香烟自动售货机用于验证的客户年龄。