smart card
DESCRIPTION
This is a compiled ppt of various ppt on the internet. Not my original work. Done for people who need ready refeerenceTRANSCRIPT
Smart CardsSmart CardsFuture Life………Future Life………
Santosh KhadsareSantosh Khadsare
Aim of my ppt is to just give you a brief idea about the smart card technology being one of the best steps towards the advancement of science and technology , making our life faster and obviously easier.
Plastic CardsPlastic Cards
Visual identity applicationVisual identity application Plain plastic card is enoughPlain plastic card is enough
Magnetic strip (e.g. credit cards)Magnetic strip (e.g. credit cards) Visual data also available in machine Visual data also available in machine
readable formreadable form No security of dataNo security of data
Electronic memory cardsElectronic memory cards Machine readable dataMachine readable data Some security (vendor specific)Some security (vendor specific)
What is a Smart What is a Smart Card? Card? A Smart card is a plastic
card about the size of a
credit card, with an
embedded microchip that
can be loaded with data,
used for telephone calling,
cash payments , and other
applications, and then
periodically refreshed for
additional use.
What is a smart card?What is a smart card?
HistoryHistory
70’s70’s
Smart Card First Patent in Germany and Smart Card First Patent in Germany and later in France and Japan.later in France and Japan.
80’s 80’s
Mass usage in Pay Phones and Debit Cards.Mass usage in Pay Phones and Debit Cards.
90’s90’s
Smart Card based Mobiles Chips & Sim Smart Card based Mobiles Chips & Sim Cards.Cards.
HistoryHistory
2000’s2000’s
Payment and Ticketing Applications Payment and Ticketing Applications
Credit cards, Mass transit (Smartrip)Credit cards, Mass transit (Smartrip)
Healthcare and Identification Healthcare and Identification
Insurance information, Drivers licenseInsurance information, Drivers license
Dimensions of smart Dimensions of smart card.card.
85.6mm x 53.98mm x 0.76mm(defined by ISO 7816)
Why use smart cards?Why use smart cards? Can store currently up to 7000 times more data than a Can store currently up to 7000 times more data than a
magnetic stripe card.magnetic stripe card. Information that is stored on the card can be updated.Information that is stored on the card can be updated. Magnetic stripe cards are vulnerable to many types of fraud.Magnetic stripe cards are vulnerable to many types of fraud.
Lost/Stolen CardsLost/Stolen Cards SkimmingSkimming Carding/ PhishingCarding/ Phishing
Greatly enhances security by communicating with card Greatly enhances security by communicating with card readers using PKI algorithms.readers using PKI algorithms.
A single card can be used for multiple applications (cash, A single card can be used for multiple applications (cash, identification, building access, etc.) identification, building access, etc.)
Smart cards provide a 3-fold approach to authentic Smart cards provide a 3-fold approach to authentic identification:identification:
• PinPin• SmartcardSmartcard• BiometricsBiometrics
Card ElementsCard ElementsMagnetic Stripe
Chip
Embossing (Card Number / Name / Validity, etc.)
Logo
Hologram
Smart Cards devicesSmart Cards devices
VCC
Reset
Clock
GND
VPP
I/O
ReservedVarun Arora |
[email protected] | www.varunarora.in
What’s in a Card?What’s in a Card?
VccRSTCL
KRFU
VppI/O
GND
RFU
Varun Arora | [email protected] |
www.varunarora.in
Electrical signals descriptionElectrical signals description
: Clocking or timing signal (optional use by the
card).
GND : Ground (reference voltage).
VPP : Programming voltage input (deprecated / optional use by the card).
I/O : Input or Output for serial data to the integrated circuit inside the card.AUX1(C4): Auxilliary contact; USB devices: D+AUX2(C8) : Auxilliary contact; USB devices: D-
VCC : Power supply input
: Either used itself (reset signal supplied from the
interface device) or in combination with an internal
reset control circuit (optional use by the card) .
Fig : A smart card pin out
RST
CLK
CARD STRUCTURECARD STRUCTURE
Out of the eight contacts only six are
used. Vcc is the supply voltage, Vss is
the ground reference voltage against
which the Vcc potential is measured,
Vpp connector is used for the high
voltage signal,chip receives
commands & interchanges data.
