"Smart Card": Haryana Engineering College
"Smart Card": Haryana Engineering College
SMART CARD
page no.
3 5 5 6 11 12 13 14 15 16 17 18 19 21 22 28 28
Smart Card
Simple plastic card, just at the size of a credit card, with a microprocessor and memory embedded inside is a smart card. Beside its tiny little structure it has many uses and wide variety of applications ranging from phone cards to digital identification of the individuals. These application could be; identity of the customer, library card, ewallet, keys to various doors, etc... And only one card can be issued to an endentity for all these applications. Smart cards hold these data within different files, and , as you will read, these data is only visible to its program depending on the operating system of the card. These data files are arranged in a file system much like a Linux directory structure. Smart cards greatly the convenience and security of any transaction. They provide tamper-proof storage of user and account identity. Smart card systems have proven to be more reliable than other machine-readable cards, such as magnetic-stripe and bar-code, with many studies showing card read life and reader life improvements demonstrating much lower cost of system maintenance. Smart cards also provide vital components of system security for the exchange of data throughout virtually any type of network. They protect against a full range of security threats, from careless storage of user passwords to sophisticated system hacks.
MF (Master File) EF (Elementary File) EF DF (Dedicated File) o EF o DF o EF MF(Master File), can be seen as the root directory where the headers of elementary files and dedicated files are contained. Dedicated files are like the ordinary directories and elementary files are just data files. The PIN is also stored in an EF but only the card has access permission to this file. The attributes of the files on UNIX environments are changed to access conditions. Many cards have access condition lists which must be fulfilled before accessing the data. A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic card and a microprocessor allows an immense amount of information to be stored, accessed and processed either online or offline. Smart cards can store several hundred times more data than a conventional card with a magnetic stripe. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader.
The data stored can be protected against unauthorized access and tampering. They are appropriate for secure and convenient data storage. Smart cards have the property of multifunctionality.
1.Contact vs Contactless
As smart cards have embedded microprocessors, they need energy to function and some mechanism to communicate, receiving and sending the data. Some smart cards have golden plates, contact pads, at one corner of the card. This type of smart cards are called Contact Smart Cards. The plates are used to supply the necessary energy and to communicate via direct electrical contact with the reader. When you insert the card into the reader, the contacts in the reader sit on the plates.
I/O : Input or Output for serial data to the integrated circuit inside the card. Vpp : Programing voltage input (optional use by the card). Gnd : Ground (reference voltage). CLK : Clocking or timing signal (optional use by the card). RST: Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card). If internal reset is implemented, the voltage supply on Vcc is mandatory. Vcc : Power supply input (optional use by the card).
Contact micro module embedded into a plastic substrate The integrated circuit chip on a Smart Card requires some facilities fed to it from the outside world. Generally these are an electrical voltage to power the chip, a clock frequency to drive the chip and an input/output path for the data.
Based on the type of IC chip embedded on the Smart Card, they are categorized into three types IC Micro Processor Cards IC Memory Cards Optical Memory Cards
2.Memory vs Microprocessor
The most common and least expensive smart cards are memory cards. This type of smart cards, contains EEPROM(Electrically Erasable Programmable Read-Only Memory), non-volatile memory. Because it is non-volatile when you remove the card from the reader, power is cut off, card stores the data. You can think of EEPROM, inside, just like a normal data storage device which has a file system
9
and managed via a microcontroller (mostly 8 bit). This microcontroller is responsible for accessing the files and accepting the communication. The data can be locked with a PIN (Personal Identification Number), your password. PIN's are normally 3 to 8 digit numbers those are written to a special file on the card. Because this type is not capable of cryptography, memory cards are used in storing telephone credits, transportation tickets or electronic cash. Microprocessor cards, are more like the computers we use on our desktops. They have RAM, ROM and EEPROM with a 8 or 16 bit microprocessor. In ROM there is an operating system to manage the file system in EEPROM and run desired functions in RAM.
