ABOUT SMART CARDS

Defined at its highest level, a smart card is a credit-card sized plastic card with an embedded computer chip. The chip can either be a microprocessor with internal memory or a memory chip with non-programmable logic. The chip connection is either via direct physical contact or remotely via a contact less electromagnetic interface.

History

The technology has its historical origin in the seventies when inventors in Germany, Japan, and France filed the original patents. Due to several factors, not least of which was the immaturity of the semiconductor technology, most work on smart cards was at the research and development level until the mid eighties. Major rollouts such as the French National Visa Debit Card and France Telecom provided the industry with high volume opportunities. Since then, the industry has been growing at tremendous rate is shipping more than one billion (1,000,000,000) cards per year (since 1998).

Technology

There are two general categories of smart cards: contact and contactless smart cards. A contact smart card requires insertion into a smart card reader with a direct connection to a conductive micromodule on the surface of the card (typically gold plated). It is via these physical contact points, that transmission of commands, data, and card status takes place.

A contactless card requires only close proximity to a reader. Both the reader and the card have antenna and it is via this contactless link that the two communicate. Most contactless cards also derive the internal chip power source from this electromagnetic signal. The range is typically two to three inches for non-battery powered cards, and this is ideal for applications such as mass transit which require very fast card interface.

Two additional categories, derived from the contact and contactless cards are Combi cards and Hybrid cards. A Hybrid card has two chips, each with its respective contact and contactless interface. The two chips are not connected, but for many applications, this Hybrid serves the needs of consumers and card issuers. Just emerging is the Combi card which in a single chip card with a contact and contactless interface. With Combi cards, it is now possible to access the same chip via a contact or contactless interface, with a very high level of security. The mass transportation and banking industries are expected to be the first to take advantage of this technology.
The chips used in all of these cards fall into two categories as well: microprocessor chips and memory chips. A memory chip can be viewed as small floppy disks with optional security. Memory cards can hold from 103 bits to 16,000 bits of data. They are less expensive than micprocessor cards but with a corresponding decrease in data management security. They depend on the security of the card reader for their processing and are ideal when security requirements permit use of cards with low to medium security.

A microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk. Microprocessor chips are available 8, 16, and 32 bit architectures. Their data storage capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected with semiconductor technology advances.

Applications

The list of potential applications for smart card technology would be too long for this primer. Instead, listed below are some of the major applications seen around the world.

There are over 300,000,000 GSM mobile telephones with smart cards which contain the mobile phone security and subscription information. The handset is personalized to the individual by inserting the card which contains its phone number on the network, billing information, and frequently call numbers.

Almost every small dish TV satellite receiver uses a smart card as its removable security element and subscription information. There are over 4 million in the US alone between DirectTV, USSB and Echo Star. There are millions more in Europe and Asia.

The Financial industry has been quick to adopt smart card technology in various countries around the world. Every French Visa Debit card (over 25,000,000) has a chip in it. In Germany, about 40,000,000 banking cards have been issued. EuroPay, MasterCard, and Visa all have smart card programs for their bank members. In the Portugal and Singapore, the national banking networks have launched electronic purse projects.

Various countries with national health care programs have deployed smart card systems. The largest is the German solution which deployed over 80,000,000 cards to every person in Germany and Austria.

There are over 100 countries world wide that have reduced or eliminated coins from the pay phone system by issuing smart cards. Germany, France, UK, Brazil, Mexico, and China have major programs.

Other applications for smart cards include computer/internet user authentication and non-repudiation, retailer loyalty programs, physical access, resort cards, mass transit, electronic toll, product tracking, national ID, drivers license, pass ports, and the list goes on.

Smart Card Faq's
-----------------------------------------------------------------------------------------------

Smart Card Evolution
What is a Smart Card?
So what is a Microprocessor Smart Card?
How many people use Smart Cards?
What exactly does a smart card look like?
What are the components of a Micromodule?
What exactly does a smart card look like?
How much data can a smart card store?
How is data read from a smart card?
What is the COS?
What about ‘error correction’?
How much would a smart card cost?
What is the life of a smart card?
How is a smart card better than a regular magnetic stripe card?
Do smart cards meet ISO Standards?
So where exactly are smart cards being used?
Applications Areas
Applications in the U.S.
Applications in India:
Why should your organization consider using smart cards?
What are the advantages of Smart Card technology?
So what are the barriers to acceptance of smart cards?