Typical ConfigurationsTypical Configurations
256 bytes to 4KB RAM.256 bytes to 4KB RAM. 8KB to 32KB ROM.8KB to 32KB ROM. 1KB to 32KB EEPROM.1KB to 32KB EEPROM. 8-bit to 16-bit CPU. 8051 based 8-bit to 16-bit CPU. 8051 based
designs are common.designs are common.
Smart Card ReadersSmart Card Readers
Computer based readersConnect through USB or COM (Serial) ports
Dedicated terminalsUsually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
Terminal/PC Card Terminal/PC Card InteractionInteraction
The terminal/PC sends commands to The terminal/PC sends commands to the card (through the serial line).the card (through the serial line).
The card executes the command and The card executes the command and sends back the reply.sends back the reply.
The terminal/PC cannot directly The terminal/PC cannot directly access memory of the card soaccess memory of the card so
data in the card is protected from data in the card is protected from unauthorized access. This is what unauthorized access. This is what makes the card makes the card smart.smart.
Why Smart Cards?Why Smart Cards?
Security: Data and codes on the card are
encrypted by the chip maker. The Smart
Card’s circuit chip almost impossible to forge.
Trust: Minimal human interaction.
Portability.
Less Paper work: Eco-Friendly
Two Types of ChipsTwo Types of Chips
Memory chipMemory chip Acts as a small Acts as a small
floppy disk with floppy disk with optional securityoptional security
Are inexpensiveAre inexpensive Offer little security Offer little security
features features
Microprocessor Microprocessor Can add, delete, and Can add, delete, and
manipulate its manipulate its memory. memory.
Acts as a miniature Acts as a miniature computer that computer that includes an operating includes an operating system, hard disk, and system, hard disk, and input/output ports. input/output ports.
Provides more security Provides more security and memory and can and memory and can even download even download applications. applications.
From 1 billion to 4 billion From 1 billion to 4 billion units in 10 years…units in 10 years…
Worldwide smart card shipments
925 960
26553325
0
500
1000
1500
2000
2500
3000
3500
4000
4500
Mil
lio
ns
of
un
its
Microprocessor cards
Memory cards
4285
3580
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
925 960
Smart Cards in Smart Cards in everyday life…everyday life…
Ticketing
Payment
Loyalty
Transport
Smart Poster
Health card
Communication
Contact Smart CardsContact Smart Cards
Requires insertion Requires insertion into a smart card into a smart card reader with a direct reader with a direct connection connection
This physical contact This physical contact allows for allows for transmission of transmission of commands, data, and commands, data, and card status to take card status to take place place
Contactless smart Contactless smart card:-card:-
Contactless Smart Contactless Smart Cards Cards
Require only close Require only close proximity to a readerproximity to a reader
Both the reader and card Both the reader and card have antennas through have antennas through which the two which the two communicate communicate
Ideal for applications Ideal for applications that require very fast that require very fast card interfaces card interfaces
ISOISO 14443. 14443.
International standard.International standard. Deals – only contactless smart cards.Deals – only contactless smart cards. Defines:-Defines:-
a.a. Interface.Interface.
b.b. Radio frequency interface.Radio frequency interface.
c.c. Electrical interface.Electrical interface.
d.d. Operating distance.Operating distance.
Etc…..Etc…..
Dual interface smart Dual interface smart cards.cards.
Also called Also called Combi cardCombi card..
Has a single chip over it.Has a single chip over it.
Has both contact as well as Has both contact as well as contactless interfaces.contactless interfaces.
We can use the same chip using either We can use the same chip using either contact or contactless interface with a contact or contactless interface with a high level of security.high level of security.
DualDual interface smart interface smart cardcard..
Hybrid smart card.Hybrid smart card.
Two chips.Two chips. One with contact interface.One with contact interface. Other with contactless Other with contactless
interface.interface. No connection between the No connection between the
two chips.two chips.
Hybrid smart cards.Hybrid smart cards.
