SEMINAR REPORT ON

SMART CARD

Submitted toEr. SHIKHA Deptt of Computer Engg

Submitted bySHUBHAM 1808716(CO7) 7th Sem(C.S.E)

Department of Computer Engineering

Haryana Engineering College

Jagadhri

LIST OF CONTENTS Content

1. Smart card 2. History of smart cards 3. What is SMART about smart card 4. Classification of smart card 5. Pin configuration 6. Dimension of smart card 7. Elements of smart card 8. Chip configuration 9. Memory overview 10. Operating mode 11. Advantages 12. Smart card standards 13. Smart card glossary 14. Benefits 15. Applications 16. Conclusion 17. Future aspect

page no.
3 5 5 6 11 12 13 14 15 16 17 18 19 21 22 28 28

Smart Card
Simple plastic card, just at the size of a credit card, with a microprocessor and memory embedded inside is a smart card. Beside its tiny little structure it has many uses and wide variety of applications ranging from phone cards to digital identification of the individuals. These application could be; identity of the customer, library card, ewallet, keys to various doors, etc... And only one card can be issued to an endentity for all these applications. Smart cards hold these data within different files, and , as you will read, these data is only visible to its program depending on the operating system of the card. These data files are arranged in a file system much like a Linux directory structure. Smart cards greatly the convenience and security of any transaction. They provide tamper-proof storage of user and account identity. Smart card systems have proven to be more reliable than other machine-readable cards, such as magnetic-stripe and bar-code, with many studies showing card read life and reader life improvements demonstrating much lower cost of system maintenance. Smart cards also provide vital components of system security for the exchange of data throughout virtually any type of network. They protect against a full range of security threats, from careless storage of user passwords to sophisticated system hacks.

MF (Master File) EF (Elementary File) EF DF (Dedicated File) o EF o DF o EF MF(Master File), can be seen as the root directory where the headers of elementary files and dedicated files are contained. Dedicated files are like the ordinary directories and elementary files are just data files. The PIN is also stored in an EF but only the card has access permission to this file. The attributes of the files on UNIX environments are changed to access conditions. Many cards have access condition lists which must be fulfilled before accessing the data. A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic card and a microprocessor allows an immense amount of information to be stored, accessed and processed either online or offline. Smart cards can store several hundred times more data than a conventional card with a magnetic stripe. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader.

Figure. Information and Personalization

History of Smart Cards

Smart Card has its origin in 1970s by inventors from Germany, Japan and France. Until mid 80s most of the work on Smart Cards was at the research and development level. First mass use was for payment in French payphones. The current world population of Smart Cards is nearly 3 billion. The manufacturers of Smart Cards are Gemplus, IBM, Siemens, Telesec and many more.

What is SMART about the Smart Card ??

Smart Cards are capable of not just storing data but also have processing power. They have larger storage capacity when compared to magnetic swipe cards.
5

 The data stored can be protected against unauthorized access and tampering. They are appropriate for secure and convenient data storage. Smart cards have the property of multifunctionality.

Classification of Smart Cards

Due to the communication with the reader and functionality of smart cards, they are classified differently. Based on the way the smart card interacts with the Reader, smart cards are of two types: Contact Smart Cards: These require insertion into the Card reader. Contact less Smart Cards: These require close proximity of the reader.

1.Contact vs Contactless
As smart cards have embedded microprocessors, they need energy to function and some mechanism to communicate, receiving and sending the data. Some smart cards have golden plates, contact pads, at one corner of the card. This type of smart cards are called Contact Smart Cards. The plates are used to supply the necessary energy and to communicate via direct electrical contact with the reader. When you insert the card into the reader, the contacts in the reader sit on the plates.

 I/O : Input or Output for serial data to the integrated circuit inside the card. Vpp : Programing voltage input (optional use by the card). Gnd : Ground (reference voltage). CLK : Clocking or timing signal (optional use by the card). RST: Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card). If internal reset is implemented, the voltage supply on Vcc is mandatory. Vcc : Power supply input (optional use by the card).

Contact micro module embedded into a plastic substrate The integrated circuit chip on a Smart Card requires some facilities fed to it from the outside world. Generally these are an electrical voltage to power the chip, a clock frequency to drive the chip and an input/output path for the data.

Based on the type of IC chip embedded on the Smart Card, they are categorized into three types IC Micro Processor Cards IC Memory Cards Optical Memory Cards

2.Memory vs Microprocessor
The most common and least expensive smart cards are memory cards. This type of smart cards, contains EEPROM(Electrically Erasable Programmable Read-Only Memory), non-volatile memory. Because it is non-volatile when you remove the card from the reader, power is cut off, card stores the data. You can think of EEPROM, inside, just like a normal data storage device which has a file system
9

and managed via a microcontroller (mostly 8 bit). This microcontroller is responsible for accessing the files and accepting the communication. The data can be locked with a PIN (Personal Identification Number), your password. PIN's are normally 3 to 8 digit numbers those are written to a special file on the card. Because this type is not capable of cryptography, memory cards are used in storing telephone credits, transportation tickets or electronic cash. Microprocessor cards, are more like the computers we use on our desktops. They have RAM, ROM and EEPROM with a 8 or 16 bit microprocessor. In ROM there is an operating system to manage the file system in EEPROM and run desired functions in RAM.

