From the past to the recent technological developments have always destination to give simplicity, miniaturization, preciseness and saving of time in manipulation. History of Technical development demonstrates that the solution of one problem itself is a new problem. As the technology in the field of data security & easy banking grows up, a variety of cards have been introduced for the ease of customers. But the problem of data security also grows up. The solution to this problem is SMART CARD, having its own intelligence. The smart card as the name implies is really an electronic wallet which is having a small microcontroller making its secure against frauds. This paper demonstrates all the striking features, architectural details & future of the smart cards. The second subdivision briefs the time travel of the development of this technology. The next contains the types of smart cards & compares the smart cards with the old technologies like embedded cards, magnetic stripe cards etc. After this strong background we go through the constructional detail which includes the physical & electrical standards for card manufacturing and the architectural details. The subdivision under the topic operation demonstrates how the smart card handles the process of money transaction securely with the help of an example of a departmental store. Having these all concepts as we read further, we come to the field of applications. Here we realize the essence of the name smart card. The smart card can be implemented to the fields related to Financial Services, Affinity Programs, Cellular Phone (SIM card), Network security, Biometrics, Record keeping etc. The smart card offers certain advantages like security, convenience, economic benefits, customization and multifunctionality over the old technologies. This makes the future of the smart cards brighter. The future of the smart card leads to the concept of the smart village, where smart card-based services and products inhabit our everyday lives. This smart marketplace includes: GSM payphones and mobile telecommunication, private site smart pay phones, smart ticket vending machines at transit terminals, smart pay and display units at parking lots, smart fuel dispenser at gas stations, contact less, remote and prepaid card terminals in retail locations, smart health care management and network access based on secured, personalized smart cards.
Thus smart card proves its smartness in the fields of transaction, authorization and identification.
A smart card is a credit card sized plastic card embedded with an integrated circuit chip that makes it “smart”. This marriage between a convenient plastic card and a microprocessor allows an immense amount of information to be stored, accessed and processed either online or offline. Smart cards can store several hundred times more data than a conventional card with a magnetic stripe. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader. A contact-less smart card has an antenna coil which communicates with a receiving antenna to transfer information. It provides not only memory capacity, but computational capability as well. Because of this characteristic, smart cards are often used in different applications, which require strong security protection and authentication.
Smart card can act as an identification card, which is used to prove the identity of the cardholder. It also can be a medical card, which stores the medical history of a person. Furthermore, the smart card can be used as a credit/debit bankcard, which allows off-line transactions. All of these applications require sensitive data to be stored in the card, such as biometrics information of the card owner, personal medical history, and cryptographic keys for authentication, etc.
In the near future, the traditional magnetic strip card will be replaced and integrated together into a single card by using the multi-application smart card, which is known as an electronic purse or wallet in the smart card industry. It will be used to carry a lot of sensitive and critical data about the consumers ever more than before when compared with the magnetic strip card. Therefore, there are many arguments and issues about whether or not the smart card is secure and safe enough to store that information.
The roots of the current day smart card can be traced back to the US in the early 1950s when Diners Club produced the first all-plastic card to be used for payment applications. VISA and MasterCard then entered the market, but eventually the cost pressures of fraud, tampering, merchant handling, and bank charges made a machine-readable card necessary. The magnetic stripe was introduced, and this allowed further digitized data to be stored on the cards in a machine-readable format. This type of embossed card with a magnetic stripe is still the most commonly used method of payment. Magnetic stripe technology suffers from a critical weakness, however, in that anyone with access to the appropriate device can read, re-write, or delete the data. Thus a magnetic-stripe card is unsuitable for storing sensitive data and, as such, requires an extensive on-line, centralized, back-end infrastructure for verification and processing.
• In 1968, German inventors Jurgen Dethloff and Helmut Grotrupp applied for the first ICC (Integrated Chip Card) related patents.
• In 1970, Japanise scientist ARIMURA had made some security arrangements in ICC related patents.
• Roland Moreno, a Frenchman, patented the concept of the memory card in 1974.
• In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip.
• Three years later, the very first “CP8″ based on this patent was produced on by Motorola.
TYPES OF CARDS
Mainly there are three types of cards as listed below.
• EMBOSSED CARDS
• MAGNETIC STRIP CARDS
• SMART CARDS (CHIP CARDS)
embossing allows for textual information or designs on the card to be transferred to paper by using a simple and inexpensive device. Transfer of information via embossing may seem primitive, but the simplicity of the system has made worldwide proliferation possible.
the primary advantage that magnetic stripe technology offers over embossing is a reduction in the flood of paper documents. The stripe’s storage capacity is about 1000 bits and anyone with the appropriate read/write device can view or alter the data.
