Objective:
This training is targeted at solution and integration houses with people who have strong IT capabilities but who have not been in the smart card solution business and have not been formally trained.

Trainee Profile:
This training is ideal for system design engineers and software and hardware engineers who will be involved in the smart card solution implementation. It is also suitable for project managers who need to manage a smart card based project. Senior management and sales personnel may sit through the training to have an idea on what could be involved in a smart card business before jumping into it.
It is also useful for sales and marketing people dealing with products and systems related to the smart card industry. For system design, smart card project manager, engineers and programmers, day 1 of the training serves as a foundation and overview, and days 2 and 3 of the training strengthens their capability to do their job in smart card technology.

Instructor Profile:
Tan Keng Boon has been in the smart card industry for 10 years - 5 years in Gemplus Technologies Asia as Technical Manager, 2 years as a smart card application consultant, 2 years in De La Rue Card Systems (the predecessor of Oberthur Card Systems), and then in ACS. Over the past 10 years he has trained thousands of professionals in Asia Pacific, and has been a consultant to a number of card manufacturers, payphone manufacturers, ATM manufacturers and solution houses. He was involved in a number of banking smart card projects in Singapore, Indonesia, China, Thailand and Taiwan.

DAY 1 Training Topics Description:
Day 1 training is structured to be suitable for everyone - decision makers and senior management who need to decide whether or not to make an investment into this type of business or to decide whether or not to embark on a smart card application, and if so, the type of technology to adopt, etc.

1. Smart Card Technical Introduction
• Types of smart cards
• Types of memory cards
• ISO-7816
• Smart card capabilities
• Smart card applications

The knowledge delivered in this session is mandatory for everyone in the smart card industry. It is necessary for one to have an understanding of what is a smart card, what are the different types of smart cards, their prices and capabilities, and what one can do with a smart card.

2. Applying Cryptography In Smart Card Applications
• DES & triple DES
• Messaging authentication code
• Key diversification
• Key dispersion
• Public Key Infra-structure & Certification Authority
• Hash & signature
• Authentication - card, terminal, cardholder
• Certification
• Secured messaging

This session is mandatory for smart card application solution houses, system designers and programmers who are implementing smart card applications. It is also important for decision makers who need to decide the types of smart card to be used and hence the need to understand basic security and cryptographic concepts.

3. Memory Card Overview
• Free access memory
• Token cards - 4406, 4436
• Protected memory card - 4432/4442, 4418/4428
• Contact-less Mifare card

This session gives a quick overview of some of the popular and commonly used memory cards - their features and limitations.

4. MCU Smart Card Chip Operating System (COS)
• File organization
• File access conditions
• Secret keys & secret codes
• Authentication
• File access commands
• Secured messaging
• Payment commands
• Administrative commands

It must be noted that no two card manufacturer COS are fully compatible. While COS standards exist, there are only application standards (e.g. GSM SIM, VisaCash..) and national standards (e.g. Geldcarte, PBOC..) This session attempts to explain how a typical MCU COS works but it should be noted that it is by no means a standard.

5. Application Standard MCU Smart Cards Overview
• GSM SIM - phase 2 & SIM ToolKit
• EMV + VIS / MCPA
• Smart Debit / Credit Card
• Copac
• Proton
• VisaCash
• CEPS
• Mondex
• Chipper
• Interpay /Chip Knip

Many people have heard of different terms and different types of cards but have little information beyond terms. This session explains and gives a little insight into them.

6. Smart Card Platforms
• Javacard
• MultOS
• Windows Smart Card

Many people have heard about these cards and their usage in multiple applications. Unfortunately not many know that these cards by themselves are not usable without the applets on the card, which occupy the expensive EEPROM space. They would only be useful if an off-the-shelf COS does not meet your security requirements. Such a card would therefore be useful during the pilot phase of the project whereby the volume is small and requirements change. During the mass roll-out phase the issuer may then need to decide whether to continue using such a card or to have the applet moved to the ROM for cost saving.

7. PC/SC Smart Card Reader

The PC/SC standard for smart card readers (which was defined by a consortium led by Microsoft) attempts to make all readers to be compatible to the application program - achieved by the reader manufacturer driver interfacing to the operating system and the application accessing the reader via the operating system. However such a requirement is only necessary if the application developer has no idea and no control on who and what reader is to be used.

DAY 2 Training Topics Description:
Day 2 training is structured for smart card application solution houses, smart card application terminal vendors, system designers, programmers and project managers.

1. Disposable Electronic Purse - EuroChip / SLE-4436 and T2G

Day 2 training is structured for smart card application solution houses, smart card application terminal vendors, system designers, programmers and project managers.

• Memory organization
• Card characteristics
• Token counting
• Anti-tearing & recovery
• Authentication

More than 1 billion of such cards have been used every year as telephone prepaid card. Before one can exploit the economies of scales of this type of cards, an in-depth technical understanding of its capabilities, strength and weakness is required.

2. Case Study: Disposable Electronic Purse / Electronic Gift Voucher Application System

This session describes in detail how a smart card can be used as a disposable electronic purse and an electronic gift voucher. Such application presents a strong business case as compared to the application using MCU smart cards because the price of such a card is a fraction of the price of an MCU smart card and there is no need for expensive reloading infra-structure.

3. Secured Memory Card - SLE4442
• Memory organization
• Characteristics
• Hands-on exercise
4. Secured Memory Card - SLE4428
• Memory organization
• Characteristics
• Hands-on exercise
5. Case Study - Loyalty Application Using SLE 4442 / 4428

A loyalty application is one of the most important application as it benefits all parties in the application

• cardholder - the more he buys, the more he saves
• merchant / service provider - retains customer loyalty and expands market share
• solution provider - profits from selling cards and solutions
6. Case Study - Organisation ID Card

This session illustrates that even a memory card can be used for multi-application - physical access, time management, canteen, resource booking etc.

7. Electronic Purse Application System Design

This session serves as an example to illustrate how to go about designing a high security complex smart card application using the case of a re-loadable electronic purse. Also covered are system design and security considerations in designing a complex system, the needs and requirement of SAMs, back-end host computer, system key management, personalization system etc.

8. EMV Smart Debit / Credit Smart Card

Thought to be a great application in early 90s, effort was made by Europay, Mastercard and Visa to define a common platform specification, called EMV specification. There are already roll-out plan to have all magnetic cards, totaling more than 1 billion cards, to be converted to smart card in the next few years. EMV smart credit / debit card with value-added applications such as ATM card, pass-card, loyalty card, electronic purse are possible multi-applications in an EMV smart debit / credit card. This session gives an insight into the EMV specification.

9. Key Management System

In a smart card application, there are many keys in the system - grandmaster keys, master keys, diversified keys and random keys. Keys inside the smart card are unique diversified keys. Keys in the terminals may be random, diversified or master keys. Typically each year a new set of keys is used to issue new cards and keys inside the SAM must be updated. Keys in the system therefore need to be somehow generated and managed. SAMs need to be loaded with the right keys and cards need to be personalized. A key Management System is therefore required in every smart card application.

10. PC/SC Smart Card Reader

This session reviews the APIs of the PC/SC specification.

11. GSM SIM ToolKit For Value-Added Services / Mobile Commerce

GSM value-added services opens up another area of opportunities for solution houses implementing smart card solutions. This session explains what is SIM ToolKit and how to develop value-added applications over the GSM network.

12. Discussion And Q&A