|
Why is Cryptography Important?
What is a Smart Card?
What is a Public Key Infrustucture (PKI)?
What are Smart Cards Used for and What are Some of the Benefits?
How is a Smart Card Different from the Magnetic Strip Cards?
Why is Cryptography Important?
Cryptography allows people to carry over the confidence found in the physical world to the electronic world, thus allowing people to do business electronically without worries of deceit and deception. Every day hundreds of thousands of people interact electronically, whether it is through e-mail, e-commerce (business conducted over the Internet), ATM machines, or cellular phones. The perpetual increase of information transmitted electronically has lead to an increased reliance on cryptography.
Cryptography on the Internet The Internet, comprised of millions of interconnected computers, allows nearly instantaneous communication and transfer of information, around the world. People use e-mail to correspond with one another. The World Wide Web is used for online business, data distribution, marketing, research, learning, and a myriad of other activities.
Cryptography makes secure web sites and electronic safe transmissions possible. For a web site to be secure all of the data transmitted between the computers where the data is kept and where it is received must be encrypted. This allows people to do online banking, online trading, and make online purchases with their credit cards, without worrying that any of their account information is being compromised. Cryptography is very important to the continued growth of the Internet and electronic commerce.
E-commerce is increasing at a very rapid rate. By the turn of the century, commercial transactions on the Internet are expected to total hundreds of billions of dollars a year. This level of activity could not be supported without cryptographic security. It has been said that one is safer using a credit card over the Internet than within a store or restaurant. It requires much more work to seize credit card numbers over computer networks than it does to simply walk by a table in a restaurant and lay hold of a credit card receipt. These levels of security, though not yet widely used, give the means to strengthen the foundation with which e-commerce can grow.
People use e-mail to conduct personal and business matters on a daily basis. E-mail has no physical form and may exist electronically in more than one place at a time. This poses a potential problem as it increases the opportunity for an eavesdropper to get a hold of the transmission. Encryption protects e-mail by rendering it very difficult to read by any unintended party. Digital signatures can also be used to authenticate the origin and the content of an e-mail message.
Authentication In some cases cryptography allows you to have more confidence in your electronic transactions than you do in real life transactions. For example, signing documents in real life still leaves one vulnerable to the following scenario. After signing your will, agreeing to what is put forth in the document, someone can change that document and your signature is still attached. In the electronic world this type of falsification is much more difficult because digital signatures are built using the contents of the document being signed.
Access Control Cryptography is also used to regulate access to satellite and cable TV. Cable TV is set up so people can watch only the channels they pay for. Since there is a direct line from the cable company to each individual subscriber's home, the Cable Company will only send those channels that are paid for. Many companies offer pay-per-view channels to their subscribers. Pay-per-view cable allows cable subscribers to ``rent'' a movie directly through the cable box. What the cable box does is decode the incoming movie, but not until the movie has been ``rented.'' If a person wants to watch a pay-per-view movie, he/she calls the cable company and requests it. In return, the Cable Company sends out a signal to the subscriber's cable box, which unscrambles (decrypts) the requested movie.
Satellite TV works slightly differently since the satellite TV companies do not have a direct connection to each individual subscriber's home. This means that anyone with a satellite dish can pick up the signals. To alleviate the problem of people getting free TV, they use cryptography. The trick is to allow only those who have paid for their service to unscramble the transmission; this is done with receivers (``unscramblers''). Each subscriber is given a receiver; the satellite transmits signals that can only be unscrambled by such a receiver (ideally). Pay-per-view works in essentially the same way as it does for regular cable TV.
As seen, cryptography is widely used. Not only is it used over the Internet, but also it is used in phones, televisions, and a variety of other common household items. Without cryptography, hackers could get into our e-mail, listen in on our phone conversations, tap into our cable companies and acquire free cable service, or break into our bank/brokerage accounts.
FAQ courtesy of RSA Security
What is a Smart Card?
A smart card is a credit card sized plastic card with an integrated circuit (computer chip) embedded in it. The integrated circuit is an information medium that can be used in many different ways. Unlike magnetic stripe cards, this type of card has the ability to store and secure information as well as make decisions based on its programming, thus, "smart cards."
What is a Public Key Infrastructure (PKI)?
