SMART CARDS

INTRODUCTION

AN INTRODUCTION TO SMART CARDS

It has been said that smart cards will one day be as important as
computers are today. This statement contains a bit of an error because it implies
that smart cards are not computers, when in fact, they are. Because smart cards
are indeed tiny computers, it’s difficult to predict the variety of applications that
will be possible with them in the future. It’s quite possible that smart cards will
follow the same trend of rapid increases in processing power that computers
have, following "Moore’s Law" and doubling in performance while halving in cost
every eighteen months.

Smart cards have proven to be quite useful as a

transaction/authorization/identification medium in European countries. As their
capabilities grow, they could become the ultimate thin client, eventually replacing
all of the things we carry around in our wallets, including credit cards, licenses,
cash, and even family photographs. By containing various identification
certificates, smart cards could be used to voluntarily identify attributes of
ourselves no matter where we are or to which computer network we are attached.
According to Dataquest, the worldwide smart card market has grown 4.7 Billion
units and $6.8 Billion by 2002.

We live in a world of fast-moving technical change. This is perhaps

particularly relevant and challenging when related to smart cards, where
hundreds of thousands of card-reading terminals need to be available, and tens

DEPT OF ECE,K.S.I.T Page 1

SMART CARDS

of millions of smart cards need to be deployed, all with a potential life of several
years. Forwards compatibility, and cross border and cross scheme interoperability
is increasingly difficult to maintain against the background of rapid chip
technology development. EEPROM may give way to faster and longer-lived Flash
memory. Voltages for powering smart cards are reducing almost annually.
Security technologies demand ever-faster processing power.

DEFINITION OF A SMART CARD

The smart card is one of the latest additions to the world of

information technology. Similar in size to today's plastic payment card, the smart
card has a microprocessor or memory chip embedded in it that, when coupled
with a reader, has the processing power to serve many different applications.
This chip is the engine room of the smart card, and indeed is what makes it
'smart'. The information or data stored on the IC chip is transferred through an
electronic module that interconnects with a terminal or a card reader. This union
between a conventional PVC card and a microprocessor allows an immense
amount of information to be stored, accessed and processed either off-line or on-
line. A smart card carries more information than can be accommodated on a
magnetic stripe card. It can make a decision, as it has relatively powerful
processing capabilities that allow it to do more than a magnetic stripe card (e.g.,
data encryption).

On a fundamental level, microprocessor cards are similar to desktop

computers. They have operating systems, they store data and applications, they
compute and process information and they can be protected with sophisticated
security tools. Memory capacity and computing capabilities are increasing as

DEPT OF ECE,K.S.I.T Page 2

SMART CARDS

semiconductor technology races forward. In fact, today's microprocessor cards

have roughly the same computing power as desktop computers from 15 years
ago.

EVOLUTION OF SMART CARDS

HISTORY OF SMART CARDS

The roots of the current day smart card can be traced back to the US in
the early 1950s when Diners Club produced the first all-plastic card to be used for
payment applications. The synthetic material PVC was used which allowed for
longer-lasting cards than previously conventional paper based cards. In this
system, the mere fact that you were issued a Diners Club card allowed you to pay
with your "good name" rather than cash. In effect, the card identified you as a
member of a select group, and was accepted by certain restaurants and hotels that
recognized this group. VISA and MasterCard then entered the market, but
eventually the cost pressures of fraud, tampering, merchant handling, and bank
charges made a machine-readable card necessary. The magnetic stripe was
introduced, and this allowed further digitized data to be stored on the cards in a

DEPT OF ECE,K.S.I.T Page 3

SMART CARDS

machine-readable format. This type of embossed card with a magnetic stripe is

still the most commonly used method of payment.

In 1968, German inventors Jürgen, Dethloff and Helmut Grötrupp

applied for the first ICC related patents. Similar applications followed in Japan in
1970 and France in 1974. Smart cards date back to 1974 when the Frenchman
Roland Moreno was granted patents on the concept of the smart card. The first
public field-tests with memory cards were launched in France in the early 1980s.
In these tests, memory cards were used as telephone and payment cards. The
first Finnish smart card was developed by the so-called Otakortti Project,
organized by the Student Union of the University of Technology in Otaniemi in
the late 1980s. The cards used in the project were manufactured by Setec which
was still called the Security Printing House of the Bank of Finland at that time. By
1986, many millions of French telephone smart cards were in circulation. Their
number reached nearly 60 million in 1990, and 150 million are projected for
1996.

CURRENT TRENDS

Latest super smart cards have keypads, LCD displays, battery and math co-
processors for performing complex encryption algorithms.

