jump to navigation

Introduction to Smart Cards November 16, 2004

Posted by dhar in Misc.
trackback

Note: A PDF copy of this article, along with proper figures and correct formatting for printing, is available at Rootshell.


Right now, inside your wallet, you probably have a couple of credit cards, an ID card, an ATM card and maybe a few other plastic cards. Without our realizing it, these plastic cards have become a very important part of our life. Consider a few scenarios where we use plastic cards these days:

• To identify ourselves.
• To obtain cash from the banks.
• As credit cards.
• Conventional Telephony.
• Access Control.
• Loyalty Programs.

Most of these plastic cards are usually magnetic stripe cards. In spite of their tremendous popularity, magnetic stripe cards suffer from one crucial weakness. Data stored on them can be easily read and modified by someone with access to the right kind of equipment. As a result, confidential information like PIN Number or a password can not be stored on them and a transaction host (POS device/ATM) will have to go online to verify the PIN and this in most European and Asian countries is time consuming and costly.

Enter Smart Cards. The development of smart cards along with rapid advances in cryptography has resulted in a solution to the above-mentioned problem. This article will introduce the reader to the various aspects of the Smart Card.

History of Smart Cards
Many people consider smart cards a recent invention. Nothing could be further from the truth. In 1968, German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent for using plastic as a carrier for microchips. In 1970, Japanese inventor, Kunitake Arimura, applied for a similar patent. Smart Cards were introduced in Japan in the same year. In 1974, Frenchman Roland Moreno registered his smart card patent in France.

Given that the majority of smart card research initially went on in Europe, it is not surprising that Europeans are among the largest users of smart cards. Europe currently accounts for nearly 80% of the smart card market. France and Germany have been leading the world in terms of introducing various applications on smart cards. Smart cards are already being used the world over for a variety of purposes and in future they will become even more pervasive.

Before we go into the details of Smart Cards, it might be a good idea to understand a little bit more about their predecessor, the Magnetic Stripe Card.

Magnetic Stripe Card
Turn your credit card around. Chances are you will see a black stripe, approximately half inch wide, running across it. This black stripe, consisting of three tracks of magnetic particles bonded to the card substrate, is the core of a magnetic stripe card. The magnetic stripe cards were introduced to:

• Store data in a machine-readable form.
• Minimize paper utilization in financial transactions.
• Allow for automation

As explained before, the magnetic stripe consists of three tracks. A track is divided into tiny domains, each domain being one-75th of an inch long. To store data on the magnetic stripe card, the particles in a domain are magnetized in a particular fashion (see Figure 1). If within a domain the polarization of the particles doesn’t change, then there is no flux reversal and it represents a 0. But if the polarization changes, then there is a flux reversal and it represents a 1.

Figure 1: Magnetic Stripe with Domains
[The arrows in the domains represent the polarization of the magnetic particles in the domain.]

When the magnetic stripe card is read, based on flux reversals the reader gets the data stored on it. The magnetic stripe shown in Figure 1 would be read as: 0 1 0 0 1 0

The length of a magnetic stripe is around 4 inches and it consists of three tracks. Each track is made of domains 1/75th of an inch long. Each domain represents one bit. Hence the total data carrying capacity of a magnetic stripe card is just 900 – 1000 bits.

The main problem with magnetic stripe cards is data can be easily read and altered by anyone with access to the right kind of equipment. Card Skimming is the name given to the process of reading data of a valid card and copying it bit for bit on another card. Readers for magnetic stripe cards cost around $100 while encoders (writers) come for as cheap as $1000. As a result of this drawback, these cards cannot be used for storing confidential information.

Smart Card Classification
Smart cards are the youngest members of the plastic card family. A Smart Card is defined as:

“A plastic card, usually similar in size and shape to a credit card, containing a microprocessor and memory (which allows it to store and process data) and complying with ISO 7816 standard”

In layman’s term a smart card can be defined as a card with a very tiny computer embedded in it.

Though they can be classified on basis of various parameters, we shall discuss the classification on basis of Card Components, Card Interface and Smart Card OS only in this article. This classification is better depicted in Figure 2.


Figure 2: Smart Card Classification

Component Based Classification
When classified on basis of components they contain, smart cards can be put into two categories. Those with a processor are called chip cards or microprocessor cards and those without a chip are called memory cards.