3.CombiCard vs Super Smart Cards CombiCard The Combi Card is a single card which has the features of both contact and contact less smart card with addition of magnetic strip, 2-dimensional and/or on edimensional bar code technology incorporated into the card. This allows the card to be multi-application if necessary. Super Smart Cards The types of smart cards that have presented so far are considered as a passive card which required an external source of power supply and read/write terminal. This restriction inevitably affects their suitability for certain types of application. For instance, any passive smart card system must ensure adequate terminal availability throughout the planned area of the service. This lead to the development of the third generation active smart card, know as Super Smart Card, which is currently under development. Super Smart Card incorporates a keyboard and display directly on the surface of the card. It can function as a standalone unit, or connect to a computer. For this purpose, they also generally have surface contacts. Disadvantages to the super smart card include the high cost of production in
10

comparison with the other cards, the difficulty in meeting ISO standards and the small size of the keypad.

The primary benefit of a Super Smart Card (active card) is its off-line, self validating functionality. Unlike terminal-power passive cards, it is usable at any time in any location, yet, with its build in PIN-validating programmer and other secure features, access is as highly protected as any existing smart card system.

Pin Configuration

,----, ,----, | C1 | | C5 | '----' '----' ,----, ,----, | C2 | | C6 | '----' '----' ,----, ,----, | C3 | | C7 | '----' '----' ,----, ,----, | C4 | | C8 | '----' '----'

C1 : Vcc = 5V C2 : Reset C3 : Clock C4 : RFU

C5 : Gnd C6 : Vpp C7 : I/O C8 : RFU

11

DIMENSIONS OF SMART CARD

12

Elements of a typical Smart Card

Smart cards have same 3 fundamental elements as all other computers: processing power, data storage and a means to input and output data. Processing power is supplied by a microprocessor chip (e.g. Intel 8051 and Motorola 6805), and data storage is supplied by a memory chip (EEPROM, FLASH, ROM, RAM). In some instances these elements can be combined in one chip. The means in which data is transferred varies from card to card. In order to operate, each card must have a power source, whether in a card reader or on the card itself. Below figure shows the main elements of microprocessor used in smart cards CPU, ROM RAM and EEPROM

Fig. Microprocessor Chip Diagram

13

Fig. Smart Card Configuration

CHIP CONFIGURATION

14

These smart card has up to 8 mechanical contacts . 1. VCC - to supply voltage to the chip 2. RST -to reset signal 3. CLK - for external clock signal 4. GND - for ground 5. VPP for high voltage signal 6. I/O to transfer data bet smart card &the card reader 7. RFU Reserved for future use

Memory Overview

15

Operating Mode

16

Advantages of contact less cards over contact cards

Reliability: Surface contacts are usually where failures occur in electrical systems. Surface contacts on contact cards are susceptible to damage, contamination and wear, making failures more likely to occur. Longer Life: For the same reasons mentioned above. Facility: The contact less card can be placed in any orientation toward the read/write unit, whereas the contact card must be placed in a slot in a specific direction. Minimal maintenance: The read/write units have no moving mechanical parts which requires Convenience: The read/write unit for contact less cards can be mounted under or behind any non-metallic working surface minimal maintenance. Robustness: The read/write units and contact less cards can withstand harsh environments and weather. Therefore, they are suitable for use in industrial or other harsh environments where they may come in contact with oil, grease or dirt.

Beside having a loose standard, current generation of contact less smart cards do have some other disadvantages. They tend to be rather slow and expensive to build and tend to fail as a result of flexing since they consist of a number of linked components rather than a single chip. Furthermore, there are also problems in embossing some types of contact less card since embossing damages the components. Potentially they are less secure as a result of the potential to couple a listening device at the card - reader air interface.

17

Smart Card Standards

ISO7816 is the international standard for Smart Cards that use electrical contacts. With this standard, Smart Cards could communicate with the Reader using the same protocol. The ISO7816 standards are separated in 3 different parts. ISO7816-1: defines the physical characteristics of the card. ISO7816-2: defines the dimension and contact position of the card. ISO7816-3: defines the electrical signals and transmission protocols.

How is a smart card different from the magnetic stripe card that I carry in my wallet?
A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).

What is the cost of an average smart card?

