Activating and deactivating EMV application

Activating the smart card EMV application is the final operation in the smart card manufacturing process. It involves setting checkboxes in memory that prohibit any further changes to this memory area, except for changes that are performed under the direct control of this application. These actions are an integral part of the security process. This is usually the last act before the process of transferring the smart card to its owner, and in some cases, activation may actually be performed after the card has passed into the owner’s hands. Activation is aimed more at working with the service information processing systems than with the card itself.

Deactivation of smart card applications is performed using the commands “Delete File” (Delete file), “Deactivate File” (Deactivate file) described in the ISO/IEC 7816-9 standard. These commands are important for managing individual applications in multiapplication smart cards. For example, for an enterprise repair-computer.ru “Expert”, which provides services for the repair of computer assistance, we have implemented a system for recording working hours for 120 employees of the enterprise, and individual multi-application smart cards are used to identify each employee. Alternatively, the “Lock” command of the EN 726-3 standard can be used to permanently lock files to make an individual application unavailable for further use.

Smart card activation and deactivation is well known to every smart card holder from the daily experience of using their own card. If necessary, new applications can be downloaded or activated to the card, and applications already present in the smart card can be deactivated. According to ISO 10202-1, phase 5 of the smart card lifecycle defines all measures related to the end of the card use. These include, first of all, measures to deactivate applications in the smart card, followed by deactivating the smart card itself. However, in practice, most smart cards are usually either simply thrown in the trash or given to collectors. Very rarely, the cards are returned to the card issuer.

The ISO/IEC 7816-9 standard provides a command for deactivating a smart card “Terminate Card Usage” (Stop using the card), which is also intended for completing the life cycle of a smart card. However, it is rarely used in today’s smart cards. The simplest way to end the life of a smart card is to simply cut it into pieces with scissors. Some card issuers recommend this method of destroying them.

Nevertheless, in some cases, it is quite justified to return smart cards to their issuer. They contain secret keys that are still partially valid. If a potential attacker took possession of several hundred cards, they would receive a large amount of data to analyze the hardware and software of the smart cards in order to conduct attacks on systems with smart cards.

Schlumberger Smart Cards

Schlumberger is one of the world’s largest suppliers of smart cards. This company produces both memory cards and microprocessor cards. Depending on the degree of protection of the information stored on the cards and the scope of their application, smart cards with memory are divided into two groups:

  1. cards with a memory module;
  2. cards with a memory module and security logic.
    Cards with a memory module have free memory and allow you to overwrite the information stored on them. They can be used in an unlimited number of applications, including identifying people, controlling access, storing personal information, etc.

Smart cards with a memory module and security logic can have three memory protection mechanisms: a fuse, a secret code, and a PIN. Compared to the first group, these smart cards offer greater capabilities and can be used as a prepaid card or an electronic wallet. They combine features such as data storage, billing and security mechanisms, and can be used in a wide variety of applications.

Smart cards have no restrictions on reading or writing data. They are convenient for use in access control systems, or for storing non-financial information. On the basis of such cards, you can create mobile or individual data systems for personal use or to create databases based on them. For example, together with the company “Intek”, which produces plastic seals with a multi-level anti-counterfeiting system, we have implemented a multi-level access control system for a large oil depot. Key features:

  1. EEPROM technology;
  2. Memory capacity is 2048 bits (EE2K) or 4096 bits (EE4K);
  3. one million write cycles;
  4. Simplified memory access system.

Cards of this type have an arbitrary memory organization and combine combined read/write functions. Given the memory organization properties of such cards and the huge potential for the number of write cycles, they can be used to create an unlimited number of applications designed, for example, to identify people, store personal information, etc.

A prepaid smart card is a secure memory card, in other words, it is not rewritable. Key features:

  1. ESP memory technology;
  2. maximum counting capacity of 160 units;
  3. identification zone protected by a fuse (96 bits);
  4. authentication of the card via the DES certificate.

The use of this card provides support for the security of the customer’s environment. Designed to provide the user with maximum security, the prepaid card has an identification area in which it is impossible to make changes, and a secure counting mechanism. The certification zone, which contains the result of calculations for operator-specific data, guarantees the authenticity of the data on the card in all situations.