?Understanding Smart Cards
Smart cards generally look like credit cards. What makes the smart card different from an ordinary plastic card is the technology embedded in it that makes it "smart," provides storage capacity of 1K to 64K and enables it to be used in controlling access by identifying and authenticating the user.
In addition to memory or a microprocessor chip, smart cards incorporate RAM, ROM, EEPROM and a serial communications interface. They provide secure information storage and information processing; they respond to tampering by inhibiting the output function. Generally, a secure microprocessor chip is embedded in the smart card. The microprocessor chip is capable of implementing a secure file system, computing cryptographic functions and detecting invalid access attempts.?
The smart card processing unit implements a hierarchical file system on the non-volatile memory of the card and a set of access and control operations for both the card and the file system. The hierarchical file system supports a special root (master) directory file, optional sub-directory (dedicated) files and data (elementary) files according to ISO 7816-4. The identifiers of all files from the master file down to a specific file unambiguously identify the specific file. The three categories of files all contain control information such as the file identifier, file name and record specifications.?
Smart cards implement three levels of logical access control. The first level includes the association of a set of privileges with a user's password and the ability to control access to files on the card based on those privileges. The second level is the ability to detect and respond to a sequence of invalid access attempts. The third level is the "logic channel" that constitutes a logical link between the host system and a file on the smart card.????
Smart cards are dependent on an outside power source provided by a reader interface. Therefore, any information held in conventional RAM is lost every time the card is removed from the reader. The microprocessor uses only a few hundred bytes of RAM for working transactions. ROM contents are fixed in the chip when it is manufactured. Data that is unalterable resides in EEPROM between 1K and 16K.??????????????????????????????????????????????????????????????????????????????????????????
Cards with memory-only chips have a limited amount of logic circuitry for control and security and contain non-volatile memory. These cards' chips can hold from 103 bits to 16,000 bits of data. Generally less expensive than cards containing microprocessors, memory smart cards have a corresponding decrease in data management security. All memory smart cards require a card reader and depend on the security of the card reader for their processing.?
Cards with microprocessor chips contain an "intelligent" controller that is used for the secure addition, deletion, modification, and updating of information contained in the memory. The more sophisticated the microprocessor chip, the more sophisticated the features for protecting the memory from unauthorized access.
To use a contact smart card, the user must physically insert the card into a reader where pins attached to the reader make contact with special pads on the surface of the card. Once this contact is made, the information on the chip can be read.
Since they work on radio frequency, contactless smart cards do not have to be inserted into a reader device. Instead, they need only be passed within range of a radio frequency acceptor in order to read and store information on the chip. The range of operation is generally between 2.5" and 3.9".?
Contactless smart cards can be used for many of the same applications as contact smart cards, and they are generally more convenient and faster to use.?
Proximity cards come in several thicknesses, with the antenna generally embedded between the two plastic surfaces of the smart card. These cards are convenient and offer security, identification and access control applications.?
One of the most prominent uses for hybrid cards is for upgrading existing badging and security systems. The hybrid card allows the accommodation of legacy systems' card technology and infrastructure while adding new applications and technologies to the card.?
Combination smart cards, also known as dual-interface cards, are similar to hybrids in that they incorporate more than one technology, but different in that they include one embedded smart chip that can be accessed both through contact pads and embedded antennas.?
This card provides both high security and ease of use. It lends itself to mass transit applications where a cash value can be put in the memory chips through a contact-acceptor, and fare can be deducted through a contactless interface.?
Standards
The International Standards Organization (ISO) 7810, and the 7816 series, parts 1-10, specify the physical structure of the smart card. In 1987 the ISO published standard 7816, which allowed smart cards to communicate using the same protocol.??
One major problem in the acceptance of smart cards is that there is no one standard. In addition to the ISO standards, other significant standards are the Europay, MasterCard and Visa (EMV), the Global Standard for Mobile Communications (GSM), the Personal Computer/Smart Card (PC/SC) and the OpenCard Framework. Since the technology continues to evolve, the standards need to evolve also.?
The most common smart cards are plastic with the dimensions of 85.60mm x 53.98x 0.80mm, with a printed circuit and an integrated circuit chip embedded in the card. ISO standard 7816/3 provides five connection points for power and data. The printed circuit is hermetically fixed on the card and is burned onto the circuit chip, filled with a conductive material and sealed. The integrated circuit chip provides the individual capability for each card. To avoid breakage, the chip is restricted to a few millimeters in size. The physical interface is normally limited to 9600 bits per second. The bi-directional serial transmission line conforms to ISO standard 7816/3, and since information is sent in half duplex mode, data is transmitted in one direction at a time.?
Smart cards have certain capabilities that make them ideal for controlling both physical and system access. While they are more expensive than magnetic stripe cards, operating costs are generally lower for smart cards. Following are some basic requirements necessary for a smart card platform to succeed.
? Smart cards must be an extension of the network and/or Internet environment;
? Smart cards must provide software development tools that have a broad base of developer familiarity and support;
? Each smart card issuer must have the ability to choose components they want and deem necessary from a variety of suppliers;
? Smart cards must incorporate extensive security features and be attractively priced.?
It's anticipated that 2.7 billion smart cards will be in use this year, and the number will continue to grow. Applications will always be the driving force behind the smart card market, since they will be the deciding factor for implementers, adapters, and users of smart cards.?