Smart Card Evolution

Interest in smart card technology has soared in the 1990’s, and by the year 2000 the number and variety of smart card-based applications will explode around the world The driving factors of the growing interest in smart cards include the declining cost of smart cards and the growing concern that magnetic stripe cards can not provide the protections necessary to thwart fraud and security breaches. This security issue alone may propel smart card technology to the forefront of business transactions.


What is a Smart Card?

The term Smart Card is loosely used to describe any card with a capability to relate information to a particular application such as magnetic stripe, optical, memory, and microprocessor cards. It is more precise, however to refer to memory and microprocessor cards as smart cards.

· A magnetic stripe card (such as a credit card) has a strip of magnetic tape   material attached to its surface. This is the standard technology used for bank   cards.
· Optical cards are bank card-size, plastic cards that use some form of laser to   write and read the card.
· Memory cards can store a variety of data, including financial, personal, and   specialized information; but cannot process information.
· Smart cards with a microprocessor look like standard plastic cards, but are   equipped with an embedded Integrated Circuit (IC) chip. Microprocessor cards   can store information, carry out local processing on the data stored, and perform   complex calculations. These cards take the form of either "contact" cards which   require a card reader or "contact less" cards which use radio frequency signals to   operate.

So what is a Microprocessor Smart Card?

No bigger than a credit card, this smart card contains a dime-sized microchip that can process and store thousands of bits of electronic data. Unlike passive devices (such as a memory card or magnetic stripe card) that can only store information, the smart card is active and able to process data in reacting to a given situation. This capability to record and modify information in its own non-volatile, physically protected memory makes the smart card a powerful and practical tool. Smart cards are small and portable; they can interact with computers and other automated systems; and the data they carry can be updated instantaneously.

How many people use Smart Cards?

Today, smart cards are used by millions of cardholders worldwide and are at work in more than 90 countries, primarily in Europe and the Far East, processing point-of-sale transactions, managing records, and protecting computers and secure facilities.


TOP

What exactly does a smart card look like?

Smart cards are credit card-sized, often made of flexible plastic (polyvinyl chloride or PVC), and are embedded with a micromodule containing a single silicon integrated circuit chip with memory and microprocessor. The micromodule has eight metallic pads on its surface, each designed to international standards for VCC (power supply voltage), RST (used to reset the microprocessor of the smart card), CLK (clock signal), GND (ground), VPP (programming or write voltage), and I/O (serial input/output line). Two pads are reserved for future use (RFU). Only the I/O and GND contacts are mandatory on a card to meet international standards; the others are optional.

What are the components of a Micromodule?

The micromodule on board the smart card is made up of certain key components that allow it to execute instructions supporting the card’s functionality. Click each component in the diagram for an explanation.

The Microprocessor Unit (MPU) executes programmed instructions. Typically, older version smart cards are based on relatively slow, 8-bit embedded microcontrollers. The trend during the 1990s has been toward using customized controllers with a 32-bit Reduced Instruction Set Computing (RISC) processor running at 25 to 32 MHz.

The I/O Controller manages the flow of data between the Card Acceptance Device (CAD) and the microprocessor.

Read Only Memory (ROM) or Program Memory is where the instructions are permanently burned into memory by the silicon manufacturer. These instructions (such as when the power supply is activated and the program that manages the password) are the fundamentals of the Chip Operating System (COS) or, as often called, the “Mask.”

Random Access Memory (RAM) or Working Memory serves as a temporary storage of results from calculations or input/output communications. RAM is a volatile memory and loses information immediately when the power supply is switched off.

Application Memory, which today is almost always double E-PROM (Electrically Erasable Programmable Read-Only Memory) can be erased electronically and rewritten. By international standards, this memory should retain data for up to 10 years without electrical power and should support at least 10,000 read-write actions during the life of the card. Application memory is used by an executing application to store information on the card.


TOP

How much data can a smart card store?

EEPROM: 8K – 128K bit. (Note that in smart card terminology, 1K means one thousand bits, not one thousand 8-bit characters. One thousand bits will normally store 128 characters, the rough equivalent of one sentence of text. However, with modern data compression techniques, the amount of data stored on the smart card can be significantly expanded beyond this base data translation.)

