Smart Cards

Introduction:

"Key to the global village", that is how the Smart Card has been described. Smart Cards will bring big changes to the way people provide and receive information and the way they spend money. They will have a profound impact on retailing and service delivery.

A Smart Card is like an "electronic wallet". It is a standard credit card-sized plastic intelligent token within which a microchip has been embedded within its body and which makes it 'smart'. It provides not only memory capacity, but computational capability as well and thus the chip is capable of processing data. It has gold contacts that allow other devices to communicate with it. This chip holds a variety of information, from stored (monetary) value used for retail and vending machines to secure information and applications for higher-end operations such as medical/healthcare records. New information and applications can be added depending on the chip capabilities. Smart Cards can store several hundred times more data than a conventional card with a magnetic stripe and can be programmed to reveal only the relevant information. For example, it could tell a device in a store that there is sufficient balance in an account to pay for a transaction without revealing the balance amount. The marriage between a convenient plastic card and a microprocessor allows information to be stored, accessed and processed either online or offline. Therefore, unlike the read-only plastic card, the processing power of Smart Cards gives them the versatility needed to make payments, to configure your cell phones, TVs and video players and to connect to your computers via telephone, satellite or the Internet anytime, anywhere in the world.

History:

The technology has its historical origin in the seventies when inventors in Germany, Japan, and France filed the original patents. While inventors in the U.S., Japan and Austria, were issued patents, it was the French who put up big money to push the technology. They did this in the 1970's, during a period of major national investment in modernizing the nation's technology infrastructure. Due to several factors most work on Smart Cards was at the research and development level until the mid eighties. Since then, the industry has been growing at tremendous rate is shipping more than one billion (1,000,000,000) cards per year (since 1998). The current world population of Smart Cards of some 1.7 billion is set to increase to 4 billion or more cards within the next 3-4 years.

Construction:

The main storage area in such cards is normally EEPROM (Electrically Erasable Programmable Read-Only Memory), which can have its content updated, and which retains current contents when external power is removed. Newer Smart Card chips, sometimes, also have math co-processors integrated into the microprocessor chip, which is able to perform quite complex encryption routines relatively quickly. The chip connection is either via direct physical contact or remotely via a contact less electromagnetic interface.

Its chip therefore characterizes a Smart Card uniquely; with its ability to store much more data (currently up to about 32,000 bytes) than is held on a magnetic stripe, all within an extremely secure environment. Data residing in the chip can be protected against external inspection or alteration, so effectively that the vital secret keys of the cryptographic systems used to protect the integrity and privacy of card-related communications can be held safely against all but the most sophisticated forms of attack.

The functional architecture of a GSM system can be broadly divided into the Mobile Station, the Base Station Subsystem, and the Network Subsystem. Each subsystem is comprised of functional entities that communicate through the various interfaces using specified protocols. The subscriber carries the mobile station; the base station subsystem controls the radio link with the Mobile Station. The network subsystem, the main part of which is the Mobile services Switching Center, performs the switching of calls between the mobile and other fixed or mobile network users, as well as management of mobile services, such as authentication.

Fig 1: Smart Card Construction.

Today, there are basically three categories of Smart Cards –

A microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk. Microprocessor chips are available 8, 16, and 32 bit architectures. Their data storage capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected with semiconductor technology advances.

1. Integrated Circuit (IC) Microprocessor Cards –

    

   

   Fig 3: An Integrated Circuit used in Smart Cards.

   Microprocessor cards (generally referred to as "chip cards") offer greater memory storage and security of data than a traditional magnetic stripe card. Their chips may also be called as microprocessors with internal memory which, in addition to memory, embody a processor controlled by a card operating system, with the ability to process data onboard, as well as carrying small programs capable of local execution. The microprocessor card can add, delete, and otherwise manipulate information on the card, while a memory-chip card (for example, pre-paid phone cards) can only undertake a pre-defined operation. The current generation of chip cards has an eight-bit processor, 32KB read-only memory, and 512 bytes of random-access memory. This gives them the equivalent processing power of the original IBM-XT computer, albeit with slightly less memory capacity.

   Uses:

   These cards are used for a variety of applications, especially those that have cryptography built in, which requires manipulation of large numbers. Very often the data processing power is used to encrypt/decrypt data, which makes this type of card very unique person identification token. Data processing permits also the dynamic storage management, which enables realization of flexible multifunctional card. Thus, chip cards have been the main platform for cards that hold a secure digital identity. Hence they are capable of offering advanced security mechanism, local data processing, complex calculation and other interactive processes. Most stored-value cards integrated with identification, security and information purposes are processor cards.

   Some examples of these cards are –

   • Cards that hold money ("stored value cards")

   • Card that hold money equivalents (for example, "affinity cards”)

   • Cards that provide secure access to a network

   • Cards that secure cellular phones from fraud

   • Cards that allow set-top boxes on televisions to remain secure from piracy

    

2. Integrated Circuit (IC) Memory Cards – Memory cards can just store data and have no data processing capabilities. These have a memory chip with non-programmable logic, with storage space for data, and with a reasonable level of built-in security. IC memory cards can hold up to 1 – 4 KB of data, but have no processor on the card with which to manipulate that data. They are less expensive than micprocessor cards but with a corresponding decrease in data management security. They depend on the security of the card reader for processing and are ideal when security requirements permit use of cards with low to medium security and for uses where the card performs a fixed operation.

   There is also a special type memory cards called the Wired Logic (or Intelligent Memory) cards, which contain also some built-in logic, usually used to control the access to the memory of the card.

   Uses:

   Memory cards represent the bulk of the Smart Cards sold primarily for pre-paid, disposable-card applications like pre-paid phone cards. These are popular as high-security alternatives to magnetic stripe cards.

    

3. Optical Memory Cards – Optical memory cards look like a card with a piece of a CD glued on top - which is basically what they are. Optical memory cards can store up to 4 MB of data. But once written, the data cannot be changed or removed.

   Uses:

   Thus, this type of card is ideal for record keeping - for example medical files, driving records, or travel histories.

Fundamentals of Card Operation:

Today's Smart Cards need electrical power from outside, plus a way for data to be read from, and sometimes to be transmitted to, the chip. They interact with an "accepting device", usually known as a card reader, which exchanges data with the card and usually involves the electronic transfer of money or personal information. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader.

There are two general categories of Smart Cards: Contact and Contactless Smart Cards.

Fig 2: Contact Smart Card.

The contact Smart Card has a set of gold- plated electrical contacts embedded in the surface of the plastic on one side. It is operated by inserting the card (in the correct orientation) into a slot in a card reader, which has electrical contacts that connect to the contacts on the card face thus establishing a direct connection to a conductive micromodule on the surface of the card. This card has a contact plate on the face, which is a small gold chip about 1/2” in diameter on the front, instead of a magnetic stripe on the back like a “credit card”. When the card is inserted into a Smart Card reader, it makes contact with an electrical connector for reads and writes to and from the chip It is via these physical contact points, that transmission of commands, data, and card status takes place.

Such a card is traditionally used at the retail point of sale or in the banking environment or as the GSM SIM card in the mobile 'phone.

Fig 3: Contactless Smart Card

(This diagram shows the top and bottom card layers which sandwich the antenna/chip module.)

A contactless Smart Card looks just like a plastic “credit card” with a computer chip and an antenna coil embedded within the card. This antenna allows it to communicate with an external antenna at the transaction point to transfer information. The antenna is typically 3 - 5 turns of very thin wire (or conductive ink), connected to the contactless chip. This aerial coil of the antenna is laminated into the card and allows communication even whilst the card is retained within a wallet or handbag. The same activation method applies to watches, pendants, baggage tags and buttons. Thus no electrical contactsa are needed and it is therefore called as "contactless".

Such Smart Cards are used when transactions must be processed quickly, as in mass-transit toll collection or wherever the cardholder is in motion at the moment of the transaction. Close proximity, typically two to three inches for non-battery powered cards (i.e. an air-gap of up to 10cms) is required for such transactions, which can decrease transaction time while increasing convenience as both the reader and the card have antenna and it is via this contactless link that the two communicate. Most contactless cards also derive the internal chip power source from this electromagnetic signal. Radio frequency technology is used to transmit power from the reader to the card.

