Smart Cards

1. INTRODUCTION Smart card is one of the greatest achievements in the world of information technology. Similar in size to today's plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. As an access-control device, smart cards can be used to access server remotely over the Internet and they can make personal and business data available only to the appropriate users. Smart cards provide data portability, security, convenience and the like. According to Gemplus (ref. 19]), smart cards can be categorized into the following . Memory and microprocessor- Memory cards simply store data and can be viewed as a small floppy disk with optional security. A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card. Contact and contactless – Contact smart cards are inserted into a smart card reader, making physica l contact with the reader. However, contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security.Smart cards help businesses evolve and expand their products and services in a changing global marketplace. The scope of uses for a smart card has expanded each year to include applications in a variety of markets and disciplines. In recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications. â€Å"Key to the global village†,  that is how the Smart Card has been described. Smart Cards will bring big changes to the way people provide and receive information and the way they spend money. They will have a profound impact on retailing and service delivery.A  Smart Card  is like an â€Å"electronic wallet†. It is a standard credit card-s ized plastic intelligent token within which a microchip has been embedded within its body and which makes it ‘smart'. It provides not only memory capacity, but computational capability as well and thus the chip is capable of processing data. It has gold contacts that allow other devices to communicate with it. This chip holds a variety of information, from stored (monetary) value used for retail and vending machines to secure  information  and  applications  for higher-end operations such as medical/healthcare records.New information and applications can be added depending on the chip capabilities. Smart Cards can store several hundred times more data than a conventional Card with a  magnetic stripe  and can be programmed to reveal only the relevant information. For Example, it could tell a device in a store that there is sufficient balance in an account to pay for a transaction without revealing the balance amount. The marriage between a convenient plastic card an d a microprocessor allows information to be stored, accessed and processed either online or offline.Therefore, unlike the read-only plastic card, the processing power of Smart Cards gives them the versatility needed to make payments, to configure your cell phones, TVs and video players and to connect to your computers via telephone, satellite or the Internet anytime, anywhere in the world. 2. HISORICAL PERSPECTIVE Smart card was invented at the end of the seventies by Michel Ugon (Guillou, 1992). The French group of bankcards CB (Carte Bancaire) was created in 1985 and has allowed the diffusion of 24 million devices (Fancher, 1997). For the physical characteristics the first draft proposal was registered in 1983.A long discussion resulted in the standardization of the contact location. Next was the standardization of signals and protocols which resulted in standards ISO/IEC 7816/1-4. Logical security came next, as it was clear from the beginning that there was a need for cryptograph ic capabilities, though this was a bit difficult due to the limited computing power and the few bytes of RAM available at that time (Quisquater, 1997). Nowadays, smart cards are used in several applications. The technology has its historical origin in the seventies when inventors in Germany, Japan, and France filed the original patents. While inventors in the U.S. , Japan and Austria, were issued patents, it was the French who put up big money to push the technology. They did this in the 1970's, during a period of major national investment in modernizing the nation's technology infrastructure. Due to several factors most work on Smart Cards was at the research and development level until the mid-eighties. Since then, the industry has been growing at tremendous rate is shipping more than one billion (1,000,000,000) cards per year (since 1998). The current world population of Smart Cards of some 1. 7 billion is set to increase to 4 billion or more cards within the next 3-4 years.A sur vey completed by Card Technology Magazine (http://www. cardtechnology. com) indicated that the industry had shipped more than 1. 5 billion smart cards worldwide in 1999. Over the next five years, the industry will experience steady growth, particularly in cards and devices to conduct electronic commerce and to enable secure access to computer networks. A study by Dataquest in March, 2000, predicts almost 28 million smart card shipments (microprocessor and memory) in the U. S. According to this study, an annual growth rate of 60% is expected for U. S. smart card shipments between 1998 and 2003.Smart Card Forum Consumer Research, published in early 1999, provides additional insights into consumer attitudes towards application and use of smart cards. The market of smart card is growing rapidly due to its wide range of applications. The worldwide smart cards market forecast in millions of dollars and billions of units as shown in figure 1: 3. CONSTRUCTION OF THE SMART CARD The main stor age area in such cards is normally  EEPROM (Electrically Erasable Programmable Read-Only Memory),  which can have its content updated, and which retains current contents when external power is removed.Newer Smart Card chips, sometimes, also have  math co-processors  integrated into the microprocessor chip, which is able to perform quite complex encryption routines relatively quickly. The chip connection is either via direct physical contact or remotely via a contact less electromagnetic interface. Its chip therefore characterizes a Smart Card uniquely; with its ability to store much more data  (currently up to about 32,000 bytes)  than is held on a  magnetic stripe,  all within an extremely secure environment.Data residing in the chip can be protected against external inspection or alteration, so effectively that the vital secret keys of the cryptographic systems used to protect the integrity and privacy of card-related communications can be held safely against all b ut the most sophisticated forms of attack. The functional architecture of a GSM (Global system of mobile communication) system can be broadly divided into  the Mobile Station, the Base Station Subsystem, and the Network Subsystem. Each subsystem is comprised of functional entities that communicate through the various interfaces using specified protocols.The subscriber carries  the mobile station;  the base station subsystem  controls the radio link with the Mobile Station. The network subsystem,  the main part of which is the Mobile services Switching Center, performs the switching of calls between the mobile and other fixed or mobile network users, as well as management of mobile services, such as authentication. Fig 3. 1. 1: Smart Card Construction. Fig 3. 1. 2: Smart Card Construction. Mostly all chip cards are built from layers of differing materials, or substrates, that when brought together properly gives the card a specific life and functionality.The typical card to day is made from PVC, Polyester or Poly carbonate. The card layers are printed first and then laminated in a large press. The next step in construction is the blanking or die cutting. This is followed by embedding a chip and then adding data to the card. In all, there may be up to 30steps in constructing a card. The total components, including software and plastics, may be as many as 12 separate items; all this in a unified package that appears to the user as a simple device. 3. 1 Types of smart cards:Today, there are basically three categories of Smart Cards – A microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk. Microprocessor chips are available 8, 16, and 32 bit architectures. Their data storage capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected with semiconductor technology advances. 3. 1. 2 Integrated Circuit (IC)   Microprocessor Cards – Fig 3. 1. 1: An Integrated Circuit used in Smart Cards.Microprocessor cards (generally referred to as  Ã¢â‚¬Å"chip cards†) offer greater memory storage and security of data than a traditional magnetic stripe card. Their chips may also be called as  microprocessors with internal memory  which, in addition to memory, embody a processor controlled by a  card operating system,  with the ability to process data onboard, as well as carrying small programs capable of local execution. The microprocessor card can add, delete, and otherwise manipulate information on the card, while a memory-chip card (for example, pre-paid phone cards) can only undertake a pre-defined operation.The current generation of chip cards has an  eight-bit  processor, 32KB read-only memory, and 512 bytes of random-access memory. This gives them the equivalent processing power of the original  IBM-XT  computer, albeit with slightly less memory capacity. 3. 1. 2 . 1. Uses: These cards are used for a variety of applications, especially those that have cryptography built in, which requires manipulation of large numbers. Very often the data processing power is used to encrypt/decrypt data, which makes this type of card very unique person identification token.Data processing permits also the dynamic storage management, which enables realization of flexible multifunctional card. Thus, chip cards have been the main platform for cards that hold a secure digital identity. Hence they are capable of offering advanced security mechanism, local data processing, complex calculation and other interactive processes. Most stored-value cards integrated with identification, security and information purposes are processor cards. Some examples of these cards are – * Cards that hold money  (â€Å"stored value cards†) Card that hold money equivalents (for example,  Ã¢â‚¬Å"affinity cards†) * Cards that provide secure access to a network * Cards that secure cellular phones from fraud * Cards that allow set-top boxes on televisions to remain secure from piracy 3. 1. 3 Integrated Circuit (IC)  Memory Cards – Memory cards can just store data and have no data processing capabilities. These have a  memory chip with non-programmable logic,  with storage space for data, and with a reasonable level of built-in security. IC memory cards can hold up to  1 – 4 KB  of data, but have no processor on the card with which to manipulate that data.They are less expensive than microprocessor cards but with a corresponding decrease in data management security. They depend on the security of the card reader for processing and are ideal when security requirements permit use of cards with low to medium security and for uses where the card performs a fixed operation. There is also a special type memory cards called the  Wired Logic (or Intelligent Memory)  cards, which contain also some built-in logic, usually use d to control the access to the memory of the card. 3. 1. 3. 1 Uses:Memory cards represent the bulk of the Smart Cards sold primarily for pre-paid, disposable-card applications like pre-paid phone cards. These are popular as high-security alternatives to magnetic stripe cards. 3. 1. 4 Optical Memory Cards – Optical memory cards look like a card with a piece of a CD glued on top – which is basically what they are. Optical memory cards can store up to  4 MB  of data. But  once written, the data cannot be changed or removed. 3. 1. 4. 1 Uses: Thus, this type of card is ideal for record keeping – for example medical files, driving records, or travel histories. 3. 1. Fundamentals of Card Operation: Today's Smart Cards need electrical power from outside, plus a way for data to be read from, and sometimes to be transmitted to, the chip. They interact with an  Ã¢â‚¬Å"accepting device†,  usually known as a  card reader, which exchanges data with the card and usually involves the electronic transfer of money or personal information. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader. There are two general categories of Smart Cards:  Contact  and  Contactless  Smart Cards. Fig 3. 1. 5. 1: Contact Smart Card. The  contact  Smart Card has a set of gold- plated electrical contacts embedded in the surface of the plastic on one side. It is operated by inserting the card (in the correct orientation) into a slot in a card reader, which has electrical contacts that connect to the contacts on the card face thus establishing a direct connection to a conductive micro module on the surface of the card. This card has a contact plate on the face, which is a small gold chip about 1/2† in diameter on the front, instead of a magnetic stripe on the back like a â€Å"credit card†.When the card is inserted into a Smart Card reader, i t makes contact with an electrical connector for reads and writes to and from the chip it is via these physical contact points, that transmission of commands, data, and card status takes place. Such a card is traditionally used at the retail point of sale or in the banking environment or as the GSM SIM card in the mobile ‘phone. Fig 3. 1. 5. 2: Contactless Smart Card (This diagram shows the top and bottom card layers which sandwich the antenna/chip module. ) A  contactless  Smart Card looks just like a plastic â€Å"credit card† with a computer chip and an antenna coil embedded within the card.This antenna allows it to communicate with an external antenna at the transaction point to transfer information. The antenna is typically 3 – 5 turns of very thin wire (or conductive ink), connected to the contactless chip. This aerial coil of the antenna is laminated into the card and allows communication even whilst the card is retained within a wallet or handbag. The same activation method applies to watches, pendants, baggage tags and buttons. Thus no electrical contacts are needed and it is therefore called as â€Å"contactless†.Such Smart Cards are used when transactions must be processed quickly, as in mass-transit toll collection or wherever the cardholder is in motion at the moment of the transaction. Close proximity, typically two to three inches for non-battery powered cards (i. e. an air-gap of up to 10cms) is required for such transactions, which can decrease transaction time while increasing convenience as both the reader and the card have antenna and it is via this contactless link that the two communicate. Most contactless cards also derive the internal chip power source from this electromagnetic signal.Radio frequency technology is used to transmit power from the reader to the card. Two new categories, derived  from the contact and contactless cards are  combi  cards and  hybrid  cards. A  hybrid  Smart Card h as  two chips,  each with its respective contact and contactless interface. The two chips are not connected, but for many applications, this Hybrid serves the needs of consumers and card issuers. Fig 3. 1. 5. 3: Combi Card (This shows both the contact and contactless elements of the card. ) The  combi  card (also known as the  dual-interface  card)  is a card with both contact and contactless interfaces.With such a card, it becomes possible to access the same chip via a contact or contactless interface, with a very high level of security. It may incorporate two non-communicating chips – one for each interface – but preferably has a single, dual-interface chip providing the many advantages of a single e-purse, single operating architecture, etc. The mass transportation and banking industries are expected to be the first to take advantage of this technology. 4. SMART CARD APPLICATION The self-containment of Smart Card makes it resistant to attack, as it doe s not need to depend upon potentially vulnerable external resources.Because of the security and data storage features, Smart Cards are rapidly being embraced as the consumer token of choice in many areas of the public sector and commercial worlds and are often used in different applications, which require strong security protection and authentication. Many of the applications of Smart Cards require sensitive data to be stored in the card, such as biometrics information of the card owner, personal medical history, and cryptographic keys for authentication, etc. Smart Cards are being deployed in most sectors of the public and private marketplaces.Here are some  popular application areas where  Smart Cards are being used in today’s world: * Loyalty * Financial * Information Technology * Government * Healthcare * Telephony * Mass Transit * Identification on Internet 4. 1 Some of the major applications of the Smart Cards, as seen around the world, are: * There are over 300,000 ,000 GSM mobile telephones with Smart Cards, which contain the mobile phone security and subscription information. The handset is personalized to the individual by inserting the card, which contains its phone number on the network, billing information, and frequently call numbers. Various countries with national health care programs have deployed Smart Card systems. The largest is the German solution which deployed over 80,000,000 cards to every person in Germany and Austria. * There are over 100 countries worldwide who have reduced or eliminated coins from the pay phone system by issuing Smart Cards. Germany, France, UK, Brazil, Mexico, and China have major programs. * Almost every small dish TV satellite receiver uses a Smart Card as its removable security element and subscription information. They are used as a credit/debit bankcard, which allows them for off-line transactions and store the credit and debit functions of financial institutions. * They can be used in retail loyalty schemes and corporate staff systems. Other applications for Smart Cards include computer/internet user authentication and non-repudiation, retailer loyalty programs, physical access, resort cards, mass transit; mass transit ticketing schemes, electronic toll, product tracking, national ID, driver’s license, pass ports, and the list goes on. . 2 Automating Transportation Services: With billions of transport transactions occurring each day, Smart Cards have easily found a place in this rapidly growing market. A few of the numerous examples of Smart Cards in transportation are: * Mass Transit Ticketing  Ã¢â‚¬â€œ Using contactless Smart Cards allows a passenger to ride several buses and trains during his daily commute to work while not having to worry about complex fare structures or carrying change. * Urban Parking  Ã¢â‚¬â€œ You don’t need to carry the correct change anymore†¦ ust a prepaid contact Smart Card. * Electronic Toll Collection  Ã¢â‚¬â€œ As you driv e through the toll gate of a bridge, a Smart Card, inserted into an RF transponder within your car, electronically pays the toll; without you ever stopping! * Airline Application  Ã¢â‚¬â€œ Your frequent flyer miles are added onto your airline Smart Card as your ticket is removed from it at the gate, eliminating paperwork! 4. 3 Internet: The role of the Internet has developed to include the support of electronic commerce. It was designed for the free exchange of information, and as such, t is a rich supply of academic, product and service information. But how does an Internet shopper go from looking at the product to actually buying it? The Smart Card is the ideal support for payment over the Internet, whether in cash or as credit. However, the Internet shopper needs to connect his smart payment card to his computer and through the computer to the Internet. Smart Card readers are inexpensive, low-power devices which can be easily added to existing computers. The additional cost of building them into future computers or peripherals is extremely low.The Internet is focusing the need for online identification and authentication between parties who cannot otherwise know or trust each other, and Smart Cards are believed to be the most efficient way of enabling the new world of e-trade. Smart Cards can act as an identification card, which is used to prove the identity of the cardholder. Besides using Smart Cards for payment over the Internet, the possibilities are endless like  carrying your favorite addresses from your own personal computer to your friend’s Network Computer and downloading your airline ticket and boarding passes, telepayments of the goods purchased online and such others. . SMART CARD TERMS AND CONCEPTS 5. 1 Memory Management Smart card is a device with major hardware constraints: low-power CPU, low data rate serial I/O, little memory etc. Today, card technology utilizes 8 bit processors (mainly of the 6805 or 8051 family) whose memory si zes are about a few tens of kilobytes (Urien, 2000), typically 1-4 kb RAM (Random Access Memory), 32-128 kb ROM (Read Only memory) and 32-64 kb EEPROM (Electrically Erasable Programmable Read Only Memory) at least, with options on FLASH and FRAM (Ferroelectric Random Access Memory) as well.As the demand for smart cards matures the standard memory of 32 or 64 Kbytes can prove a serious limitation. A solution to this is to look at some of the design issues and techniques to incorporate multiple memory chips in a single smart card. Gemplus had already produced a twin card, incorporating two unconnected chips in a single card. Other approaches include the use of PC in conjunction with smartcard. For instance, Blaze (1996) proposes the use of a powerful PC with a smart card for symmetric key encryption because the PC provides higher encryption bandwidth.Table 1 below shows storage capacity needed for various communication rates. | Communication rate| Storage capacity| P C (Pentium IV)| 1 20 Mbps | 10 K Bytes| Standard smart card| 9600 bps | 64 K Bytes | Multiple chip card| 20 Mbps | 224 M Bytes | Table 5. 1. 1: Communication rate and storage capacity According to Junko (2002), the EEPROM used in current smart cards is reaching its scalability limits, particularly for smart card devices built in 0. 13-micron technology and beyond. For this reason, companies like Philips agree on the need for alternative non-volatile memory for future smart cards.Currently Philips is leaning toward magnetic RAM as an alternative to EEPROM. Another important application that requires memory management is the application of biometrics. The use of biometrics within the card itself will mean that biometric features (fingerprint, retina, voice etc) can reliably identify a person. With enhancement in memory system, it will soon be possible to authorize the use of electronic information in smart card using a spoken word. The use of some of these features has already been implemented in many applications. Malaysia’s national ID, for instance, is a multipurpose smart card with a fingerprint biometric.The card is first of its kind in the world as it combines many applications such as driving license, passport, healthcare, and non-government applications such as an e-purse. (See http://www. jpn. gov. my/ or www. iris. com. my for details). Table 2 below gives the required bytes for various biometrics. Additional information about biometric technology and standards can be found from the following organizations: The Biometric Consortium (www. biometrics. org), International Biometric Industry Association (www. ibia. rg), or Bio API Consortium (www. iapi com) Biometric| Bytes Required|Finger scan| 300-1200| Finger geometry| 14| Hand geometry| 9| Iris recognition| 512| Voice verification| 1500| Face recognition| 500-1000| Signature verification| 500-1000| Retina recognition| 96| Table 5. 1. 2 Required Bytes for Biometrics 5. 