Memory Cards:
These are the most common and least expensive cards. They contain:

• EEPROM: Electrically Erasable Programmable Read Only Memory. This is like a data storage device where all the application data gets written. Typical EEPROM size varies from 2KB to 8 KB. The EEPROM data can be locked with a PIN and it usually varies with time. For example, in a telephone card, the EEPROM might hold the talk time left.

• ROM: Read Only Memory. It stores data that does not change during the card life. It might hold card number, cardholder’s name etc.

Security logic controls access to the memory and enable read from and write to it. Regions of memory are accessible only after a secret code is provided. This code may be provided by the smart card reader device or the card-holder. A simplified architecture of a memory card is depicted in the Figure 3.

The simple technology of these cards enables them to be made very cheaply (around $1, when purchased in bulk). These cards can store data from a few 100 bytes to up to 8 KB. These cards find wide acceptance in the pre paid phone card segment because of their simplicity. Other possible areas where they can be used include vending machines, transport and ticketing, pre paid parking schemes and loyalty programs.


Figure 3: Internal Architecture of a Memory Card

Microprocessor/Chip Cards
As the name implies, these are cards that incorporate a microprocessor. They are the ones that technically can be called smart cards. The important components of a chip card are:

• ROM: Read Only Memory. The ROM holds the cards operating system and is also known as the mask of the card. This is written to only once (usually during the card production phase). The size of ROM varies from a few KB to 32 KB, depending on which Operating System is being used by the card. Once written, it cannot be altered.

• EEPROM: The EEPROM holds the cards application programs and the application data. This data is not permanent and is often erased and rewritten. Typical EEPROM sizes range from 2 KB to 32 KB.

• RAM: Random Access Memory. This is the volatile memory used by the processor to run the desired functions. The memory is erased whenever the power is switched off. Surprising as it may sound, the typical size of RAM is around 256 bytes. This is because RAM occupies the maximum area per byte and the area of a smart card is restricted to 25 mm2.

• CPU: Central Processing Unit. This is the heart of a chip card. It is usually an 8-bit microprocessor based on CISC architecture with typical clock speeds of 5 MHz. This is slowly moving towards a 32-bit architecture due to Java Cards. The CPU is responsible for carrying out various instructions.

Chip cards are more expensive than memory cards. Their cost ranges from $2 to $20 depending on the features available. These cards can house multiple applications and provide robust security. Such cards are used in access control, electronic purses, credit and other financial cards, travel, ticketing and other applications where high security is required. A simplified version of the internal architecture of a memory card is shown in the Figure 4.

Figure 4: Internal Architecture of a Chip Card

Interface Based Classification
Smart Cards are also classified on the basis of the method of their communication and data transfer with the reader device. Based on this criterion, the smart cards are classified as contact cards, contactless cards, and combi cards. Contact cards have to be inserted into the reader while contactless cards are powered by a Radio Frequency signal and don’t require insertion into a reader. Combi cards, also known as hybrid cards, can be powered by insertion or by a Radio Frequency Signal.

Contact Cards
These cards require insertion into the card reader for being powered. Each such card contains 6-8 gold plated contacts that are in physical contact with the reader. The physical contact may be established either by sliding or by landing. The card receives power from the reader via these contacts. As per ISO-7816, the card contacts are numbered as shown in Figure 5 and the designation of the contacts, along with their functions are explained in Table 1.

Figure 5: Card Contacts as per ISO-7816

Table 1: Smart Card Contacts according to ISO-7816

Contact cards have certain limitations. With age, these contacts get worn out. Electrostatic discharges, due to improper contact may damage the circuits. Cardholders some times pull out the cards from the reader before the transaction is completed, leading to what is known as Card Tearing. Rough handling and stresses during card insertion lead to damage of the card.

Contactless Cards
Contactless cards don’t require insertion into the reader. They just have to be passed near an antenna for the transaction to be carried out. The reading distance varies from a few cms to up to 50 cms. As there is no contact, these cards solve most of the limitations listed under the contact cards. Such cards are often used in places where the transaction has to be carried out very quickly. For example: mass transit, road tolling etc.

Contactless cards are costlier compared to contact cards. But they also have a greater life span and are more reliable.

