Smart card

A smart card, chip card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits. Although there is a diverse range of applications, there are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain memory and microprocessor components.

The standard perception of a "smart card" is a microprocessor card of credit card dimensions (or smaller, e.g. the GSM SIM card) with various tamper-resistant properties (e.g. a secure crypto-processor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory). Not all chip cards contain a microprocessor (eg. the memory cards), therefore not all chip cards are necessarily also smart cards. However the public usage of the terminology is often inconsistent.

History

Smart cards were invented and patented in the 1970s. There are some disputes regarding the actual "inventor"; claimants include Jürgen Dethloff of Germany, Arimura of Japan, and Roland Moreno of France. The first mass use of the cards was for payment in French pay phones, starting in 1983 (Télécarte).

Roland Moreno actually patented the concept of the memory card in 1974. In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced on by Motorola. Today, Bull has 1200 patents related to smart cards.

The second use was with the integration of a microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant's terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.

Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), the Netherlands (Chipknip and Chipper), Switzerland ("Cash"), Sweden ("Cash"), UK ("Mondex") and Denmark ("Danmønt").

The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe.They are becoming quite common now.

The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.

With the exception of the United States there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country's national payment association, in coordination with MasterCard, International, Visa International, American Express and JCB, develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.

The introduction of EMV is a paradigm shift in the way one looks at payment systems. In many cases banks are considering issuing one card that will serve as both a debit card and as a credit card. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.

For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen. The current level of fraud a country is experiencing determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.

However, the rest of the world is migrating to EMV and as other countries become protected the history reminds us that the criminals involved in payment card fraud will and are moving away from countries that have implemented EMV to those that have not. A specific example of how fraud migrates was seen recently in Malaysia. When they achieved a critical mass in 2004, their level of fraud dropped radically; unfortunately, across the border in Thailand, which had not yet decided to introduce EMV fraud protection, there was an alarming increase.

Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as for mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA. This version does not achieve the fraud saving attributable to EMV and eventually will be replaced with a standard emerging out of EMVco.

Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible.

Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licences, and patient card schemes are becoming more prevalent, and contactless smart cards are being integrated into passports ICAO to enhance security for international travel.

Contact Smart Card

Contact Smart Cards have a small gold chip about ½ inch in diameter on the front. When inserted into a reader, the chip makes contact with electrical connectors that can read information from the chip and write information back.

The ISO/IEC 7816 and ISO/IEC 7810 series of standards define:

the physical shape
the positions and shapes of the electrical connectors
the electrical characteristics
the communications protocols
the format of the commands sent to the card and the responses returned by the card
robustness of the card
the functionality

The cards do not contain batteries; energy is supplied by the card readers.

Contact Smart Card Reader

Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer.

Contactless Smart Card

A second type is the contactless smart card, in which the chip communicates with the card reader through RFID induction technology (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where smart cards can be used without even removing them from a wallet.

The standard for contactless smart card communications is ISO/IEC 14443, dated 2001. It defines two types of contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There have been proposals for ISO 14443 types C, D, E and F that have yet to complete the standards process. An alternative standard for contactless smart cards is ISO 15693, which allows communications at distances up to 50 cm.

An example of a widely used contactless smart card is Hong Kong's Octopus card, which predates the ISO/IEC 14443 standard. The following table lists smart cards used for public transportation.

Place	Card	Provider	Introduction
Atlanta, Georgia	Breeze Card	Metropolitan Atlanta Rapid Transit Authority	December 2005
Beijing	Yikatong card		2003
Brisbane	Not Yet Known	Translink/Cubic	End of 2006
Colombia	HID Corp	Transmilenio	1995
Boston	Charlie Card	Massachusetts Bay Transportation Authority	2006
Chicago	Chicago Card	Chicago Transit Authority	2002
Dublin	Luas smartcard	ITS	March 2005
Gatineau	Passe-Partout PLUS	Société de Transport de l'Outaouais	Announced in 1997, fully implemented in 2004
Guernsey	Multi Journey "Wave & Save"	Island Coachways	Unknown
Hamilton, NZ	BUSIT! Cards ^*	Environment Waikato	Unknown
Hong Kong	Octopus	Octopus Cards Limited	1997
Izmir	Kentkart	Kentkart	1997
Kraków	Cracow City Card		October 2005
Lisbon	LisboaViva card	Transport for Lisbon	November 2001
Lisbon	Lisboa card	Transportation and Culture	May 2005
London	Oyster card	Transport for London	January 2004
Tehran	Metro Card	Processing World Co./ASCOM	Implemented on 2002
Malaysia	Touch 'n Go	Teras Technologi Sdn Bhd	1997
Melbourne	Unknown	Kamco	2007
México	Metrobús Card	Mexico City Metrobús	June 2005
Minneapolis-St. Paul	Go-To card	Metro Transit (Minnesota)
Moscow	Transport Card	Moscow Metro	September 1 1998
Moscow	Transport Card	Mosgortrans	started on May 12 2001. fully implemented on April 2006
Nagasaki	Nagasaki Smart Card		January 2002
Nottingham	EasyRider	Nottingham City Transport	September 2000
The Netherlands	OV-chipkaart	Trans Link Systems	2006 / 2007
Oulu	Bus Card	Koskilinjat OY	January 1992
Paris	Navigo card	STIF	October 2001
Perth	SmartRider	Transperth and Wayfarer Transit	April 2006
Porto	Andante	Transportes Intermodais do Porto	2002
Saint Petersburg	Contactless Smart Card	Saint Petersburg Metro	2004
San Francisco Bay area	TransLink card	Metropolitan Transportation Commission	testing since 2002
Santiago de Chile	Multivía	Metro de Santiago de Chile	2003
São Paulo	Bilhete Único	Digicon (Architecture; Central System; Security; Devices); and others providers for devices	2004
Seoul	T-Money	Korea Smart Card Co. Ltd.	July 2004
Shanghai
Singapore	EZ-Link		2001
Sydney	Tcard	NSW Ministry of Transport	2005 (schoolchildren) 2006-2007 (general public)
South Jutland (Sønderjylland)	Elektronisk Klippekort	Sydbus	2001
Taipei	EasyCard	Taipei Smart Card Corporation	March 2000
Thailand	ThaiSmartCard	Thai Smart Card Co.,Ltd.	December 2005
Tokyo	Suica Card	JR East	November 2001
Toronto	GTA Farecard	GO Transit	2007
Warsaw	Warsaw City Card	ZTM	October 2001
Washington, D.C.	SmarTrip	Cubic Transportation Systems	1999