DEPT OF ECE,K.S.I.T Page 4

SMART CARDS

CLASSIFICATION OF SMART CARDS

1.MEMORY CARDS

Memory cards simply store data. They do not have any processing
capability and can be viewed as a small floppy disk with optional security. The
main storage area in such cards is normally EEPROM (Electrically Erasable
Programmable Read-Only Memory), which - subject to defined security
constraints - can have its content updated, and which retains current contents

DEPT OF ECE,K.S.I.T Page 5

SMART CARDS

when external power is removed. Memory cards can be either memory only or
can have security logic using passwords and pin codes.

Memory cards are further divided into 2:-

 IC MEMORY CARDS
Can store data, but do not have a processor on the card.
 OPTICAL MEMORY CARDS
Can only store data, but has a larger memory capacity than IC memory cards.

2.MICROPROCESSOR/INTELLIGENT SMART CARDS

A microprocessor card, on the other hand, can add, delete and

manipulate information in its memory on the card. Similar to a miniature
computer, a microprocessor card has an input/output port, card operating
system (COS) and hard disk with built-in security features. These cards have on-
card dynamic data processing capabilities. Within the card is a microprocessor or
microcontroller chip that manages this memory allocation and file access This
type of chip is similar to those found inside all personal computers and when
implanted in a smart card, manages data in organized file structures, via a card
operating system. Unlike other operating systems, this software controls access
to the on-card user memory. This capability permits different and multiple
functions and/or different applications to reside on the card, allowing businesses
to issue and maintain a diversity of ‘products’ through the card.

CARD ACCEPTANCE DEVICE(CAD)

Though commonly referred to as "smart card readers", all smart card

enabled terminals, by definition, have the ability to read and write as long as the
smart card supports it and the proper access conditions have been fulfilled. It is
also called as Interface Device (ID). In contrast to smart cards, which all have very
DEPT OF ECE,K.S.I.T Page 6
SMART CARDS

similar construction, smart card readers come in a variety of form factors with
varying levels of mechanical and logical sophistication. The card user's first action
is to insert the card in the reader. The application controlling the reader will
detect the presence of the card and issue a "Reset" command. This will ensure
that the smart card begins the new session in a "cold boot" context, with all its
working data in RAM newly initialized. The card returns a response to the reset
that indicates to the application that the card is initialized and ready to proceed
with the session.

Mechanically, readers have various options including :- whether the

user must insert/remove the card versus automated insertion/ejection
mechanism, sliding contacts versus landing contacts, and provisions for displays
and keystroke entry. Electrically, the reader must conform to the ISO/IEC 7816-3
standards. The options for readers are numerous. The easiest way to describe a
reader is by the method of it’s interface to a PC. Smart Card Readers are available
that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots,
parallel ports, infrared IRDA ports and Keyboards and keyboard wedge readers.
Most units have their own operating systems and development tools. They
typically support other functions such as magnetic stripe reading, modem
functions and transaction printing.

A wide range of Mobile and Desktop Readers for off-line or on-line

transactions like Proximity Terminals & Finger Print Scanners are available. Some
examples include reader integrated into a vending machine, handheld battery-
operated reader with a small LCD screen, reader integrated into a GSM mobile
phone, and a reader attached to a personal computer.

DEPT OF ECE,K.S.I.T Page 7

SMART CARDS

DEPT OF ECE,K.S.I.T Page 8

SMART CARDS

Applications using smart cards work through an API providing card

services. The card services interface with the COS through the driver software,
which is generally card-specific. In general terms, the card services correspond to
the COS functions. Diagram illustrates the relationship between COS, reader,
driver software, API and application. 

DEPT OF ECE,K.S.I.T Page 9

SMART CARDS

DIFFERENT TYPES OF CONTACT

INTERFACES

1.CONTACT SMART CARDS

As the name suggests, a contact smart card needs to come into physical
contact with a device that will allow information and data to be transferred to
and from the card. This device is generally called a card-accepting device (CAD) or
a smart card reader/writer. Contact smart cards are inserted into a smart card
reader, making physical contact with the reader.

The cards have embedded on them a small gold plate approximately the
size of an Australian 5-cent coin, commonly called the ‘module’. When the card
comes into contact with the reader, it makes contact with several electrical
connectors on the module that transfer the information to and from the chip.
Contact smart cards are inserted into a smart card reader, making physical
contact with the reader. They have a small gold plate about ½" in diameter on the
front, instead of the magnetic strip on the back of a credit card.

GOLD MODULE

DEPT OF ECE,K.S.I.T Page 10

SMART CARDS

2.CONTACTLESS SMART CARDS

A contactless smart card has the same dimensions as a contact smart

card, but it derives its name from the way information and data is transferred
between chip and the card-accepting device (CAD). There is no physical contact
between card and the CAD as there is with a contact smart card. Contactless
smart cards have an antenna coil encircling the card several times, which
communicates with an external receiving antenna to transfer information or carry
out a transaction, eliminating the need for any physical contact.