Combi or Hybrid Cards
Combi cards are those which have both a contact as well as a contactless interface facilitating its use in either way. For example, a contact card could be slipped into a pouch that has a battery and an antenna and can communicate with a contactless reader. Other combi cards could be simpler with two interfaces, one for contact readers and another for contactless readers. The contactless chip is used for applications that require fast transaction times and the contact chip is used for those applications that require higher security.

OS Based Classification
Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being:

1. MultOS
2. JavaCard
3. Cyberflex
4. StarCOS
5. MFC

Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle:

• File Handling and Manipulation.
• Memory Management
• Data Transmission Protocols.

Advantages of Smart Cards
Compared to magnetic stripe cards, smart cards have many advantages:

• Smart cards can hold up to 32 KB of data while magnetic cards as seen earlier can hold only around 1000 bits. This allows the card-transaction participants (card company, acquiring bank, issuing bank, retailers etc.) to store a lot of additional information on the card.

• Data on a smart card can be protected against unauthorized viewing. As a result of this confidential data (PIN, Passwords) can be stored on a smart card. This means, merchants do not have to go online every time to authenticate a transaction.

• A single smart card can house multiple applications. Just one card can be used as your license, passport, credit card, ATM card, ID Card etc.

• Life of a smart card is longer.

• Smart cards cannot be easily replicated and are, as a general rule much more secure that magnetic stripe cards.

Given these advantages, smart cards have really caught on in the telephony segment. But unfortunately, they have not been as successful in the financial cards segment. The only thing holding back the widespread use of smart cards in this sector is the amount of money invested by various players in the magnetic stripe card infrastructure and the slightly higher cost of smart cards.

Smart Card Applications
Based on numbers, pre-paid telephone cards seem to be the most common smart card application. Often such applications are reloadable. Value can be added to a card by paying the dealer. This ensures repeated usage of the smart card. Along with conventional telephony, cellular phones also use smart cards. The SIM card that is inserted into a cellular handset is nothing but a smart card.

The advent of smart cards has allowed banks to replace their current cards [ATM, Debit, Credit Account, Travel and Entertainment Cards] with one card. Smart cards are also being used in quite a few countries as electronic purses. Along with banks, many retailers have started using smart cards as Loyalty Cards.

Health care is another sector where smart cards are making their mark. Versichertenkarte in Germany and Sesam Vitale in France are examples of schemes using Smart Cards in health insurance schemes. Over 80 million such cards have been issued.

Smart cards are currently being used for fast ticketing in public transport, parking and road tolling in many countries. South Korea issued 1.5 million cards for public transport and is the largest user of smart cards in public transport. Hong Kong, with its Octopus Cards is set to follow South Korea in this respect. In India, Indian Railways is also experimenting with smart cards for ticketing purposes.

Many universities and schools are using smart cards for ID purposes. These ID cards can also be used at the library, canteen, vending machines and other services on the campus.

Future of Smart Cards
Given the advantages of smart cards over magnetic stripe cards, there can be no doubt that the future of smart cards is very bright. If the current trends are anything to go by, the smart card market is set for exponential growth in the next few years.

Future for smart cards depends mainly on the introduction of multi-application cards and overcoming the simplistic mindset that smart cards are just a method of making a payment.

References
• Smart Card Handbook: W. Rankl & W. Effing
• Smart Card Security and Applications: Mike Hendry
• Smart Cards Case Study: IBM Redbook
• ISO 7816 Specifications
• EMV 2000 Specifications
http://www.scia.org
http://www.cardforum.org

Advertisements

Comments»

1. Anonymous - November 16, 2004

hi dhar,
do u have a pdf version of this article.

-praveen jalem

PS: waiting for the last quiz results.

2. Dhar - November 16, 2004

Praveen,

Send me your email ID. Will mail the article to you.

Cheers,
D.

3. Anonymous - November 16, 2004

Its praveenjalem AT gmail

thanx,
Praveen

4. Dhar - November 17, 2004

Praveen,

Have sent you the PDF version…

Cheers,
D.

5. Nilesh - November 17, 2004

Yay! Thanks for the informative article. Coincidentally I am currently working on a smart card based solution for our internal setup.

6. Dhar - November 17, 2004

Hmmm, Nilesh is this Smart Card project something related to security? Curious…

Cheers,
D.

