SmartCard, chip card, or integrated circuit card (ICC) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing.] Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations. A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver’s license or credit card and can be made out of metal or plastic. They connect to a reader either by direct physical contact (also known as chip and dip) or through a short-range wireless connectivity standard such as radio-frequency identification (RFID) or near-field communication (NFC).
The idea of incorporating an integrated circuit chip onto a plastic card was first introduced by two German engineers in the late 1960s, Helmut Gröttrup and Jürgen Dethloff. In February 1967, Gröttrup filed the patent DE1574074 in West Germany for a tamper-proof identification switch based on a semiconductor device. Its primary use was intended to provide individual copy-protected keys for releasing the tapping process at unmanned gas stations. In September 1968, Helmut Gröttrup, together with Dethloff as an investor, filed further patents for this identification switch, first in Austria and in 1969 as subsequent applications in the United States Great Britain, West Germany and other countries.
The chip on a smart card can be either a microcontroller or an embedded memory chip. Smart cards are designed to be tamper-resistant and use encryption to provide protection for in-memory information. Those cards with microcontroller chips can perform on-card processing functions and can manipulate information in the chip’s memory.
Smart cards are used for a variety of applications, though most commonly are used for credit cards and other payment cards. Distribution of smart cards in recent years has been driven by the payment card industry’s move to support smart cards for the EMV payment card standard. Smart cards capable of short-range wireless connectivity can also be used for contactless payment systems; they can also be used as tokens for multifactor authentication.
International standards and specifications cover smart card technology, with some focus on industry-specific applications. In the United States, smart card technology conforms to international standards (ISO/IEC 7816 and ISO/IEC 14443) championed by the Smartcard Alliance.
The first mass use of smart cards was telephone card for payment in French pay phones which launched in 1983. Smart cards are now ubiquitous and have largely replaced magnetic stripe (also known as “mag stripe”) card technology, which only has a capacity of 300 bytes of non-rewriteable memory and no processing capability.
How Smart Cards Work
Smart card microprocessors or memory chips exchange data with card readers and other systems over a serial interface. The smart card itself is powered by an external source, usually the smart card reader. A smart card communicates with readers either via direct physical contact or using a short-range wireless connectivity standard such as RFID or NFC. The card reader then passes data from the smart card to its intended destination, usually a payment or authentication system connected to the smart card reader over a network connection.
Uses of Smart Cards
EMV Smart Cards enable ‘dipping’ at point of sale
Smart cards are generally used in applications that must deliver fast, secure transactions, and protect personal information such as credit cards and other types of payment cards, corporate and government identification cards and transit fare payment cards. Smart cards are also sometimes used to function as documents such as electronic passports and visas.
Smart cards are often designed to be used with a PIN, for example, when they are used as debit or ATM cards. Organizations also use smart cards for security purposes; in addition to their use as multifactor authentication tokens, the cards can also be used for authenticating single sign-on users.
Types of Smart Cards
Smart cards can be categorized on different criteria including by how the card reads and writes data, by the type of chip implanted in the card and by the capabilities of that chip. Some of the different of types of smart cards include:
Contact Smart Cards are the most common type of smart card. Contact smart cards are inserted into a smart card reader that has a direct connection to a conductive contact plate on the surface of the card. Commands, data and card status are transmitted over these physical contact points.
Contactless Smart Cards require only proximity to a card reader to be read; no direct contact is necessary for the card to function. The card and the reader are both equipped with antennae and communicate using radio frequencies over the contactless link. A contactless smart card functions by being put near the reader to be read.
Dual-interface cards are equipped with both contactless and contact interfaces. This type of card enables secure access to the smart card’s chip with either the contactless or contact smart card interfaces.
Hybrid Smart Cards contain more than one smart card technology. For example, a hybrid smart card might have one embedded processor chip that is accessed through a contact reader as well as an RFID-enabled chip used for proximity connection. The two different chips may be used for different applications linked to a single smart card, as when the proximity chip is used for physical access to restricted areas while the contact smart card chip is used for single sign-on authentication.