Categories of Smart Categories of Smart CardsCards
Based on the type of IC chip embedded on the Smart Card. They are categorized into three types :-
IC Micro Processor Cards IC Memory Cards Optical Memory Cards
Key AttributesKey Attributes
Securityto make the Digital Life safe and enjoyable
Ease of Useto enable all of us to access to the Digital World
Privacyto respect each individual’s freedom and intimacy
SAFE
Biometric techniquesBiometric techniques
Finger print identification.Finger print identification. Features of finger prints can be kept on Features of finger prints can be kept on
the card (even verified on the card)the card (even verified on the card) Photograph/IRIS pattern etc.Photograph/IRIS pattern etc.
Such information is to be verified by a Such information is to be verified by a person. The information can be stored person. The information can be stored in the card securelyin the card securely
Smart Card ReadersSmart Card Readers
Dedicated Dedicated terminalsterminals
Usually with a Usually with a small screen, small screen, keypad, printer, keypad, printer, often alsooften alsohave biometric have biometric devices such as devices such as thumb print thumb print scanner.scanner.
Computer based readersConnect through USB or COM (Serial) ports
Terminal/PC Card Terminal/PC Card InteractionInteraction
The terminal/PC sends commands to The terminal/PC sends commands to the card (through the serial line).the card (through the serial line).
The card executes the command and The card executes the command and sends back the reply.sends back the reply.
The terminal/PC cannot directly The terminal/PC cannot directly access memory of the card access memory of the card data in the card is protected from data in the card is protected from
unauthorized access. This is what unauthorized access. This is what makes the card smart.makes the card smart.
Communication Communication mechanismsmechanisms
Communication between smart card and Communication between smart card and reader is standardized reader is standardized ISO 7816 standardISO 7816 standard
Commands are initiated by the terminal Commands are initiated by the terminal Interpreted by the card OSInterpreted by the card OS Card state is updatedCard state is updated Response is given by the card.Response is given by the card.
Commands have the following structureCommands have the following structure
Response from the card include 1..Le bytes Response from the card include 1..Le bytes followed by Response Codefollowed by Response Code
CLA INS P1 P2 Lc 1..Lc Le
Security MechanismsSecurity Mechanisms
PasswordPassword Card holder’s protectionCard holder’s protection
Cryptographic challenge ResponseCryptographic challenge Response Entity authenticationEntity authentication
Biometric informationBiometric information Person’s identificationPerson’s identification
A combination of one or moreA combination of one or more
Password VerificationPassword Verification
Terminal asks the user to provide a Terminal asks the user to provide a password.password.
Password is sent to Card for Password is sent to Card for verification.verification.
Scheme can be used to permit user Scheme can be used to permit user authentication.authentication. Not a person identification schemeNot a person identification scheme
Varun Arora | [email protected] |
www.varunarora.in
Cryptographic Cryptographic verificationverification
Terminal verify card (INTERNAL AUTH)Terminal verify card (INTERNAL AUTH) Terminal sends a random number to card to Terminal sends a random number to card to
be hashed or encrypted using a key.be hashed or encrypted using a key. Card provides the hash or cyphertext.Card provides the hash or cyphertext.
Terminal can know that the card is Terminal can know that the card is authentic.authentic.
Card needs to verify (EXTERNAL AUTH)Card needs to verify (EXTERNAL AUTH) Terminal asks for a challenge and sends the Terminal asks for a challenge and sends the
response to card to verifyresponse to card to verify Card thus know that terminal is authentic.Card thus know that terminal is authentic.
Primarily for the “Entity Authentication”Primarily for the “Entity Authentication”Varun Arora |
[email protected] | www.varunarora.in
Biometric techniquesBiometric techniques
Finger print identification.Finger print identification. Features of finger prints can be kept on Features of finger prints can be kept on
the card (even verified on the card)the card (even verified on the card) Photograph/IRIS pattern etc.Photograph/IRIS pattern etc.
Such information is to be verified by a Such information is to be verified by a person. The information can be stored person. The information can be stored in the card securely.in the card securely.
Data storageData storage
Data is stored in smart cards in Data is stored in smart cards in E2PROME2PROM Card OS provides a file structure Card OS provides a file structure
mechanismmechanism
MF
DF DF
DF
EF EF
EF
EF EF
File types
Binary file (unstructured)
Fixed size record file
Variable size record file
File Naming and File Naming and SelectionSelection
Each files has a 2 byte file ID and an optional Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte optionally have (globally unique) 16 byte name.name.
OS keeps tack of a current DF and a current OS keeps tack of a current DF and a current EF.EF.
Current DF or EF can be changed using Current DF or EF can be changed using SELECT FILE command. Target file specified SELECT FILE command. Target file specified as either:as either: DF nameDF name File IDFile ID SFID(Short File Identifier, 1 byte)SFID(Short File Identifier, 1 byte) Relative or absolute path (sequence of File IDs).Relative or absolute path (sequence of File IDs). Parent DFParent DF
Basic File Related Basic File Related CommandsCommands
Commands for file creation, deletion etc., Commands for file creation, deletion etc., File size and security attributes specified File size and security attributes specified at creation time.at creation time.
Commands for reading, writing, Commands for reading, writing, appending records, updating etc. appending records, updating etc. Commands work on the current EF.Commands work on the current EF. Execution only if security conditions are met.Execution only if security conditions are met.
Each file has a life cycle status indicator Each file has a life cycle status indicator (LCSI), one of: created, initialized, (LCSI), one of: created, initialized, activated, deactivated, terminated.activated, deactivated, terminated.
Access control on the Access control on the filesfiles
Applications may specify the access Applications may specify the access controlscontrols A password (PIN) on the MF selectionA password (PIN) on the MF selection
For example SIM password in mobilesFor example SIM password in mobiles Multiple passwords can be used and Multiple passwords can be used and
levels of security access may be givenlevels of security access may be given Applications may also use Applications may also use
cryptographic authenticationcryptographic authentication
How does it all work?How does it all work?
Card is inserted in the terminal Card gets power. OS boots
up. Sends ATR (Answer to reset)ATR negotiations take place
to set up data transfer speeds, capability negotiations etc.Terminal sends first command to select MF
Card responds with an error (because MF selection is only on password presentation)
Terminal prompts the user to provide password
Terminal sends password for verification
Card verifies P2. Stores a status “P2 Verified”. Responds “OK”
Terminal sends command to select MF again
Terminal sends command to read EF1
Card supplies personal data and responds “OK”
Card responds “OK”
So many Smart Cards with So many Smart Cards with us at all times…..us at all times…..
In our GSM phone (the SIM card)In our GSM phone (the SIM card) Inside our WalletsInside our Wallets
Credit/Debit cardsCredit/Debit cards HealthCare cardsHealthCare cards Loyalty cardsLoyalty cards
Our corporate badgeOur corporate badge Our PassportOur Passport Our e-Banking OTPOur e-Banking OTP
… … and the list keeps growingand the list keeps growing
Our Industries Is rapidly Our Industries Is rapidly changingchanging
eTicketing
Interactive billboards Transports
Retail
New solutions leveraging New solutions leveraging on mobile contactless on mobile contactless
servicesservices
Smart Card ApplicationsSmart Card Applications
Government programsGovernment programs Banking & FinanceBanking & Finance Mobile CommunicationMobile Communication Pay Phone CardsPay Phone Cards TransportationTransportation Electronic TollsElectronic Tolls PassportsPassports Electronic CashElectronic Cash Retailer Loyalty ProgramsRetailer Loyalty Programs Information securityInformation security
Banking and financeBanking and finance
Electronic purse to replace coins for small
purchases in vending machines .
Credit and debit cards
Securing payments across the internet
Smart card Pay phones Smart card Pay phones
Outside of the United States there is a Outside of the United States there is a
widespread use of payphones widespread use of payphones phone company does not have to collect coinsphone company does not have to collect coins the users do not have to have coins or the users do not have to have coins or
remember long access numbers and PIN remember long access numbers and PIN codescodes
The risk of vandalism is very low since these The risk of vandalism is very low since these payphones are smart card-based. “Generally, payphones are smart card-based. “Generally, a phone is attacked if there is some money a phone is attacked if there is some money inside it, as in the case of coin-based inside it, as in the case of coin-based payphonepayphone
TransportationTransportation
Driver’s licenseDriver’s license
Mass transit fare collection Mass transit fare collection
systemsystem
Electronic toll collection systemElectronic toll collection system
It’s no longer only «Cards»It’s no longer only «Cards»e-Passport: the first Smart Secure e-Passport: the first Smart Secure
DeviceDevice
45 Millions e-Passport in 2009
E GovernanceE Governance
As the amount of business and holiday As the amount of business and holiday travel increases security continues to travel increases security continues to be a top concern for governments be a top concern for governments worldwide.worldwide.