7. Anonymous - November 26, 2004

One of the biggest users of smart cards in India is Bharat Petroleum – they have a retail card for fuels called PetroBonus Petrocard which combines a payment (stored value) and loyalty (points collection/redemption) application. This card is being used by over 1.5 million customers (June 2004).

8. Dhar - November 26, 2004

Hi Anonymous,

Thanks for the comment on usage of Smart Cards in India. Can you please get in touch with me at sumit.dhar at gmail.com.

There are a few things I would like to ask you.

Cheers,
D.

9. Anonymous - December 17, 2004

its great!!
I also need PDF File of ur Article. plzz mail at amitdanayak@yahoo.com

10. Anonymous - December 20, 2004

I tried the two links at the bottom of the article and neither of them worked (for me, anyway). I guess they’re just out of date:

http://www.scia.orghttp://www.cardforum.org

11. Jens Kubieziel - February 15, 2005

Hi,

all pictures are missing because the other website is down. Do you have a local copy and can put them online?

12. Edy Salim - February 16, 2005

hi dhar,
i can’t see the images.
could u plz send me your article to edysalim at mik.co.id?

cheers,
edy salim

13. Anonymous - March 13, 2005

Hi Dhar,

Can you send a PDF version of the article to sachinpdesai@hotmail.com

thanks

14. Dhar - March 13, 2005

Sachin,

Have sent the PDF version of the article to your email ID.

Cheers,
D.

15. Anonymous - April 20, 2005

Hi,

Could you mail this article in a Pdf format to my email
malim@invision.gr ?

Thanks,
Harris

16. Anonymous - April 25, 2005

am trying to find out the name/story of the Grade 6 girl to whom the idea for the Hong Kong Octopus card is attributed. Apparently she was the daughter of someone powerful in HK government and won a competition with the initial idea.

17. Anonymous - May 10, 2005

I can’t see the images but would like too. Could you send me the PDF please?
canti (-at-) gmx.net

18. Anonymous - May 31, 2005

Hi,

can you send me this article in pdf, please. My mail is:
jedi AT sezampro.yu

Best regards,
Branko

19. Anonymous - June 4, 2005

Abkul

20. Anonymous - June 14, 2005

Hi Dhar,
It’s really very useful article. Do you have still more advanced information related to smart card. If so please mail me.
id:opal7in@yahoo.co.in

Thanx
Guru

21. Anonymous - July 25, 2005

Hi,
Very useful article.Can you send me information on Mifare cards.Plz send at anithab5@yahoo.com

22. Anonymous - July 27, 2005

Hey man if you could make images avaailable on smart cards , none of them are showing on ur blog

23. Anonymous - August 22, 2005

hi
This is very good article on smart card , but as we are not able to see the images. Anyone of you can please send the pdf and image files to me.
my mail id is
sunilk@networkprograms.com
Thanks in advance

24. Anonymous - August 25, 2005

Hi Dhar,
Your article on smart cards is very explanatory. However, all the pictures are missing. It’d be nice if you think of a way to reincorporate the pictures.

25. Anonymous - September 1, 2005

Dhar, can send me a pdf version of this article as well?
Many thanks

ymklau@yahoo.com

26. Anonymous - September 13, 2005

Hi! I am Nguyễn Hà, I come from VietNam. I am very interested in your artical but I can not see any figures. Would you please send me another version that have figure? Thanks you very much.

27. Anonymous - September 13, 2005

Hi! I am Nguyễn Hà, I come from VietNam. I am very interested in your artical but I can not see any figures. Would you please send me another version that have figure? My email is saotoimaileloi@yahoo.com Thanks you very much.

28. Anonymous - September 19, 2005

Hello, great article!! Can you send a pdf version of this article to grintain@tataware.com

Thanks!!!

Julio Castillo
Grupo de Investigación en Tarjetas Inteligentes
(Smart Card Research Team)
Mexico

29. Anonymous - September 20, 2005

hi dhar,
very helpful article indeed.
Can you send me a copy of the article too in pdf format to rakesh.s.nair@gmail.com
Thanks a lot and keep up the good work! 🙂

30. Anonymous - October 3, 2005

Hi Dhar,

The article is very informative.Can you please send me the PDF version to mdhamodharan@yahoo.co.in.Thank You.
-Dhamodharan.