Contactless smart cards can be further sub-divided into 2:-

DEPT OF ECE,K.S.I.T Page 11

SMART CARDS

 PROXIMITY CARDS
Proximity cards are used where the distance between the card and the
receiving antenna is usually less than 20 cms, that is, where the card is in close
proximity to the receiving device. They are used to get access into secure work
areas.

 REMOTE CARDS
Remote cards are used when the distance between card and antenna are
meters away. An example of where a remote contactless smart card could be
utilized here vehicles pass through a toll-collecting device.

3.COMBI/DUAL INTERFACE CARDS

Various combination of security are available along with smart cards.

They can be divided into 2 :-

 DUAL INTERFACE CARDS

These are cards with both a contact and a contactless interface. These may
incorporate two non-communicating chips - one for each interface - but preferably
have a single, dual-interface chip providing the many advantages of a single e-
purse, single operating architecture, etc. A combi card combines the two features
with a very high level of security. An example is using the same cad for multiple
applications:- contact cards for authenticating secure information over the
information network and contactless cards to get access to secure work areas.
Contactless and combi-card architectures have many advantages, but it will be

DEPT OF ECE,K.S.I.T Page 12

SMART CARDS

several years before the main and traditional contact card-based schemes start to
migrate to these technologies.

 COMBINATION OF SMART CARDS AND BIOMETRIC

DEVICES

It provides 2/3 factor authentication because it checks for Biometrics

(Fingerprint, Iris scan) - 'Who you are', Smart Card - 'What you have' and
Password/Pin - 'What you know'. This is the most secure mechanism. Such
biometrics include Iris and Retinal scans, Face or Hand geometry, and of course
DNA, but the most likely and most acceptable attribute is the fingerprint.

ISO STANDARDS FOR SMART CARDS

ISO 7816 PARTS 1-7 contain the following set of standards:-

1. Physical Characteristics(Part 1)
2. Dimensions and location of the contacts(Part 2)
3. Electronic signals and Transmission protocols(Part 3)
4. Inter-Industry command for interchange(Part 4)
5. Application Identifiers(Part 5)
6. Inter-Industry data elements(Part 6)

DEPT OF ECE,K.S.I.T Page 13

SMART CARDS

STANDARD DIMENSIONS OF A SMART CARD

The international standard for the smart card specifies the size of the card
and the position, size and format of the contact pad. Usually, the size is described
as "credit-card sized".

ISO/IEC 7810 & 7816 - PART 1

DEPT OF ECE,K.S.I.T Page 14

SMART CARDS

CONTACTS OF THE SMART CARD MODULE

 Vcc is the supply voltage that drives the chips and is generally 3 volts.
However that in the future we are likely to see a move towards 1 volt
taking advantage of advanced semiconductor technology and allowing
much lower current levels to be consumed by the integrated circuit.
 GND is the substrate or ground reference voltage against which the Vcc
potential is measured.
 RST is the signal line that is used to initiate the state of the integrated
circuit after power on.
 The CLK signal is used drive the logic of the IC and is also used as the
reference for the serial communications link. There are two commonly used
clock speeds 3.57 MHZ and 4.92 MHZ
 The Vpp connector is used for the high voltage signal that is necessary to
program the EPROM memory.
 Last, but by no means least is the serial input/output I/O connector. This is
the signal line by which the chip receives commands and interchanges data
with the outside world.

DEPT OF ECE,K.S.I.T Page 15

SMART CARDS

TECHNOLOGICAL FEATURES

THE CHIP

 32 KB ROM
 16KB EEPROM
 1.3KB RAM
 ACE CRYPTO UNIT
 LENGTH=4.96mm
 BREADTH=4.28mm
 CHIP AREA=21.33mm2

DEPT OF ECE,K.S.I.T Page 16

SMART CARDS

A smart card's microprocessor chip has all the components needed for
the smart card application. Diagram 2 below indicates its main components and
describes their function.