Memory Smart Cards contain memory chips only and can only store, read and write data to the chip; the data on memory smart cards can be over-written or modified, but the card itself is not programmable so data can’t be processed or modified programmatically. Memory smart cards can be read-only and used to store data such as a PIN, password or public key; they can also be read-write and used to write or update user data. Memory smart cards can be configured to be rechargeable or disposable, in which case they contain data that can only be used once or for a limited time before being updated or discarded.
Microprocessor Smart Cards have a microprocessor embedded onto the chip in addition to memory blocks. A microprocessor card may also incorporate specific sections of files where each file is associated with a specific function. The data in the files and the memory allocation are managed with a smart card operating system. This type of card can be used for more than one function and is usually designed to enable adding, deleting and otherwise manipulating data in memory.
Smart Cards can also be categorized by their application, such as credit card, debit card, entitlement or other payment card, authentication token and so on.
A Smart Card may have the following generic characteristics:
Dimensions similar to those of a credit card. ID-1 of the ISO/IEC 7810 standard defines cards as nominally 85.60 by 53.98 millimetres (3.37 in × 2.13 in). Another popular size is ID-000, which is nominally 25 by 15 millimetres (0.98 in × 0.59 in) (commonly used in SIM cards). Both are 0.76 millimetres (0.030 in) thick.
Contains a tamper-resistant security system (for example a secure cryptoprocessor and a secure file system) and provides security services (e.g., protects in-memory information).
Managed by an administration system, which securely interchanges information and configuration settings with the card, controlling card blacklisting and application-data updates.
Communicates with external services through card-reading devices, such as ticket readers, ATMs, DIP reader, etc.
Smart Cards are typically made of plastic, generally polyvinyl chloride, but sometimes polyethylene-terephthalate-based polyesters, acrylonitrile butadiene styrene or polycarbonate.
Since April 2009, a Japanese company has manufactured reusable financial smart cards made from paper.[
Advantages of Smart Cards
Smart cards can provide a higher level of security than magnetic stripe cards as they can contain microprocessors capable of processing data directly without remote connections; even memory-only smart cards can be more secure because they can securely store more authentication and account data than traditional mag stripe cards.
Smart credit cards became common as banks embraced the EMV standard
Another advantage of smart cards is that once information is stored on a smart card, it can’t easily be deleted, erased or altered. As such, smart cards are good for storing valuable data that can’t be — or shouldn’t be — easily reproduced.
Smart Card technology is generally safe against electronic interference and magnetic fields, unlike magnetic stripe cards. In addition, applications and data on a card can be updated through secure channels so issuers do not necessarily have to issue new cards when an update is necessary. Multiservice smart card systems can enable users to access more than one different service with just one smart card.
Disadvantages of Smart Cards
While Smart Cards have many advantages, the cards themselves — as well as the smart card readers — can be expensive.
Another disadvantage of smart cards is that not all smart card readers are compatible with all types of smart cards. With multiple types of smart cards available, some use nonstandard protocols for data storage and card interface; some smart cards and readers also use proprietary software that is incompatible with other readers.
While smart cards can be more secure for many applications, they are still vulnerable to certain types of attack. Attacks that can recover information from the chip are possible against smart card technology. Differential power analysis can be used to deduce the on-chip private key used by public key algorithms such as RSA. Some implementations of symmetric ciphers can be vulnerable to timing attacks or differential power analysis as well. Smart cards may also be physically disassembled in order to gain access to the on-board microchip.
Examples of Smart Cards
The benefits of smart cards are directly related to the volume of information and applications that are programmed for use on a card. A single contact/contactless smart card can be programmed with multiple banking credentials, medical entitlement, driver’s license/public transport entitlement, loyalty programs and club memberships to name just a few. Multi-factor and proximity authentication can and has been embedded into smart cards to increase the security of all services on the card. For example, a smart card can be programmed to only allow a contactless transaction if it is also within range of another device like a uniquely paired mobile phone. This can significantly increase the security of the smart card.
Governments and regional authorities save money because of improved security, better data and reduced processing costs. These savings help reduce public budgets or enhance public services. There are many examples in the UK, many using a common open LASSeO specification.
Individuals have better security and more convenience with using smart cards that perform multiple services. For example, they only need to replace one card if their wallet is lost or stolen. The data storage on a card can reduce duplication, and even provide emergency medical information.
Source: Smartcard Alliance (Secure Technology Alliance).