SMART CARDS (CHIP CARDS)
The following Integrated Circuit Cards have conventionally come to be known as “Smartcards”. These types of cards allow far greater orders of magnitude in terms of data storage – cards with over 20 Kbytes of memory are currently available. Also, and perhaps most important, the stored data can be protected against unauthorized access and tampering. Memory functions such as reading, writing, and erasing can be linked to specific conditions, controlled by both hardware and software. Another advantage of smartcards over magnetic stripe cards is that they are more reliable and have longer expected lifetimes.
CLASSIFICATION OF CHIP CARD
though referred to as smartcards, memory cards are typically much less expensive and much less functional than microprocessor cards. They contain EEPROM and ROM memory, as well as some address and security logic. In the simplest designs, logic exists to prevent writing and erasing of the data. More complex designs allow for memory read access to be restricted. Typical memory card applications are pre-paid telephone cards and health insurance cards.
Components of this type of architecture include a CPU, RAM, ROM, and EEPROM. The operating system is typically stored in ROM, the CPU uses RAM as its working memory, and most of the data is stored in EEPROM. A rule of thumb for smartcard silicon is that RAM requires four times as much space as EEPROM, which in turn requires four times as much space as ROM. Typical conventional smartcard architectures have properties reflected in Table
|RAM||256 bytes to 1 kB|
|EEPROM||1 kB to 16 kB|
|ROM||6 Kb to 24 kB|
|MICROPROCESSOR||8 bites at approximately 5 MHz|
|INTERFACE SPEED||9600bps minimum, half duplex|
The serial I/O interface usually consists of a single register, through which the data is transferred in a half duplex manner, bit by bit. Though the chip can be thought of as a tiny computer, the external terminal must supply the voltage, ground, and clock.
(3) Cryptographic Coprocessor Cards:
In spite of the increased cost, the benefits to computer and network security of including the cryptographic coprocessor are great, for it allows for the private key to never leave the smartcard. As we’ll see in the following sections, this becomes a critical factor for operations such as digital signatures, authentication, and non-repudiation. Eventually, though, the need for a cryptographic coprocessor and its associated cost will likely go away. The basic processors could become powerful enough to perform the math-intensive operations, or other algorithms such as those based on elliptic curve technology could become popular. Elliptic curve algorithms provide strong security without the need for large integer math, but haven’t yet found their way into widespread use.
Though the reliability of smartcard contacts has improved to very acceptable levels over the years, contacts are one of the most frequent failure points any electromechanical system due to dirt, wear, etc. The contact less card solves this problem. Cards need no longer be inserted into a reader. Contact less smart card, on the other hand, make use of an electromagnetic signal and an antenna embedded within each card to create the interaction between the card and the card reader. The radio frequencies employed also provide the card with its power source. These no battery-powered cards need to come within 2 to 3 inches of the card reader to be powered. Still, despite these benefits, contact less cards have not yet seen wide acceptance. The cost is higher and not enough experience has been gained to make the technology reliable.
Optical Memory Cards
These cards can carry many megabytes of data, but the cards can only be written once and never erased with today’s technology. Though the read and write devices for optical cards are still very expensive, they may find use in applications such as health care where large amounts of data must be stored.
HYBRID CARDS (COMBI CARDS)
Hybrid smart card (also commonly referred to as combi smart cards) are dual-chip cards; with each chip having its respective contact and contact less interface, not connected to each other inside the card. Strictly speaking, the combi cards are different from hybrids in that they carry only a single chip that has both contact and contact less interfaces, either of which can communicate between chip and card reader.
A comparison table for different types of cards discussed so far is given below.
|TYPES OF CARDS||MAXIMUM DATA CAPACITY||PROCESSING POWER|
|Magnetic strip card||140 bytes||None|
|Memory cards||1 kB||None|
|Processor cards||8 kB||8-32 bit CPU|
|Optical memory cards||4.9 kB||None|
As discussed previously that smart card has its smartness because of chip embedded on the card. As shown in figure the MICROCONTROLLER CHIP is combined with printed circuit. This combination is then glued to the plastic support card. Thus smart is made.
In order to make the card utilize universally some standards of the dimensions of the card and chip must be followed by all manufacturers. These physical standards are as follow.
• A smart card must have physical dimensions of 85.6 mm x 54 mm, with a corner radius of 3.18 mm and a thickness of 0.76mm. (according to ISO 7810 )
• Consequently, smart card chip placement is defined in ISO 7816-2, which was released in 1988. These physical characteristics are depicted in Figure
HOW THE IC CARD IS MADE?