The microprocessor is often a low-power, low speed device, with 8-bit

operation at 3MHz. More recently, there has been a move towards dedicated 32-
bit processor design, using RISC concepts, operating at 25MHz.The I/O controller
is a serial device operating at 9600 baud. This means that all data transmission is
serial bit-stream and is restricted to one way at a time. All the program code and
security features to support the smart card application are burned into a ROM
area. This includes the Card Operating System (COS or "Mask") and any secret
encryption keys. There is no external method of reading out this data. The RAM is
the working area for the COS. It is implemented as volatile memory, so that when
power is removed, the data disappears. There is no method of accessing this data
externally. Application data is stored in EEPROM. Memory persists in the absence
of power – ten years minimum guaranteed. Read/Write access to the application
data is subject to strict security measures policed by the COS.
DEPT OF ECE,K.S.I.T Page 17
SMART CARDS

CARD OPERATING SYSTEM(COS)

The functional characteristics of the smart card are determined by its

operating system. The operating system differs from traditional operating
systems in that it is the only program run by the card processor. The directories
and files on the card may be assigned operating conditions. The operating system
receives outside commands and executes them provided that certain processing
conditions are met. The processing conditions may include items such as the
requirement to enter the user’s PIN or a strong authentication of the reader. The
operating system is also responsible for the control of the RAM and the EEPROM.

Operating systems used in smart cards resemble disk operating systems

used in PCs. Operating systems provide a hierarchical tree structure and very
versatile options for specifying access rights. For this reason, a directory designed
for smart cards together with its files and access rights is called an application.

Though typically only a few thousand bytes of program code, the

operating system for the smart card microprocessor must handle such tasks as:

 Data transmission over the bi-directional, serial terminal interface

 Loading, operating, and management of applications
 Execution control and Instruction processing
 Protected access to data
 Memory Management
 File Management
 Management and Execution of cryptographic algorithms

DEPT OF ECE,K.S.I.T Page 18

SMART CARDS

In contrast to personal computer operating systems such as Unix, DOS,

and Windows, smart card operating systems do not feature user interfaces or the
ability to access external peripherals or storage media. The size is typically
between 3 and 24 Kbytes. The lower limit is that used by specialized applications
and the upper limit by multi-application operating systems.

SMART CARD DIRECTORY STRUCTURE

 Most smart cards have a UNIX like tree-structured file system.

 File names are two bytes long.
 The root of this tree is 3f.00.
 For example, the following is the directory structure of M-Card. There are
some files we are interested in ... especially the purse file, i.e., 3f.00/02.00/02.01.

DEPT OF ECE,K.S.I.T Page 19

SMART CARDS

APPLICATION PROTOCOL DATA UNITS(APDU)

Smart Cards speak to the outside world using their data packages
called APDUs which are constructed using a set of protocols. APDU contains
either a command or a response message. In the card world, the master-slave
model is used whereby a smart card always plays the passive role. The smart card
always waits for a command APDU from a terminal. It then executes the action
specified in the APDU and replies to the terminal with a response APDU. APDU is
a message transmitted between the smart card and the host. APDU has two types
- input and output. Input sends data to card, and output receives data from card.
Command APDUs and response APDUs are exchanged alternatively between the
card and a terminal.

It consists of a 5 byte header, and 0 - 255 bytes of data.

 CLA : Class byte. It is usually unique to an application.

 INS : Instruction byte. It specifies the instruction.
 P1 : Parameter 1. Instruction specific.
 P2 : Parameter 2. Instruction specific.
 P3 : Parameter 3. This specifies the length of the data.

DEPT OF ECE,K.S.I.T Page 20

SMART CARDS

 Data : 0 - 255 byte data transmitted from host to card, or the other way.

FABRICATION OF SMART CARDS

The manufacture of a smart card involves a large number of processes

of which the embedding of the chip into the plastic card is key in achieving an
overall quality product. This latter process is usually referred to as card
fabrication.

1. Chip specification
There are a number of factors to be decided in the specification of the
integrated circuit for the smart card. The key parameters for the chip
specification are as follows:-

a. Microcontroller type (e.g 6805,8051)

b. Mask ROM size
c. RAM size.3
d. Non volatile memory type (e.g EPROM, EEPROM)
e. Non volatile memory size
f. Clock speed (external, and optionally internal)
g. Electrical parameters (voltage and current)
h. Communications parameters (asynchronous, synchronous, byte, block)
i. Reset mechanism
j. Sleep mode (low current standby operation)
k. Co-processor (e.g for public key cryptography)

DEPT OF ECE,K.S.I.T Page 21

SMART CARDS

2. Card specification
The specification of a card involves parameters that are common to
many existing applications using the ISO ID-1 card. The following list defines the
main parameters that should be defined,

a. Card dimensions
b. Chip location (contact card)
c. Card material (e.g PVC, ABS)
d. Printing requirements
e. Magnetic stripe (optional)
f. Signature strip (optional)
g. Hologram or photo (optional)
h. Embossing (optional)
i. Environmental parameters

The choice of card material effects the environmental properties of the

finished product. PVC was traditionally used in the manufacture of cards and
enabled a higher printing resolution. Such cards are laminated as three layers
with transparent overlays on the front and back. More recently ABS has been
used which allows the card to be produced by an injection moulding process. It is
even proposed that the chip micromodule could be inserted in one step as part of
the moulding process. Temperature stability is clearly important for some
applications and ETSI are particulary concerned here, such that their higher
temperature requirement will need the use of polycarbonate materials.

3. Mask ROM Specification

DEPT OF ECE,K.S.I.T Page 22

SMART CARDS

The mask ROM contains the operating system of the smart card. It is
largely concerned with the management of data files but it may optionally involve
additional features such as cryptographic algorithms (e.g DES). In some ways this
is still a relatively immature part of the smart card standards since the early
applications used the smart card largely as a data store with some simple security
features such as PIN checking. The relevant part of the ISO standard is 7816-4
(commands).There is a school of thought that envisages substantial changes in
this area to account for the needs of multi-application cards where it is essential
to provide the necessary security segregation. The developed code is given to the
supplier who incorporates this data as part of the chip manufacturing process.

4. Application Software Specification

This part of the card development process is clearly specific to the

particular application. The application code could be designed as part of the mask
ROM code but the more modern approach is to design the application software
to operate from the PROM non volatile memory. This allows a far more flexible
approach since the application can be loaded into the chip after manufacture.
More over by the use of EEPROM it is possible to change this code in an
development environment. The manufacturer of a chip with the users ROM code
takes on average three months. Application code can be loaded into the PROM
memory in minutes with no further reference to the chip manufacturer.

5. Chip Fabrication

The first part of the process is to manufacture a substrate which contains the
chip. This is often called a COB (Chip On Board) and consists of a glass epoxy connector

DEPT OF ECE,K.S.I.T Page 23

SMART CARDS

board on which the chip is bonded to the connectors. There are three technologies
available for this process, wire bonding, flip chip processing and tape automated
bonding (TAB). In each case the semiconductor wafer manufactured by the
semiconductor supplier is diced into individual chips . This may be done by scribing
with a diamond tipped point and then pressure rolling the wafers so that it fractures
along the scribe lines. More commonly the die are separated from the wafer by the
use of a diamond saw. A mylar sheet is stuck to the back of the wafer so that following
separation the dice remain attached to the mylar film. Wire bonding is the most
commonly used technique in the manufacture of smart cards. Here a 25uM gold or
aluminium wire is bonded to the pads on the chip using ultrasonic or thermo
compression bonding.

Thermo compression bonding requires the substrate to be maintained at between

150C and 200C. The temperature at the bonding interface can reach 350C. To
alleviate these problems thermo sonic bonding is often used which is a
DEPT OF ECE,K.S.I.T Page 24
SMART CARDS

combination of the two processes but which operate at lower temperatures. The die
mounting and wire bonding processes involve a large number of operations and
are therefore quite expensive. However in the semiconductor industry generally
two other techniques are used, the flip chip process and tape automated bonding.
In both cases gold bumps are formed on the die. In flip chip processing the dice
are placed face down on the substrate and bonding is effected by solder reflow.
With tape automated bonding the dice are attached by thermocompression to
copper leads supported on a flexible tape similar to a 35mm film. The finished
substrate is hermetically sealed with an inert material such as epoxy resin. The
complete micromodule is then glued into the card which contains the appropriately
sized hole. The fabrication of a contactless card is somewhat different since it
always involves a laminated card. The ICs and their interconnections as well as the
aerial circuits are prepared on a flexible polyimide substrate.

Contactless card laminations

DEPT OF ECE,K.S.I.T Page 25

SMART CARDS

6. Application load

Assuming the application is to be placed in the PROM memory of the IC

then the next stage in the process is to load the code into the memory. This is
accomplished by using the basic commands contained in the operating system in
the mask ROM.

7. Card Personalisation

The card is personalized to the particular user by loading data into files
in the PROM memory in the same way that the application code is loaded into
memory. At this stage the security keys will probably be loaded into the PROM
memory but as mentioned previously we will explore this in more detail later.

8. Application Activation

The final operation in the manufacturing process is to enable the

application for operation. This will involve the setting of flags in the PROM
memory that will inhibit any further changes to be made to the PROM memory
except under direct control of the application. Again this is an integral part of the
overall security process.

DEPT OF ECE,K.S.I.T Page 26

SMART CARDS

DEPT OF ECE,K.S.I.T Page 27

SMART CARDS

APPLICATIONS OF SMART CARDS

1.FINANCIAL APPLICATIONS

 Electronic Purse
Electronic Purse to replace coins for small purchases in vending
machines and over-the-counter transactions. VISA Cash Card issued during
Olympics 1996 were the best example for this and Singapore’s Net Cash Card
system is a Smart card which acts like electronic purse and holds the money. The
money can be spent for Payment in Parking Lots, museums, telephones, fast food
joints, vending machines, transportations and many more places. Such electronic
money can take many forms, and has been endowed with a wide and misleading
vocabulary including stored value and e-purse.

