D.I.Y. Smart Card Encoding and Reader Mangement for the

University Market

Robert M. Gailing

SMART Contactless IDentity and Security Solutions

We're Making Identity Cards Safe, Again!

What is a contactless smart card?

What makes it safer than another ID card technology?

What is encryption /cryptography? What is mutual authentication?

Why should you deploy it on your campus?

Open Platform / Closed Platform Open Architecture...WTF?

Open Platform Closed Platform

Definition - In computing, an open platform describes a software system which is based on open standards, such as published and fully documented external application programming interfaces (API) that allow using the software to function in other ways than the original programmer intended, without requiring modification of the source code. Using these interfaces, a third party could integrate with the platform to add functionality

The opposite is a closed platform.

What Smart Cards are in the US Market Today?

DIY Card and Reader Management? What Does it Mean?

Create, and manage, your own secure solution designed by, or with, you for your unique situation.

Manage security keys on the card and reader

Rotate keys

Change key version

Speed of deployment. You want, or need, to make a change or update quickly.

Add new application

Transportation

Food, etc.

Add biometric

LOWER PER CARD COSTS!

Why Do It Yourself?

Higher Security Options

Freedom

Flexibility

Quicker time to deploy

$ave Money

Single Common CardMultiple Applications

Logical Access

Production Control

Cafeteria/Meal

Copy Machines

IDentity CardPoint-of-Sale

Cashless Vending

Time & Attendance

Banking

Physical Access/Parking

MIFARE® DESFire® EV1/ EV2

Supports many different applications for the Campus and around town, too.

Example: Multi-application Options –Campus Card

Pick the applications you want and add them to your card

Bus / Train Car Rental Bike Rental

Theater SportsConcertGym

Coffee Retail Book StoreFood

Transport Card (MIFARE)

Current

Upgrade

Laundry

Benefits of Contactless Smart Cards

Usability

DESFire has a flexible file system whereby up to 28 applications can run simultaneously and each application can have up to 16 files. This means that if there are spaces left by some applications, others can use them.

The practical result for this is that a University can use their ID cards for more applications and get a faster communication between the card and the reader. Students then only need a single ID card for use across a whole cashless campus solution, access control systems,

transport, gym memberships etc.

Security

The encryption used on the DESFire cards is predominantly 128-bit up to 256 Bit AES encryption (Although TripleDES is also available, we would advise the AES option as the most secure). AES stands for Advanced Encryption Standard and the 128/ 256 Bit refers to length of the key used. This standard has been adopted by the US military and it is estimated that at the projected technology improvements, will remain secure until at least the year 2030.

Encryption / Cryptography

The ingredient that makes the cards secure

The Secret Key

Today's smart cards, and smart card, readers have a special relationship. A Marriage of sorts.

They share a SECRET.

A Key!

When they get together, the two must share this key. If they agree (mutual-authentication), they tell the IDs information to the host.

What is the importance of this key?

In order for you to add, change, delete anything with your card and reader system, you need this key!

Why should you own and manage the key yourself?

Remember this marriage? Well, image that you and/ or your partner's secret was also known, or owned and controlled by a third party? What's happened to that secret now?

Card Reader

What keys do you want to use? Default manufacturer keys (OK for many smaller organizations) Custom keys

If you are using custom keys, Do you want all sites to use the same keys?

Who do you want to manage the keys (the supplier, in-house,

other)?If you are managing your own keys, how will you keep them secure and safe from loss?

If keys become un-known so that you cannot issue new cards/readers, you may have to change all readers and cards to go with a new key scheme

1234

Understanding Security Keys /

Key Management for Cards

A CSN is like Your House Number…..Anyone Can Read It!

If the Number is Inside Your House …… You Need A Key!

Keys. FAQs

What do they look like?

Where do they come from?

How many are there?

Who controls it?

Where is it stored and how?

How Safe is the Information?

As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128-bit AES key. EETimes Mohit Arora, Sr. Systems Engineer & Security Architect, Freescale Semiconductor 5 /2012

Decisions, Decisions, Decisions...

How do I move forward?

Do I need to change my access control system?

What are my options for migration?

Does my current vendor understand this enough to help me get there?

Develop a Strategy

Examine the long term goals of the campus and community

Look outside for partnering opportunites to further reduce your per card cost.

DO IT YOURSELF? YES!

COMPATIBLE PRINTER W/ENCODER

ENCODING SOFTWARE APPLICATION

MIDDLEWARE

USB READER / WRITER

CARDS

Field Configurable Access Card Readers

DataWriter

Basic or

Ultimate for

configuration

Server

Kiosks

With the Client/Server version, kiosks for encoding cards can be deployed. Designed for users to present their badge at the kiosk terminal in order for the card to be automatically updated.

Very useful to rotate keys, or change from CSN to encoded number when cards are already deployed.

How Do I Get the Students Cards Updated?

DataWriter workstation

on Android

Wifi NFC

Server

An Android workstation has been developed enabling the encoding button using a smartphone equipped with an NFC chip

Mobility

Web-Based Credentialing

Choice of card technology

Mifare classic, Mifare DESFire EV1/EV2, HID iClass, EM, HID Prox, …

Choice of graphic models (Front / back)

Customizing printing

Drag & drop data files to print on each card

Customizing encoding

Drag & drop data files to encode on each card

Production in real time or not

cards are printed on end user site or on central site

ID Printing Server

Student

Remote Printer at Card Office

4

1

32

1. The end user sends the order on the server via

personalized user interface

2. Transfers the order to Server

3. Cards are print to remote card office

4. Student picks up card or is mailed

Web-Based Credentialing

Point of Sale

Now that you have migrated away from mag stripe, how do you manage your point-of-sale systems with the new card?

Simple. Just exchange your mag stripe readers with a USB contactless smart card readers configured to read your secure data.

Working withThird-Party's

The local transportation agency uses similar smartcard technology and wants to reduce costs and not provide cards.

How to third-parties add their application to my

card without sharing their secret key?

Local businesses such as parking lots or copy/ship centers would like to accept the student card for payment?

How do you set them up to accept the students ID card?

Known University Smart Card ProgramsU of Michigan

U of Penn

U of A

Int'l Student Identity CardMST

QUESTIONS?

Contact Me

Robert GailingSMARTContactless Identity and Security SolutionsSanta Ana, CA949-514-8844 x 500Robert@SMARTContactless.comwww.SMARTContactless.com