A related contactless technology is RFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection. RFID’s usually do not include writeable memory or microcontroller processing capability as contactless smart cards often do.

There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Malaysia's multi-application identification card, called MyKad, that uses both contact Proton and contactless MIFARE (ISO 14443A) chips.

Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-in inductor to capture some of the incident radio-frequency interrogation signal, rectify it, and use it to power the card's electronics.

Applications

The applications of smart cards include their use as credit or ATM cards, SIMs for mobile phones, authorization cards for pay television, high-security identification and access-control cards, and public transport payment cards.

Smart cards may also be used as electronic wallets. The smart card chip can be loaded with funds which can be spent in parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. Examples are Proton, GeldKarte, Moneo and Quick.

A quickly growing application is in digital identification cards. In this application, the cards are used for authentication of identity. The most common example is in conjunction with a PKI. The smart card will store an encrypted digital certificate issued from the PKI along with any other relevant or needed information about the card holder. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are a privacy-enhancing technology, and when used in conjunction with appropriate security and privacy policies, can be part of a highly effective authentication system.

Smart cards have been advertised as suitable for these tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card usually implements some cryptographic algorithm. Information about the inner workings of this algorithm can be obtained if the precise time and electrical current required for certain encryption or decryption operations is measured. A number of research projects have now demonstrated the feasibility of this line of attack. Countermeasures have been proposed.

Smart cards are widely used to protect digital television streams. See television encryption for an overview, and VideoGuard for a specific example of how smartcard security worked (and was cracked).

Another problem of smart cards may be the failure rate. The plastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction.

Gujarat was the first state in India which introduced the smart card license system in 1999. It was the first place in India which introduced this innovative system and, thus, its implementation was a real challenge. As of now, Gujarat Government has issued 5 million smart card driving licenses to its people. This card is basically a plastic card having ISO 7810 certification and integrated circuit,capable of storing and verifying information according to its programming. To avoid corruption and mismanagement of driving licence, in the year 1999,Gujarat State Government launched the smart card driving license system, which has become the success story for different states of India and overseas countries such as USA. However, the first smart driver's license in the world was issued in 1995 in Mendoza, a province of Argentina. Mendoza has a high level of road accidents, driving offenses, and a poor record of recovering outstanding fines. The smart licenses keep an up-to-date record of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph of the holder. Emergency medical information like blood type, allergies, and biometrics (fingerprints) can be stored on the chip if the cardholder wishes. The Argentina government anticipates that this new system will help to recover more than $10 million per year in fines.

External links

Patents

-- Methods of data storage and data storage systems
-- Data-transfer system
-- Systems for storing and transferring data
-- Systems for storing and transferring data
ES Patent ES2186534 -- Smart card reader for authentication and e-payment, including USB Token

More information, research, and news on smart cards

Manufacturers of smart cards

Manufacturers of smart-card readers

Manufacturers of chips used in smart cards

Atmel
Infineon
Philips/Mifare
Renesas
STMicroelectonics
Inside Contactless (Dedicated to contactless smart cards)
Samsung

Applications of smart cards

Link Solutions - contactless smart card application developer and integrator
PC/SC Specifications
Smart Card Counting Equipment Vendor
Fortress GB - contact/contactless smart card application developer
i-Card Security Solutions - smartcard-based access control and use application developer
Smart Technology Intl. - Smart Card Solution Providers and Integrators
Smart Technology Solutions Limited - Smart Card Enablement Middleware and Kernel Providers

ISO standards | Smart card

Gourt Home::Gourt :: Smart card