Smart Card

activedirectory 验证方法Active Directory 是由微软开发的一种目录服务，它提供了一种集中管理和组织网络中的用户、计算机和其他网络资源的方法。

在企业网络中，用户需要通过验证才能访问网络资源。

因此，Active Directory 验证方法是非常重要的。

本文将介绍几种常用的 Active Directory 验证方法。

1. 基本身份验证（Basic Authentication）基本身份验证是最简单的验证方法之一。

用户在登录时输入用户名和密码，并将其发送给 Active Directory 服务器进行验证。

如果用户名和密码正确，用户将获得访问权限；否则，将被拒绝访问。

2. NTLM 身份验证（NTLM Authentication）NTLM 身份验证是一种基于 Windows 操作系统的验证方法。

它使用单向散列函数来加密用户的密码，并将加密后的密码发送给服务器进行验证。

NTLM 身份验证支持单向和双向身份验证，在安全性和性能方面都有一定的优势。

3. Kerberos 身份验证（Kerberos Authentication）Kerberos 身份验证是一种网络身份验证协议，用于在非安全网络上进行安全身份验证。

它使用票据和票据授权服务器来验证用户的身份，并为用户生成访问票据，以便在网络上访问资源。

Kerberos 身份验证提供了更高的安全性和可扩展性。

4. Smart Card 身份验证（Smart Card Authentication）Smart Card 身份验证是一种基于智能卡的验证方法。

用户需要插入智能卡并输入密码才能进行身份验证。

智能卡中存储了用户的证书和私钥，用于加密和解密身份验证信息。

Smart Card 身份验证提供了更高的安全性，因为智能卡很难被伪造或盗用。

5. 多因素身份验证（Multi-Factor Authentication）多因素身份验证结合了多个验证方法，以提供更高的安全性。

智能一卡通管理中心Smart card management center管理中心产品特点1. 智能一卡通：管理使用脱机运行2. 开放式积木式扩展式3。

提供API OR SDK4. 智能一卡通：管理使用一卡一库一平台5. 模块化简单化智能化傻瓜化产品说明写卡器软件SOFTKEY多串口卡通讯转换器调试卡Features of the Management Center1 smart card：the management and use of offline operation2 Open building block extension type3 Provide API OR SDK4 Smart card: the management and use of a card，a library and a platform5 modular simplified intelligent foolProduct DescriptionSmart card deviceSoftwareSOFTKEYMultiport serial cardsCommunication converterDebug card什么是智能一卡通系统？What is a smart card system？“智能一卡通”是以IC卡技术为核心,以计算机和通信技术为手段，将智能建筑内部的各项设施连接成为一个有机的整体，用户通过一张IC卡便可完成通常的钥匙、资金结算、考勤和某些控制操作，如用lC卡开启房门、IC卡就餐、购物、娱乐、会议、停车、巡更、办公、收费服务等各项活动.而不必像以往携带多把沉重的钥匙开门，去各个对应部门交费等繁杂的操作。

