235-238.html

Smart Card Developer s Kit, a smart card manual for development, English

<!-- Edit EirGrabber 3.01 -->
<HTML>
<HEAD>


<TITLE>Smart Card Developer's Kit:The Smart Shopper Smart Card Program</TITLE>





<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="234-235.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="238-240.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H3><A NAME="Heading15"></A><FONT COLOR="#000077">Card Security Architecture</FONT></H3>
<P>The operating characteristics of the Smart Shopper card&#151;who can see what, who can change what, and so on&#151;are determined by the access conditions placed on the files on the card, together with who possesses what keys stored on the card. This collection of access conditions together with the key distribution policy taken as a whole is the Smart Shopper card security architecture.
</P>
<P>Smart Commerce Solutions has control of the overall security of the card together with control of the files in the master file and is the only entity that knows the keys in the external authorization file in the master file. Furthermore, Smart Commerce Solutions knows one key in the external authorization file in each merchant directory. This key allows Smart Commerce Solutions to block access to the external authorization file itself, if necessary. Blocking this file would essentially deactivate the merchant&#146;s program on the card.</P>
<P>By virtue of knowing one key in the external authorization file in the master file, each merchant can create new files in the directory into which his program is loaded and, in the process, can set all the access conditions on these new files. The merchant knows all but cannot change any but one of the keys in the external authorization file in his directory. He can use the keys as he wishes in crafting a security architecture for his program. The merchant cannot delete files in his directory because this would let him delete the external authorization file and remove Smart Commerce Solutions&#146;s control over activation of the merchant&#146;s program.</P>
<P>Merchants can, however, activate and deactivate the frequent buyer points file. The frequent buyer point total on a Smart Shopper card is a liability for the merchant because he is obliged to exchange these points for other value. As a result, the merchant must have total control over the growth of this liability. If the merchant suspects that a particular customer is receiving unauthorized increases in their frequent buyer total&#151;for example, by working in collusion with a store employee&#151;the merchant can deactivate the frequent buyer point total file to immediately stop the incursion of further liability while the situation is being investigated.</P>
<P>The cardholder has complete control over her personal data. This control is exercised by putting a PIN access condition on all operations that view or change this data. This does not mean that the cardholder must enter or edit by hand all this information. It means that such access is impossible without the cardholder being aware that the access has been granted through the entry of a PIN. Merchant applications have to access this information, and merchants may provide convenient utilities for updating this information.</P>
<P>Table 10.2 lists the details about which entity can perform which actions on which files on a Smart Shopper card with Harvest Festival and Scrivener&#146;s Corner programs loaded on it.</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT><B>Table 10.2.</B> File access conditions on the Smart Shopper card.
<TR>
<TH ALIGN="LEFT" VALIGN="BOTTOM">Directory Name
<TH ALIGN="LEFT" VALIGN="BOTTOM">FileId
<TH ALIGN="LEFT" VALIGN="BOTTOM">DIRECTORY
<TH ALIGN="LEFT">DELETE<BR>FILE
<TH ALIGN="LEFT">CREATE<BR>FILE
<TH ALIGN="LEFT" VALIGN="BOTTOM">REHABILITATE
<TH ALIGN="LEFT" VALIGN="BOTTOM">INVALIDATE
<TR>
<TH COLSPAN="7"><HR>
<TR>
<TD VALIGN="TOP">Master File
<TD VALIGN="TOP">3F00<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD>Smart Commerce
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Merchant #1
<TD VALIGN="TOP">1000<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD>Harvest Festival
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Merchant #2
<TD VALIGN="TOP">2000<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD>Scrivener&#146;s<BR>Corner
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Merchant #3
<TD VALIGN="TOP">3000<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD>Smart Commerce
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Merchant #4
<TD VALIGN="TOP">4000<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD>Smart Commerce
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Merchant #5
<TD VALIGN="TOP">5000<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD>Smart Commerce
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD COLSPAN="7"><HR>
</TABLE>
<TABLE WIDTH="100%">
<TR>
<TH ALIGN="LEFT" VALIGN="BOTTOM">Filename
<TH ALIGN="LEFT" VALIGN="BOTTOM">FileId
<TH ALIGN="LEFT">READ/<BR>SEEK
<TH ALIGN="LEFT">UPDATE/<BR>DECREASE
<TH ALIGN="LEFT" VALIGN="BOTTOM">INCREASE
<TH ALIGN="LEFT">CREATE<BR>RECORD
<TH ALIGN="LEFT" VALIGN="BOTTOM">REHABILITATE
<TH ALIGN="LEFT" VALIGN="BOTTOM">INVALIDATE
<TR>
<TH COLSPAN="8"><HR>
<TR>
<TD ALIGN="LEFT"><I>Master File</I>
<TR>
<TD COLSPAN="8"><HR>
<TR>
<TD VALIGN="TOP">PIN
<TD VALIGN="TOP">0000<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD>Internal Authentication
<TD VALIGN="TOP">0001<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Serial Number
<TD VALIGN="TOP">0002<SUB>16</SUB>
<TD VALIGN="TOP">Always
<TD>Smart Commerce
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TR>
<TD>External Authentication
<TD VALIGN="TOP">0011<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Personal Data
<TD VALIGN="TOP">0100<SUB>16</SUB>
<TD VALIGN="TOP">Cardholder
<TD VALIGN="TOP">Cardholder
<TD VALIGN="TOP">Cardholder
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Administration
<TD VALIGN="TOP">0F00<SUB>16</SUB>
<TD>Smart Commerce
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD COLSPAN="8"><HR>
<TR>
<TD ALIGN="LEFT"><I>Harvest Festival</I>
<TR>
<TD COLSPAN="8"><HR>
<TR>
<TD>External Authentication
<TD VALIGN="TOP">0011<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Points
<TD VALIGN="TOP">1002<SUB>16</SUB>
<TD VALIGN="TOP">Cardholder
<TD>Harvest Festival
<TD>Harvest Festival
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Harvest Festival
<TD>Harvest Festival
<TR>
<TD ALIGN="LEFT">Cumulative Purchases
<TD VALIGN="TOP">1003<SUB>16</SUB>
<TD VALIGN="TOP">Cardholder
<TD>Harvest Festival
<TD>Harvest Festival
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Harvest Festival
<TD>Harvest Festival
<TR>
<TD COLSPAN="8"><HR>
<TR>
<TD><I>Scrivener&#146;s Corner</I>
<TR>
<TD COLSPAN="8"><HR>
<TR>
<TD VALIGN="TOP">External Authentication
<TD VALIGN="TOP">0011<SUB>16</SUB>
<TD VALIGN="TOP">Never
<TD>Smart Commerce
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Smart Commerce
<TD>Smart Commerce
<TR>
<TD VALIGN="TOP">Points
<TD VALIGN="TOP">2002<SUB>16</SUB>
<TD VALIGN="TOP">Cardholder
<TD>Scrivener&#146;s Corner
<TD>Scrivener&#146;s Corner
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Scrivener&#146;s Corner
<TD>Scrivener&#146;s Corner
<TR>
<TD ALIGN="LEFT">Book Want List
<TD VALIGN="TOP">2003<SUB>16</SUB>
<TD VALIGN="TOP">Cardholder
<TD VALIGN="TOP">Cardholder
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Never
<TD VALIGN="TOP">Scrivener&#146;s Corner
<TD>Scrivener&#146;s Corner
<TR>
<TD COLSPAN="8"><HR>
</TABLE>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="234-235.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="238-240.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>





</BODY>
</HTML>