2 Security Issues Security is always a big co ncern for smart cards applications. This naturally gives rise to the need for reliable, efficient cryptographic algorithms. We need to be able to provide authentication and identification in online-systems such as bank machine and computer networks, access control and the like.Currently such facilities allow access using a token; however, it is vital that the holder of the token be the legitimate owner or user of the token. As smart card is handicapped or highly restricted in their input/output (unable to interact with the world without outside peripherals), this leads to the involvement of many parties in its applications. Some of the parties involve: Cardholder, Data Owner, Card Issuer, Card Manufacturer, Software Manufacturer, and Terminal Owner as mentioned in (Schneier, 1999).It is there for essential to ensure that none of the above mentioned parties is threat to one another. To achieve this, there is need for further investigation in the design and analysis of smart card auth entication and identification protocols. For this reason, Gobioff (1996) proposes that smart cards be equipped with â€Å"additional I/O channels† such as buttons to alleviate these shortcomings. Further, there are numerous intrusion techniques able to tamper with smart cards and other similar temper-resistant devices as presented in (Anderson, 1997).This also indicates the need for effective intrusion detection/prevention techniques. 5. 3 Open Architecture Existing smart card standards leave vendors too much room for interpretation. To achieve wider implementation, there is need for an open standard that provides for inter-operable smart cards solutions across many hardware and software platforms. Open Platform, as defined by Global Platform (www. GlobalPlatform. org) is a comprehensive system architecture that enables the fast and easy development of globally interoperable smart card systems.It comprises three elements; card, terminal and systems, each of which may include specifications, software and/or chip card technology. Together these components define a secure, flexible, easy to use smart card environment. Development environment in use today include; Java, Visual C, Visual Basic, C++, and the like. The development of standards like GSM, EMV, CEPS, PC/SC, OCF, ITSO and IATA 791 represents an opportunity for manufacturers to produce products on an economic scale and give stability to systems designers. According to a report by Data card Group (White paper version1. ), True ‘open’ smart cards will have the following characteristics: * They will run a non-proprietary operating system widely implemented and supported. * No single vendor will specify the standards for the operating system and the card’s use. * The cards will support a high-level application programming language (e. g. , Java, C++) so issuers can supply and support their own applications as well as applications from many other vendors. * Applications can be writte n and will operate on different vendor’s multi-application smart cards with the same API (Application Programming Interface).To overcome the problem of lack of standardization, U. S. organizations have developed an add-on piece of smart card software meant to overcome communication problems between chip cards and readers from different vendors. They would like to see this technology, which they call a â€Å"card capabilities container,† used worldwide, making it an industry standard that would allow U. S. agencies to buy cards and readers from many vendors, sure that they would work together (Cathy, 2002).Another move is the development of a new organization called Smart Card Alliance, formed by Smart Card Industry Association (SCIA) and Smart Card Forum (SCF) to act as a single voice for the US smart card industries. Even in biometrics, each vendor has its own methods for enrolling individuals and later checking someone’s identity against the stored image. Howe ver, there are efforts underway to create biometric standards, largely driven by the U. S. government. In a major step, the American National Standards Institute approved Bio API as a standard way for biometric devices to exchange data with ID applications.ANSI now is preparing to propose Bio API to ISO for adoption as an international standard (Donald, 2002). 5. 3. 1 Operating Systems Today’s smart card operating systems and application frameworks are intrinsically local and mono application. Moreover, smartcard communicates with the outside world through a serial link. As the chip has a single bi-directional I/O pin, this link can only support haft-duplex protocol. The majority of chips work at the speed of 9600 baud, although the ISO standard 7816 has defined a maximum data rate of 230400 baud.A new type of SPOM (Self-Programmable One-Chip Microcomputer), named ISO/USB has been introduced in 1999; it provides a direct connection between a SPOM and the terminal via an USB p ort (Urien, 2000). According to USB specification, a data throughput from 1. 2 to 12 Mbits/s may be obtained between the chip and the terminal. The vision of smart card as an application platform rather than a simple security token is a paradigm shift for smartcard operating systems.According to Jurgensen (2002), the current operating system model cannot completely support the needs or the vision of Universal Integrated Circuit Card (UICC). The move is now towards the development of Next Generation Smart Card Operating Systems (COSng), which will be able to handle multi-applications and support future requirements. 5. 4 Performance Performance and speed are very important factors that need to be considered in most smart card application.To achieve this, transistor scaling or the reduction of the gate length (the size of the switch that turns transistors on and off), must be taken into consideration. This idea not only improves the performances of chips but also lowers their manufact uring cost and power consumption per switching event. Recently, IBM have built a working transistor at 6 nano meters in length which is per beyond the projection of The Consortium of International Semiconductor Companies that transistors have to be smaller than 9 nano meters by 2016 in order to continue the performance trend.The ability to build working transistors at these dimensions could allow developers to put 100 times more transistors into a computer chip than is currently possible. The IBM results will lead to further research into small, high-density silicon devices and allow scientists to introduce new structures and new materials. Details are available from IBM Research News 9thDecember 2002, available online: http://www. research. ibm. com/. 5. 5 Reader Requirements As the needs and uses of smart card increases, the need for a Smart Card reader that is not portable, small or light, but also easy to connect and access has arrived.However, some developers like â€Å"Browns † (http://www. brownsbox. com/) believe that the need for a reader is a problem, meaning extra expenditure, and, when working with a laptop, is a waste of a port. In view of this, an approach toward a device that can be attached to a PC (internally or externally) has arrived. To solve this problem, Browns developed a method that turns a floppy disk drive into a smart card reader. Another popular approach in Europe is the smarty smartcard reader/writer the size of a 3. 5-inch diskette by Smart Disk Corp.The device does not require a serial, parallel, or USB port, instead it works directly from a diskette drive. Smarty supports all smart card a protocol, including ISO 7816 and it works under different operating systems. Details are available from: http://www. smartcomputing. com/. This idea of smart diskette was initially proposed by Paul (1989) as shown in figure 3. A similar approach involves the development of keyboard with integrated card reader, and/or keyboard with integra ted fingerprint sensor and card reader by â€Å"Cherry†(http://www. accesskeyboards. co. uk/cherry. tm). 5. 6 Portability As mentioned earlier, portability or convenience of handling is one of the most important characteristics of smart cards. Since the smartness of smart card relies on the integrated circuit embedded in the plastic card, it is possible that the future smart cards might look like other everyday objects such as rings, watches, badges, glasses or earring because that same electronic function could be performed by embedding it in these objects. What remain is for developers and researchers to look into the best way of implementing it if the need arises. 6.SMART CARD VS BIOMETRIC One of the primary reasons that smart cards exist is for security. The card itself provides a computing platform on which information can be stored securely and computations can be performed securely. Consequently, the smart card is ideally suited to function as a token through which the security of other systems can be enhanced. Most of today’s systems need proper user authentication/identification as it is a crucial part of the access control that makes the major building block of any system’s security. Three methods are currently in use: what the user has (e. . smart card), what the user knows (e. g. password), and what the user is (biometrics). Each of these methods has its own merits and demerits especially when used alone. When a single method is used, we believe smartcard is the best choice. Passwords can easily be forgotten, attacked, and guessed. Similarly, biometric schemes alone are not good enough to ensure user authentication, as they are also vulnerable to attacks. First, we look into some of the benefits in using biometric schemes and then analyze some of their limitations.The primary advantage of biometric authentication methods over other methods of user authentication is that they use real human physiological or behavioral characteri stics to authenticate users. These biometric characteristics are (more or less) permanent and not changeable. It is also not easy (although in some cases not principally impossible) to change one’s fingerprint, iris or other biometric characteristics. Further, most biometric techniques are based on something that cannot be lost or forgotten.This is an advantage for users as well as for system administrators because the problems and costs associated with lost, reissued or temporarily issued tokens/cards/passwords can be avoided, thus saving some costs of the system management. However, as reported in (Luca 2002), the major risk posed by the use of biometric systems in an authentication process is that a malicious subject may interfere with the communication and intercept the biometric template and use it later to obtain access. Likewise, an attack may be committed by generating a template from a fingerprint obtained from some surface.Further, performance of biometric systems i s not ideal. Biometric systems still need to be improved in terms of accuracy and speed. Biometric systems with the false rejection rate under 1% (together with a reasonably low false acceptance rate) are still rare today. Although few biometric systems are fast and accurate (in terms of low false acceptance rate) enough to allow identification (automatically recognizing the user identity), most of current systems are suitable for the verification only, as the false acceptance rate is too high. Moreover, not all users can use any given biometric system.People without hands cannot use fingerprint or hand-based systems. Visually impaired people have difficulties using iris or retina based techniques. Some biometric sensors (particularly those having contact with users) also have a limited lifetime. While a magnetic card reader may be used for years (or even decades), the optical fingerprint reader (if heavily used) must be regularly cleaned and even then the lifetime need not exceed o ne year. Biometric data are not considered to be secret and security of a biometric system cannot be based on the secrecy of user’s biometric characteristics.The server cannot authenticate the user just after receiving his/her correct biometric characteristics. The user authentication can be successful only when user’s characteristics are fresh and have been collected from the user being authenticated. This implies that the biometric input device must be trusted. Its authenticity should be verified (unless the device and the link are physically secure) and user’s likeness would be checked. The input device also should be under human supervision or tamper-resistant. The fact hat biometric characteristics are not secret brings some issues that traditional authentication systems need not deal with. Many of the current biometric systems are not aware of this fact and therefore the security level they offer is limited. User’s privacy