Smartcard
|
Carte_vitale_anonyme.jpg
A smart card, or integrated circuit(s) card (ICC), is defined as any integrated circuitry embedded into a flat, plastic body. Although there are a diverse range of applications, there are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain memory and microprocessor components.
The standard perception of a "smart card" is a microprocessor card of credit-card shaped dimensions (or less, e.g. the GSM SIM card) with various tamper-resistant properties (e.g. a secure cryptoprocessor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).
Contents |
History
Smart cards were invented and patented in France by Roland Moreno in the 1970s. Their first mass usage was payment in the French payphones starting from 1983 (Télécarte). The second one was the integration of a microchip into all French debit cards (Carte Bleue).
Contact smartcard
The ISO/IEC 7816 series of standards define:
- the physical shape of the smart card
- the positions and shapes of its electrical connectors
- the communications protocols and power voltages to be applied to those connectors
- the functionality
- the format of the commands sent to the card and the response returned by the card
The cards do not contain a battery; power is supplied by the card reader.
In a contact-type smart card, the chip can be recognised by an area of gold-plated contacts about 1 cm² close to the short side of the card. Normally the contact communication is relatively slow (9.6-115.2 kbit/s). There is currently a trend towards implementing USB 1 on these contacts (up to 10 Mbit/s), but there is not yet a final standard.
ISO 7816:5 defines numbering for ISO 7816 smart cards. An application identifier (AID) consists of an Registered Application Provider Identifier (RID), identifying the vendor, then a Proprietary Application Identifier Extension (PIX), identifying the application offered by the vendor. A RID can be either assigned by the ISO/IEC 7816-5 Registration Authority (TDC Services A/S), or be an ISO 7812 IIN followed by the FF hexadecimal.
Contactless smartcard
OctopusFrontNew.jpg
A second type is the non-contact type called contactless smart card, where the chip communicates with the card reader through wireless self-powered induction technology (106-848 kbit/s).
The standards for the contactless protocol for smart cards are ISO/IEC 14443 (type A and B) from the year 2001, which allows communication distances up to 10 cm. There have been proposals for ISO 14443 type C, D, E and F that have yet to be accepted by the ISO standards committee. An alternative standard for contactless smartcard is ISO 15693, which allows communication distances up to 50 cm.
An example of a widely used contactless smartcard is Hong Kong's Octopus card, which predates the ISO/IEC 14443 standard. For use on public transportation, Malaysia introduced the Touch 'n Go smartcard in 1997, Paris introduced the Calypso card (http://www.calypsonet-asso.org) in October 2001, JR East introduced the Suica Card for the Tokyo area in November 2001, and London introduced the Oyster card in January 2004. In 2002, the Chicago Transit Authority introduced the Chicago Card (http://www.chicago-card.com). Taipei also has smartcard system called EasyCard from Taipei Smart Card Corporation (http://www.tscc.com.tw). Boston plans to introduce the Charlie Card in 2006.
A related contactless technology is RFID (radio frequency identification) that in certain cases can be used for similar applications to contactless smartcard such as for electronic toll collection. RFID generally do not include writeable memory or microcontroller processing capability as contactless smartcard do.
There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Malaysia's multi application smartcard identification called MyKad that uses both contact Proton and contactless Mifare (ISO 14443A) chips.
Applications
The applications of smartcards include their use as credit or ATM cards, SIMs for mobile phones, authorization cards for pay television, high security identification and access control cards, public transport tickets, etc.
Smart cards may also be used as electronic wallets. The smart card chip can be loaded with electronic money, which can be used to pay parking meters, vending machines, and merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. Examples for this are Proton, GeldKarte, Moneo and Quick.
A large growing application is smart ID cards. In this application the cards are used for authentication of identity. Examples include the US Department of Defense Common Access Card (CAC), and their use by many governments as ID cards for their citizens. When combined with biometrics smartcards can provide two or three factor authentication. Smart cards are a privacy enhancing technology and when used in conjunction with appropriate security and privacy policies can form a highly effective identity authentication technology.
Smartcards have been advertised as suitable for these tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card normally implements some cryptographic algorithm. Information about the inner workings of this algorithm can be obtained if the precise time and electrical current required for certain encryption or decryption operations is measured. A number of research projects have now demonstrated the feasibility of this line of attack. Counter measures have been proposed.
Another problem of smart cards may be the failure rate. The plastic card in which the chip is embedded is fairly flexible, and first time users are insufficiently careful with their card. Smart cards are often carried in wallets or pockets, which is a fairly harsh environment for a chip. However, for large banking systems, the failure management cost is more than compensated by the fraud cost reduction.
See also
External links
- Introduction to Smart Cards (http://sumitdhar.blogspot.com/2004/11/introduction-to-smart-cards.html)
- Smart Card Alliance. (http://www.smartcardalliance.org/)
Patents
- Template:US patent -- Methods of data storage and data storage systems
- Template:US patent -- Data-transfer system
- Template:US patent -- Systems for storing and transferring data
- Template:US patent -- Systems for storing and transferring data
More information, research, and news on smart cards
- Secure ID News (http://www.secureidnews.com)
- Contactless News (http://www.contactlessnews.com)
Smart card manufacturers
- Ask (http://www.ask.fr)
- Axalto (http://www.axalto.com)
- Gemplus (http://www.gemplus.com)
- Giesecke & Devrient (http://www.gi-de.com)
- IBM (http://www.zurich.ibm.com/csc/infosec/smartcard.html)
- ID TECH (http://www.id-tech.net)
- I'M Technologies (http://www.imcorporation.com)
- InSeal Contactless (http://www.inseal.com)
- MaskTech (http://www.masktech.de)
- Oberthur Card Systems (http://www.oberthurcs.com/)
- ORGA Kartensysteme (http://www.orga.com/)
- Setec (http://www.setec.com)
- Siemens (http://www.siemens.com/index.jsp)
- Smart Card Integrators (http://www.sci-s.com)
- Telesec (http://www.telesec.de)
- CircleSmartCard (http://www.circlesmartcard.com)
- Zetes (http://www.zetes.com/cards)
- PRISM (http://www.prism.co.za)
Smart card chip manufacturers
- Atmel (http://www.atmel.com)
- Infineon (http://www.infineon.com/security)
- Philips/Mifare (http://www.semiconductors.philips.com)
- Renesas (http://www.renesas.com/)
- STMicroelectonics (http://www.st.com/stonline/products/families/smartcard/index.htm)
- Inside Contactless (http://www.insidefr.com/) (Dedicated to contactless smart cards)
Smart card applications
- Smart Cards in Healthcare (http://www.medicardonline.com)
- Pc/Sc Specifications (http://www.pcscworkgroup.com)de:Chipkarte