The whole operation starts with the application requirements specification. From the requirements individual specifications can be prepared for the chip, card, mask ROM software and the application software as shown in the Figure. The ROM software is provided to the semiconductor supplier who manufactures the chips. The card fabricator embeds the chip in the plastic card.
There are a number of factors to be decided in the specification of the integrated circuit for the smart card.
• Microcontroller type (e.g. 6805,8051)
• Mask ROM size
• RAM size Non volatile memory type (e.g. EPROM, EEPROM)
• Non volatile memory size
• Clock speed (external, and optionally internal)
• Electrical parameters (voltage and current)
• Communications parameters (asynchronous, synchronous, byte, block)
• Reset mechanism Sleep mode (low current standby operation)
• Co-processor (e.g. for public key cryptography
The following list defines the main parameters that should be defined,
• Card dimensions
• Chip location (contact card)
• Card material (e.g. PVC, ABS)
• Printing requirements
• Magnetic stripe (optional)
• Signature strip (optional)
• Hologram or photo (optional)
• Embossing (optional)
• Environmental parameters
Mask ROM Specification:
The mask ROM contains the operating system of the smart card. It is largely concerned with the management of data files but it may optionally involve additional features such as cryptographic algorithms (e.g. DES). In some ways this is still a relatively immature part of the smart card standards since the early applications used the smart card largely as a data store with some simple security features such as PIN checking.
Application Software Specification:
This part of the card development process is clearly specific to the particular application. The application code could be designed as part of the mask ROM code but the more modern approach is to design the application software to operate from the PROM non volatile memory. This allows a far more flexible approach since the application can be loaded into the chip after manufacture.
Assuming the application is to be placed in the PROM memory of the IC then the next stage in the process is to load the code into the memory. This is accomplished by using the basic commands contained in the operating system in the mask ROM. These commands allow the reading and writing of the PROM memory.
The card is personalized to the particular user by loading data into files in the PROM memory in the same way that the application code is loaded into memory. At this stage the security keys will probably be loaded into the PROM memory.
The final operation in the manufacturing process is to enable the application for operation. This will involve the setting of flags in the PROM memory that will inhibit any further changes to be made to the PROM memory except under direct control of the application.
After getting overview of manufacturing of the chip card, lets see how smart card works for the commercial purpose. As shown before smart has an integrated circuit, that acts as an electronic mind of the card. On the basis of the working the circuit may be classified in three categories.
• Memory chip
• Logic chip
• Microprocessor chip
Among these the microprocessor chip is the best for it includes both memory and logic. It can perform different logical operation, transfer the information or data and also secure the information. All these operations are done by the CPU.One of the reasons for which smart card called smart is its memory, which can be divided into three parts
• Non-volatile memory (ROM)
• Memory with security logic(EEPROM)
• Memory only
As the name suggests the information stored in the NON-VOLATILE memory is completely secure even reader or terminal cannot read it. The card holder’s name, address, PIN (personal identification number) code etc. is stored in this memory. It is impossible to rewrite the data once it is recorded. When card is issued to the card holder this information is stored in this memory unit by authorized company. The second zone of memory is not completely secure but only confidential. In this zone the information regarding the credit limit, bank account, last balance, etc. is stored. After applying the PIN code by the card holder the information stored in this memory can be read by the terminal.
Third zone of memory is completely free. Anyone can get the information stored in this zone by the appropriate reader. The information such as short name and address, telephone number, medical report etc. is stored in this zone.
When we insert the card into the terminal three of the chip contacts will get the voltage supply from the terminal , and the chip is activated. Now the clock frequency is given through the C3 pin, which set the tuning of the exchange of the information between card and terminal. Now the C2 pin gives the green signal for starting the communication between card and terminal. The exchange of information starts through the pin C7,To understand the operation of the smart card let’s take an example of the departmental store. The cashier entered the bill into the terminal and then card holder inserts the card into the terminal. Now the terminal tests the card for its authentication. For this terminal gives a random number to the card. The card has to covert the number into certain code. Terminal knows the multiplication factor for this conversion. If the card is genuine then this factor must be known by it. Now the card holders have to give his identification to the card by entering the PIN code. Now this entered code and code stored in the memory zone 1.is compared by the CPU in the card, and if both are equal then and then memory zone 2.is opened for further operations. The card holder has to enter the correct code in at least 3 trials, if he is failed to do so then the card will erase its whole memory for the security purpose. Thus the chances for PIN code entered by the unauthorized person to be true is very very less. Now if the PIN code is true then the bill entered by the shopkeeper is subtracted from the credit limit. After completion of this process the terminal will display the massage for the acceptation of the bill.