may be violated by biometr ic schemes. Biometric characteristics are sensitive data that may contain a lot of personal information. The DNA (being the typical example) contains (among others) the user’s preposition to diseases. This may be a very interesting piece of information for an insurance company.The body odour can provide information about user’s recent activities. It is also mentioned in (Jain, 1999) that people with asymmetric fingerprints are more likely to be homosexually oriented, etc. Use of biometric systems may also imply loss of anonymity. While one can have multiple identities when authentication methods are based on something the user knows or has, biometric systems can sometimes link all user actions to a single identity. Furthermore, biometric systems can potentially be quite troublesome for some users. These users find some biometric systems intrusive or personally invasive.In some countries people do not like to touch something that has already been touched many times (e. g. , biometric sensor), while in some countries people do not like to be photographed or their faces are completely covered. Lack of standards may also poses a serious problem. Two similar biometric systems from two different vendors are not likely to interoperate at present. Although good for user authentication, biometrics cannot be used to authenticate computers or messages. Biometric characteristics are not secret and therefore they cannot be used to sign messages or encrypt documents and the like.On the other hand, smart cards provide tamper- resistant storage for protecting private keys, account numbers, passwords, and other forms of personal information. Smart cards can also serve to isolate security-critical computations involving authentication, digital signatures, and key exchange from other parts of the system that do not have a â€Å"need to know. † In addition, smart cards provide a level of portability for securely moving private information between systems at w ork, home, or on the road. A better approach for the usage of biometrics is to combine biometrics with smartcards.The advantages of this may include: all attributes of the smartcards will be maintained, counterfeiting attempts are reduced due to enrolment process that verifies identity and captures biometrics. It will be extremely secure and provide excellent user-to-card authentication. 7. THREATS TCG does not really address security from a user point of view; as the model is centered on platforms. User identification and authentication mechanisms, including owner, are rather rudimentary. Basically, proof of knowledge of a secret value shared between the owner and the TPM is proof of ownership.In the case of the owner proof of knowledge is even proof of identity. To some extent, the pair (object UUID, Authorization Data) corresponds to a capability associated to a TPM-protected object. Threats are actually similar to those applying to capability-basedmodels. For example, the access authorization to a TPM-protected object is given very early, when the authorization data is associated to the object and not when the access is attempted. But more important authentication data can be freely duplicated and the user has to find some way to protect them.Like for every sensitive piece of information the key issue with authorization data is storage protection. Because it is impossible for an operator to remember a 20-byte random value, most of the TPM administration products available today implement a simple password-based technique. The authentication data Auth Data is computed from a password value using SHA-1 hash algorithm. Auth Data= SHA( password)Of course, all the well-known weaknesses of password-based authentication apply to such a mechanism: †¢ One-factor only authentication, †¢ Easy to guess, subject to dictionary attacks, Easy to snoop, visible in the clear when keyed or transmitted to the verifying party, †¢ Easy to lose and forget, †¢ Easy to write down and to share with others This type of implementation is so common that TPM manufacturers had to implement countermeasures like lockout or response degradation in order to protect from dictionary types of attacks. Another natural solution would be to securely store the authorization data directly on the platform hard drive. This type of solution is considered subject to attacks [9] and raises a lot of side issues.For example, the authorization data must be stored on an opaque container that is generally protected by a password and hence prone to dictionary attacks. Outside of the platform owner, who just plays an administrative role, regular platform users have also to be taken into account. In every day operations, platforms interact with users and user identity is a critical piece of the security and trust puzzle. For that matter all platform operating systems implement user identification and authentication mechanisms.How users fit in this picture is not comple tely in the scope of TCG specification. As a consequence, authentication data are not assigned to specific users. Even though this is not a threat in itself, there is lot of practical cases where TPM-protected keys have to be assigned to specific users only. For example, the file encryption keys used by one user on a platform must be kept separated from the other platform users. 8. SMART CARD-BASED USER AUTHENTICATION Smart card-based authentication is a first step towards the TPM and-smartcard cooperative model introduced in section 2.The principle is to use a smart card during the execution of the user side of the TCG authorization protocols. The most critical piece of information in TCG authorization protocol is the Authorization Data that is either stored locally on the platform or computed from an external seed secret such as password. This model raises many issues. Since smart cards another hardware tokens, are used to address this type of user authentication issues in environ ments like corporate IT or banking, smart card-based authentication can be the answer to the threats identified in section 3. 4.For instance, as smart cards are physically secure and cannot beckoned, the duplication of an authorization data becomes impossible. Likewise, smart cards allow the usage of truly random authorization data, offering a particularly efficient protection against a dictionary attack. To offer a higher protection level, access to the authorization data can be protected by a Personal Identification Number (PIN). In the context of user authentication, smart cards will also provide: †¢ Two-factor authentication, †¢ Tamper-resistant storage for protecting authentication data and other user personal information. Isolation of security-critical computations involving the authentication data from other parts of the system that do not have a â€Å"need to know. † †¢ Portability of credentials and other private information between computers. But the integration of smart cards within TCG authorization protocols has an impact in terms of smart cards capabilities. 8. 1 Smart cards requirements In a smart card-based authentication scheme, the smart card will be primarily used to physically protect the Authorization Data. This means that the smart card must be able to: 1.Store the Authorization Data, 2. Process the user side of the authorization protocol computation that requires the Authorization Data. Storing the Authorization Data in a smart card presents no particular difficulty. Every smart card, including the most basic one like simple memory card, has the capability to store a 20-bytevalue. On another hand, how much of the authorization protocol can be processed by a smart card is directly linked with the card cryptographic capabilities. In order to perform the entire user side of the protocol a smart card will have to be able to: Generate random values, †¢ Compute a shared secret using a SHA-1-based HMAC, †¢ Comput e and verify authentication values using SHA-1 andSHA-1-based HMAC operations, †¢ Encrypt authentication data using a XOR Most of cryptographic smart cards today have robust Random Number Generator and support SHA-1 in native mode, but smartcards offering HMAC in native mode are less common. A solutions to simply implement a Java Card applet providing these features. Following sections describe three, incrementally secure, possible implementation of smart card-based authentication. . 2 Importance of Smartcards to Computer Security 8. 2. 1 Importance of Smartcards as a Design Mechanism for Computer Networks This section highlights the fundamental security challenges that face us in this increasingly computer network oriented world, and how smartcards can provide key advantages towards security. 8. 2. 2 Fundamental Security Challenges Because computers and networks are becoming so central to our lives in this digital age, many new security challenges are arising. This is the era of full connectivity, both electronically and physically.Smartcards can facilitate this connectivity and other value added capabilities, while providing the necessary security assurances not available through other means. On the Internet, smartcards increase the security of the building blocks Authentication, Authorization, Privacy, Integrity, and Non-Repudiation. Primarily, this is because the private signing key never leaves the smartcard so it’s very difficult to gain knowledge of the private key through a compromise of the host computer system. In a corporate enterprise system, multiple disjointed systems often have their security based on different technologies.Smartcards can bring these together by storing multiple certificates and passwords on the same card. Secure email and Intranet access, dial-up network access, encrypted files, digitally signed web forms, and building access are all improved by the smartcard. In an Extranet situation, where one company would like t o administer security to business partners and suppliers, smartcards can be distributed which allow access to certain corporate resources. The smartcard’s importance in this situation is evident because of the need for the strongest security possible when permitting anyone through the corporate firewall and proxy defenses.When distributing credentials by smartcard, a company can have a higher assurance that those credentials cannot be shared, copied, or otherwise compromised. 8. 2. 3 The Smartcard Security Advantage Some reasons why smartcards can enhance the security of modern day systems are: 8. 2. 3. 1 PKI is better than passwords – smartcards enhance PKI Public Key Infrastructure systems are more secure than password based systems because there is no shared knowledge of the secret. The private key need only be known in one place, rather than two or more.If the one place is on a smartcard, and the private key never leaves the smartcard, the crucial secret for the sy stem is never in a situation where it is easily compromised. A smartcard allows for the private key to be usable and yet never appear on network or in the host computer system. 8. 2. 3. 2 Smartcards Increase the Security of Password Based Systems Though smartcards have obvious advantages for PKI systems, they can also increase the security of password based systems. One of the biggest problems in typical password systems is that users write down their password and attach it to their monitor or keyboard.They also tend to choose weak passwords and share their passwords with other people. If a smartcard issued to store a user’s multiple passwords, they need only remember the PIN to the smartcard in order to access all of the passwords. Additionally, if a security officer initializes the smartcard, very strong passwords can be chosen and stored on the smartcard. The end user need never even know the passwords, so that they can’t be written down or shared with others. 8. 2. 3. 