31. Anonymous - October 29, 2005

hi dhar,
your article is very informative. however the figures are not displayed. could you please send the pdf version of the article to hhahmad@gmail.com.
thanks,
haroon ahmad

32. Anonymous - November 10, 2005

an informative article but i can’t see any figures. do u hav mo information on how they are manufactured and implemented, i’m working on a project on access control using smart card interface. mo info will really be of help. ciao
please mail me at yvonnemwajuma@yahoo.com

33. Anonymous - November 25, 2005

Hi Dhar,
thanks for an excellent article on smart cards. can u plz send a pdf version on my mail id

helloshobhit@yahoo.com.

Thanks
Shobhit

34. Anonymous - November 28, 2005

Hi Dhar,

This was very informative article. I was part of a team that sucessfully implemented the Multipurpose smart card system for the Govt. of Malaysia, where we provided a Smart ID card for every citizen of malasia that had capabilities of replacing the entire wallet of the card holder including passport information for travel across ASEAN nations.

I would like to discuss with you on your interest in smart cards and more. Also I would like to have an PDF file for your article with images. My mail ID is brijeshpatil at hotmail dot com.

Thank you,

Brijesh

35. Anonymous - December 18, 2005

Hi Dhar,

Can you send me the pdf version as well??? My email is ognjen[AT]mailshack.com (remove the [AT] and replace with @)

36. Anonymous - December 21, 2005

Pls send pdf version/doc to srikanthsg@pgp.idrbt.ac.

I hope u would.

Thanks in advance.

srikanth

37. Anonymous - December 28, 2005

Hi Dhar,

This article is very helpful to understand smart cards. Can you send me a pdf file?

davidHchoe@yahoo.com

Thanks
Davd H. Choe

38. Khalid - January 5, 2006

Can you tell me the life of Smart card (In terms of age or number of uses or Number of insertions in the slot )

39. Anonymous - January 6, 2006

hi there frm nepal, our college recently introduced smrt cards for identification and payments. canu tell me if smart cards can be safely kept in wallets and can they be damaged by slight bending or magnets, heat?

40. Anonymous - January 6, 2006

hi i am the one frm nepal asking about smart cards. could u mail me the answer at tseten@gmail.com. also could u mail me the pdf version of this article. thanks.

41. Anonymous - January 23, 2006

Hello from Texas, US. Thank you for showcasing this important article. Would you be kind enough to email the PDF version to kyle_virina@yahoo.com?

Thanks!

42. Anonymous - February 2, 2006

hi….this is ashish from NIT jaipur.Thanks for this useful piece of information.Actually i am giving a seminar on this topic.i would like you to plz send me any latest updates on this topic.I can’t see the images but would like too. Could you send me the PDF please?
my email id is: aj.mnit@gmail.com
aj_mnit@yahoo.com

43. Anonymous - February 4, 2006

thanks a lot sir…. i cudnt find a better explanation around da web… 🙂

44. Anonymous - February 19, 2006

hi,
This is priya here.
i’m unable to see the diagrams that is why i’m unable to prepare for my seminar. I have to give the seminar on this topic .So kindly send the pdf with all diagrams useful for my seminar

45. Anonymous - February 20, 2006

Hi Dhar,

Can you send a PDF version of the article to ankouny@hotmail.com

thanks

46. Anonymous - March 21, 2006

Hi,

I could use the PDF version of the article too…
email to: mr[dot]bal[dot]agil[at]gmail[dot]com

47. Dhar - March 21, 2006

Ladies / Gentlemen,

The URL to download the PDF copy of this article is given right at the top of the article.

For the sake of those who missed it, it is available at:

http://www.rootshell.be/~isb/ISC.pdf

Cheers,
Dhar

48. Anonymous - March 31, 2006

Hi,
I am working on smartcard product.
we are providing the smart card soution to students & staff community of India

49. pooja kapoor - April 29, 2006

hi
This is very good article on smart card , but as we are not able to see the images. Anyone of you can please send the pdf and image files to me.
my mail id is kapoor_puju@hotmail.com
piz its very urgt.help me

50. Dhar - April 29, 2006

Just to remind you all, a copy of the article is available at Rootshell.

http://www.rootshell.be/%7Eisb/ISC.pdf

Regards,
D.

51. Anonymous - May 12, 2006

Hi,

Very nice introductory article.
The links seem to be not working..
I mean, the links given are not valid.

Sands.–>


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: