Postranní kanály u Smart Card / Smart Card side channels

Pospíšil, Karel

January 2011

The thesis is dealing with smart cards and describes the known types of side channel attacks. Smart card belongs into the group of the youngest and smartest cards. In the card body, made mostly from PVC, there is a chip inserted which contains a microprocessor.Side channel attacks are trying to use the leaking information from the physical implementation of the system while processing the cryptographic algorithm. The attacker is trying to use the leaking sensitive information because under certain circumstances it can be dependent on the input data. The theoretical part is devoted to description of smart cards, their types and their safety. It describes the classification of attacks on smart cards and includes the overview of selected cryptographic algorithms used in smart cards. It also describes selected physical and logical attacks and the most frequent side channel attacks. The thesis furthermore describes possibilities of measuring the voltage-current side channel. The practical part deals with used software and hardware. This section is devoted to the measurement of power specification of smart cards and to the analysis of processed information, using the oscilloscope and workstation with AD 622 card and Simulink development environment.

Systémy platebních karet / Payment card systems

Flégl, Jan

January 2011

The work is about payment card systems. We’d like to describe infrastructure of credit cards, ATMs, POS terminals , focusing on the EMV standard. In theoretical part we will be introduced with the history and development of credit cards, ATMs and POS terminals. Then we focus on a detailed description of payments terminals and possibilities of payment via the Internet. The most extensive theoretical part deals width EMV standard. In practical part we will make our own program, which authenticates the user based on his credit card and it will allow the user to login in the system. Source codes of this application can be found on enclosed CD.

Bezkontaktní platby – budoucnost platebních karet / Contactless Payments – Future of Payments Cards

Chludilová, Eliška

January 2014

This diploma thesis deals with the development of payments instruments, contactless technologies and instruments of contactless payments. This thesis describes intentions of card associations VISA and MasterCard in area contactless payments. It also contains a questionnaire survey, on the basis of which was carried out an evaluation and comparison with intentions associations. At the same was recommend of development for a provider of services in the area.

Three Factor Authentication Using Java Ring and Biometrics

Chitiprolu, Jyothi

17 December 2004

Computer security is a growing field in the IT industry. One of the important aspects of the computer security is authentication. Using passwords (something you know) is one of the most common ways of authentications. But passwords have proven to provide weak level of security as they can be easily compromised. Some other ways of authenticating a user are using physical tokens, (something you possess) and biometrics, (something you are). Using any one of these techniques to secure a system always has its own set of threats. One way to make sure a system is secure is to use multiple factors to authenticate. One of the ways to use multiple factors is to use all the three factors of authentication, something you possess, something you are and something you know. This thesis discusses about different ways of authentication and implements a system using three factor authentication. It takes many security aspects of the system into consideration while implementing it, to make it secure.

Three factor Authentication

Java Ring

Biometrics

Fingerprint

iButton

computer security

Java Card

Open Card

Authentec API

Java Card API

iButton API

Java Card

Architecture

security

functionality in iButton

APDU

Java Card Framework

Open Card Framework

structure of APDU

iButton security

Fingerprint

Zaměstnávání cizinců / Employing foreigners

Neubauerová, Zuzana

January 2019

1 Abstract The thesis "Employment of foreigners" analyses individual aspects of current legislation in the area of employment of foreigners. It is primarily focusing on nationals from non-EU countries. The thesis is divided into five parts. The first chapter focuses on defining the basic terms typical for the employment of foreigners and often used in the whole thesis. Their precise definition is crucial for a comprehensive analysis of the issue of employing foreigners. The second chapter provides a brief overview of the individual types of residence permits, on the basis of which a foreigner may reside in the Czech Republic. Although the thesis is mainly focused on the employment of foreigners from third countries, it also includes EU citizens and their family members for the sake of complexity. The thesis defines the basic difference between the certificate of temporary residence and the temporary residence permit, including the particulars that the foreigner must submit to obtain it. At the end of the first part of the chapter are summarised the basic conditions of permanent residence. The second part of the chapter is devoted to the conditions of entry of foreigners from third countries in the Schengen area, as well as the basic definition of short-term, long-term and permanent residence in the Czech...

健保IC卡多功能用途之可行方案研究

何禔

Unknown Date

我國施行健保IC卡建置計畫至今已近十年，這段時間中，IC智慧卡之各種技術與應用蓬勃發展，在醫療、金融、交通等應用領域都已有長足進步。除健保卡外，舉凡悠遊卡、金融卡、門禁卡、學生證等，IC智慧卡的應用比比皆是，客觀環境有利於健保IC卡之功能再作提升。 　　本研究以文獻探討及專家訪談的方式，研究整合過程中可能面臨的各種技術、整合方式、未來運作模式與可能遭遇之困難，以及相關的因應措施，作為未來產業界之合作基礎。 　　研究期間共訪談學界與業界人士八次、訪談行政單位五次，並舉辦專家業者焦點座談會一場。從醫療、金融、交通及其他服務等角度，分析目前健保卡尚需改善或新增之功能；也探討發展健保IC卡多功能用途，在晶片卡之規格、介面及儲位規劃等關鍵成功因素。 　　而在可能營運方案上，健保IC卡多功能用途的實施將對社會帶來極大影響，本研究以現行法令之鬆綁與否區分為短期建議及長期建議，短期內可能之營運方案有：(1)健保局獨立運作發卡(2)健保局與相關單位成立聯合發卡小組以及(3)由健保局訂定卡片標準格式與儲位空間，由各發卡公司預留空間提供使用者至健保局寫入健保相關資料；倘在未來修法後，健保卡可在健保局核可情況下委由他人發行，那麼(4)訂定需求規範以標案方式委託外包廠商營運及(5)訂定標準後由各發卡單位申請核准後營運，此兩種方案亦可納入考量。 　　預期效益除多卡合一、方便攜帶外，IC智慧卡結合憑證帶來的高安全性與保密性也能降低卡片盜刷、資料外洩等情事發生。若有更多的公民營企業願意將現有各自獨立發放的卡片整合進來，對後台系統的整合將有革命性的進步，電子憑證的功能也將對系統安全的提升帶來極大幫助，多功能卡的高發行量也將為合作對象帶來商機，達成政府、產業界與民眾多贏的局面。

健保IC卡

多功能IC卡

多卡合一

IC智慧卡

經營模式

憑證

電子票證

IC卡整合

IC Card

Smart Card

Health Card

Analýza nástrojů elektronického platebního styku / Analysis of payment systems

Svěcený, Lukáš

January 2008

The objective of my thesis is to describe overall technological concept and organizational scheme od payment cards and outline trends and development in the near future. There has been a big effort for industry standardization (e.g. security standards). It describes also advantages and disadvantages of payment cards and means of authorization. The infomation mentioned here will be used in later part, in case studies. My 3-years working experience as a project manager at Wincor Nixdorf helped to further investigate these scenarios. This company is one of the market leaders and key players in banking and retail industry. Since the cost related issues are very importnant (especially in the time of crisis), I analysed and compared several scenarios of payment system installation in retail.

臺灣信用卡業務詐欺風險管控之研究

徐嘉隆

Unknown Date

關於信用卡詐欺風險管控的研究，係非常專業的問題，除了瞭解信用卡各項作業程序外，必須親自參與實務上的管控經驗，才能充分瞭解現有市場上，信用卡詐欺所發生之原因、詐欺模式、手法與趨勢，也唯有做到理論結合相關實務管控經驗，才能研究出有效的防制策略。目前在實務上防制信用卡詐欺方面，由本文中可發現，業者與警政單位在處理信用卡風險管控與詐欺案件時，有非常多的盲點與困難，也突顯出其專業能力上之不足，因此導致信用卡詐欺問題之嚴重。 在防制信用卡詐欺研究當中，筆者第一次嘗試將信用卡實務運作之模式貢獻出來 ; 以過去到現在的實務經驗，將信用卡所發生的案例，來探究其發生的原因 ; 以運用分析的方法，來建立各項風險管控措施 ; 以闡釋各項業務之作業風險，來遏止風險損失之發生 ; 以紮實的教育訓練教材，讓特約商店做好第一道的防衛 ; 以科學的統計方法，來研究防衛參數與增加偵測系統的防衛效能 ; 以實務管控的經驗，來遏止其犯罪手法的翻新 ; 以實際案件調查的經驗，來瓦解詐欺集團的組織，所以必須瞭解信用卡整體運作的關係與詐欺手法，才能深入瞭解各項風險管控問題，並結合預防作業、偵測系統、調查作業的功能，方能充分發揮信用卡業務詐欺風險管控的效能。 除了建立完整的風險管控作業之外，在第六章之建議事項中，就主管機關、司法機關、警政單位、發卡業者、收單業者、特約商店、持卡人與國際組織等方面 ; 提出個人具體之建言，藉以喚起社會各界對信用卡詐欺問題之重視，以推動損害防阻之功，徹底解決當前所發生之信用卡詐欺問題。 / The research on credit card risk management is a specialized field. Besides the need of understanding the various operational processes, personal involvement’s and practical experiences in respect of credit card risk management are essential in order to fully appreciate the reason for credit card frauds in the current market. An effective credit card fraud prevention strategy consists of the theoretical aspects and practical experiences of credit card fraud management. Based on this paper, it appears that strategies of credit card fraud prevention are solely lacking in the current market. This is because the business sectors and police department encounters numerous ‘blind spots’ and problems when tackling with fraud issues. Also, the lack of professionalism in control and prevention strategies resulted in serious credit card fraud issues. In this research, the author would attempt to showcase for the first time the credit card’s practical working models;1) to try to investigate and understand the reasons for credit card frauds by reviewing past and present real life cases; 2) to develop various risk management methodologies via credit card risks analysis; 3) to explain the various businesses’ operational risks to reduce if not prevent loss occurrences; 4) to constantly upgrade /educate the merchant banks with solid training programmers to make them an effective first line of defense; 5) to employ scientific statistical methods to aid in the research of any defensive mechanisms as well as to increase the effectiveness of early detective systems, if any; 6) to make use of practical credit card risk management experiences in order to prevent repeat offences; 7) to utilize real life investigative experiences to dissolve credit card syndicates and/or groups. Therefore, know the relation of whole operation of credit card and modus operandi could understand in depth of every risk management issue, and combine the function of preventing operation, detection system, investigation process can be fully developed efficiency for credit card risk management. In addition to establish sophisticated a developing risk management methodology, the author has directed his personal opinions to the various industry players such as the regulatory bodies, policing units, credit card issuers, acquiring banks, merchant banks and credit card users. In chapter 6 of the recommendations, he attempts to draw the public’s attention on the seriousness of credit card frauds that exists in our society. He also hopes to completely eradicate the issues of credit card frauds by actively promoting the risk prevention methodology of credit card frauds.

信用卡

信用卡詐欺

發卡行

收單行

風險管理

Credit Card

Credit Card Fraud

Issuer

Acquirer

Risk management

論現金儲值卡之法律架構及問題分析

謝馥薇

Unknown Date

支付系統是經濟體系中經濟金融交易的基礎，隨著電子資金移轉技術的成熟，以及消費者消費習慣之改變，在可預見的未來，電子貨幣將代領人類邁入無現金的社會。由於電子支付系統的快速發展，若未針對相關制度事先做好配套措施，可能危及整體支付系統及金融體系的穩定。本文建議應仿效歐盟之方式，採事先管制之方式，在電子貨幣的發展初期，即擬定完善管理架構，以期在促進經濟效率的同時，維持一穩定之金融環境。 我國目前對於硬體式電子貨幣僅有「銀行發行現金儲值卡許可及管理辦法」可資規範，且適用上產生許多疑義，因此，本文針對電子貨幣之定義、現金儲值卡之定義，現金儲值卡交易關係中各個當事人之角色定位及法律關係，以及我國目前發展現金儲值卡及現行「銀行發行現金儲值卡許可及管理辦法」產生之疑義作一分析。就我國現行法規適用上之疑義，本文建議應釐清現金儲值卡之本質、規範現金儲值卡之發行機構、並應釐清現行「銀行發行現金儲值卡許可及管理辦法」所謂「多用途」之定義、修正現金儲值卡之法律定義、明定結算及清算機構、釐清儲值卡內之資金之性質、提昇「非銀行不得發行現金儲值卡」規範之法律位階、針對發卡機構之資產品質控管、加強消費者保護之相關規範並訂定現金儲值卡定型化契約範本，以完善我國現行之管理規範。

儲值卡

智慧卡

電子錢

電子貨幣

現金儲值卡

stored value card

smart card

electronic money

An investigation into financial fraud in online banking and card payment systems in the UK and China

Sun, Yan

January 2011

This doctoral thesis represents an investigation into financial fraud in online banking and card payment systems in the UK and China, involving network security, online financial transactions, internet fraud, card payment systems and individuals' perception of and behaviours towards electronic environments. In contrast to previous studies, the research questions were tackled by survey questionnaires both in the UK and China, with a particular interest in fraud and attempted fraud. The main findings from the UK respondents were that those with higher IT skill and younger respondents are more likely to be defrauded on the internet. Certain types of online activities are associated with higher risks of fraud, these being internet banking; online shopping and media downloading. Furthermore, four predictors (internet banking, online education services, downloading media and length of debit card usage) provided significant effects in the logistic regression model to explain fraud occurrence in the UK. Based on the data collected in China, younger respondents were more likely to have higher general IT skill and higher educational qualifications. However, online shopping was the only online activity which was significantly correlated to fraud occurrence. Finally, two predictors (frequency of usage of online shopping and number of debit cards) were selected in the logistic regression model to explain fraud occurrence in China.

364.163