Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Smart Cards

What is a smart card?  The term Smart Card is loosely used to describe any card with a microprocessor  and memory.  They are equipped with an embedded Integrated Circuit (IC) chip.  Microprocessor cards can store information, carry out local processing on the data stored, and perform complex calculations.  These cards take the form of either “contact” cards which require a card reader or “contactless” cards which use radio frequency signals to operate.

No bigger than a credit card, this smart card contains a dime-sized microchip that can process and store thousands of bits of electronic data.  Unlike passive devices (such as a memory card or magnetic stripe card) that can only store information, the smart card is active and able to process data in reacting to a given situation.  This capability to record and modify information in its own non-volatile, physically protected memory makes the smart card a powerful and practical tool.  Smart cards are small and portable; they can interact with computers and other automated systems; and the data they carry can be updated instantaneously.

Scene 1.7: Historical Milestones

Although considered a leading edge technology, IC contact cards, an original French invention, have been with us for over 20 years.  Since the 1970s, the history of smart cards has reflected steady advances in chip capabilities and capacity, as well as increases in the number and variety of applications.

Click on the dates below to review the historical milestones in the development of smart card technology.

1970             Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card concept.

1974             Roland Moreno of France filed the original patent for the IC card, later dubbed the "smart card".

1977             Three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began developing the IC card product.

1979             Motorola developed the first secure single chip microcontroller for use in French banking.

1982             Field testing of serial memory phone cards took place in France--the world's first major IC card test.

1984             Field trials of ATM bank cards with chips were successfully conducted.

1986             In March, 14,000 cards equipped with the Bull CP8 were distributed to clients of the Bank of Virginia and the Maryland National Bank.  Also, 50,000 Casio cards were distributed to clients of the First National Palm Beach Bank and the Mall bank.

1987             First large-scale smart card application implemented in the United States with the U.S. Department of Agriculture’s nationwide Peanut Marketing Card.

1991             First Electronic Benefits Transfer (EBT) smart card project launched for the Wyoming Special Supplemental Nutrition Program for Women, Infants, and Children (WIC).

1992             A nationwide prepaid (electronic purse) card project (DANMONT) was started in Denmark.

1993             Field test of multi-function smart card applications in Rennes, France, where the Telecarte function (for public phones) was enabled in a Smart Bank Card.

1994             Europay, MasterCard, and Visa (EMV) published joint specifications for global microchip-based bank cards (smart cards).

                    Germany began issuance of 80 million serial memory chip cards as citizen health cards.

1995             Over 3 million digital mobile phone subscribers worldwide begin initiating and billing calls with smart cards.

                    First of 40,000 multi-functional, multi-technology MARC cards with chips were issued to U.S. Marines in Hawaii.

1996             Over 1.5 million VISACash stored value cards were issued at the Atlanta Olympics.

MasterCard and Visa began sponsorship of competing consortia to work on solving the problems of smart card interoperability; two different card solutions were developed: the JavaCard backed by Visa, and the Multi-application Operating System (MULTOS) backed by MasterCard.

 1998             In September 1998, the U.S. Government’s General Services Administration and the United States Navy joined forces and implemented a nine-application smart card system and card management solution at the Smart Card Technology Center in Washington, DC.  The Technology Center's primary purpose is to demonstrate and evaluate the integration of multi-application smart cards with other types of technology, showcasing systems available for use in the Federal Government.

 Microsoft announced its new Windows smart card operating system.         

                     France began piloting a smart health card for its 50 million citizens.

 1999                         The U.S. Government’s General Services Administration has been involved in the Smart Access Common ID Project for the past year.  The Smart Access Common ID Card program will establish a contract vehicle for use by all Federal agencies to acquire a standard, interoperable employee identification card, from one or more vendors, capable of providing both physical and logical (system/network) access to all Federal employees.

 The United States Government (General Services Administration) began a true multi-application Java card pilot in the Washington, DC, metropolitan area.

