Policy Issues in Implementing Smart Cards in Urban Public Transit Systems

Many public transportation institutions have been discarding their magnetic strip payment cards or traditional cash-based fee collection systems in favor of automated fare collection systems with smart card technology. Smart cards look like traditional credit cards or ID cards; however, using RFID technology, they allow for contactless payment and identification. Smart cards are becoming increasingly popular among transit agencies primarily because they are convenient for customers, reduce administrative costs for transit agencies, and have the potential of improving the performance of complex transit systems overall. The increased availability and affordability of contactless cards has also contributed to this trend in adoption

Multi-RFID embedded Ticketing Kernel for MaaS

Trabalho de projeto de mestrado, Engenharia Informática (Engenharia de Software) Universidade de Lisboa, Faculdade de Ciências, 2020The fast-growing human population is causing an ever-increasing trend of hyper urbanisation and globalisation, along with the popularisation of private cars to commute, which contributes to several environmental and health problems, for instance, high lev els of noise, congestion, and pollution. Hence, most cities are facilitating and enhancing commuting travel, thus, fostering the development of transportation. Today’s urban transport networks are part of the daily lives of millions of people around the world, and in this era of digitalisation, servicising, and cashless economy the public transportation must also readjust. Therefore, contactless bank cards will make it reasonable to travel by public transport. It will be the first time in Portugal that a contactless bank card enables public transport to be accessed, travelled and charged. Such a solution would encourage the contactless debit or credit card to be an alternative to the proprietary transit card, thereby helping to enhance the usability and accessibility of public transport. With the launch of the contactless solution in public transport, a metropolitan area in Portugal will very well integrate a growing list of the world’s major cities such as London, Singapore, Rio de Janeiro and New York. Moreover, new passengers gradually shift from maintaining a private car to the use of public transport means, which allows a diminution on the emission of fuel gases, and a reduction of the global pollution. In addition to that, public transport operators pains also decrease because proprietary cards are handled and managed by financial institutions, enabling the transport agencies to turn their attention to the core of their business, like the multi-modal mass transit and fare calculation. This pioneering project in Portugal involved several stakeholders, including Card4B, Visa, and Unicre. Accordingly, the project aimed to provide an open-loop model with con tactless and post-paid payments to integrate into the existing operation of transportation ticketing. Finally, the developed solution supports contactless transactions, and followed the “Contactless Specifications for Payment Systems”. Successfully, the delivered solution was certified with an EMV Level 3 Certification for both Visa PayWave and MasterCard Contactless transactions

RFID: Prospects for Europe: Item-level Tagging and Public Transportation

This report, which is part of the COMPLETE series of studies, investigates the current and future competitiveness of the European industry in RFID applications in general and in two specific cases: item-level tagging and public transportation. It analyses its constituent technologies, drivers and barriers to growth, actual and potential markets and economic impacts, the industrial position and innovative capabilities, and it concludes with policy implicationsJRC.DDG.J.4-Information Societ

Post-Quantum Security for the Extended Access Control Protocol

The Extended Access Control (EAC) protocol for authenticated key agreement is mainly used to secure connections between machine-readable travel documents (MRTDs) and inspection terminals, but it can also be adopted as a universal solution for attribute-based access control with smart cards. The security of EAC is currently based on the Diffie-Hellman problem, which may not be hard when considering quantum computers. In this work we present PQ-EAC, a quantum-resistant version of the EAC protocol. We show how to achieve post-quantum confidentiality and authentication without sacrificing real-world usability on smart cards. To ease adoption, we present two main versions of PQ-EAC: One that uses signatures for authentication and one where authentication is facilitated using long-term KEM keys. Both versions can be adapted to achieve forward secrecy and to reduce round complexity. To ensure backwards-compatibility, PQ-EAC can be implemented using only Application Protocol Data Units (APDUs) specified for EAC in standard BSI TR-03110. Merely the protocol messages needed to achieve forward secrecy require an additional APDU not specified in TR-03110. We prove security of all versions in the real-or-random model of Bellare and Rogaway. To show real-world practicality of PQ-EAC we have implemented a version using signatures on an ARM SC300 security controller, which is typically deployed in MRTDs. We also implemented PQ-EAC on a VISOCORE terminal for border control. We then conducted several experiments to evaluate the performance of PQ-EAC executed between chip and terminal under various real-world conditions. Our results strongly suggest that PQ-EAC is efficient enough for use in border control

