When you hear the words "Smart Card," does the question of contact or contactless come to mind? Both are considered smart, but they each have different technical capabilities offering diverse features and benefits. Are you sticking with your answer?
Now, let's complicate the question by connecting an antenna to the microprocessor (contact) chip - allowing for a contactless interface, and let's call it a dual-interface credential. Not only does it support high-level encryption, but it can quickly gain someone access to a building. Take the same concept a step further - put contactless applications on a SIM card (contact chip) in a mobile device, which enables you to make calls, access a building, get a cup of coffee from the vending machine and pay for tickets to the basketball game.
The capabilities of contactless technology are heading in many different directions as the technology becomes more prevalent, trusted and feasible to be used in a variety of commercial, governmental and consumer-based applications.
The majority of 13.56 MHz contactless chips are memory-based, with proven security features and functionality. The majority of applications that run on these chips include physical access, time-and-attendance, and ePayments, such as MasterCard's PayPass.
As standards such as ISO 14443 and ISO 15693 become more established and prevalent, the older, proprietary systems such as Wiegand, 125K proximity and magnetic stripe will be replaced. The goal for any standard is to allow interoperability and to simplify implementation. 13.56 Mhz contactless technology provides performance factors including encryption, mutual authentication and faster data transfer speeds. Substantial memory increases have provided for the additional flexibility to transfer biometrics and even photographs onto and from the credential.
These contactless chips can be put into a variety of form factors, ranging from a corporate ID and key FOBs to even wrist watches. Contactless memory chips, however, were not designed to support PKI requirements, digital signatures and other applications that require raw computing power.
The popularity of contactless smart cards is increasing, which is evident in applications ranging from contactless payments to public transportation ticketing. With a reported 30 million contactless payment cards in circulation in the United States, consumers are getting more familiar and comfortable with the technology and its benefits.
Contact smart cards provide the sophisticated processing power that contactless smart cards cannot provide. Typical applications featuring contact chips include mobile phones (SIMS cards), and logical access (networks, PC login); and also high-level physical security requirements, such as the FIPS-201 specification.
The technology consists of a microprocessor with a contact interface that physically comes in contact with the reader. The reader powers the computer on the chip. Contact chips also offer larger memory capacity for storage of larger files such as biometric templates and medical information.
Contact credentials come in many different forms, including USB tokens and cards. A contact chip can be used for access control or time-and-attendance, but are those uses practical? Putting a contact chip-based reader at your front door simply delays entrance to the building by authorized individuals and increases maintenance costs due to environmental issues such as dirt getting into the reader.
Contact goes Contactless: Dual-interface, microprocessor-based credentials have become true multi-application cards - mixing contact with contactless applications. Legic Identsystems calls this a "card-in-card" solution - they take existing legacy contactless applications and run them side-by-side with contact chip applications.
Contactless speed, ease of use and flexibility is now coupled with raw processing for high-level encryption applications such as PKI. The trend is supported by the millions of FIPS-201 credentials and First Responder Authentication Cards (FRAC) that will drive down the cost of dual-interface credentials for everyday applications.
Contactless readers go offline: Smaller, faster and better readers can extend battery life by five years; thus expanding the offline contactless reader market. Smart wake-up technology makes readers more reliable than infrared-based systems, thereby lowering power requirements and overall housing sizes. Offline readers help you avoid expensive cabling while providing an audit trail. They are designed to easily swap out with existing locks. Widespread use of offline contactless readers are seen in hotel door locks, residential applications, file cabinets, gym lockers, desks - virtually anywhere a lock is required.
Network on Card: The corporate network is extended to offline devices by using the credential as a secure data transfer device. The credential is used to update offline devices and upload data to online applications. Data transport segments are individually secure within the credential. Offline buildings, maintenance sheds, vending machines, college laundry machines and pool entrances are indirectly connected to the network every time a credential is presented and read.
For example, a maintenance worker checks in the morning using a corporate credential. The access control system checks the employee's credential and updates their rights and access privileges for that day's field-based maintenance calls. When the employee presents the credential to the offline reader, the reader is updated with new information and downloads an audit trial of all recent transactions. The next time the person returns to his office, the audit trail is uploaded. That list is compared to other lists to create a master database of who has entered the building and at what time.
Contactless goes Mobile
Near Field Communications (NFC) devices help manage your life. Cell phones turn into ubiquitous mobile devices that communicate to other NFC devices. Consumers reap the benefits of carrying an electronic wallet that contains membership cards, credit/debit cards, ePurses - even an electronic key to their house. The NFC device has a permanent connection to the network, so new applications are downloaded in real-time.
From a security standpoint, you can SMS (text message) an electronic key to the cleaning staff to grant them rights to enter an office for that day; or you can SMS fire or police officials to give them entrance to a facility.
Consumers can download coupons from a magazine to a cell phone, and then hold the phone to a reader at the store to receive the discount. Then, the consumer can scroll through which payment option - it is safe, secure and extremely convenient. If the phone is lost or stolen, it can be immediately disconnected from the network. Even a PayPass can be revoked via mobile operator.
NFC isn't just hype - pilot tests have been conducted in New York, London, Taiwan and Japan. Legic Identsystems is conducting several pilots in cooperation with leading smart card and mobile phone suppliers and major network operators such as Swisscom. Additonally, Inside Contactless recently announced a large scale commercial NFC mobile payment project in China, saying it represents "the first large-scale commercial deployment in the world."
NFC might be a wonderful way to simplify someone's life, but an ecosystem of partners and stakeholders must be established to build the infrastructure. Financial institutions, merchants, application developers and mobile operators all have a stake in the future, as do the consumers. It must be profitable for the stakeholders and easy, flexible and secure for the consumer in order for this market to develop.
The Smart Card Alliance just released a new white paper entitled "Mobile Payments: Leveraging NFC and the Contactless Financial Payments Infrastructure." The paper provides an excellent overview and examples that clearly demonstrate why NFC is gaining so much interest - especially in the United States, which already has the largest payment infrastructure in place.
Robert M. Fee is the general manager of Legic Identsystems' North American business unit. Prior to joining Legic, Mr. Fee was vice president of business development for Cernium Inc. Mr. Fee is active in variety of trade associations, including CompTIA, IACLEA, IAHSS, and the Smart Card Alliance.