 Telephone Payment cards

These are the most widely used cards in the world. They have replaced
coin-operated public phones, and have become advertising devices as well as
collector’s items.

2.GOVERNMENT APPLICATIONS

 National ID card
Smart Card based National ID’s project have started to take of in many
countries among which Sultanate of Oman is first middle east country to deploy
1.2 million National ID cards to it’s residents. Gemplus, one of the leading

DEPT OF ECE,K.S.I.T Page 28

SMART CARDS

providers of smart cards is behind this project with their solution called ResIDent
for this purpose. Smart Card is one of the most secure mechanism today compared
to any other type of ID cards, but when applications start to be deployed in such
large scales it must taken care to make sure the whole system of such a project is
secure rather than just the information on the smart card, failing to do so will result
for high threats and failure of such systems.

 Driving License
The citizens of Argentina, El Salvador don’t need to carry dumb cards/
license booklets as a proof of eligibility to drive; they are allotted smart cards with
their complete information on it. This almost reduces the license fraud to none
with a secure mechanism which is difficult to be faked.

3.HEALTH APPLICATIONS

 Patient Data Card(PDC)

A Patient data Card is a mobile data card held by the patient. It stores
current, accurate health information. Data typically stored on a PDC includes
patient ID, insurance information, emergency record, disease history and
electronic prescriptions.

 Health Professional Card(HPC)

An HPC is an individually programmed access authorization card held
by the health professional. It gives him/her the right to read or write specific data
fields on a PDC and it can also carry a digital signature for secure communication.
This solution is popular and can be found available for citizens of countries like
France, Germany, Slovenia, Belgium.

DEPT OF ECE,K.S.I.T Page 29

SMART CARDS

4.CAMPUS SOLUTIONS

 Student Identification
 Library card
 Meal card
 Transportation card
Student ID card, containing a variety of applications such as electronic
purse (for vending and laundry machines), library card, meal card and
transportation are used and University of Nottingham is one them.

5.EMPLOYEE CARDS

 Employee Identification cards

These are used as identification cards at offices.

DEPT OF ECE,K.S.I.T Page 30

SMART CARDS

 Employee access cards

Employee access card are used in most of the organizations today and
millions of cards are being distributed every year catering this market, this
mechanism replaces the conventional lock and key security, employees today
don’t need to carry different keys to different locks for the secure office areas and
access can be given or terminated at given point with just a click on the access
software without any management of conventional keys , with the older
mechanism of lock and key any disgruntled employee could make a fake key of
the original while it was in his possession and misuse it later but in the case of
smart cards this is almost impossible and if higher security is needed then
biometrics can be combined to protect physical access to facilities.

 Time Attendance system

It monitors staff attendance and streamlines the input of data into the
payroll system eliminating re-keying time sheets of time cards. These systems
interact with existing automated Payroll systems, reducing administrative work,
maximizing resources and optimizing performance. It customizes company data
and its GUI Interface of point and click processing now automates this process
and eliminates manual data entry. Its unique working timetable with varying
schedules and work rules help ensuring company policies, accurate pay and
uniformly administers benefits. Its searching capabilities for employee records or
date intervals produce detailed reports according to the searching criteria. The
security features enable only the authorized person or administrator to view and
modify data records as permitted to.

6.COMMUNICATIONS AND ENTERTAINMENT

 SIM(Subscriber Identity Module)

DEPT OF ECE,K.S.I.T Page 31
SMART CARDS

Subscriber Identification Module (SIM) providing secure initiation of calls

and identification of caller (for billing purposes) on any Global System Mobile
Communications (GSM) Mobile Phones. According to the survey don’t by GSM
World around 763 million cards used worldwide, this is one of the biggest
applications of smart cards in the world after payphone cards.

 Subscriber Activation card for Pay-TV

Subscriber activation for various programmes on Pay-TV like Showtime
and others is a big market for smart cards.

7.INFORMATION SECURITY

 PC Security cards
Chip cards are used today by majority of the corporations like Microsoft,
Oracle to access their networks, chip cards can be incorporated with technologies
like Active Directory to store the PKI certificates for authentications makes it dual
factor (Digital Certificate + User password) and the it also allows the users to
encrypt the files and digitally sign the emails. The advantage of this mechanism is
that in case of any damage to smart card due to tampering/usage the user data is
still secure to be decrypted by issuing a new card with the same original Digital
Certificate. In case the smart card is lost or if company decided no to reissue the
same digital certificate to avoid any kind security breach, they can reissue the
smart card with a new private key (Digital Certificate) and the data can be
decrypted for the user by an special key.