Two new categories, derived from the contact and contactless cards are combi cards and hybrid cards.

A hybrid Smart Card has two chips, each with its respective contact and contactless interface. The two chips are not connected, but for many applications, this Hybrid serves the needs of consumers and card issuers.

Fig 4: CombiCard

(This shows both the contact and contactless elements of the card.)

The combi card (also known as the dual-interface card) is a card with both contact and contactless interfaces. With such a card, it becomes possible to access the same chip via a contact or contactless interface, with a very high level of security. It may incorporate two non-communicating chips - one for each interface - but preferably has a single, dual-interface chip providing the many advantages of a single e-purse, single operating architecture, etc. The mass transportation and banking industries are expected to be the first to take advantage of this technology.

Advantages:

• Some advantages of the Smart Card:

• Proven to be more reliable than the magnetic stripe card.

• Can store up to thousands of times of the information than the magnetic stripe card.

• Reduces tampering and counterfeiting through high security mechanisms such as advanced encryption and biometrics.

• Can be disposable or reusable.

• Performs multiple functions.

• Has wide range of applications (e.g., banking, transportation, healthcare...)

• Compatible with portable electronics (e.g., PCs, telephones...)

• Evolves rapidly applying semi-conductor technology

• Smart Cards can hold a large amount of personal information, from medical/health history to personal banking and personal preferences

• They can carry all necessary functions and information on the card. Therefore, they do not require access to remote databases at the time of the transaction unlike magnetic stripe cards

Smart Card Applications:

"At least these Smart Cards gives you something to read whilst you're waiting 2 hours for the next bus."

The self-containment of Smart Card makes it resistant to attack, as it does not need to depend upon potentially vulnerable external resources. Because of the security and data storage features, Smart Cards are rapidly being embraced as the consumer token of choice in many areas of the public sector and commercial worlds and are often used in different applications, which require strong security protection and authentication. Many of the applications of Smart Cards require sensitive data to be stored in the card, such as biometrics information of the card owner, personal medical history, and cryptographic keys for authentication, etc.

Smart Cards are being deployed in most sectors of the public and private marketplaces. Here are some popular application areas where Smart Cards are being used in today’s world:

• Loyalty

• Financial

• Information Technology

• Government

• Healthcare

• Telephony

• Mass Transit

• Identification on Internet

Some of the major applications of the Smart Cards, as seen around the world, are:

• There are over 300,000,000 GSM mobile telephones with Smart Cards, which contain the mobile phone security and subscription information. The handset is personalized to the individual by inserting the card, which contains its phone number on the network, billing information, and frequently call numbers.

• Various countries with national health care programs have deployed Smart Card systems. The largest is the German solution which deployed over 80,000,000 cards to every person in Germany and Austria.

• There are over 100 countries worldwide who have reduced or eliminated coins from the pay phone system by issuing Smart Cards. Germany, France, UK, Brazil, Mexico, and China have major programs.

• Almost every small dish TV satellite receiver uses a Smart Card as its removable security element and subscription information.

• They are used as a credit/debit bankcard, which allows them for off-line transactions and store the credit and debit functions of financial institutions.

• They can be used in retail loyalty schemes and corporate staff systems.

• Other applications for Smart Cards include computer/internet user authentication and non-repudiation, retailer loyalty programs, physical access, resort cards, mass transit, mass transit ticketing schemes, electronic toll, product tracking, national ID, drivers license, pass ports, and the list goes on.

Telephony:

Smart Cards are found in many applications where coin operated machines have suffered from the increased costs and loss of service from vandalism, coin collection, and low reliability. Single-function cards are being used for payphone telephony and digital mobile telephony. They are already being used as a replacement for cash at:

• Toll booths.
• Pay Phones.
• Parking lots.
• Gas stations.
• Vending machines.
• Arcade games and other such areas where coins are used.