3 Two Factor Authentication, and more Security systems benefit from multiple factor authentications.Commonly used factors are: Something you know, something you have, something you are, and something you do. Password based systems typically use only the first factor, something you know. Smartcards add an additional factor, something you have. Two factor authentications have proven to be much more effective than single because the â€Å"Something you know† factor is so easily compromised or shared. Smartcards can also be enhanced to include the remaining two features. Prototype designs are available which accept a thumbprint on the surface of the card in addition to the PIN in order to unlock the services of the card.Alternatively, thumbprint template, retina template, or other biometric information can be stored on the card, only to be checked against data obtained from a separate biometric input device. Similarly, something you do such as typing patterns, handwritten sig nature characteristics, or voice inflection templates can be stored on the card and be matched against data accepted from external input devices. 8. 2. 3. 4 Portability of Keys and Certificates Public key certificates and private keys can be utilized by web browsers and other popular software packages but they in some sense identify the workstation rather than the user.The key and certificate data is stored in a proprietary browser storage area and must be export/imported in order to be moved from one workstation to another. With smartcards the certificate and private key are portable, and can be used on multiple workstations, whether they are at work, at home, or on the road. If the lower level software layers support it, they can be used by different software programs from different vendors, on different platforms, such as Windows, UNIX, and Mac. 8. 2. 3. 5 Auto-disabling PINs Versus Dictionary AttacksIf a private key is stored in a browser storage file on a hard drive, it is typi cally protected by password. This file can be â€Å"dictionary attacked† where commonly used passwords are attempted in a brute force manner until knowledge of the private key is obtained. On the other hand, a smartcard will typically lock itself up after some low number of consecutive bad PIN attempts, for example 10. Thus, the dictionary attack is no longer a feasible way to access the private key if it has been securely stored on a smartcard. 8. 2. 3. 6 Non RepudiationThe ability to deny, after the fact, that your private key performed a digital signature is called repudiation. If, however, your private signing key exists only on a single smartcard and only you know the PIN to that smartcard, it is very difficult for others to impersonate your digital signature by using your private key. Many digital signature systems require â€Å"hardware strength on Repudiation†, meaning that the private key is always protected within the security perimeter of hardware token and can’t be used without the knowledge of the proper PIN.Smartcards can provide hardware strength Non Repudiation. 8. 2. 3. 7 Counting the Number of Private Key Usages So many of the important things in our lives are authorized by our handwritten signature. Smartcard based digital signatures provide benefits over handwritten signatures because they are much more difficult to forge and they can enforce the integrity of the document through technologies such as hashing. Also, because the signature is based in a device that is actually a computer, many new benefits can be conceived of.For example, a smartcard could count the number of times that your private key was used, thus giving you an accurate measure of how many times you utilized your digital signature over a given period of time. Figure 8. 2. 3. 7. 1: Smartcard Electrical Contacts Table 8. 2. 3. 7. 2 : Description of Contacts POSITION TECHNICAL ABBREVIATION FUNCTION C1 VCC Supply Voltage C2 RST Reset C3 CLK Clock Frequency C4 RFU Reserved for future use C5 GND Ground C6 VPP External programming voltage C7 I/O Serial input/output communications C8 RFU Reserved for future use 9.SMART CARD ENABLED PRODUCTS This section lists popular security products and explains how smartcards can be used to enhance their security. 9. 1Web Browsers (SSL, TLS) Web browsers use technology such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to provide security while browsing the World Wide Web. These technologies can authenticate the client and/or server to each other and also provide an encrypted channel for any message traffic or file transfer. The authentication is enhanced because the private key is stored securely on the smartcard.The encrypted channel typically uses a symmetric cipher where the encryption is performed in the host computer because of the low data transfer speeds to and from the smartcard. Nonetheless, the randomly generated session key that is used for symmetric encryption is wrappe d with the partner’s public key, meaning that it can only be unwrapped on the smartcard. Thus it is very difficult for an eavesdropper to gain knowledge of the session key and message traffic. 9. 2 Secure Email (S/MIME, Open PGP) S/MIME and Open PGP allow for email to be encrypted and/or digitally signed.As with SSL, smartcards enhance the security of these operations by protecting the secrecy of the private key and also unwrapping session keys within a security perimeter. 9. 3 Form Signing Web based HTML forms can be digitally signed by your private key. This could prove to be a very important technology for internet based business because it allows for digital documents to be hosted by web servers and accessed by web browsers in a paperless fashion. Online expense reports, W-4 forms, purchase requests, and group insurance forms are some examples.For form signing, smartcards provide portability of the private key and certificate as well as hardware strength non repudiation. 9. 4Object Signing If an organization writes code that can be downloaded over the web and then executed onclient computers, it is best to sign that code so the clients can be sure it indeed came from areputable source. Smartcards can be used by the signing organization so the private key can’tbe compromised by a rogue organization in order to impersonate the valid one. 9. 5 Kiosk / Portable PreferencesCertain applications operate best in a â€Å"kiosk mode† where one computer is shared by a number of users but becomes configured to their preferences when they insert their smartcard. The station can then be used for secure email, web browsing, etc. and the private key would never leave the smartcard into the environment of the kiosk computer. The kiosk can even be configured to accept no mouse or keyboard input until an authorized user inserts the proper smartcard and supplies the proper PIN. 9. 6 File EncryptionEven though the 9600 baud serial interface of the smartcar d usually prevents it from being a convenient mechanism for bulk file encryption, it can enhance the security of this function. If a different, random session key is used for each file to be encrypted, the bulk encryption can be performed in the host computer system at fast speeds and the session key can then be wrapped by the smartcard. Then, the only way to easily decrypt the file is by possessing the proper smartcard and submitting the proper PIN so that the session key can be unwrapped. 9. 7 Workstation LogonLogon credentials can be securely stored on a smartcard. The normal login mechanism of the workstation, which usually prompts for a username and password, can be replaced with one that communicates to the smartcard. 9. 8 Dialup Access (RAS, PPTP, RADIUS, TACACS) Many of the common remote access dial-up protocols use passwords as their security mechanism. As previously discussed, smartcards enhance the security of passwords. Also, as many of these protocols evolve to support public key based systems, smartcards can be used to increase the security and portability of the private key and certificate. . 9 Payment Protocols (SET) The Secure Electronic Transactions (SET) protocol allows for credit card data to be transferred securely between customer, merchant, and issuer. Because SET relies on public key technology, smartcards are a good choice for storage of the certificate and private key. 9. 10 Digital Cash Smartcards can implement protocols whereby digital cash can be carried around on smartcard. In these systems, the underlying keys that secure the architecture never leave the security perimeter of hardware devices.Mondex, VisaCash, EMV ( Europay-Mastercard-Visa), and Proton are examples of digital cash protocols designed for use with smartcards. 9. 11 Building Access Even though the insertion, processing time, and removal of a standard smartcard could be a hassle when entering a building, magnetic stripe or proximity chip technology can be added to sm artcards so that a single token provides computer security and physical access. 10. PROBLEM WITH SMART CARD Even though smartcards provide many obvious benefits to computer security, they still haven’t caught on with great popularity in countries like the United States.This is not only because of the prevalence, infrastructure, and acceptability of magnetic stripe cards, but also because of a few problems associated with smartcards. Lack of a standard infrastructure for smartcard reader/writers is often cited as a complaint. The major computer manufactures haven’t until very recently given much thought to offering a smartcard reader as a standard component. Many companies don’t want to absorb the cost of outfitting computers with smartcard readers until the economies of scale drive down their cost.In the meantime, many vendors provide bundled solutions to outfit any personal computer with smartcard capabilities. Lack of widely adopted smartcard standards is ofte n cited as a complaint. The number of smartcard related standards is high and many of them address only a certain vertical market or only a certain layer of communications. This problem is lessening recently as web browsers and other mainstream applications are including smartcards as an option. Applications like these are helping to speed up the evolution of standards. 11.FUTURE WORK Different usage scenario can be defined to explore additional synergies between TPM and smart cards. For example, a MIS department orders trusted platforms from their favorite PC manufacturer. The machines are configured and personalized according to the end-user profile, following the corporate policies. The MIS representatives possess a specific smart card, the owner card, which is used for trusted platforms initialization and maintenance. During the initialization process the user smart card is created for the platform end-user.This card stores the user secrets and credentials, to be used during the processing of security functions like digital signature of documents. Our scenario provides features to securely share the TPM among several users. Each user owns a dedicated Protected Storage Tree under the Storage Root Key (SRK), protected by local User Root Keys (URK). The first phase in the trusted platform life cycle will be the initialization of the TPM. During this step, the corporation, through the MIS department, will â€Å"take ownership† of the TPM.This phase covers the loading of secrets into the TPM, the creation of a root storage key, but also the generation of a smart card that will be given to the main platform user. During this process a URK can be created for the first user, secured by the SRK, and then user keys can be generated under the URK. These keys will be used to generate quotes for a given user. The platform is then given to the main end-user, who also receives a user smart card. 12. CONCLUSION Most of the smart card systems in use today serve one purpose and are related to just one process or is hardwired to only one application.A smart card cannot justify its existence in this respect. The approach of future smart card is therefore towards designing multi-application card with own operating system based on open standard that can perform a variety of functions. It must be configurable and programmable and it must be able to adapt to new situations and new requirements especially in areas such as security, memory management, and operating system. Most of smart card application methods today rely on the fact that the code of functions to be performed should be imported by card operating system from an outside server.This approach is quite weak with regards to security. It is, therefore, important t