DEPT OF ECE,K.S.I.T Page 32

SMART CARDS

 Digital signature
Web based HTML forms can be digitally signed by your private key. This
could prove to be a very important technology for internet based business because
it allows for digital documents to be hosted by web servers and accessed by web
browsers in a paperless fashion. Online expense reports, W-4 forms, purchase
requests, and group insurance forms are some examples. For form signing, smart
cards provide portability of the private key and certificate as well as hardware
strength non repudiation. If an organization writes code that can be downloaded
over the web and then executed on client computers, it is best to sign that code so
the clients can be sure it indeed came from a reputable source. Smart cards can be
used by the signing organization so the private key can’t be compromised by a
rogue organization in order to impersonate the valid one.

 Encryption
Smart cards can cipher into billions and billions of foreign languages, and
choose a different language at random every time they communicate. This
authentication process ensures only genuine cards and computers are used and
makes eaves-dropping virtually impossible.

 Telecommuting And Corporate Network Security

Business to business Intranets and Virtual Private Networks “VPNs” are
enhanced by the use of smart cards. Users can be authenticated and authorized to
have access to specific information based on preset privileges. Additional
applications range from secure email to electronic commerce. A smart card as an
interoperable computing device has become the ultimate utility of processor cards.
Today's networked societies revolve around accessing the worldwide information
superhighways. As more people log-on to the network and more and more
activities take place through networks, online security is of utmost importance.

DEPT OF ECE,K.S.I.T Page 33

SMART CARDS

BENEFITS OF SMART CARDS

Benefits

1.CONVENIENCE

 Light and easy

 Easy to use
 Portable
 Can be used independent of terminal devices.
 Secret place for storing information.

2.INTELLIGENCE

 Capable of processing, not just storing information.

 Communicating with computing devices.
 Information and applications on a card can be updated without having to
issue new cards

3.MULTIFUNCTIONALITY

The processing power of a smart card makes it ideal to mix multiple

functions. For example, government benefit cards will also allow users access to
other benefit programs such as health care clinics and job training programs. A
college identification card can be used to pay for food, phone calls and
photocopies, to access campus networks and to register classes. By integrating
many functions, governments and colleges can manage and improve their
operations at lower costs and offer innovative services.

DEPT OF ECE,K.S.I.T Page 34

SMART CARDS

4.ECONOMIC BENEFITS

Smart cards reduce transaction costs by eliminating paper and paper

handling costs in hospitals and government benefit payment programs. Contact
and contactless toll payment cards streamline toll collection procedures, reducing
labor costs as well as delays caused by manual systems. Maintenance costs for
vending machines, petroleum dispensers, parking meters and public phones are
lowered while revenues could increase, about 30% in some estimates, due to the
convenience of the smart card payment systems in these machines.

5.CUSTOMIZATION

A smart card contains all the data needed to personalize networking, Web
connection, payments and other applications. Using a smart card, one can establish
a personalized network connection anywhere in the world using a phone center or
an information kiosk. Web servers will verify the user's identity and present a
customized Web page, an e-mail connection and other authorized services based
on the data read from a smart card. Personal settings for electronic appliances,
including computers, will be stored in smart cards rather than in the appliances
themselves. Phone numbers are stored in smart cards instead of phones. While
appliances become generic tools, users only carry a smart card as the ultimate
networking and personal computing device.

6.SECURITY

 Chip is tamper-resistant.
 Information stored on the card can be PIN code and/or read-write
protected.

DEPT OF ECE,K.S.I.T Page 35

SMART CARDS

The most common method used for cardholder verification at present is to

give the cardholder a PIN (Personal Identification Number) which he or she has
to remember.

 Who can access the information?

Everybody - Some smart cards require no password. Anyone holding the card
can have access (e.g. the patient's name and blood type on a Medi Card can be
read without the use of a password).

Card Holder Only - The most common form of password for card holders is a
PIN (Personal Identification Number), a 4 or 5 digit number which is typed in on a
key pad. Therefore, if an unauthorized individual tries to use the card, it will lock-
up after 3 unsuccessful attempts to present the PIN code. More advanced types
of passwords are being developed.

Third Party Only - Some smart cards can only be accessed by the party who
issued it (e.g., an electronic purse can only be reloaded by the issuing bank).

 How can the information be accessed?