Smart cards are credit card-sized, often made of flexible plastic (polyvinyl chloride or PVC), and are embedded with a micromodule containing a single silicon integrated circuit chip with memory and microprocessor.  The micromodule has eight metallic pads on its surface, each designed to international standards for VCC (power supply voltage), RST (used to reset the microprocessor of the smart card), CLK (clock signal), GND (ground), VPP (programming or write voltage), and I/O (serial input/output line).  Two pads are reserved for future use (RFU).  Only the I/O and GND contacts are mandatory on a card to meet international standards; the others are optional.

When a smart card is inserted into a Card Acceptance Device or CAD (such as a point-of-sale terminal), the metallic pads come into contact with the CAD’s corresponding metallic pins, thereby allowing the card and CAD to communicate.  Smart cards are always reset when they are inserted into a CAD.  This action causes the smart card to respond by sending an “Answer-to-Reset “ message, which informs the CAD, what rules govern communication with the card and the processing of a transaction.

The micromodule on board the smart card is made up of certain key components that allow it to execute instructions supporting the card’s functionality.  Click each component in the diagram for an explanation.

The Microprocessor Unit (MPU) executes programmed instructions. Typically, older version smart cards are based on relatively slow, 8-bit embedded microcontrollers.  The trend during the 1990s has been toward using customized controllers with a 32-bit Reduced Instruction Set Computing (RISC) processor running at 25 to 32 MHz.

The I/O Controller manages the flow of data between the Card Acceptance Device (CAD) and the microprocessor.

Read Only Memory (ROM) or Program Memory is where the instructions are permanently burned into memory by the silicon manufacturer.  These instructions (such as when the power supply is activated and the program that manages the password) are the fundamentals of the Chip Operating System (COS) or, as often called, the “Mask.”

Random Access Memory (RAM) or Working Memory serves as a temporary storage of results from calculations or input/output communications.  RAM is a volatile memory and loses information immediately when the power supply is switched off.

Application Memory, which today is almost always double E-PROM (Electrically Erasable Programmable Read-Only Memory) can be erased electronically and rewritten.  By international standards, this memory should retain data for up to 10 years without electrical power and should support at least 10,000 read-write actions during the life of the card.  Application memory is used by an executing application to store information on the card.

 What is the COS?

The smart card's Chip Operating System (frequently referred to simply as COS; and sometimes referred to as the Mask) is a sequence of instructions, permanently embedded in the ROM of the smart card.  Like the familiar PC DOS or Windows Operating System, COS instructions are not dependent on any particular application, but are frequently used by most applications.

Chip Operating Systems are divided into two families:

·       The general purpose COS which features a generic command set in which the various sequences cover most applications, and

·       The dedicated COS with commands designed for specific applications and which can even contain the application itself.  An example of a dedicated COS would be a card designed to specifically support an electronic purse application.

The baseline functions of the COS which are common across all smart card products include:

·       Management of interchanges between the card and the outside world, primarily in terms of the interchange protocol.

·       Management of the files and data held in memory.

·       Access control to information and functions (for example, select file, read, write, and update data).

·       Management of card security and the cryptographic algorithm procedures.

·       Maintaining reliability, particularly in terms of data consistency, sequence interrupts, and recovering from an error.

·       Management of various phases of the card's life cycle (that is, microchip fabrication, personalization, active life, and end of life).

Shown below are some of the key features and characteristics of smart cards.  Click on each feature for a description.

Cost

 

Typical costs range from $2.00 to $10.00.  Per card cost increases with chips providing higher capacity and more complex capabilities; per card cost decreases as higher volume of cards are ordered.

 

Reliability

 

Vendors guarantee 10,000 read/write cycles. Cards claiming to meet International Standards Organization (ISO) specifications must achieve set test results covering drop, flexing, abrasion, concentrated load, temperature, humidity, static electricity, chemical attack, ultra-violet, X-ray, and magnetic field tests.

 

Error Correction

 

Current Chip Operating Systems (COS) perform their own error checking. The terminal operating system must check the two-byte status codes returned by the COS (as defined by both ISO 7816 Part 4 and the proprietary commands) after the command issued by the terminal to the card. The terminal then takes any necessary corrective action.

 

Storage Capacity

 

EEPROM: 8K – 128K bit.  (Note that in smart card terminology, 1K means one thousand bits, not one thousand 8-bit characters.  One thousand bits will normally store 128 characters, the rough equivalent of one sentence of text.  However, with modern data compression techniques, the amount of data stored on the smart card can be significantly expanded beyond this base data translation.)