整个系统可根据需要对各部门进行监控管理和决策, 各局部系统和终端可自动将收集到的信息整理归纳，供系统查询、汇总、统计、管理和决策。

通过IC卡可互相沟通，既满足各个职能管理的独立性，又保证整体管理的一致性。

外文原文SMART CARD for SMART CAMPUSKFUPM Case StudyTala1 Halawani and Mohamed MohandesKing Fahd University of Petroleum and Mineralsmohandes@. SaAbstractSmart card is the latest addition in the world of information technology. The vision of the smart card program is to provide access to services that is secure, fast,friendly, easy to use, flexible, personal, and is accessible by the users kom anyplace at any time. A smart card is of the size of a conventional credit card with an embedded computer chip that stores and transacts data between users and devices. This data is associated with either value or information or both and is stored and processed within the chip of the card. The card data is transacted via a card reader attached to a computing system as a peripheral device. Smart cards are extensively used through several key applications like education, healthcare, banking, entertainment, and transportation.1. IntroductionSmart card is a mini-computer capable of storing and processing data. Although, at -present, they are most popular as single-function cash cards and long-distance calling cards, their capabilities range from retaining tickets, money, frequent flyer miles, travel preferences, insurance information, key demographic data, links to a patient’s medical records, to allowing access into a building, logging onto a network, etc. The potential of the smart card is limitless. With the added bonus of these functions being performed on a single card, smart cards have the ability to become indispensable tools.Smart cards were first introduced in Europe a couple of decades ago as a stored value tool for pay phones to reduce theft [I]. As smart cards and other chip-based cards advanced, people found new ways to use them, such as charging cards for creditpurchases and for record keeping in place of paper. Smart cards provide tamper-proof storage of user and account identity. They provide protection against a full range of security threats, kom careless storage of user passwords to sophisticated system hacks. Smart card can be multi-functional through the use of several applications stored on the card. This paper starts with the history of smart cards and describes the different types of smart cards with characteristics of each type. Finally, the paper will detail KFUPM smart card system as an important case study in the field.2. The History of Smart CardsThe first plastic payment card for general use was issued by the Dinners Club in 1950. At first the card’s functions were quite simp le [2]. They initially served as data carriers that were secure against forgery and tampering. General information, such as the card issuer’s name, was printed on the surface while personal data elements, such as the cardholder’s name and the card number were embossed. Further more, many cards bad a signature field. Protection against forgery was provided by visual features. Therefore, the system’s security depended completely on the retail staff accepting the cards. However, this was not an overwhelming p roblem due to the card‘s initial exclusivity. There was a pressing need for machine-readable cards to reduce handling cost in addition to the fact that card issuer’s losses due grew from year to year due to fraud [2].The first improvement consisted of a magnetic strip on the back of the card. This allowed digital data to be stored on the card in a machine-readable form as a supplement to the visual data. Additionally, security is enhanced by the use of a secret personal identification number (PIN) that is compared to a reference number stored in the magnetic strip [3].Although the embossed card with a magnetic strip is still the most commonly used type of payment card, they suffer from a severe weakness in that data stored on the strip can be read, deleted and rewritten by anyone with access to the appropriate equipment. PIN must be stored in the host system in a secure environment, instead of on the magnetic strip. Most systems that employ magnetic strip cards have on-line connectionsto the system’s host computer for security reasons. However, this generates considerable data transmission costs.The development of the smart card, combined with the expansion of electronic data processing has created completely new possibilities for solving this problem. Progress in microelectronics in the 1970’s made it possible to integrate data storage and arithmetic logic on a single silicon chip measuring a few square millimeters [2]. The ideas of incorporating such an integrated circuit into an ID card was contained in a patent application filed in Japan by Kunitaka Arimura in Japan concerning “a plastic card incorporating one or more integrated circuit chips for the generationof distinguishing signals” in1970 [3]. However, the first real progress in the development of smart cards came when Ronal Moreno registered his smart card patent on “an independent electronic object with memory” in France in 1974.A breakthrough was achieved in 1984, when the French telecommunication authorities decided to use prepaid chip cards for public pay phones due to the increasing vandalism and theft. Chip cards were demonstrated to be a cost effective solution. The French example was followed by many other countries. Today, more than 100 countries use chip cards for their public phone systems. By 1990 the total number of smart cards reached 60 million cards [4]. Today, several billion smart cards are in use worldwide.3. Types of Smart CardsSmart cards are composed of a chip, an interface between the chip and the card reader, and a plastic body. Smart cards are classified according to the chip type; memory chip cards as well as microprocessor chip cards. They can also be classified according to the method of communication with the reader. Cards may communicate with readers either through direct physical contacts (contact cards) or through a radio kequency signals (contactless cards).3.1 Memory Chip CurdsMemory cards have no sophisticated processing power and cannot manage filesdynamically. They are used for data storage and applications. Data can consist of the identification number, serial number of the card, installed applications and the information required to a specific application in case of mudti-appliciation cards. The main use for memory smart cards is to store card’s operating sy stem, nm-time e:nvironment, issuer security domain, card issuer application, keys, and certificates for cryptography. Keys function as passwords to secure environments, and certificates verify the authenticity of keys. Memory smart cards are built wi.th erasable programmable