RFID Guardian Use-Cases Creditcard

From RFID Wiki

[edit] Contact-less Smart Card

Contact-less smart cards differ from traditional credit cards because they do not require the magnetic stripe on the back that comes into physical contact with a special reader. By the end of 2006, it is estimated that between 35 and 50 million credit and debit cards will be contact-less and available for use in 25,000 - 50,000 merchant locations in the United States alone. Many experts are anticipating that this new technology could eventually make the magnetic stripe obsolete, at which point all of the world's electronic payments would be contact-less.


What gives contact-less credit cards their edge is that they are faster than traditional magnetic stripe cards and cash. According to Visa, the average cash transaction takes 34 seconds and magnetic stripe credit card transactions take 24 seconds. Conversely, contact-less credit card transac- tions take a mere 15 seconds.


For security reasons, the protocols of commercial contact-less credit cards are never published. In one paper, the author described some security features of this kind of card. The contact-less payment cards feature 128-bit and triple DES encryption that would make any stolen data useless to a potential thief. The cards also have built-in sensors that would disable the chip should any- one attempt to retrieve any personal data from a stolen card. Furthermore, just like regular credit and debit cards, holders of contact-less cards are not liable for any fraudulent charges. In one paper, however, researchers observed that RFID-enabled credit cards are only more secure than their traditional coun- terparts against certain types of attacks. For example, since the card never leaves the holder's hands, it will never leave an physical image of the card to a potentially adversarial merchant or clerk. However, by eavesdropping and carefully studying the communication content between reader and tags, it is still possible to deploy certain types of attacks to RFID-enabled credit cards, i.e. Replay with Race Condition.


The relationship for smart card is shown below:

UML Object Model

Image:Credit_card.png

UML Sequence Model

Image:Uml_seq_credit_card.png

With sample ACL 

#######################
# Credit Card Rules
#######################

context trusted;
context home;

# By default, we leave RFID tra±c alone
rule P15693 ACCEPT
{ context = *;
role = *;
tags = *;
query = { command = }; };
};

# Deny unknown readers to access our cards
rule P15693 DENY
{ context = *;
role = *;
tags = @MY TAGS;
query = { command = *; };
};

# But allow payment readers
rule P15693 ACCEPT
{  context = {trusted, home, };
role = LEGAL READER;
tags = @MY TAGS;
query = {command = }; };
};
Retrieved from "http://www.rfidguardian.org/index.php/RFID_Guardian_Use-Cases_Creditcard"