 

Ease of Use

 

Smart cards are user-friendly for easy interface with the intended application; handled like the familiar magnetic stripe bank card.   

 

Susceptibility

 

Susceptible to chip damage from physical abuse, but more difficult to disrupt or damage than the magnetic stripe card.

 

Security

 

Smart cards are highly secure.  Information stored on the chip is difficult to duplicate or disrupt, unlike the outside storage used on magnetic stripe cards that can be easily copied.  Chip microprocessor and Co-processor supports DES, 3-DES, RSA or ECC standards for encryption, authentication, and digital signature for non-repudiation.

First Time Read Rate

ISO 7816 limits contact cards to 9600 baud transmission rate; some Chip Operating Systems do allow a change in the baud rate after chip power up; a well designed application can often complete a card transaction in one or two seconds.

 

Speed of Recognition

 

Smart cards are fast. Speed is only limited by the current ISO Input/Output speed standards.

 

Proprietary Features

 

These include Chip Operating System and

System Development Kits.

 

Processing Power

 

Older version cards use an 8-bit micro-controller clockable up to 16 MHz with or without co-processor for high-speed encryption.  Current trend is toward customized controllers with a 32-bit RISC processor running at 25 to 32 MHz.

 

 

Power Source

 

Mostly 5 volt DC power source.

 

Support Equipment Required

 

For most host-based operations, only a simple Card Acceptance Device (that is, a card reader/writer terminal) with an asynchronous clock, a serial interface, and a 5-volt power source is required.  For low volume orders, the per unit cost of such terminals runs between $100 and $250, the cost decreasing significantly with higher volumes.  More costly Card Acceptance Devices are hand-held, battery-operated terminals and EFT/POS desktop terminals.

 

ISO 7816 Standards

Standards are key to ensuring interoperability and compatibility in an environment of multiple card and terminal vendors.  Integrated circuit card standards have been underway since the early 1980’s on both national and international levels.  Basic worldwide standards for smart cards have been and continue to be established by the International Organization for Standardization, which has representation from over 70 nations.  The ISO 7816 series is the international standard for integrated circuit cards.

International Organization for Standards Smart Card Standards

Part

Number

 

Date

Approved

 

General Description

 

7816-1

1987

Governs the physical dimensions of the card (width, length, and thickness), which are those of a standard credit card.

7816-2

1988 Governs the dimensions and locations of the chip contacts.

7816-3

1989 with two amendments in 1992 and 1994 Governs the electronic signals and transmission protocols in terms of electrical characteristics, transmission protocols, and the format of the card “Answer to Reset”.

7816-4

In Progress Governs inter-industry commands and responses to include the Application Protocol Data Unit (the command exchange format independent of the transfer protocol), historical characters of the Answer to Reset, file structures and access methods, data object oriented commands, and a secure messaging format.

7816-5

1994 with one amendment in progress Provides for a registration system for application identifiers, which allow terminals to select unambiguously an application in a card.

7816-6

1996 Governs data elements for interchange.

7816-7

1999 Governs Smart Card Query Language.  Commands to support a relational database on a card.

7816-8

In Progress Governs security related inter-industry commands.

7816-10

In Progress Governs synchronous cards.

 

Although smart cards conform to a set of international standards, there is currently no standard Chip Operating System, or anything as common as Microsoft’s Windows, or UNIX.  Each smart card vendor provides the market with a distinct product. The key discriminator among smart card products is the proprietary operating system each offers to the customer.

Other standards groups and vendor consortia are working on standards proposals and specifications that will have impact on smart cards.  Shown below is a review of their activities.

The first chip cards were simple prepaid telephone cards implemented in Europe in the mid-1980s, using memory cards.  Today, the major active application areas for microprocessor-based smart cards include: financial, communications, government programs, information security, physical access security, transportation, retail and loyalty, health care, and university identification.  These are intersecting areas in that the smart card may carry applications from more than one area  (for example, combining information and physical security access, or financial and retail/loyalty).