Trying to respond to this question is like asking the cost of a car without defining whether it is a used VW or a new Rolls Royce. The price of a smart card depends upon its capacity. The average price for all microprocessor cards is $3.79 each, whereas, the average price for a memory card is estimated at 47 cents.

Why is reloadability important to the development of the smart card vis-a-vis disposable cards?
18

There are markets for both disposable and reloadable cards. Disposable cards work well for an event and as a collectible card. If the card is a multiple application card supporting, for example, debit and/or credit and stored value, the customer would not want to throw this type of card away. It would be more appropriate if the stored value application is reloadable. A standalone reloadable card (as opposed to a standalone disposable card) is very attractive to some customers. This customer would tend to be someone who uses their stored value on a frequent basis perhaps for public transportation, corporate cafeteria etc. and wants to be able tore load the card on a periodic basis rather than have to buy a new card each time.

How secure and confidential are smart cards?

Smart cards actually offer more security and confidentiality than other financial information or transaction storage vehicles, making it a perfect solution for ecommerce transactions. A smart card is a safe place to store valuable information such as private keys, account numbers, passwords, or personal information. It's also a secure place to perform processes that one doesn't want exposed to the world, for example, performing a public key or private key encryption. Smart cards have computational or processing power to provide greater security, allowing verification of the cardholder. Entering a PIN is one method of verification, biometrics is another. The benefit of the smart card is that you can verify the PIN or fingerprint securely, off-line.

Smart card glossary

Authentication:
The process whereby a card or a terminal verifies that the other party is genuine.
19

 Biometrics:
The technique of studying physical characteristics of a person such as fingerprints, hand geometry, eye structure or voice pattern.

Chip:
A piece of silicon etched with electronic circuits (synonym: Integrated Circuit).

Electronic Purse:
A small portable device which contains electronic money. It is sometimes called an electronic wallet or stored value card.

GSM (Global System for Mobile Communications):

A European standard for digital cellular telephones that has now been widely adopted throughout the world.

Microprocessor:
A chip that serves as the Central Processing Unit controlling a computer. It provides programmable intelligence.

Personalization:
During this process, a smart card is modified to contain the information for one person.

SIM (Subscriber Identification Module):

20

A specific type of smart card for GSM systems holding the subscribers ID number, thus allowing him/her to call from any GSM device.

BENEFITS OF SMART CARDS More secure

Data stored on a smart card is protected by sophisticated security mechanisms. It is thus very difficult and expensive to thus fraudulently alter data or copy the cards. Changing from magnetic stripe cards to smart cards can dramatically reduce card fraud linked to counterfeit cards, as well as fraud linked to off-line transactions by making them secure. Lower running costs Merchants do not have to pay telephone costs for secure off-line transactions, thus making it economic for them to accept electronic payment for smaller value transactions. Faster Smart cards can perform secure off-line transactions which typically take a fraction of a second, compared with several seconds for on-line transactions.
21

For applications such as the electronic purse, this time saving is perceived by card holders as a major advantage over other cards and cash. Some card issuers have developed smart cards using contactless technology (this uses a radio transmitter/receiver to make the link between card and terminal, so the cards just have to be waved near a terminal, rather than being inserted into it). Flexible Smart card issuers exist in many different sectors and use many different he Hand-e card is compatible with most of the large smart card operating system software. It also supports the Microsoft Windows for Smart Cards and the Java card, which support the Java programming language Greater data capacity Smart cards can store more data than magnetic stripe cards. The development of multipleapplication cards such as Hand-e, means that many different applications can co-reside on one card: credit/debit, e-purse,
travel tickets, loyalty points and security identification, to name a few.

APPLICATIONS
Financial Applications
Electronic Purse to replace coins for small purchases in vending machines and over-thecounter transactions. Credit and/or Debit Accounts, replicating what is currently on the magnetic stripe bank card, but in a more secure environment. Securing payment across the Internet as part of Electronic Commerce.

22

Communications Applications
The secure initiation of calls and identification of caller (for billing purposes) on any Global System for Mobile Communications (GSM) phone. Subscriber activation of programming on Pay-TV.

Government Programs
Electronic Benefits Transfer using smart cards to carry Food Stamp and WIC food benefits in lieu of paper coupons and vouchers. Agricultural producer smart marketing card to track quotas.

Information Security
Employee access cards with secured passwords and the potential to employ biometrics to protect access to computer systems.

Physical Access Control

Employee access cards with secured ID and the potential to employ biometrics to protect physical access to facilities.

Transportation
Drivers Licenses. Mass Transit Fare Collection Systems. Electronic Toll Collection Systems.

Retail and Loyalty

23

Consumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set. Consumer health card containing insurance eligibility and emergency medical data.

Student Identification
All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).

