Smart card
From Wikipedia, the free encyclopedia
A smart card, chip card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic such as PVC.
Contents |
[edit] Overview
A "smart card" is also characterized as follows:
- Dimensions are normally credit card size. The ID-1 of ISO 7810 standard defines them as 85.60 × 53.98 mm.
- Contains a security system - tamper-resistant properties (e.g. a secure cryptoprocessor,secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).
- Asset managed by way of a central administration system which interchanges information and configuration settings with the card through the security system. The latter includes card hotlisting, updates for application data.
- Card data is transferred to the central administration system through card reading devices, such as ticket readers, ATMs etc.
[edit] Benefits
Smart cards provide a means of effecting business transactions in a flexible, secure way with minimal human intervention and in a standard way..
[edit] History
Smart cards were invented and patented in the 1970s. There are some disputes regarding the actual "inventor"; claimants include Jürgen Dethloff of Germany, Kunitaka Arimura of Japan, and Roland Moreno of France. The first mass use of the cards was for payment in French pay phones, starting in 1983 (Télécarte).
Roland Moreno actually patented the concept of the memory card in 1974. In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced by Motorola. Today, Bull has 1200 patents related to smart cards.
The second use was with the integration of a microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant's terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.
Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account, so that machines accepting the card need no network connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), the Netherlands (Chipknip and Chipper), Switzerland ("Cash"), Sweden ("Cash"), Finland ("Avant"), UK ("Mondex") and Denmark ("Danmønt").
The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones in Europe, smart cards have become very common.
The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.
With the exception of the United States there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country's national payment association, in coordination with MasterCard International, Visa International, American Express and JCB, develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.
The backers of EMV claim it is a paradigm shift in the way one looks at payment systems. Though some banks are considering issuing one card that will serve as both a debit card and as a credit card, the business justification for this is still quite elusive. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.
For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen. The current level of fraud a country is experiencing determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.
Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA. Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though the MIFARE card from Phillips has a considerable market share in the US and Europe.
Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent, and contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.
[edit] Contact Smart Card
Contact Smart Cards have a small gold chip about ½ inch in diameter on the front. When inserted into a reader, the chip makes contact with electrical connectors that can read information from the chip and write information back.
The ISO/IEC 7816 and ISO/IEC 7810 series of standards define:
- the physical shape
- the positions and shapes of the electrical connectors
- the electrical characteristics
- the communications protocols
- the format of the commands sent to the card and the responses returned by the card
- robustness of the card
- the functionality
The cards do not contain batteries; energy is supplied by the card reader.
[edit] Contact Smart Card Reader
Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer.
[edit] Contactless Smart Card
A second type is the contactless smart card, in which the chip communicates with the card reader through RFID induction technology (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where smart cards can be used without even removing them from a wallet.
The standard for contactless smart card communications is ISO/IEC 14443, dated 2001. It defines two types of contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There had been proposals for ISO 14443 types C, D, E and F that have been rejected by the International Organization for Standardization. An alternative standard for contactless smart cards is ISO 15693, which allows communications at distances up to 50 cm.
Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications.