How is data read from a smart card?

When a smart card is inserted into a Card Acceptance Device or CAD (such as a point-of-sale terminal), the metallic pads come into contact with the CAD’s corresponding metallic pins, thereby allowing the card and CAD to communicate. Smart cards are always reset when they are inserted into a CAD. This action causes the smart card to respond by sending an “Answer-to-Reset “ message, which informs the CAD, what rules govern communication with the card and the processing of a transaction.

What is the COS?

The smart card’s Chip Operating System (frequently referred to simply as COS; and sometimes referred to as the Mask) is a sequence of instructions, permanently embedded in the ROM of the smart card. Like the familiar PC DOS or Windows Operating System, COS instructions are not dependent on any particular application, but are frequently used by most applications.

Chip Operating Systems are divided into two families:

· The general purpose COS which features a generic command set in which the   various sequences cover most applications, and
· The dedicated COS with commands designed for specific applications and which   can even contain the application itself. An example of a dedicated COS would be   a card designed to specifically support an electronic purse application.

What are the various functions of COS?

The baseline functions of the COS which are common across all smart card products include:
· Management of interchanges between the card and the outside world, primarily in   terms of the interchange protocol.
· Management of the files and data held in memory.
· Access control to information and functions (for example, select file, read, write,   and update data).
· Management of card security and the cryptographic algorithm procedures.
· Maintaining reliability, particularly in terms of data consistency, sequence   interrupts, and recovering from an error.
· Management of various phases of the card's life cycle (that is, microchip   fabrication, personalization, active life, and end of life).

Current Chip Operating Systems (COS) perform their own error checking. The terminal operating system must check the two-byte status codes returned by the COS (as defined by both ISO 7816 Part 4 and the proprietary commands) after the command issued by the terminal to the card. The terminal then takes any
necessary corrective action.


TOP

What about ‘error correction’?


Current Chip Operating Systems (COS) perform their own error checking. The terminal operating system must check the two-byte status codes returned by the COS (as defined by both ISO 7816 Part 4 and the proprietary commands) after the command issued by the terminal to the card. The terminal then takes any necessary corrective action.

How much would a smart card cost?

Typical costs range from $2.00 to $5.00. Per card cost increases with chips providing higher capacity and more complex capabilities; per card cost decreases as higher volume of cards are ordered.

What is the life of a smart card?


Vendors guarantee 100’000 read/write cycles. Cards claiming to meet International Standards Organization (ISO) specifications must achieve set test results covering drop, flexing, abrasion, concentrated load, temperature, humidity, static electricity, chemical attack, ultra-violet, X-ray, and magnetic field tests.


TOP

How is a smart card better than a regular magnetic stripe card?
Storage Capacity:
EEPROM: 8K – 512K bit. (Note that in smart card terminology, 1K means one thousand bits, not one thousand 8-bit characters. One thousand bits will normally store 128 characters, the rough equivalent of one sentence of text. However, with modern data compression techniques, the amount of data stored on the smart card can be significantly expanded beyond this base data translation.)

Ease of Use:
Smart cards are user-friendly for easy interface with the intended application; handled like the familiar magnetic stripe bank card.

Susceptibility:
Susceptible to chip damage from physical abuse, but more difficult to disrupt or damage than the magneticstripecard.

Security
Smart cards are highly secure. Information stored on the chip is difficult to duplicate or disrupt, unlike the outside storage used on magnetic stripe cards that can be easily copied. Chip microprocessor and Co-processor supports DES, 3-DES, RSA or ECC standards for encryption, authentication, and digital signature for non-repudiation.

First Time Read Rate

ISO 7816 limits contact cards to 9600 baud transmission rate; some Chip Operating Systems do allow a change in the baud rate after chip power up; a well designed application can often complete a card transaction in one or two seconds.

Speed of Recognition
Smart cards are fast. Speed is only limited by the current ISO Input/Output speed standards.

Proprietary Features
These include Chip Operating System andSystem Development Kits.

Processing Power
Older version cards use an 8-bit micro-controller clockable up to 16 MHz with or without co-processor for high-speed encryption. Current trend is toward customized controllers with a 32-bit RISC processor running at 25 to 32 MHz.