Smart Card Advantages

Compared to conventional data transmission devices such as magnetic-stripe cards, smart cards offer enhanced security, convenience and economic benefits. In addition, smart card-based systems are highly configurable to suit individual needs. Finally, the multifunctionality as payment, application and networking devices renders a smart card as a perfect user interface in a mobile, networked economy.

1. Customer Benefits
a) Full Portability of Services The smart card effectively breaks the link between the subscriber and the terminal, allowing the use of any properly equipped terminal and helping to realize the wireless promise of any-time, anywhere communications. In fact, subscribers need not be constrained to using voice terminals only. A variety of other mobile communications devices such as personal digital assistants (PDAs) and personal
24

intelligent communicators (PIC) are available that may have voice communications added as an integral part their capabilities. If these other devices are equipped for smart cards, the potential for communications is increased. Similarly, data communications applications could benefit from the security features inherent in smart cards. b) International Roaming Wireless customer often require the ability to place and receive call when traveling abroad. For these customers, international roaming enabled by smart cards is quite valuable. For example, AT&T, and GTE have all instituted international roaming programs using GSM phones and smart cards. The program uses co-branded smart cards, which corporate customers bring with them when they travel abroad. Customers are given a telephone number from a GSM carrier, which allows them to be contacted in any of the countries that have international roaming agreements. 14.1.3 Intersystem Roaming The incompatibility of different communication radio interfaces and authentication protocols (time division multiple access [TDMA], code division multiple access [CDMA],GSM,personal digital cellular [PDC], mobile satellite systems.) requires subscribers to make choices that constrain them to use only one particular type of handset that works with only one radio interface. With a smart card, it becomes possible for subscribers to use one handset for different interfaces and protocols. This feature is already implemented among the three frequencies used by the GSM platform (900, 1800, & 1900 MHz). American National Standards Institute (ANSI) telephone industry price index (T1P1).3 has recommended standards for a user identity module, smart card that can be used with the major radio access methods. Thus, it becomes conceivable to have current GSM smart cards modified so that they can work with a CDMA handset. For eg. North American GSM operators have designed a process to which the SIM holds both the GSM and advanced
25

mobile phone service (AMPS) authentication algorithm and data to provide authentication on both networks in inter roaming situations. 14.1.4 Multiple Services on a Single Card Maximum value is realized by the subscriber when multiple applications are stored on a single card. A multi-application smart card could provide access to airline reservation and ticketing systems and information networks, as well as a mobile telephone service. Considering the many cards that the average person carries these days integrating more applications into a single card (or at least fewer cards) has obvious appeal and benefits. It is important to note that there is clear interest on the part industries to package their services with mobile telephony. For eg. research by Citibank indicates clearly that a substantial percentage of the company's customers would like to be able to conduct its banking on a variety of platforms, including wireless. Such services are already available using a standardized toolbox for smart-card application creation.

26

Separation of Business and Personal Calls The smart card allows customers to be billed separately for personal and business calls made on a single phone. For example, Airtel, a Spanish GSM operator, uses a SIM card with two sets of subscription informationone for corporate and the other for personal use. Airtels dual SIM cards have been well received in the corporate market.

Enhanced Security Benefits

SIM cards have several features that enhance security for wireless communications networks. Smart-card supporters point to the potential of limiting or eliminating fraud as one of strongest selling points. SIM cards provide a secure authentication key transport container from the carriers authentication center to the end-users terminal. Their superior fraud protection is enabled by hosting the cryptographic authentication algorithm and data on the cards microprocessor chip. SIM card can be personal identification number (PIN) protected and include additional protection against logical attacks. With added PIN code security, SIM cards offer same level of security used by bank for securing off-line payment. Because the home network authentication algorithm also resides in the card, SIM card make secure roaming possible. They can also include various authentication mechanism for internetwork roaming of different types.

27

Conclusion
Smart cards are here to stay. They have found widespread acceptance in Europe and Asia, and they are slowly finding acceptance in the US. While the current significant use has been in the communications and transportation industries, once the card readers become commonplace in personal computers, smart cards will significantly enhance e-commerce. International standards for smart cards are emerging rapidly. The EMV standard developed by Europe, MasterCard and Visa is a dominant standard. The GSM is another major standard that addresses the wireless aspects of communication with the smart card. Another fast-moving area of development in smart cards is the Java card. These and other applications suggest that there are attractive opportunities for empowering employees while strengthening financial control. The ability to program multiple levels of control into the card, using open as well as proprietary standards, could expand the card's adoption. All these trends point to tremendous possibilities in the future for smart card technology.

Future Aspects
Soon it will be possible to access the data in Smart cards by the use of Biometrics. Smart card Readers can be built into future computers or peripherals which will enable the users to pay for goods purchased on the internet. In the near future, the multifunctional smart card will replace the traditional magnetic swipe card.

Smart Card is not only a data store, but also a programmable, portable, tamper resistant memory storage.
28