3.CombiCard vs Super Smart Cards CombiCard The Combi Card is a single card which has the features of both contact and contact less smart card with addition of magnetic strip, 2-dimensional and/or on edimensional bar code technology incorporated into the card. This allows the card to be multi-application if necessary. Super Smart Cards The types of smart cards that have presented so far are considered as a passive card which required an external source of power supply and read/write terminal. This restriction inevitably affects their suitability for certain types of application. For instance, any passive smart card system must ensure adequate terminal availability throughout the planned area of the service. This lead to the development of the third generation active smart card, know as Super Smart Card, which is currently under development. Super Smart Card incorporates a keyboard and display directly on the surface of the card. It can function as a standalone unit, or connect to a computer. For this purpose, they also generally have surface contacts. Disadvantages to the super smart card include the high cost of production in
10
comparison with the other cards, the difficulty in meeting ISO standards and the small size of the keypad.
The primary benefit of a Super Smart Card (active card) is its off-line, self validating functionality. Unlike terminal-power passive cards, it is usable at any time in any location, yet, with its build in PIN-validating programmer and other secure features, access is as highly protected as any existing smart card system.
Pin Configuration
,----, ,----, | C1 | | C5 | '----' '----' ,----, ,----, | C2 | | C6 | '----' '----' ,----, ,----, | C3 | | C7 | '----' '----' ,----, ,----, | C4 | | C8 | '----' '----'
11
12
13
CHIP CONFIGURATION
14
These smart card has up to 8 mechanical contacts . 1. VCC - to supply voltage to the chip 2. RST -to reset signal 3. CLK - for external clock signal 4. GND - for ground 5. VPP for high voltage signal 6. I/O to transfer data bet smart card &the card reader 7. RFU Reserved for future use
Memory Overview
15
Operating Mode
16
Beside having a loose standard, current generation of contact less smart cards do have some other disadvantages. They tend to be rather slow and expensive to build and tend to fail as a result of flexing since they consist of a number of linked components rather than a single chip. Furthermore, there are also problems in embossing some types of contact less card since embossing damages the components. Potentially they are less secure as a result of the potential to couple a listening device at the card - reader air interface.
17
How is a smart card different from the magnetic stripe card that I carry in my wallet?
A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
Why is reloadability important to the development of the smart card vis-a-vis disposable cards?
18
There are markets for both disposable and reloadable cards. Disposable cards work well for an event and as a collectible card. If the card is a multiple application card supporting, for example, debit and/or credit and stored value, the customer would not want to throw this type of card away. It would be more appropriate if the stored value application is reloadable. A standalone reloadable card (as opposed to a standalone disposable card) is very attractive to some customers. This customer would tend to be someone who uses their stored value on a frequent basis perhaps for public transportation, corporate cafeteria etc. and wants to be able tore load the card on a periodic basis rather than have to buy a new card each time.
Biometrics:
The technique of studying physical characteristics of a person such as fingerprints, hand geometry, eye structure or voice pattern.
Chip:
A piece of silicon etched with electronic circuits (synonym: Integrated Circuit).
Electronic Purse:
A small portable device which contains electronic money. It is sometimes called an electronic wallet or stored value card.
Microprocessor:
A chip that serves as the Central Processing Unit controlling a computer. It provides programmable intelligence.
Personalization:
During this process, a smart card is modified to contain the information for one person.
20
A specific type of smart card for GSM systems holding the subscribers ID number, thus allowing him/her to call from any GSM device.
For applications such as the electronic purse, this time saving is perceived by card holders as a major advantage over other cards and cash. Some card issuers have developed smart cards using contactless technology (this uses a radio transmitter/receiver to make the link between card and terminal, so the cards just have to be waved near a terminal, rather than being inserted into it). Flexible Smart card issuers exist in many different sectors and use many different he Hand-e card is compatible with most of the large smart card operating system software. It also supports the Microsoft Windows for Smart Cards and the Java card, which support the Java programming language Greater data capacity Smart cards can store more data than magnetic stripe cards. The development of multipleapplication cards such as Hand-e, means that many different applications can co-reside on one card: credit/debit, e-purse,
travel tickets, loyalty points and security identification, to name a few.
APPLICATIONS
Financial Applications
Electronic Purse to replace coins for small purchases in vending machines and over-thecounter transactions. Credit and/or Debit Accounts, replicating what is currently on the magnetic stripe bank card, but in a more secure environment. Securing payment across the Internet as part of Electronic Commerce.
22
Communications Applications
The secure initiation of calls and identification of caller (for billing purposes) on any Global System for Mobile Communications (GSM) phone. Subscriber activation of programming on Pay-TV.
