A smart card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits. Although there is a diverse range of applications, there are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain memory and microprocessor components.
The standard perception of a "smart card" is a microprocessor card of credit card dimensions (or smaller, e.g. the GSM SIM card) with various tamper-resistant properties (e.g. a secure crypto-processor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).
- 1 History
- 2 Contact Smart Card
- 3 Contactless Smart Card
- 4 Applications
- 5 See also
- 6 External links
Smart cards were invented and patented in the 1970s. There are some disputes regarding the actual "inventor"; claimants include Juergen Dethloff of Germany, Arimura of Japan, and Moreno of France. The first mass use of the cards was for payment in French pay_phones, starting in 1983 (Télécarte).
The second use was with the integration of a microchips into all French debit cards (Carte Bleue) in 1992. When paying in France (and starting from 2005, also in the United Kingdom) with a Carte Bleue, one inserts the card into the merchant's terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.
Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally-recorded account) were tried throughout Europe from the mid 1990s, most notably in Germany (Geldkarte), Belgium (Proton), the Netherlands (Chipknip and Chipper), Switzerland ("Cash"), Sweden ("Cash"), UK ("Mondex") and Denmark ("Danmont"). None of these programs attracted any notable public interest, and usage levels remained low to negligible.
The major boom in smart card use came in the 1990’s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe.
The international payment brands MasterCard, Visa, and Europay published a smart card payment interoperability standard in 1996 and then revised it in 2000. This EMV standard is gradually being introduced world wide, and some hope it will replace existing magnetic-stripe-based credit and debit schemes. Currently, EMV specifications are costly to implement, with the only benefit being a reduction in fraud. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology. However, the standard has been rolled out in the UK under the brand name Chip and PIN, and from early 2005 has mostly replaced signature/swipe verification. Also, France is moving its systems to the EMV standard.
Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as for mass transit. Interoperable ticketing standards have been published in the UK  and Europe IOPTA.
Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licences, and patient card schemes are becoming more prevalent, and contactless smart cards are being integrated into passports ICAO to enhance security for international travel.
Contact Smart Card
The ISO/IEC 7816 and ISO/IEC 7810 series of standards define:
- the physical shape
- the positions and shapes of the electrical connectors
- the electrical characteristics
- the communications protocols
- the format of the commands sent to the card and the responses returned by the card
- robustness of the card
- the functionality
The cards do not contain batteries; energy is supplied by the card readers.
- Contact Smart Card Reader ***
Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer.
Contactless Smart Card
A second type is the contactless smart card, in which the chip communicates with the card reader through induction technology (at data rates of 106 to 848 kb/s).
The standard for contactless smart card communications is ISO/IEC 14443, dated 2001. It defines two types of contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There have been proposals for ISO 14443 types C, D, E and F that have yet to complete the standards process. An alternative standard for contactless smart cards is ISO 15693, which allows communications at distances up to 50 cm.
A related contactless technology is RFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection. RFID’s generally do not include write-able memory or micro-controller processing capability as contactless smart cards often do.
There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Malaysia's multi-application identification card, called MyKad, that uses both contact Proton and contactless MIFARE (ISO 14443A) chips.
The applications of smart cards include their use as credit or ATM cards, SIMs for mobile phones, authorisation cards for pay television, high-security identification and access-control cards, and public transport payment cards.
Smart cards may also be used as electronic wallets. The smart card chip can be loaded with funds which can be spent in parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. Examples are Proton, GeldKarte, Moneo and Quick.
A quickly-growing application is in identification cards. In this application, the cards are used for authentication of identity. Examples include the US Department of Defense Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are a privacy-enhancing technology, and when used in conjunction with appropriate security and privacy policies, can be part of a highly-effective authentication system.
Smart cards have been advertised as suitable for these tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card usually implements some cryptographic algorithm. Information about the inner workings of this algorithm can be obtained if the precise time and electrical current required for certain encryption or decryption operations is measured. A number of research projects have now demonstrated the feasibility of this line of attack. Countermeasures have been proposed.
Another problem of smart cards may be the failure rate. The plastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction.
- Smart Card Tutorial
- Introduction to Smart Cards
- Smart Card Alliance.
- OpenSC (open source smart card framework).
- Template:US patent -- Methods of data storage and data storage systems
- Template:US patent -- Data-transfer system
- Template:US patent -- Systems for storing and transferring data
- Template:US patent -- Systems for storing and transferring data
More information, research, and news on smart cards
Manufacturers of smart cards
- Advanced Card Systems Ltd (ACS)
- Giesecke & Devrient
- ID TECH
- I'M Technologies
- InSeal Contactless
- Incard S.r.l.
- Oberthur Card Systems
- ORGA Kartensysteme GmbH
- On Track Innovations Ltd (OTI)
- Smart Card Integrators
Manufacturers of smart-card readers
Manufacturers of chips used in smart cards
- Inside Contactless (Dedicated to contactless smart cards)