[edit] Americas
[edit] Asia
| Place | Card | Provider | Introduction |
|---|---|---|---|
| Beijing | Yikatong card | 2003 | |
| Busan | Hanaro Card | Busan Hanaro Card Company | 1997 |
| Mybi | Mybi | 2000 | |
| New Delhi | Delhi Metro Smart Card | Delhi Metro Rail Corporation | 2005 |
| Kolkata | Kolkata Metro Smart Card | Kolkata Metro Rail Corporation | - |
| Guangzhou | Yang Cheng Tong | Yang Cheng Tong Corporation | December 2001 |
| Hamamatsu | NicePass | Enshu Railway | October 2004 |
| Hong Kong | Octopus | Octopus Cards Limited | 1997 |
| İzmir | Kentkart | Kentkart | 1997 |
| Iran | Special disease card | [1]IdehGostar Company | Implemented on 2005 |
| Jamshedpur, India | Xavier Labor Relations Institute smart card | XLRI Card | 2006 |
| Japan | Tobacco Card | Tobacco Institute of Japan and others | 2008 |
| Kaohsiung | TaiwanMoney Card | MasterCard, Cathay United Bank, Acer e-Service | June 2006 |
| Kagoshima | RapiCa | Kagoshima City Transportation Bureau, Nangoku Kotsu, and JR Kyushu Bus | April 2005 |
| Kanazawa | ICa | Hokuriku Railroad | December 2004 |
| Malaysia | Touch 'n Go | Teras Teknologi Sdn Bhd | 1997 |
| Matsuyama | IC e-card | Iyo Railway | October 2005 |
| Nagasaki | Nagasaki Smart Card | Nagasaki Prefecture Transportation Bureau and other 5 bus operators | January 2002 |
| Greater Nagoya | TOICA | JR Central | November 2006 |
| Okayama | Hareca | Okayama Electric Tramway, Ryobi Bus, Shimotsui Dentetsu | October 2006 |
| Osaka-Kobe-Kyoto | ICOCA | JR West | November 2001 |
| Osaka-Kobe-Kyoto, Okayama and Shizuoka | PiTaPa | Surutto Kansai Association, comprised of various private operators | October 2004 |
| Malaysia: Petaling Jaya | Sri KDU eWallet | Sekolah Sri KDU | 2003 |
| Seoul Metropolitan Area | T-Money | Korea Smart Card Co. Ltd. | July 2004 |
| Upass | Seoul Metropolitan Bus Operater Association | June 1996 | |
| hi-pass/hi-pass plus | Korea Highway Corporation | 2000 | |
| Shanghai | Shanghai Public Transportation Card | December 1999 | |
| Shenzhen | Shenzhen TransCard | Shenzhen TransCard Corporation | December 2004 |
| Shizuoka | LuLuCa | Shizuoka Railway and Shizutetsu Just Line | March 2006 (Shizutetsu Just Line), October 2006 (Shizuoka Railway) |
| Singapore | EZ-Link | EZ-Link Pte Ltd | 2001 |
| Taichung | ECard (Smart Card) | Taiwan Smart Card Corporation | August 2004 |
| Taipei | EasyCard | Taipei Smart Card Corporation | March 2000 |
| Takamatsu | IruCa | Takamatsu-Kotohira Electric Railroad and Kotoden Bus | February 2005 |
| Tehran | Metro Card (Tehran) | Processing World Co./ASCOM | Implemented on 2002 |
| Thailand | ThaiSmartCard | Thai Smart Card Co.,Ltd. | December 2005 |
| Greater Tokyo Area | PASMO | PASMO Corporation, associated with various private operators | March 2007 |
| Greater Tokyo Area, Sendai and Niigata | Suica | JR East, JR Bus Kanto, Saitama New Urban Transit, Sendai Airport Transit, Tokyo Monorail, and Tokyo Waterfront Area Rapid Transit | November 2001 (JR East) |
| Tokyo | Setamaru | Tokyo Kyuko Electric Railway (Setagaya Line only) | July 2002 |
| Toyama | passca | Toyama Light Rail | April 2006 |
[edit] Europe
| Place | Card | Provider | Introduction |
|---|---|---|---|
| Funchal | Giro | Horarios do Funchal | February 2007 |
| Aveiro | MoveAveiro | Transportes Urbanos de Aveiro | 2002 |
| Bordeaux | Le Pass | Tram et Bus de la CUB | 2003 |
| Bucharest | Cardul Activ | RATB | 2006 / 2007 |
| Cheshire | Cheshire Travelcard | Cheshire County Council | 2002 |
| Dublin | Luas smartcard | ITS | March 2005 |
| Guernsey | Multi Journey "Wave & Save" | Island Coachways | Unknown |
| Kraków | Cracow City Card | October 2005 | |