Government Programs
Electronic Benefits Transfer using smart cards to carry Food Stamp and WIC food benefits in lieu of paper coupons and vouchers. Agricultural producer smart marketing card to track quotas.
Information Security
Employee access cards with secured passwords and the potential to employ biometrics to protect access to computer systems.
Transportation
Drivers Licenses. Mass Transit Fare Collection Systems. Electronic Toll Collection Systems.
Consumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set. Consumer health card containing insurance eligibility and emergency medical data.
Student Identification
All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).
1. Customer Benefits
a) Full Portability of Services The smart card effectively breaks the link between the subscriber and the terminal, allowing the use of any properly equipped terminal and helping to realize the wireless promise of any-time, anywhere communications. In fact, subscribers need not be constrained to using voice terminals only. A variety of other mobile communications devices such as personal digital assistants (PDAs) and personal
24
intelligent communicators (PIC) are available that may have voice communications added as an integral part their capabilities. If these other devices are equipped for smart cards, the potential for communications is increased. Similarly, data communications applications could benefit from the security features inherent in smart cards. b) International Roaming Wireless customer often require the ability to place and receive call when traveling abroad. For these customers, international roaming enabled by smart cards is quite valuable. For example, AT&T, and GTE have all instituted international roaming programs using GSM phones and smart cards. The program uses co-branded smart cards, which corporate customers bring with them when they travel abroad. Customers are given a telephone number from a GSM carrier, which allows them to be contacted in any of the countries that have international roaming agreements. 14.1.3 Intersystem Roaming The incompatibility of different communication radio interfaces and authentication protocols (time division multiple access [TDMA], code division multiple access [CDMA],GSM,personal digital cellular [PDC], mobile satellite systems.) requires subscribers to make choices that constrain them to use only one particular type of handset that works with only one radio interface. With a smart card, it becomes possible for subscribers to use one handset for different interfaces and protocols. This feature is already implemented among the three frequencies used by the GSM platform (900, 1800, & 1900 MHz). American National Standards Institute (ANSI) telephone industry price index (T1P1).3 has recommended standards for a user identity module, smart card that can be used with the major radio access methods. Thus, it becomes conceivable to have current GSM smart cards modified so that they can work with a CDMA handset. For eg. North American GSM operators have designed a process to which the SIM holds both the GSM and advanced
25
mobile phone service (AMPS) authentication algorithm and data to provide authentication on both networks in inter roaming situations. 14.1.4 Multiple Services on a Single Card Maximum value is realized by the subscriber when multiple applications are stored on a single card. A multi-application smart card could provide access to airline reservation and ticketing systems and information networks, as well as a mobile telephone service. Considering the many cards that the average person carries these days integrating more applications into a single card (or at least fewer cards) has obvious appeal and benefits. It is important to note that there is clear interest on the part industries to package their services with mobile telephony. For eg. research by Citibank indicates clearly that a substantial percentage of the company's customers would like to be able to conduct its banking on a variety of platforms, including wireless. Such services are already available using a standardized toolbox for smart-card application creation.
26
Separation of Business and Personal Calls The smart card allows customers to be billed separately for personal and business calls made on a single phone. For example, Airtel, a Spanish GSM operator, uses a SIM card with two sets of subscription informationone for corporate and the other for personal use. Airtels dual SIM cards have been well received in the corporate market.
27
Conclusion
Smart cards are here to stay. They have found widespread acceptance in Europe and Asia, and they are slowly finding acceptance in the US. While the current significant use has been in the communications and transportation industries, once the card readers become commonplace in personal computers, smart cards will significantly enhance e-commerce. International standards for smart cards are emerging rapidly. The EMV standard developed by Europe, MasterCard and Visa is a dominant standard. The GSM is another major standard that addresses the wireless aspects of communication with the smart card. Another fast-moving area of development in smart cards is the Java card. These and other applications suggest that there are attractive opportunities for empowering employees while strengthening financial control. The ability to program multiple levels of control into the card, using open as well as proprietary standards, could expand the card's adoption. All these trends point to tremendous possibilities in the future for smart card technology.
Future Aspects
Soon it will be possible to access the data in Smart cards by the use of Biometrics. Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet. In the near future, the multifunctional smart card will replace the traditional magnetic swipe card.
Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
28