Power Source
Mostly 5 volt DC power source.

Support Equipment Required
For most host-based operations, only a simple Card Acceptance Device (that is, a card reader/writer terminal) with an asynchronous clock, a serial interface, and a 5-volt power source is required. For low volume orders, the per unit cost of such terminals runs between $100 and $250, the cost decreasing significantly with higher volumes. More costly Card Acceptance Devices are hand-held, battery-operated terminals and EFT/POS desktop terminals.


TOP

Do smart cards meet ISO Standards?

ISO 7816 Standards
Standards are key to ensuring interoperability and compatibility in an environment of multiple card and terminal vendors. Integrated circuit card standards have been underway since the early 1980’s on both national and international levels. Basic worldwide standards for smart cards have been and continue to be established by the International Organization for Standardization, which has representation from over 70 nations. The ISO 7816 series is the international standard for integrated circuit cards.

COS Standards
Although smart cards conform to a set of international standards, there is currently no standard Chip Operating System, or anything as common as Microsoft’s Windows, or UNIX. Each smart card vendor provides the market with a distinct product. The key discriminator among smart card products is the proprietary operating system each offers to the customer.

So where exactly are smart cards being used?

The first chip cards were simple prepaid telephone cards implemented in Europe in the mid-1980s, using memory cards. Today, the major active application areas for microprocessor-based smart cards include: financial, communications, government programs, information security, physical access security, transportation, retail and loyalty, health care, and university identification. These are intersecting areas in that the smart card may carry applications from more than one area (for example, combining information and physical security access, or financial and retail/loyalty).


TOP

Applications Areas

Shown below are examples of smart card applications. Click each application for an explanation.

Financial Applications
· Electronic Purse to replace coins for small purchases in vending machines and   over-the-counter transactions.
· Credit and/or Debit Accounts, replicating what is currently on the magnetic stripe   bank card, but in a more secure environment.
· Securing payment across the Internet as part of Electronic Commerce.

Communications Applications
· The secure initiation of calls and identification of caller (for billing purposes) on   any Global System for Mobile Communications (GSM) phone.
· Subscriber activation of programming on Pay-TV.

Government Programs
· Electronic Benefits Transfer using smart cards to carry Food Stamp and WIC food   benefits in lieu of paper coupons and vouchers.
· Agricultural producer smart marketing card to track quotas.

Information Security
· Employee access card with secured passwords and the potential to employ   biometrics to protect access to computer systems.

Physical Access
· Employee access card with secured ID and the potential to employ biometrics to   protect physical access to facilities.

Transportation
· Drivers Licenses.
· Mass Transit Fare Collection Systems.
· Electronic Toll Collection Systems. Retail and Loyalty
· Consumer reward/redemption tracking on a smart loyalty card, that is marketed   to specific consumer profiles and linked to one or more specific retailers serving   that profile set.

Retail and Loyalty
· Consumer reward/redemption tracking on a smart loyalty card, that is marketed   to specific consumer profiles and linked to one or more specific retailers serving   that profile set.

Health Card
· Consumer health card containing insurance eligibility and emergency medical   data.

University Identification
· All-purpose student ID card, containing a variety of applications such as   electronic purse (for vending and laundry machines), library card, and meal card.


TOP

Applications in the U.S.

Because of the significant investment in an extensive magnetic stripe-based infrastructure, and the availability of reliable and low cost on-line telecommunication services, the U.S. has thus far represented a limited smart card market. Smart card projects implemented in the U.S. have been primarily closed systems deployed on military bases, universities, and corporate campuses. The exception to this has been the movement by the Federal Government to use smart cards in Electronic Benefits Transfers for food stamps and other similar social programs nationwide.
The Federal Government’s ultimate goal is to adopt a limited number of multi-application smart cards that will support a wide range of Government-wide and agency-specific services. It is envisioned that eventually every Federal employee will carry smart cards that can be used for multiple purposes such as identification, building access, network access, property accountability, travel, and other administrative and financial functions.

This completes Smart Card Technology, an on-line multimedia presentation, presented by the General Services Administration. We hope you have enjoyed this presentation and you will take time to explore the SmartGov Web site where you will find the latest in smart card news and information.