read-only memory (EPROM) or electrically EPROM (EEPROM) chi,ps. EPROM is often used in prepaid service cards such as phone cards that count off minutes used and then are discarded. EEPROM, which can be changed up to 100,000 times, includes built-in logic that can be used to update a. counter in prepaid service cards.3.2 Microprocessor Chip CurdsThese cards have on card dynamic data processing capabilities. The chip contains a microprocessor or a microcontroller that manages memory allocations and file access. It manages data in organized file structures, via a card operating system (COS). Unlike other operating systems, this software controls access to the on card user memory. Thi,s capability permits different and multiple functions and/or different applications to reside on tkle card. The microprocessor chips used for cards are smaller, slower versions of the central processing units used in PCs. Their pro,gamming capability provides support to functionality of the card. Microprocessor smart cards are required for applications that manipulate or compare data, such as public key infrastructure (PKI), dataencryption, Java applets, and electronic purses. Every microprocessor smart card bas a COS on the chip to operate the internal functions of the application. The COS loads off the read-onlymemory (ROM), much like: a basic inputloutput system (BIOS) on a PC [Z].3.3 Contact Smart CmdsIn addition to the classification of smart card based on the chip type, smart cards can be classified based on communication type. Contact smart card requires a phyriical contact between card and the reader. They use an eight or six pin contacts on the top of the card to physically connect to the card reader. Their ch.ip could be memory or microprocessor type [5].3.4 Contactless Smart CurdsContactless smart cards use an antenna to communicate with the reader. They are powered from an RF field generated by the card reader. The RF field also transfers data between the card and the reader [4]. Employee identification badges for building access are typically contactless smart cards. Additionally, most cards used for transportation are contactless as well.3.5 Combination Smart CardsMultipurpose combination smart cards are a hybrid mix of the contact and contactless designs. They include contacts for communication with a contact type reader, and also include an antenna for communication with an RF type reader [5].4. KFUPM Smart Card SystemUniversities need simple identity cards for all employees and students who are granted access to certain data, equipment and departments according to their status. Multifunction, microprocessor based smart cards incorporate identity with access privileges and also stores value for use in various locations, such as cafeterias and stores. Numerous universities around the world are utilizing smart cards. KFUPM is one of the first universities in the area to adopt a comprehensive multifunctional smart card system. KFUPM card is a dual card that bas two chips; one for contact applications and the other is for contactless applications. The contact chip will be utilized to store cardholder photo in addition for future bank services while the contactless chip will be utilized for all other functions. The card systemwill provide the following functions:Photo IDLibrary borrowing privilegesElectronic purseRecreation center sewicesMedical center servicesE-LeamingAccess control to university facilities Logical access to PCs and the internet These functions are controlled from a control management center (CMC) as shown in Figure.1. The CMC will host a file database server that is connected to the university network, enabling the system to access the student information system (SIS) and personnel payroll databases (PPS). An additional database is created for the cardholder database and will be residing in the system's server. There are several components of the CMC.Figure.1 Card Management CenterThe function of the card issuing System (CIS) is to capture the digital photograph and the biometrics template of the cardholder [6-71. As can be seen in Figure.2, the CIS consists of a card printer, biometrics scanner, digital camera, and a workstation. The CIS workstation is connected to the network to access the databases for the required information and data. However, records under processing could be stored for a sbort period in the CIS local database before it is passed onto the cardholder database to reduce the load on KFUPM network.Figure.2 Card Issuance CenterCard personalization system (CPS) performs the chip personalization in addition to defining the door access level for the cardbolder. CPS works on a cliendserver configuration, where the application used for the personalization process resides on the server. Therefore, each defined CPS workstation uses the KFUPM network to access and invoke the CPS application in the server. The CPS application can access the SIS and PPS through the KFUPM network. CPS consists of biometrics scanner, contact card reader and contactless reader as seen in Figure.3.Figure.3 Card Personalization SystemDue to the presence of contact and contactless chips, personalization has to be performed twice. Once the personalization process is complete, the system performs a biometrics verification process to insure that biometrics templates match the actual physical cardholder.Access control system (ACS) is responsible for controlling all defined accesscontrolled areas. It is also used to define the various group levels, which allow proper control of the movement of students and personnel in the university. This system provides access control to the university gates, buildings,Laboratories, library, recreation centers and car parks, as shown in Figure.4. ACS tracks and records movement of staff and students in controlled regions.Figure.4 Access control systemPayment management system (PMS) is responsible for collecting the various E-purse and university account transactions performed at the point of sale (POS) terminals. These POS terminals would be available at restaurants, library, recreation center, medical center, and coffee shops. The POS system accepts cash payments, make payments via university account, and make payments and provide refunds using the E-Purse system. Figure.5 shows the POS system.Figure5 Point of Sale SystemConclusionsThis paper introduced smart card technology. It presented the history and Ines of smart cards. Additionally, it highlighted the important points of KFUPM smart card system. Upon completion of the system, it is hoped that KFUPM smart card project will be an important case study for other universities in the are.% to follow.中文译文校园智能卡摘要智能卡的诞生是对世界信息技术的一种补充。