Causes of the French Revolution Essay

The Gallic Revolution had many causes including ; economic. political. and geographic factors that built up until people decided to take a base. An illustration of this is in document figure 11 which has both —– and —– factors from a societal scientific discipline position. This papers shows the members of the national assembly who decided to take a base and vowed to non divide until they made a fundamental law subsequently known as the â€Å"Tennis Court Oath† . This papers truly shows the continuity the people of France had to do life every bit just for both the royals. provincials and everyone in between. As you now know there are many factors that led up to the Gallic Revolution and one of the biggest causes was economic crisis. While the royal household was happy holding banquets the people of France were hungering and many could hardly afford the monetary value of a four pool loaf of staff of life. In document figure 15 it shows how the monetary value of staff of life skyrocketed in merely a year’s clip and how much of a person’s income was spent on staff of life. Not merely was the monetary value hideous but it was the chief component in their diet so they could non travel without it. This papers is a secondary beginning and it shows both political and economic positions in a societal scientific discipline position. Another illustration of economic confusion is in document figure 10. In this papers it shows the fiscal jobs in France during 1789. The economic system was so unhealthy that non merely were the urban common mans in debt the male monarch besides was. When adding up the monetary value of nutrient. rent. tithe. revenue enhancements. and dressing it put the common mans at an amazing 170 % entire. and although it was a lesser sum the male monarch was besides in debt by a humongous 60 % . This papers has both political and economic points and even though it is a secondary beginning it truly makes you believe about how difficult it must hold been for the people to merely last. Throughout history there have been many people who wanted power. to be a leader and stand over others and demo that they are of a greater category. And to the people king Louis XVI and Marie Antoinette were seeking to demo their laterality. Political positions have ever been a large portion of society and they were besides a immense subscriber to the start of the Gallic Revolution. Document figure one has a picture for both King Louis XVI and Marie Antoinette which clearly shows that they are rich and powerful. As you look at Marie in this image you can see that she had no job paying a monetary value to look beautiful and Louis closet indicates that he has large luxuries and they love to demo it. This papers is a primary beginning and has political. economic. and cultural positions. Another great illustration for a political cause is document figure three. This papers non merely has a political position it besides shows economic. cultural. and psychologically positions in a primary beginning. It talks about the adversities a adult female and her hubby are confronting seeking to run into the demands of the royals. the papers states â€Å"The revenue enhancements and feudal dues are oppressing us. † What sent many people over the border was non being treated reasonably until they eventually snapped.

Critical evaluation of the international Accounting Standard and Essay

Critical evaluation of the international Accounting Standard and Financial Reporting Standard that applied on BRITIVC plc - Essay Example investors and lenders. This report specifically aims at the critical evaluation of the key financial information provided in the financial statements of Britvic Plc. Those key items are 1) Revenues, 2) Property, Plant and Equipment, 3) Earnings per share. These key items are evaluated in the light of their relevant accounting standards as to check whether these areas are consistent with providing the useful information to the lenders and investors. The following discussion and evaluation highlights these specific areas on separate basis so that each individual key accounting area can be judged regarding the achievement of IAS and IFRS objective (IFRS and IAS Summaries- English, 2011-2012). IAS 18 covers revenue recognition for the preparation of financial statements. The major criterion for recognizing the revenues is the transfer of risks and rewards between the parties to the sales contract. Seller transfers the risks associated with the selling item in response to a reward received from the buyer. When risks and rewards are transferred to the concerned parties, the revenues are deemed to be recognized by the selling entity. As far as the disclosure requirements of IAS 18 are concerned, minimal disclosure are required such as the total revenue generated during the current period along with comparative figure of the last year (BDO, n.d.). If the financial statements of Britvic Plc. are accounted for the year 2012, it can be clearly observed from the statement of comprehensive income that the company has generated the revenues of around  £1,256 million. In the previous year, the company had upward revenues of around  £1,290 million. From the perspective of disclosure requirements, the company has provided the appropriate disclosure requirements in the statement of comprehensive income (Annual Report Britvic Plc., 2012). Besides this disclosure requirement of IAS 18, certain other requirements relating

The End of the World Essay Example | Topics and Well Written Essays - 1250 words

The End of the World - Essay Example He said that even if a small portion of the stuff leaks out, it will start producing more and more anti- matter and quite soon they will take over the earth. My head started throbbing after talking to him. I asked my cousin Laura if she knew about LHC. She said, "The Large Hadron Collider There's an article about it in today's New York Times " When I asked her about the end of the world, she laughed and read the article aloud, ".Next summer, the Large Hadron Collider, Europe's $9 billion investment in particle physics, will take a handful of ions, hurl them through 17 miles of circular tunnel and smash them together so hard they will shatter into the finest atomic shards anyone has ever observed. And if all goes according to plan, the glints and flashes from those shards will at last reveal the mysterious Higgs boson, the one particle that endows all others with the property of mass" (Hirsch, 2009. New York Times) After reading the full text, she said that it was a great achievement for science and there was no need to imagine the end of the world. This made me decide to do a little research on my own about the end of the world. First, I interviewed some people about their opinions on "The End of The World ". Of the seven people I interviewed, three were positive the world as we know it would end in the near future; two did not believe that the world would end, and the other two were not sure. Everyone gave a different reason for their belief. Mrs.J, the librarian said that the global financial meltdown showed the moral bankruptcy of our time. In her opinion, this showed that the end was near. Mrs. R also thought the end was near. "Why do you think Katrina and Ike were sent They are the warnings of the future things to come!" she said. Mr. Pradhan, a research scholar from India said that there have been many predictions in the past and none came true. He told the story of the tribal people who live in the jungles of Orissa in India. There was a scare about the end of the world on February 13, 2001. The tribals sold all the things they possessed, gathered in a place in the jungle a week before the 'doomsday' and ate and drank and danced and had an orgy of fun. When nothing happened on the 13th February, they went back to their homes in their villages, and had a bigger thanksgiving celebration in the temple. Mr. K said that global warming would very likely cause an end of the world as we know it. Ms. A ," not sure", was a bit confused by the scriptures who predict an end of the world and the rationalists who disagree. Both the men who did not believe that there would be an end of the world said the prophecies had never come true So .I decided to read up some predictions. The most famous of all prophecies were those made by Nostradamus. , a Frenchman who published his predictions in 1555. In the book "Centuries" he has predicted many historic events that would happen in the future. His predictions are in the form of 4-line verses called quatrains, which are difficult to interpret. I believe he had predicted the world wars, the nuclear bombs , aand9/11. He has also predicted the end of the world. After twenty years of the moons reign Another monarch will take hold for 7000 years When the sun takes the remaining days Then my prophecy is finally accomplished. According to the interpreter, this means, "Armageddon: The sun will consume the earth around the year 7000" (Haley. P.114) The dictionary meaning for

What causes market monopoly Essay Example | Topics and Well Written Essays - 2500 words

What causes market monopoly - Essay Example This is a normal behavior because it works. In general, the government regulation that helps create monopoly conditions falls into one of three categories: Barriers to Labor. Licensing or other regulation impeding the mobility of labor. Barriers to Resources. Examples include natural resources, wireless spectrum. Barriers to Operations. Examples include casino gambling, illegal drug trade. The stated purpose of the legislation is always to protect the public, but interested parties usually write the legislation to suit their own agenda. In many cases, the legislation that purported to protect the public actually harms the public. An example is barbers. Why does a barber require a license to cut hair, and why does the license to cut hair require a lengthy period in a beauty college? The answer is that the legislation is purely to protect the markets of existing barbers. During hard times, setting up a private barbershop or beauty salon is not difficult for anyone with some skill, whic h presents competition to the existing barbers and beauticians. The clip-joint owners went to the state legislature and worked out a deal. It was in the public interest to cut the deal because the state is always worried about taxes and someone who receives cash for cutting hair in a private shop may forget to pay their taxes on the income. Likewise, the clip-joint owners wanted to make sure it was difficult to get into this business, but not so difficult that the labor supply dries up. They wanted limited competition in good times and high barriers to entry in bad times. The solution was to require a license and make the requirements of getting a license be a three to six month course at a beauty college. This is an example of barriers to entry into the labor markets, which we shall discuss. Barriers to Labor Markets As illustrated by the story about the barbershop protection societies, many different groups have formed protective associations. The public face of the protective ass ociation is always to ensure compliance to the highest ethical standards, but the real agenda is always ensuring that their turf is staked out and defended. We shall say now, we have never seen a protective association of theoretical physicists. We have never heard specious claims of how the public must be protected from all that high-powered thinking and the only solution is to license and regulate them. Perhaps the reason is that not many people are capable of becoming a theoretical physicist. Realtors, however, are a different story. Like barbers and the business of cutting hair, if the market looks good and a person has sales talent, real estate looks good. Especially if that person is a â€Å"connector† who collects contacts and likes to stay in touch with many different people. Realtors are just as intelligent as barbers and they formed a protective association that has been very successful in placing a very high barrier to entry into that field. The barrier to entry is so high in many areas that it hurts the public. We shall explain: After the realtor’s protective association convinced the state legislature to pass appropriate legislation and license the realtors subject to an industry oversight board with regulatory powers granted by the legislature, along came the Multi Listing Service (MLS). Now that everyone was a member of the union, the idea was to make it easier for everyone to share pieces of the pie. Few understand this, but it hurts consumers because a disincentive has been created: there is no