Eesti elektrooniline ID-kaart ja selle turvaväljakutsed

Eesti elektrooniline isikutunnistust (ID-kaart) on üle 18 aasta pakkunud turvalist elektroonilist identiteeti Eesti kodanikele. Avaliku võtme krüptograafia ja kaardile talletatud privaatvõti võimaldavad ID-kaardi omanikel juurde pääseda e-teenustele, anda juriidilist jõudu omavaid digiallkirju ning elektrooniliselt hääletada. Käesolevas töös uuritakse põhjalikult Eesti ID-kaarti ning sellega seotud turvaväljakutseid. Me kirjeldame Eesti ID-kaarti ja selle ökosüsteemi, seotud osapooli ja protsesse, ID-kaardi elektroonilist baasfunktsionaalsust, seotud tehnilisi ja juriidilisi kontseptsioone ning muid seotud küsimusi. Me tutvustame kõiki kasutatud kiipkaardiplatforme ja nende abil väljastatud isikutunnistuste tüüpe. Iga platformi kohta esitame me detailse analüüsi kasutatava asümmeetrilise krüptograafia funktsionaalsusest ning kirjeldame ja analüüsime ID-kaardi kauguuendamise lahendusi. Lisaks esitame me süstemaatilise uurimuse ID-kaardiga seotud turvaintsidentidest ning muudest sarnastest probleemidest läbi aastate. Me kirjeldame probleemide tehnilist olemust, kasutatud leevendusmeetmeid ning kajastust ajakirjanduses. Käesoleva uurimustöö käigus avastati mitmeid varem teadmata olevaid turvaprobleeme ning teavitati nendest seotud osapooli. Käesolev töö põhineb avalikult kättesaadaval dokumentatsioonil, kogutud ID-kaartide sertifikaatide andmebaasil, ajakirjandusel,otsesuhtlusel seotud osapooltega ning töö autori analüüsil ja eksperimentidel.For more than 18 years, the Estonian electronic identity card (ID card) has provided a secure electronic identity for Estonian residents. The public-key cryptography and private keys stored on the card enable Estonian ID card holders to access e-services, give legally binding digital signatures and even cast an i-vote in national elections. This work provides a comprehensive study on the Estonian ID card and its security challenges. We introduce the Estonian ID card and its ecosystem by describing the involved parties and processes, the core electronic functionality of the ID card, related technical and legal concepts, and the related issues. We describe the ID card smart card chip platforms used over the years and the identity document types that have been issued using these platforms. We present a detailed analysis of the asymmetric cryptography functionality provided by each ID card platform and present a description and security analysis of the ID card remote update solutions that have been provided for each ID card platform. As yet another contribution of this work, we present a systematic study of security incidents and similar issues the Estonian ID card has experienced over the years. We describe the technical nature of the issue, mitigation measures applied and the reflections on the media. In the course of this research, several previously unknown security issues were discovered and reported to the involved parties. The research has been based on publicly available documentation, collection of ID card certificates in circulation, information reflected in media, information from the involved parties, and our own analysis and experiments performed in the field.https://www.ester.ee/record=b541416

Smart card technology and its perspective in Hong Kong.

by Yu Wai-Yip.Thesis (M.B.A.)--Chinese University of Hong Kong, 1997.Includes bibliographical references (leaves 51-57).TABLE OF CONTENTS --- p.iLIST OF EXHIBITS --- p.iiiChapterChapter I. --- INTRODUCTION --- p.1Project Objectives --- p.3Methodology --- p.3Chapter II. --- WHAT IS SMART CARD --- p.5A Brief History of Smart Card --- p.5Classifications of Smart Card --- p.7Categorization by Security LevelContact Vs ContactlessChapter III. --- EVOLUTION OF SMART CARD MARKETS --- p.11Smart Card Versus Magnetic Stripe Card --- p.11Possible Applications --- p.13Payment ApplicationsTransportation ApplicationsHealthcare ApplicationsTelecommuncations ApplicationsGlobal Market Trend --- p.22Chapter IV. --- SMART CARD APPLICATIONS IN HONG KONG --- p.25Transportation Applications --- p.27Healthcare Applications --- p.28Payment Applications --- p.30Mondex Card and Visa Cash CardHong Kong Jockey Club Smart CardIdentification Applications --- p.32Chapter V. --- ANALYSIS OF THE HONG KONG SMART CARD MARKET --- p.33Smart Card as An Individual Product --- p.34Smart Card as a Form of Monetary Exchange --- p.34Smart Card as a System --- p.36Technological EnvironmentPolitical-legal EnvironmentCompetitive EnvironmentEconomic EnvironmentSocio-cultural EnvironmentPerspertive of All-in-one Smart Card in Hong Kong --- p.43Chapter VI --- SUMMARY AND CONCLUSIONS --- p.47Summary --- p.47Conclusions --- p.48BIBLIOGRAPHY --- p.5

Designing and generating prototype for E-Governance based election strategy using biometric authentication and smart card device

Not availabl

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future