When fully implemented smart When fully implemented smart passport solutions help to reduce fraud passport solutions help to reduce fraud and forgery of travel documents.and forgery of travel documents.
Enhanced security for travellersEnhanced security for travellers Philips launched such a project Philips launched such a project
with the US in 2004.with the US in 2004.
Student id cardStudent id card
All-purpose student ID card (a/k/a All-purpose student ID card (a/k/a campus card), containing a campus card), containing a variety of applications such as variety of applications such as electronic purse (for vending electronic purse (for vending machines, laundry machines, machines, laundry machines, library card, and meal card).library card, and meal card).
Threats in Using Smart Threats in Using Smart CardsCards
failure rate
probability of breaking: keeping in
wallets may damage the chip on the
card.
malware attacks: active malwares on
systems may result in modifying the
transactions.
OS Based ClassificationOS Based Classification Smart cards are also classified on the basis of their Smart cards are also classified on the basis of their
Operating System. There are many Smart Card Operating Operating System. There are many Smart Card Operating Systems available in the market, the main ones being:Systems available in the market, the main ones being:
1. MultOS 1. MultOS 2. JavaCard2. JavaCard3. Cyberflex3. Cyberflex4. StarCOS4. StarCOS5. MFC5. MFC
Smart Card Operating Systems or SCOS as they are Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle:occupy lesser than 16 KB. SCOS handle:
• File Handling and Manipulation.• File Handling and Manipulation.• Memory Management• Memory Management• Data Transmission Protocols.• Data Transmission Protocols.
ADVANTAGESADVANTAGES Proven to be more reliable than the magnetic stripe card.Proven to be more reliable than the magnetic stripe card. Can store up to thousands of times of the information than the magnetic stripe card.Can store up to thousands of times of the information than the magnetic stripe card. Reduces tampering and counterfeiting through high security mechanisms such as Reduces tampering and counterfeiting through high security mechanisms such as
advanced encryption and biometrics.advanced encryption and biometrics. Can be disposable or reusable.Can be disposable or reusable. Performs multiple functions.Performs multiple functions. Has wide range of applications (e.g., banking, transportation, healthcare...)Has wide range of applications (e.g., banking, transportation, healthcare...) Compatible with portable electronics (e.g., PCs, telephones...)Compatible with portable electronics (e.g., PCs, telephones...) Evolves rapidly applying semi-conductor technologyEvolves rapidly applying semi-conductor technology
DisadvantagesDisadvantages
Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure.In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
Remedies…Remedies…
Banks like Fortis and Dexia in Belgium combine a Smart card with an
unconnected card reader to avoid this problem. The customer enters a
challenge received from the bank's website, his PIN and the transaction
amount into the card reader, the card reader returns an 8-digit signature.
This signature is manually copied to the PC and verified by the bank. This
method prevents malware from changing the transaction amount.
Future AspectsFuture Aspects
Soon it will be possible to access the data in Smart cards by the use of
Biometrics.
Smart card Readers can be built into future computers or peripherals
which will enable the users to pay for goods purchased on the internet.
In the near future, the multifunctional smart card will replace the
traditional magnetic swipe card.
Smart Card is not only a data store, but also a programmable, portable,
tamper resistant memory storage.
The Smart card success The Smart card success storystory
2040
410
205
2600
500
225
3000
580
295
0
500
1000
1500
2000
2500
3000
3500
4000
Identity & others
Banking - Retail
Telecom (SIM)
+15%
+27%
+22%
+16%
+31%
+10%
2007 2008 2009
Microprocessor Smart Cards Shipments ( Millions of units )
By 2020 …By 2020 …
20 Billion Smart Secure Devices
>4 Billion Mobile Appliances users
>4 Billion e-ID documents in use
Conclusion… Conclusion…
• Smart Cards will evolve into a broader family of Devices
• More new shapes for new applications
• Our virtual « digital personal attributes »
• Embedded software and ultra-embedded nanotechnologies
• The only mistake to avoid for our Industry is to entertain an endless debate about fears.