Analysis of Truman's Fair Deal Literature review

Analysis of Truman's Fair Deal - Literature review Example The Policy of Containment was devised in 1946 by George Kennan, then a high-ranking representative at the US embassy in Moscow. It consisted in limiting the expansion of the Soviet sphere of influence, both militarily and economically, in the hope of provoking the collapse of its social system. The Marshall plan was the economical part of this policy, whereas the creation of the North Atlantic Treaty Organization (NATO) in April 1949 was its military component. McCarthyism, a term coined by a political cartoonist in 1950 following the involvement of Senator Joseph McCarthy in a widespread "witch hunt" against Communists on American soil, corresponds to the excessive response to the fear of the spread of Communism following World War II. Also, termed the "Second Red Scare" (the first one having occurred just after the Bolshevik revolution in Russia in 1917), this period spanned roughly a decade from the end of the 1940s until the late 1950s. Characterized by its policy of systematic suspicion, it sparked a controversy that still exists today. It raised the issue of freedom of thought versus patriotism, and the term is still used to describe the unfounded questioning of a person's loyalty to the nation. As the number of white-collar positions increased and overtook that of professions dealing with the direct production of materials, a shift in the American population appeared in the 1950s. Most employees were leaving the industrial areas of the North and East of the USA to move to the South and West, were management-related positions were numerous and the environment more welcoming. This shift was accelerated by the development of Interstate highways that allowed the commuters to use their cars instead of the public transports, thus creating and developing a suburban way of life that didn't exist before. The Korean and Viet Nam wars had in common that they showed America's commitment to prevent the spread of Communism throughout the world, and not just in Europe. They were both limited wars that demonstrated that technical superiority is no guarantee for victory. Besides, neither they were popular at home among the general public. They differed in that the Viet Nam war had more important long-term repercussions on the American economy, politics, and public attitude toward the government. Â  

Intervention Informed by Theory- Critical Exploration, Explanation and Essay

Intervention Informed by Theory- Critical Exploration, Explanation and Demonstration of Intervention Form - Essay Example The present research has identified that experiential learning offers an alternative and needed a mode of learning for many of Scotland’s youth, which in the regular course of their traditional schooling are in a way deprived of more experiential learning modes because of an emphasis on book and academic learning for most of the academic year. Experiential youth learning via targeted interventions that deal with sensitive and potentially traumatic life circumstances have great value for those involved, and for the larger community too. Often young people in difficult situations have no one to turn to, and academics and school learning seem irrelevant in such instances. The experiences are too raw, and the impact not always fully understood, and there is a need to provide avenues for processing those experiences and to transform them into learning and self-improvement opportunities. It is not difficult to see, moreover, from the wealth of academic literature on the various aspe cts of experiential learning as they apply in youth learning contexts that there is a rich and fertile ground for exploration that is available for both educators and learners. The literature is rich and therefore there is enough theoretical grounding to be able to successfully launch an exploration of an intervention along these lines, and in the process come up with a robust approach and a viable set of techniques to give flesh to the proposed intervention here. The richness of the literature pertains to the value of experiential learning to process youth experiences that are often difficult to do so otherwise. In the context of this discussion, when we talk of experiential learning or learning that is experience-based, we are referring to the same set of concepts tied to that learning mode where the learner and his or her experiences are central to the learning process or are the starting points of the learning process.

Russia as a business destination Essay Example | Topics and Well Written Essays - 3000 words

Russia as a business destination - Essay Example Furthermore, foreigners would heighten their chances of success by working with local partners who would guide them there. Labor costs largely depend upon the region under consideration and western style hotels cost much more than they do in the US. Possible areas of business include oil related services or products, consumer products and the IT sector. There are a number of misconceptions about Russia as a business destination. Some people believe that conducting business in Russia is an all too easy process and that all it takes are some good connections or simply meeting with the right people. On the other hand, others believe that in Russia, it is almost impossible to do business and that enterprises are not governed by the basic principles of economics. While these latter assertions might have some validity in certain respects, it is essential to understand that they do not represent the business climate, market opportunities or entry strategies required to make it in Russia. Russia as a business destination requires its own set of rules. One needs to be ready to do business in an unconventional way. Additionally, one should be ready for the disparities that occur across various sectors and also across a number of geographical areas. In Russia, some areas are oversupplied while others are undersupplied. The latter could either act as rewarding business opportunities in certain instances or they could signify areas that need to be ignored because if the Russians themselves do not see any potential in it, then what makes a foreigner think that he/she can turn it around. (Fetsenko, 2008) Business in Russia is not for the feint hearted. It requires a great deal of imagination and resilience. But after exercising all the latter traits, it can then become easy to enjoy the rewards of investing in this country. Consequently, one should be well equipped with all the business environment information, market intelligence, import and export opportunities and market strategies required to succeed in Russia before venturing there. These are all aspects that will be covered in the report below. Market Intelligence Report (MIR) The Russian People There are a number of misconceptions held by westerners about the Russian people. Some of them believe that Russian cities are too susceptible to crime and that one would lose their property at any one time. However, compared to crime levels in the United States, Russian cities are safer. Other people believe that in Russia, organized crime overrules the basic principles of economics and that one cannot expect to find considerable profits without collaborating with these high profile criminals. However, this is another misconception; one can still conduct business in Russia without having to involve members of organized crime. While the latter issue may exist in certain sectors of the economy, others are not affected by it. Consequently, businessmen interested in doing business there need to familiarize themselves with the sectors that are untouched by such kinds of issues. (Donga, 2008) It should also be noted that not all Russian people are interested in taking bribes. The case of corruption has been a rising concern among business men from the US because most of them may not understand the dynamics of the Russian business environment. However, this is an issue that has been exaggerated by many individuals. In fact, this could simply be a result of the culture shock which one