This guide describes the HID OMNIKEY Smart Card Reader installation. Reference your driver documentation (readme) for a list of supported windows versions.Three types of installation exist:• Unattended (preferred installation)• Automatic (internet connection required)• Manual UnattendedThe Unattended installation is the preferred method. Unattended installation files are found at /omnikey . Optionally, obtain these files from an installation CD (if available).1. T o download the latest HID OMNIKEY Unattended setupdrivers, go to: /omnikey , and select Download OMNIKEY drivers .2. Select your OMNIKEY product and operating system.3. From the list, select the Unattended Setup Installer andconfirm the license agreement.4. Double-click the executable file and follow the instructionsdisplayed in the setup window.Note: In addition, download API drivers. The SYNC-API is required for applications with memory or contactless (iCLASS ®) cards. The CT-API is often required for PIN Pad readers (electronic signature applications), as well as health care applications.In standard installations, installing these APIs is suggested.For driver installation local administration rights may be required.Do not plug in the OMNIKEY reader into your computer until setup is complete.5. Execute the Unattended Setup.EXE file and follow theInstall Wizard instructions.Note: For uninstalling the OMNIKEY drivers, restart the setup or (from the control panel) use Add/Remove Programs .6. After finishing the installation, plug in your reader to the port(USB, ExpressCard ®, or PCMCIA).7. Windows automatically detects and installs the newhardware connected to the port (USB, ExpressCard, or PCMCIA).Proceed to the OMNIKEY Workbench section for testing and installation.AutomaticEnsure your computer has an online connection to the Internet.1. Connect the reader to the computer port (USB,ExpressCard, or PCMCIA).2. Windows detects the new hardware connected to the port(USB, ExpressCard, or PCMCIA) and requests the drivers.3. After the Windows Hardware Wizard opens, Windowsrequests to connect to Windows Update to search for software, click Yes, this time only .4. The OMNIKEY reader automatically is recognized and theappropriate driver installed through Windows Update.The OMNIKEY reader is ready for use.Note: If your OMNIKEY reader is CCID compliant, use a native Windows CCID driver to operate the reader. However thenative driver does not allow you to utilize the readers advanced features and functions.Proceed to the OMNIKEY Workbench section for testing the installation.ManualFor manual driver installation, local administration rights may be required.Original OMNIKEY drivers must be locally available on your computer (for example, after internet download or from a CD).1. T o download the latest OMNIKEY drivers, go to:/omnikey , and select Download OMNIKEY drivers .2. Select your OMNIKEY product and operating system.3. From the list, select the driver for download and confirm thelicense agreement.Note: In addition, download API drivers. The SYNC-API is often required for applications with memory or contactless cards (HID iCLASS). While the CT-API is often required for PIN Pad reader use (electronic signature applications), as well as health care applications.In standard installations, installing these APIs is suggested.4. After downloading the self-extracting file, execute the file toextract the drivers to the local hard drive (default path c:\HID Global ).Note: Drivers have not yet been installed.5. Select the driver location, click Next .OMNIKEY ®Smart Card Readers(USB, ExpressCard and PCMCIA)Base Models: 1021, 3021, 3121, 4040, 4121, 4321, 5021, 5025, 5121,5125, 5127, 5321, 5325, 5326, 5421, 5427, 6121, 6221, 6321U ser G Uide3121-905-ENEN, Rev A.7December 2013© 2008 - 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.15370 Barranca Parkway Irvine, CA 92618-2215USAPage 2December 2013© 2008 - 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.OMNIKEY Smart Card Readers (USB, ExpressCard, and PCMCIA) User Guide, 3121-905-ENEN, A.76. Once the drivers are stored on the computer, connectthe OMNIKEY reader to the port (USB, ExpressCard, or PCMCIA) and start the installation process. When the Windows Hardware Wizard requests for the driver, select Install from a list or specific location .7. Check Include this location in search and specify thelocation where the drivers are stored (for example: C:\HID Global\5x21_V1.2.9.2). Click Next . When installation is complete, click Finished .Note: If using unsigned BETA drivers, choose the Don’t search, I will choose the driver to install radio button.After finishing the installation your OMNIKEY Smart Card Reader is ready for use.Installation CheckEnsure your device is recognized and listed in the Windows Device Manager dialog, for example OMNIKEY 5x21, in the Smart Card Reader section.Note: If you are using an OMNIKEY reader with a native CCID driver, the reader is listed as a CCID compliant device.1. Open Windows Explorer. Click Start > Programs >Accessories > Click Windows Explorer .2. Open the Device Manager. Right-click Computer >Properties > click Device Manager .3. Expand the Smart card readers and ensure the OMNIKEYreader is found.Proceed to the OMNIKEY Workbench section for testing the installation.Release NotesWhen installing with Unattended or Manual options, theReadme, and Driver Release Notes are installed by default at C:\Program Files\HID Global\HID OMNIKEY Workbench .OMNIKEY Workbench1. Download the latest OMNIKEY Workbench , by goingto: /omnikey . Select Driver Downloads .2. Select your OMNIKEY product and operating system.Choose to download the OMNIKEY Workbench and confirm the license agreement. When download is complete, click Run .Note: The OMNIKEY Workbench only works with OMNIKEY readers. Older drivers use a Diagnostic tool which is available from the control panel.Start the OMNIKEY Workbench from the program shortcut. Go to Start > Programs > HID Global > OMNIKEY Workbench .OMNIKEY Workbench provides various applications. On startup the Diagnosis application shows the General Settings view with different tabs for smart card reader service status. Alsoshown is the driver file and API DLL information.The Diagnosis application also lists all connected OMNIKEY smart card reader details (per the available contact andcontactless interface).For a functional test, insert a working smart card into the reader.As a result, an ATR string and other card details will display.。