A rule of thumb useful to organizations considering the incorporation of smart card technology into their operations states the following:

·       A portable record of one or more applications is necessary or desirable.

·       The records are likely to require updating over time.

·       The records will interface with more than one automated system.

·       Security and confidentiality of the records are important.

The key advantages of smart card technology include:

·       The capacity provided by the on-board microprocessor and data capacity for highly secure, off-line processing.

·       Adherence to international standards, ensuring multiple vendor sources and competitive prices.

·       Established track record in real world applications.

·       Durability and long expected life span (guaranteed by vendor for up to 10,000 read/writes before failure).

·       Chip Operating Systems that support multiple applications and secure independent data storage on one single card.

Scene 3.5: Barriers to Acceptance of Smart Cards

The current obstacles to acceptance of smart card technology include:

·       Relatively higher cost of smart cards as compared to magnetic stripe cards. (The difference in initial costs between the two technologies, however, decreases significantly when the differences in expected life span and capabilities--particularly in terms of supporting multiple applications and thus affording cost sharing among application providers--are taken into account.)

·       Present lack of infrastructure to support the smart card, particularly in the United States, necessitating retrofitting of equipment such as vending machines, ATMs, and telephones.

·       Proprietary nature of the Chip Operating System. The consumer must be technically knowledgeable to select the most appropriate card for the target application.

·       Lack of standards to ensure interoperability among varying smart card programs.

·       Unresolved legal and policy issues, such as those related to privacy and confidentiality, or to consumer protection laws.

The increasing complex performance and application requirements of today’s card systems have spurred interest in smart cards as an alternative to magnetic stripe cards, or as an enhancement to magnetic stripe cards in the form of a hybrid card.  A hybrid card supports more than one technology as, for example, a smart card micro-module and a magnetic stripe.

Shown below are examples of smart card applications.  Click each application for an explanation.

Financial Applications

·       Electronic Purse to replace coins for small purchases in vending machines and over-the-counter transactions.

·       Credit and/or Debit Accounts, replicating what is currently on the magnetic stripe bank card, but in a more secure environment.

·       Securing payment across the Internet as part of Electronic Commerce.

Communications Applications

·       The secure initiation of calls and identification of caller (for billing purposes) on any Global System for Mobile Communications (GSM) phone.

·       Subscriber activation of programming on Pay-TV.

Government Programs

·       Electronic Benefits Transfer using smart cards to carry Food Stamp and WIC food benefits in lieu of paper coupons and vouchers.

·       Agricultural producer smart marketing card to track quotas.

Information Security

·       Employee access card with secured passwords and the potential to employ biometrics to protect access to computer systems.

Physical Access

·       Employee access card with secured ID and the potential to employ biometrics to protect physical access to facilities.

Transportation

·       Drivers Licenses.

·       Mass Transit Fare Collection Systems.

·       Electronic Toll Collection Systems.

Retail and Loyalty

·       Consumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set.

Health Card

·       Consumer health card containing insurance eligibility and emergency medical data.

 University Identification

·       All-purpose student ID card, containing a variety of applications such as electronic purse (for vending and laundry machines), library card, and meal card.

Because of the significant investment in an extensive magnetic stripe-based infrastructure, and the availability of reliable and low cost on-line telecommunication services, the U.S. has thus far represented a limited smart card market.  Smart card projects implemented in the U.S. have been primarily closed systems deployed on military bases, universities, and corporate campuses.  The exception to this has been the movement by the Federal Government to use smart cards in Electronic Benefits Transfers for food stamps and other similar social programs nationwide.

The Federal Government’s ultimate goal is to adopt a limited number of multi-application smart cards that will support a wide range of Government-wide and agency-specific services.  It is envisioned that eventually every Federal employee will carry smart cards that can be used for multiple purposes such as identification, building access, network access, property accountability, travel, and other administrative and financial functions.

The U.S. Smart Card market comprises six major industries.  Financial services lead it off with 32% of the market.  Followed by retail with 27%, government with 22%, education with 18%, and a tie for last between transportation and phone; both at 1%.

Recommended Links

http://www.smartcardalliance.org/

Smart Card

Smart Card Group Resources Articles


Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2020 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019