Personality Psychology Essay Example for Free

Personality Psychology Essay Abstract:  Capturing a portrait of life reveals the keys to unlocking the potential or positive self-schema of emphasizing knowledge of your self-worth and the worth of others, utilizing your own interpretations of the world through life situations, film, spiritual enlightenment and our own perceptions. Which questions us to decipher the defense mechanisms that we to better decipher the defense mechanisms we acquire only making us handicap toward viewing and interacting with society. Introduction-That’s the Glory of, that’s the Story of Life Secretly we all want to be beautiful or handsome, equally talented, the center of attention just for once in our lives. The extravagantly creative are loners, the amazingly attractive are too conceited, and the king or queen of our dreams are nowhere in sight. But what makes us that social butterfly, that person who creates connections all across the world as their smile lights up the room, does this person reveal their true selves in society or is it just an illusion? The hard work and efforts we make to gain respect, insight and a positive imagine in our life might take more than just a decent gesture or a firm handshake, we sometimes have to be untruthful about who and what we are and simply what we do. Within our own crowded closets we hide our skeletons so perfectly that no one is aware of all those deadly fears, baggage, and overall unappealing factors that might make society feel like we are the unwanted or unnoticed. Whether we know it or not it is our self-sabotaging state of mind that leads us to the helplessness of being important and the desire to be socially acceptable; as we hold importance on self-image or self-schema we are sometimes left with our thoughts within our intriguing minds wondering how to get there and what we must become. We then began to shield our true emotions and feelings with defense mechanisms that stand as our guard facing the factors that we are only human and have faults. Looking At the Man in the Mirror –Finding Me, My Own Self-image Within The steps toward grasping our self-image must come from within as we look in the mirror,† we ask ourselves who are we to be brilliant, gorgeous, talented, and fabulous? † Meanwhile the question answers itself saying â€Å"who are we not to be as a Child of God our playing small does not served the world, as we come to the realization that there is nothing enlightening about downplaying our own personalities so that other people won’t feel insecure around us. In life upon society we are meant to shine as we are born to make manifest the glory of God that is within, as everyone has that chance to shine but if we let our lights shine we give others the ability to unconsciously to do the same. Finally we are liberated from the fears that had us bound as we break those chains of negativity just simply by our presence we free others. (Williamson, 2013) This factor is known as cognitive schema or cognitive psychology; we define self-schema or self-image as the mental process with the efficiently processing and organization of incoming information. We find that our knowledge, beliefs, and past experience are stored into our long-term without intervening with our conscious thoughts. Although we equally process information about ourselves schematically this happens when our brains store memory feedbacks that we receive from the sources from our peers, senses and bodies which also interlinks with â€Å"our emotions and physiology in a complex way that interconnects with self-systems that triggers automated scripts or actions that respond well to the situation. It is the cues of the environment that prompt a schema that sets into motion an automated sequence of cognitive, emotional and physiological responses. Are we really the product of our own environment? Looking within our own past we find that our own self-schema is developed in our childhood, the thoughts of feeling unwanted, loved, unlovable, unattractive, unintelligent and other factors increasingly set into this motion that become negative and harmful in a person’ s life. With no reassurance from our peers, family or partners the emotions and behaviors that seem to deeply affect us makes it hard to conceal those wounds which prompt us to make additional self-schemas that seem to be more destructive than others. When we create the perfect self-schemas we initiate some matters more than others igniting a chain reaction of thoughts, feelings, perceptions and actions that are dangerous to us. It seems to me that we justify what’s harmful to us but not what’s harmful to others as we view other people and categorize them in ways that are negative which being stereotypical, prejudice or even discrimination about ones creed or color seem to reveal the way we truly feel about people different than us. Although our own self-schemas we have about ourselves can cause suffering there nothing less than cognitive constructs within our minds especially when thinking, feeling and behaving in a certain way. However, self-schemas are useful to us in our daily lives forcing us to be consciously being aware of important decisions and guide us on the right path so that we can behave appropriately in different situations and among people. Also they help us understand and interpret the way we use the information for example as we receive facts it activates specific cognitive, verbal and behavioral action sequences which are called scripts and action plans which makes it possible for us to meet goals more efficiently. The Spiritual Self-Schema, 2013) The Battle within Ourselves In place within ourselves, we fight the good fight but it seems like we are our own worst enemy but what truly lies within our own unique battles is the willingness to change. But does that underlying promise go unheard? For our interpretive frameworks for understanding our own are the schema that is related to the behaviors of others; could it be the self-relevant experiences, situations and events that are relevant to a person’s self-definition that gains our focus or our attention? Although we are only human our minds seem to always be consumed by the future, transformation and fears thereof. In reference to self-schema a film like Bicentennial Man portrays the story of the battle within us paint an intricate picture of how a blank canvas can turn into a magnificent masterpiece, whereas the story of Andrew Martin, expressed his endeavors in his transformation from robot to human and all the emotions and feelings involved. Andrew Martin played by Robin Williams reveals how people understand the behaviors of others in certain situations, experiences and events. (imdb. om, 2013) As he learned more and more about the human experience and behaviors and why we do the things we do he gained insight that maybe the image he saw of him was merely human. Martin, an android who was glad to be of service saw that life was more than being a mere machine but the utmost feeling of being a human was satisfying in ways beyond measure. As years and years progressed his family life throughout serving as a butler, a teacher, a maid, a cook and an instructor made him yearn for something more and more each day as he soon found his talent with wood and creating clocks, whatnots and other masterpieces. Could this be the element he was looking for something more that proved to him not only to be an android but a person full of talent, dreams and aspirations that no upgrade within his system could create? Time took a toll at the Martin’s residence whereas everyone was getting older and Andrew was no longer needed in the household but his bond with Sir Richard Martin and Little Miss provoked an idea to explore other remarkable experiences as he did with the Martin family. His journey did not stop there; his search drove him to find another android like him with more drive, passion and personality than he ever known. After years and years of searching for answers it took years for him to understand to be human was to live, to love, to cry, to laugh and utmost experience of fulfilling one’s life dream which was to look back at the moments of life and have no regrets dying peaceful as a human. Even though Andrew Martin was just a robot his future of being something specular was obviously his fate as he altered himself becoming, enjoying the human experience to its fullness this exposed the true meaning of self-knowledge with knowing his past selves, possible selves, aging and his outlooks toward the future. This is also the conflict we constantly have in life as we have trouble with seeing the our actual selves but yearn for the day of becoming something more sufficient than we see upon life’s mirror, it is very crucial that we accept things that we cannot change but have the willingness and drive to not be afraid to change the things that are changeable which start with loving ourselves as we would love our neighbor. Self-Schema, 2013) Healing Wounds, Love Thy Self as Thy Neighbor Have you ever noticed it is just the norm people to criticize others who are different than them, but if it’s inside there typical safe zone then they figure it not as much as a taboo? Within transforming ourselves we try to fix things that we do not like about ourselves as far as self-image, personality, self-schema but not our own interpretation of how we view the world. The paragraph stated before, but I must reiterate that our knowledge, beliefs, and past experience are stored into our long-term without intervening with our conscious thoughts; but isn’t it our own self-schemas we have about ourselves or others that can cause suffering there nothing less the cognitive constructs within our minds especially when thinking, feeling and behaving in a certain way. Another film that coincides with the known factor of not understanding the unknown, it is the film entitled, â€Å"Powder† where Sean Patrick Flanery portrays a young boy named Powder; who is an albino with a unique powers but as the more attention that receives the more he shakes up the rural community he lives in. (imdb. com, 2013) The looks, the stares and the comments reminds me of how people act when they see someone with deformities or let alone someone who is considered not normal in society. The story holds many different meanings and concepts just as the story of Jesus does when God brought him down to earth to die for our sins to save humanity. Although these too stories are quite different you cannot help but to see how this film and the life of Jesus simply coincide with each other, both being spiritual in nature but still different nonetheless. Powder was born with a gift, his unique talent of telekinesis, odd attraction to electricity, and knowing things about people with simply a touch, shows exactly how different he was from most of the people that were in town. It became a proven fact that he was the center of attention but it was unwanted for people like himself do not want to be mocked, criticized or ridiculed, as the movie progresses we find that although Powder is seen as a person of rare intelligence no one fully understands him. For he views his self-schema or self-image in a negative way, for he sees himself as unattractive, odd and is an individual who is deeply wounded with doubts, regrets and feeling of being unwanted his whole life. How can someone so passionate about life and its surroundings be deeply wounded inside, does his factors of his childhood impact his self-schema as he was told he was different not unique, disfigured not handsome, or even strange but not extraordinary? The day by day taunting of others and the cruelness seemed to take a toll on what Powder thought life would be like from living in a small basement as his only friends where his grandparents and his books, it became obvious that this young, ingenious soul could not cope. Deeply saddened by society and the people in it he chose to leave the world as much as Jesus did but only difference was he (Jesus) left on a cross and Powder upon the electrocution from a thunderstorm. Whether we know it or not the keys to unlocking the age old question to humanity is written deep within our hearts in souls, which it is to love thy neighbor like we love ourselves. If we took a closer look at the people as we go about the our daily hustle and bustle of our lives it seems that we are not truly focused on the importance or purpose of our own life which is to help our fellow man. When we look in the mirror do we see ourselves as a normal person with normal lives and ordinary dreams and goals but does the question ever come up in our minds about who did we have to step over to get on the climb on that ladder of success? Was it the people that we see every day that make an effort to become an impact in ones lives, someone will morals, a upbeat personality along with a sound mind and character? How do we love our neighbors like we love ourselves when we are so consumed by money, power, greed and success? What drives the engine inside us that we could be so cruel, closed-minded and let alone numb to the world. In society there must be something inside us that stops us and reminds us that it is those cognitive constructs within our minds and our self-schema that make it useful to live our daily lives as we are forced to be aware of the important decisions that we choose. This guides us on the right path so in every situation with each person we meet no matter what race, creed, color, orientation or abnormalities to behave the way we should, as we love our neighbor like we love ourselves. The factor of our own desires to have a close connection with our spiritual side interprets who and what we are. The Spiritual Self-Schema, 2003) Spiritual Self-Schema- What Would Jesus Do? Our own interpretation of life is immensely influenced by our culture, religion, environment and overall self-schema is basically how you are impacted by life or society. In a sense we all claim to be the seekers of our own destinies, as we search for our truest, strongest and deepest self we earn our stake to redeem ourselves. Otherwise in this fast-paced society it behooves us to analyze the construction of our patterns of thinking, feeling and behaving which occupies our unique characteristics as individuals. When life brings us misfortune we totally focus vastly on religion because it makes the path smoother which lifts our spirits, although our spiritual self-schema is known as a â€Å"cognitive structure† that can construct and maintain an ultimate experience full of qualities and characteristics that are attributed to it. As these things interconnect with all living things or Supreme Being or a higher power this position propose individuals who solely seek the will of spiritual nature in the total aspect of being compassionate, and peaceful in nature. During the route to spiritual self-scheme we discover our own spiritual path that relieves us from suffering and give us the ability to cope with adversity and the ability to change behaviors that harm ourselves or others. At that swift moment of instability we find courage, inspiration, and enlightenment through our spiritual self-schema as it molds us to become who and what we are; we face another factor in our lives which is our defense mechanisms that we thrive on to hide our true selves from the world concealing the hurt that we’ve experienced along with the pain. Spiritual Self-Schema, 2003) Dealing With Life, I Have a Big Ego Sigmund Freud described a number of ego defenses in his written works; he once said that â€Å"Life is not easy! The ego—the â€Å"I† –sits at the center of some pretty powerful forces: reality; society, as represented by the superego; biological, as represented by the Id. As the conflicting demands of society upon the poor ego seem to be understandable if you are threatened, overwhelmed or have that feeling of anxiety. It is that proof that only explains ego as one thing â€Å"survival† which might cause something else to be in danger. The way we deal with life, conflict and problems totally depends on our ego which engages the defense mechanisms we have on an unconscious level which helps us ward off anxiety and brings peace back to our situation or circumstance. â€Å"The ego, driven by the id, confined by the superego could be disgusted by reality and fights to control the tasks of displaying peace among the forces and influences that might be working in and upon it. Otherwise the ego must admit its weakness in order to break those â€Å"chains of anxiety regarding the outside world, as moral anxiety regarding the superego and neurotic anxiety regarding the strength of the passions in the id. † When our memories of the unconscious along with drives or urges still are existent, they continually apply to the â€Å"powerful influence on behavior, as the forces itself fight to keep painful or socially undesirable thoughts and memoires out of the conscious mind which are known as defense mechanisms. This â€Å"battle between the wish, repressed into the id and the so called defense mechanisms†; although we use defense mechanisms to â€Å"protect ourselves from feelings of anxiety or guilt that arises because an individual might feel vulnerable because our id or superego becomes too demanding, seem like they are not under our conscious control, and are very non-voluntaristic. The â€Å" ego† within our â€Å"unconscious will use several different methods to protect us when we come up against the stressors in our lives. † If we know or not our â€Å"ego-defense mechanisms that are natural and normal but soon as they get out of hand our neuroses develop for example anxiety states, phobias, obsessions or hysteria. †