Because of the significant investment in an extensive magnetic stripe-based infrastructure, and the availability of reliable and low cost on-line telecommunication services, the U.S. has thus far represented a limited smart card market. Smart card projects implemented in the U.S. have been primarily closed systems deployed on military bases, universities, and corporate campuses. The exception to this has been the movement by the Federal Government to use smart cards in Electronic Benefits Transfers for food stamps and other similar social programs nationwide.

The Federal Government’s ultimate goal is to adopt a limited number of multi-application smart cards that will support a wide range of Government-wide and agency-specific services. It is envisioned that eventually every Federal employee will carry smart cards that can be used for multiple purposes such as identification, building access, network access, property accountability, travel, and other administrative and financial functions.

This completes Smart Card Technology, an on-line multimedia presentation, presented by the General Services Administration. We hope you have enjoyed this presentation and you will take time to explore the SmartGov Web site where you will find the latest in smart card news and information.

TOP

Applications in India:

The Smart card market is in the infancy stage in India, all the major multinationals and local players have conducted pilot projects in various segments of the industry. The acceptance and embracing of smart card technology by the authorities and masses in India has mushroomed and the demand for smart cards in all segments of the business and industry is exploding in the coming years.

The capability of the Smart card of carrying secured and authenticate information has necessitated the need from segments of the industry to embrace this technology for numerous application.

The potential segments for the Smart card usage are:

A) R.C. Book / Driving Licence
B) GSM
C) Loyalty retailing
D) Medical – Health cards
E) Identification – Employee ID, Departmental ID, National ID
F) Supply cahin and ware-housing management.
G) Corporate food coupons
H) T-commerce, M-commerce, Net banking
I) Banking – Debit cards, e-purse.
J) Prepaid cards in – Power distribution, Telephone and mobile etc.,

Opportunities in India are excellent for Smart card solutions by virtue of its huge population base and high growth of the same. Applications have emerged owing to Indian government’s initiatives of issuing Smart card based Driving License and vehicle registration certificates, National ID, Migration of present magnetic swipe cards, central government health scheme etc.,

Private initiatives include Insurance based health cards, Loyalty cards and exploding GSM market, Unification of CDMA and GSM will grow the market to heights.

Conditional access in broadband opens up an opportunity for the T-commerce and will become a major force driving this technology.
Introduction of secured Net banking is exploding the business opportunity for Samrt cards and related products owing to e-commerce assuming a new dimension in the coming days.

The boom in the retail market and crave for the vendors to retain their customers with them in this competitive arena opens up a huge opportunity for the smart cards in the coming days.

TOP

Why should your organization consider using smart cards?

A rule of thumb useful to organizations considering the incorporation of smart card technology into their operations states the following:

IF
· A portable record of one or more applications is necessary or desirable.
· The records are likely to require updating over time.
· The records will interface with more than one automated system.
· Security and confidentiality of the records are important.

THEN
· The smart card is a feasible automation solution for making data processing and data transfer more efficient and secure.


What are the advantages of Smart Card technology?

· The capacity provided by the on-board microprocessor and data capacity for   highly secure, off-line processing.
· Adherence to international standards, ensuring multiple vendor sources and   competitive prices.
· Established track record in real world applications.
· Durability and long expected life span (guaranteed by vendor for up to 10,000   read/writes before failure).
· Chip Operating Systems that support multiple applications and secure   independent data storage on one single card.


So what are the barriers to acceptance of smart cards?

The current obstacles to acceptance of smart card technology include:

· Relatively higher cost of smart cards as compared to magnetic stripe cards. (The   difference in initial costs between the two technologies, however, decreases   significantly when the differences in expected life span and capabilities- 
  particularly in terms of supporting multiple applications and thus   affording cost   sharing among application providers-are taken into account.)
· Present lack of infrastructure to support the smart card, particularly in the United   States , necessitating retrofitting of equipment such as vending machines, ATMs,   and telephones.
· Proprietary nature of the Chip Operating System. The consumer must be   technically knowledgeable to select the most appropriate card for the target   application.
· Lack of standards to ensure interoperability among varying smart card programs.
· Unresolved legal and policy issues, such as those related to privacy and   confidentiality or to consumer protection laws.


TOP