Smart cards provide a new set of technologies with a great deal of promise. Smart Cards provide a secure, portable platform for “any time, anywhere” computing that can carry and manipulate substantial amounts of data, especially an individual’s personal digital identity. There are some clearly defined markets that will adopt Smart Cards in the next few years. The most immediate areas in which Smart Cards have been establishing their positions include.
Financial services – Financial institutions are looking to use Smart Cards to deliver higher value-added services to businesses and consumers at a lower cost per transaction. These services include money on a card, corporate card programs, and targeted marketing programs based on analysis of consumers’ buying patterns.
Affinity programs – Airlines, retailers, and other companies that offer a range of ancillary services and loyalty programs along with their basic product want to use Smart Cards to deliver these programs with a higher level of service, improved ease of use, and at a lower cost. For example, airlines want to use Smart Cards not only as a vehicle for issuing and carrying tickets – even though the single benefit of being able to securely order/provide a ticket directly to chip cards via the Internet is substantial.
Cellular phones – Cellular phone services in the United States are losing $1.5 million per day because of fraud. Although Smart Cards offer a mechanism to secure cellular phones against fraudulent use, only Java Cards offer the ability to download new functions into a phone in real time.
Secure network access – Smart Cards can carry an individual’s digital signature. With this ability, they provide a special mechanism to secure access to computer networks within a corporation; they help ensure that only individuals with the proper authority can get access to specific network resources, and they reduce the likelihood that hackers can break into a system.
Other Applications of Smart Cards technology include: Government, Healthcare, Information Technology, Mobile Communication, Banking, Loyalty Programs, Mass Transit, Driving Licensing, Electronic Toll Collection, Telephone Cards, etc.
Compared to conventional data transmission devices such as magnetic-stripe cards, smart cards offer enhanced security, convenience and economic benefits. Finally, the multifunctional as payment, application and networking devices renders a smart card as a perfect user interface in a mobile, networked economy.
Smart cards incorporate encryption and authentication technologies that can implement issuer’s and user’s requirements for the highest degree of security. Using encryption, contents and data can be securely transferred via wired and wireless networks. Coupled with biometric authentication methods which rely on personal physical attributes, smart cards are used in distributing government welfare payments in order to reduce frauds and abuse.
Smart cards will combine paper, plastic and magnetic cards used for identification, automatic teller machines, copiers, toll collection, pay phones, health care and welfare administration. Health care cards, for example, reduce document processing costs by allowing immediate access to personalized patient information stored in smart cards. Most other smart card uses combine identification function with specialized purposes as in military PX cards, government’s Electronic Benefit Transfer cards, and university ID cards that are also used to pay for food and photocopies.
Smart cards reduce transaction costs by eliminating paper and paper handling costs in hospitals and government benefit payment programs. Contact and contactless toll payment cards streamline toll collection procedures, reducing labor costs as well as delays caused by manual systems.
A smart card contains all the data needed to personalize networking, Web connection, payments and other applications. Web servers will verify the user’s identity and present a customized Web page, an e-mail connection and other authorized services based on the data read from a smart card. Personal settings for electronic appliances, including computers, will be stored in smart cards rather than in the appliances themselves.
The processing power of a smart card makes it ideal to mix multiple functions. For example, a college identification card can be used to pay for food, phone calls and photocopies, to access campus networks and to register classes.
A cost effective, secure and convenient alternative to cash transactions is needed as cash is still the most important payment method in terms of number of transaction. Over 80% of transactions are made in cash. Smart cards offer several advantages over checks and credit cards:
• Reduced handling costs
• Improved ease of use
• Lowered costs in infrastructural supports such as banking system and phone networks
• Versatility of combining credit, debit and stored value cards in one convenient platform
• Lower transaction costs
• Ability to carry out offline, online and peer-to-peer transaction
“The Smart Village”
The Smart Village envisioned by Schlumberger, the largest smart card seller, illustrates the vision of a networked world where smart card-based services and products inhabit our every day lives. This smart marketplace includes: GSM payphones and mobile telecommunication, private site smart pay phones, smart ticket vending machines at transit terminals, smart pay and display units at parking lots, smart fuel dispenser at gas stations, contact less, remote and prepaid card terminals in retail locations, smart health care management and network access based on secured, personalized smart cards
Finally, it is concluded that the smart card is an intrinsically secure device. Smart cards have proven to be useful for transaction, authorization, and identification media. As their capabilities grow, they could become the ultimate thin client, eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs, account numbers, and valuable personal data such as biometrics information. The smart card can be an element of solution to a security problem in the modern world. The smart card can be an element of solution to a security problem in the modern world
Electronics Today Magazine