Information on a smart card can be divided into several sections:- read
only, added only, updated only and no access available.
 Capable of performing encryption.
 Each smart card has its own, unique serial number.
 Using biometrics for security.
In production systems using fingerprint recognition, the fingerprint sensor is
in the terminal, but the fingerprint profile data may be either in the terminal side of
the card-to-terminal interface, or preferably held within the card itself (a
fingerprint profile takes up only a few hundred bytes of data space). Prototype
cards where the fingerprint sensor is on the card surface are now in development
and may one day be a commercial proposition. In the meantime, a number of
major national schemes around the world are incorporating fingerprint biometrics
using optical or proximity readers associated with keyboards, mice and point-of-
sale terminals.
DEPT OF ECE,K.S.I.T Page 36
SMART CARDS

7.PESONALISATION

There are two types of personalisation.

 The first one is the Electronic Personalisation, which means writing the data
(particular data, fingerprint minutiae, variable data, etc.) into the chip.
 The second is the Graphical Personalisation, which means printing the
required optical layout on the card surface (Text, Photos, Signature, and Graphics).

CONCLUSION

DEPT OF ECE,K.S.I.T Page 37

SMART CARDS

Smart card is an excellent technology to secure storage and

authentication. If an organization can deploy this technology selecting the right
type of solutions which is cross platform compatible and supports the standards
required, it would be economical as well as secure. This technology has to be
standardized and used in various applications in an organization not just for
physical access or information access. Various developments are happening in
the smart card industry with respect to higher memory capacities and stronger
encryption algorithms which could provide us with much tougher security. But we
need to understand that we will achieve better security only if we have users
educated to use these technology with at most care. A smart world is the future.

BIBLIOGRAPHY
DEPT OF ECE,K.S.I.T Page 38
SMART CARDS

1. Information Technology Magazine - June 2003 edition.

2. “What’s so smart about smart cards?” 2002,Gemplus C.A.
http://www.gemplus.com/basics/index.html
3. "Understanding Smart Technology" Ahmed Qurram Baig, CSSP Jan 13,
2003.
4. http://www.smartcardforum.org
5. “Contactless Technology for Secure Physical Access: Technology and
Standard Choices”, Smart card Alliance, 2002.
http://www.smartcardalliance.org/Contactless/whitepaper.cfm
6. “Why Use a Biometric and a Card in the Same Device?”
http://www.bitpipe.com/data
7. "Smart Card Technical Capabilities" Won. J. Jun, Giesecke & Deverent July
8, 2003.
8. "Smart Cards - Enabling Smart Commerce in the Digital Age"
http://www.smartcards.com/CREC-KPMG White Paper Smart Cards.htm
9. http://www.linuxnet.com/muscle.htm
10. "Smart Card Basics and Security Overview"
http://www.smartcardbasics.com

DEPT OF ECE,K.S.I.T Page 39

SMART CARDS

ABSTRACT

Smart Cards are handy bits of plastic with embedded microprocessor or

memory chips that are used for identification. Smart cards look like a credit card in
size but have a computer chip embedded in them. The chip has a certain amount of
memory capable of storing data, with a Card Operating System (COS), which is
protected with advanced security features. Smart cards when coupled with a reader
has the processing power to serve several different applications.

Smart cards can be considered as the world’s smallest computers. It’s

quite possible that smart cards will follow the same trend of rapid increases in
processing power that computers have, following "Moore’s Law" and doubling in
performance while halving in cost every eighteen months. As their capabilities
grow, they could become the ultimate thin client, eventually replacing all of the
things we carry around in our wallets, including credit cards, licenses, cash, and
even family photographs. Smart cards have tremendous applications starting from
the simple driving license to biometrics.

DEPT OF ECE,K.S.I.T Page 40

SMART CARDS

CONTENTS

1. INTRODUCTION
a) An Introduction to Smart Cards 1-2
b) Definition of Smart Cards 2-3
2. EVOLUTION OF SMART CARDS
a) History of Smart Cards 3-4
b) Current trends 4
3. CLASSIFICATION OF SMART CARDS
a) Memory Cards 5-6
b) Microprocessor/Intelligent Smart Cards 6-7
4. CARD ACCEPTANCE DEVICE (CAD) 7-9
5. DIFFERENT CONTACT INTERFACES
a) Contact Smart Cards 10
b) Contactless Smart Cards 11-12
c) Combi/Dual Interface Smart Cards 12-13
6. ISO STANDARDS FOR SMART CARDS
a) Standard dimensions of a Smart Card 14
b) Contacts of the Smart Card module 15
7. TECHNOLOGICAL FEATURES
a) The Chip 16-17

b) Card Operating System(COS) 17-19

c) Smart Card Directory Features 20

d) Application Protocol Data Units(APDU) 21

8. FABRICATION OF SMART CARDS 22-27

9. APPLICATIONS OF SMART CARDS 28-33
10. BENEFITS OF SMART CARDS 34-37
11. CONCLUSION 38

DEPT OF ECE,K.S.I.T Page 41