• We will build the best solutions and the best value for people to enjoy many new services
• Political ownership and communication will be key to success
• Education … more Education
• Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
• Smart Cards will evolve into a broader family of Devices
• More new shapes for new applications
• Embedded software and ultra-embedded nanotechnologies
• The only mistake to avoid for our Industry is to entertain an endless debate about fears.
• We will build the best solutions and the best value for people to enjoy many new services
• Education … more Education
• Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Conclusion:
• Smart Cards will evolve into a broader family of Devices
• More new shapes for new applications
• Our virtual « digital personal attributes »
• Embedded software and ultra-embedded nanotechnologies
• The only mistake to avoid for our Industry is to entertain an endless debate about fears.
• We will build the best solutions and the best value for people to enjoy many new services
• Political ownership and communication will be key to success
• Education … more Education
• Preparing people to use those Smart Secure Devices is as important as teaching them how to read and write
Conclusion:
Security of Smart CardsSecurity of Smart Cards
Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA algorithms such as DES, 3DES, RSA and ECC. and ECC.
Key pair generation.Key pair generation. Variable timing/clock fluctuation.Variable timing/clock fluctuation. 0.6 micron components.0.6 micron components. Data stored on the card is encrypted.Data stored on the card is encrypted. Pin Blocking.Pin Blocking.
Elliptical Curve Elliptical Curve CryptographyCryptography
y²=x³+ax+by²=x³+ax+b Q(x,y) =kP(x,y)Q(x,y) =kP(x,y) Uses point multiplication Uses point multiplication
to compute and ECDLP to compute and ECDLP to crack.to crack.
Beneficial for portable Beneficial for portable devices.devices.
Cryptographic Cryptographic coprocessors can be coprocessors can be added to speed up added to speed up encryption and encryption and decryption.decryption.
CAINCAIN Confidentiality is obtained by the Confidentiality is obtained by the
encryption of the information on the encryption of the information on the card.card.
Authenticity is gained by using the PKI Authenticity is gained by using the PKI algorithm and the two/three factor algorithm and the two/three factor authentication.authentication.
Integrity is maintained through error-Integrity is maintained through error-checking and enhanced firmware.checking and enhanced firmware.
Repudiation is lower because each Repudiation is lower because each transaction is authenticated and transaction is authenticated and recorded.recorded.
Common and Future Uses Common and Future Uses of Smart Cardsof Smart Cards
Current uses:Current uses: Chicago Transit CardChicago Transit Card Speed PassSpeed Pass Amex Blue CardAmex Blue Card Phone CardsPhone Cards University ID cardsUniversity ID cards Health-care cardsHealth-care cards Access to high level Access to high level
government government facilities.facilities.
Future uses:Future uses: Federally Passed Federally Passed
Real-ID act of 2005.Real-ID act of 2005. ePassportsePassports
Data StructureData Structure
Data on Smart Cards is organized Data on Smart Cards is organized into a tree hierarchy. This has one into a tree hierarchy. This has one master file (MF or root) which master file (MF or root) which contains several elementary files contains several elementary files (EF) and several dedicated files (DF).(EF) and several dedicated files (DF).
DFs and MF correspond to DFs and MF correspond to directories and EFs correspond to directories and EFs correspond to files, analogous to the hierarchy in files, analogous to the hierarchy in any common OS for PCs. any common OS for PCs.
Data StructureData Structure
However, these two hierarchies differ in However, these two hierarchies differ in that DFs can also contain data. DF's, EF's that DFs can also contain data. DF's, EF's and MF's header contains security and MF's header contains security attributes resembling user rights associated attributes resembling user rights associated with a file/directory in a common OS.with a file/directory in a common OS.
Any application can traverse the file tree, Any application can traverse the file tree, but it can only move to a node if it has the but it can only move to a node if it has the appropriate rights.appropriate rights.
The PIN is also stored in an EF but only the The PIN is also stored in an EF but only the card has access permission to this file.card has access permission to this file.