A public-key infrastructure (PKI) consists of protocols, services, and standards supporting applications of public-key cryptography. The term PKI, which is relatively recent, is defined variously in current literature. PKI sometimes refers simply to a trust hierarchy based on public-key certificates [1], and in other contexts embraces encryption and digital signature services provided to end-user applications as well [OG99]. A middle view is that a PKI includes services and protocols for managing public keys, often through the use of Certification Authority (CA) and Registration Authority (RA) components, but not necessarily for performing cryptographic operations with the keys.
Among the services likely to be found in a PKI are the following:
Key registration: issuing a new certificate for a public key.
Certificate revocation: canceling a previously issued certificate.
Key selection: obtaining a party's public key.
Trust evaluation: determining whether a certificate is valid and what operations it authorizes.
Key recovery has also been suggested as a possible aspect of a PKI.
There is no single pervasive public-key infrastructure today, though efforts to define a PKI generally presume there will eventually be one, or, increasingly, that multiple independent PKIs will evolve with varying degrees of coexistence and interoperability. In this sense, the PKI today can be viewed akin to local and wide-area networks in the 1980's, before there was widespread connectivity via the Internet. As a result of this view toward a global PKI, certificate formats and trust mechanisms are defined in an open and scaleable manner, but with usage profiles corresponding to trust and policy requirements of particular customer and application environments. For instance, it is usually accepted that there will be multiple ``root'' or ``top-level'' certificate authorities in a global PKI, not just one ``root,'' although in a local PKI there may be only one root. Accordingly, protocols are defined with provision for specifying which roots are trusted by a given application or user.
Efforts to define a PKI today are underway in several governments as well as standards organizations. The U.S. Department of the Treasury and NIST both have PKI programs [2,3], as do Canada [4] and the United Kingdom [5]. NIST has published an interoperability profile for PKI components [BDN97]; it specifies algorithms and certificate formats that certification authorities should support. Some standards bodies which have worked on PKI aspects have included the IETF's PKIX and SPKI working groups [6,7] and The Open Group [8].
Most PKI definitions are based on X.509 certificates, with the notable exception of the IETF's SPKI.
FAQ courtesy of RSA Security
What are Smart Cards Used for and What are Some of the Benefits?
A smart card is very versatile and has many uses. In France, for example, smart cards are used as a portable file for kidney patients. Before they used their smart card for a file, kidney patients who need dialyses every 3 or 4 days were not able to leave town. Now the smart card contains details of the last dialyses as well as emergency and prescription information and can be used in all participating hospitals and clinics, allowing the patients to travel outside of their town or area.
Another example in France are the public telephones. In 1985 44,000 pay phones were broken into. In 1994 the number of pay phones broken into fell to zero because of smart cards. Beside this obvious advantage, smart cards freed people from the obligation of having the right small change on hand and people telephoned 50% longer from phones that accepted smart cards.
At the 1996 Olympics in Atlanta, smart cards acted as electronic cash where they were accepted at 5000 retail outlets. These cards were preprogrammed with $10, $20, and $50 increments and were used to buy newspapers, food and drink, t-shirts or other small Olympic items. The amount of the item was deducted from an electronic purse on the card and a display would show you the amount of money you had left on the card. The benefits are the fact that there is no opportunity for employee pilferage or mistakes in counting change. Cash card transactions are fast. They take about 3 seconds vs. 20 to 25 seconds for a customer to pull out cash and a cashier to return the change. Banks, as well as merchants benefited because of the swiftness of transactions and the worker productivity achieved in purchasing Olympic items.
Florida State University's smart card is a "one card solution". It is used as a student ID, for building access and library book checkout, as well as, cafeteria and bookstore purchases.
Other Uses for Smart Cards:
Computer Security: Prevent unauthorized use of computers and confidential data by controlling access to PC’s, networks, directories, and files using smart cards as a key.
Education: An ideal multi-purpose card allows the students to carry all of their administrative data as well as electronic cash for use in the cafeteria and bookstore and also use it for building access.
Consumer Loyalty Programs: By using the smart card, the customer receives instant rewards at the point of sale. The retailer can instantly read customer details off of the card and interactive data exchange ideally complements database marketing.
How is a Smart Card Different from the Magnetic Stripe Cards?
Existing magnetic stripe cards usually access an on-line data base. A smart card carries more information than a magnetic card can and doesn't need to verify information from a data base. A smart card can make a decision and can perform complex duties such as accept passwords or encrypt information.
|