Streamlining Healthcare Services:

In healthcare, Smart Cards may be used as Medical Cards as Health Insurance Card or Medical File Access Card. This has the following advantages -

• Reduces routine paperwork.
• Eliminates errors and fraud.
• Speeds up payment and claim processes.
• Inexpensive equipment setup.
• Patient controls doctors’ access to information.
• Patient’s medical history and data can be stored and becomes readily available using a card reader.
• Pharmacist has access to prescription information only.
• Allows automatic check for medication incompatibility.

Automating Transportation Services:

With billions of transport transactions occurring each day, Smart Cards have easily found a place in this rapidly growing market. A few of the numerous examples of Smart Cards in transportation are:

• Mass Transit Ticketing - Using contactless Smart Cards allows a passenger to ride several buses and trains during his daily commute to work while not having to worry about complex fare structures or carrying change.
• Urban Parking - You don’t need to carry the correct change anymore... just a prepaid contact Smart Card.
• Electronic Toll Collection - As you drive through the toll gate of a bridge, a Smart Card, inserted into an RF transponder within your car, electronically pays the toll; without you ever stopping!
• Airline Application - Your frequent flyer miles are added onto your airline Smart Card as your ticket is removed from it at the gate, eliminating paperwork!

Internet:

The role of the Internet has developed to include the support of electronic commerce. It was designed for the free exchange of information, and as such, it is a rich supply of academic, product and service information. But how does an Internet shopper go from looking at the product to actually buying it? The Smart Card is the ideal support for payment over the Internet, whether in cash or as credit. However, the Internet shopper needs to connect his smart payment card to his computer and through the computer to the Internet. Smart Card readers are inexpensive, low-power devices which can be easily added to existing computers. The additional cost of building them into future computers or peripherals is extremely low.

The Internet is focusing the need for online identification and authentication between parties who cannot otherwise know or trust each other, and Smart Cards are believed to be the most efficient way of enabling the new world of e-trade. Smart Cards can act as an identification card, which is used to prove the identity of the cardholder.

Besides using Smart Cards for payment over the Internet, the possibilities are endless like carrying your favorite addresses from your own personal computer to your friend’s Network Computer and downloading your airline ticket and boarding passes, telepayments of the goods purchased online and such others.

The Future:

The important thing about Smart Cards is that they are everyday objects that people can carry in their pockets, yet they have the capacity to retain and protect critical information stored in electronic form. The “smartness” of Smart Cards comes from the integrated circuit embedded in the plastic card. Embedding similar circuits in other everyday objects, such as key rings, watches, glasses, rings or earrings, could perform the same electronic function. The development of contactless card technology was the catalyst for what is known as tags. Tags function like contactless Smart Cards but are in the form of a coin, a ring or even a baggage label. They are generally attached to objects such as gas bottles, cars or animals and can hold and protect information concerning that object. This allows the object to be managed by an information system without any manual data handling. The use of Biometrics will soon mean that his/her hand, fingerprint and the retina of the eye or the sound of the voice can reliably identify a person. Soon it will be possible to authorize the use of electronic information in Smart Cards by using a spoken word or the touch of a hand.

Also, Smart Card readers will be appearing on the PC and will enable the user to pay for goods purchased over the Internet. This will be especially useful for small value purchases, which are not really appropriate for credit card transactions. If you have products that have relatively low value - for example a few pages of information about your product that customers may pay 50c for - they may well pay you in the future using a Smart Card.

As a smart infrastructure for mobile computing, Smart Card technologies will prove to be the killer application for the networked economy. The Smart Card will be "charged up" with money and you will use it as you do cash or a phone card. In the near future, the traditional magnetic strip card will be replaced and integrated together into a single card by using the multi-application Smart Card, which is known as an electronic purse or wallet in the Smart Card industry. It will be used to carry a lot of sensitive and critical data about the consumers ever more than before when compared with the magnetic strip card.

Smart Cards are a relatively new technology that already affects the everyday lives of millions of people.

This is just the beginning; soon it will influence the way we shop, see the doctor, use the telephone and even enjoy leisure!!!