| Lancashire & Cumbria | NoWcard - Concessionary Travel Card for the Elderly & Disabled | Lancashire & Cumbria District Concessionary Travel Authorities | Being ' rolled out' across the region from September 2006, initially with Blackpool Transportfollowed up by Rossendale Transportin March 2007, then Stagecoach and Blazefield companies |
| Lisbon | LisboaViva card | [[Otlis[[2]] | November 2001 |
| Lisbon | Lisboa Card | Transportation and Culture | May 2005 |
| Lisbon | 7 Colinas | Transportation | May 2005 |
| London | Oyster card | Transport for London | January 2004 |
| Lyon | Carte Técély | Transports en Commun Lyonnais | Unknown |
| Madrid | Sube-T | Consorcio de Transportes de Madrid | |
| Málaga | Billete Único | Consorcio de Transportes del Área de Málaga | February 2005 |
| Moscow | Transport Card | Moscow Metro | September 1, 1998 |
| Moscow | Transport Card | Mosgortrans | Introduced on May 12, 2001. Fully implemented on all routes in April 2006. 3 of 689 routes now working without turnstiles. |
| Nottingham | EasyRider | Nottingham City Transport | September 2000 |
| The Netherlands | OV-chipkaart | Trans Link Systems | 2006 / 2007 |
| Oulu | Bus Card | Koskilinjat OY | January 1992 |
| Palma de Mallorca | Targeta ciutadana | [3] | January 2006 |
| Paris | Navigo card | STIF | October 2001 |
| Porto | Andante | Transportes Intermodais do Porto | 2002 |
| Saint Petersburg | Contactless Smart Card | Saint Petersburg Metro | 2004 |
| South Jutland (Sønderjylland) | Elektronisk Klippekort | Sydbus | 2001 |
| Tours | Multipass | Multipass Centre | 2002 |
| Warsaw | Warsaw City Card (Karta Miejska) | ZTM | October 2001 |
| Chelyabinsk (Russia) | [Uralinfotect] | [CFT] | 2004 |
| Novosibirsk (Russia) | [city administration] | [CFT] | 2006 |
[edit] Oceania
| Place | Card | Provider | Introduction |
|---|---|---|---|
| Brisbane | Translink SmartCard | TransLink / Cubic | Early 2007 (subject to Pilot results) |
| Christchurch | metrocard | Metro | 2004 |
| Hamilton, NZ | BUSIT! Cards [4] | Environment Waikato | Unknown |
| Melbourne | myki | Kamco | 2007 |
| Perth | SmartRider | Transperth and Wayfarer Transit | April 2006 |
| Sydney | Tcard | NSW Ministry of Transport |
2005 (schoolchildren) 2006-2007 (general public) |
A related contactless technology is RFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection. RFID devices usually do not include writeable memory or microcontroller processing capability as contactless smart cards often do.
There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Porto's multi-application transport card, called Andante, that uses a chip in contact and contactless (ISO 14443B).
Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-in inductor to capture some of the incident radio-frequency interrogation signal, rectify it, and use it to power the card's electronics.
[edit] Communication protocols
| Name | Description |
|---|---|
| T=0 | Byte-level transmission protocol |
| T=1 | Block-level transmission protocol |
[edit] Cryptographic smart cards
Most advanced smart cards are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and DSA on board. Today's cryptographic smart cards are also able to generate key pairs on board, to avoid the risk of having more than one copy of the key (since by design (usually) there isn't a way to extract the keys from a smart card).
Such smart cards are mainly used for digital signature and secure identification (see applications section).
The most common way to access cryptographic smart card functions on a computer is to use a PKCS#11 library provided by the vendor. On Microsoft Windows platforms the CSP API is also adopted.
The most wide used cryptographics in smart card (exclude GSM so-called "crypto algoritm") is a DES (Triple DES) and RSA. The key set usually loaded (DES) or generated (RSA) on personalization stage. A DES key set typicaly used for sign|crypt card<->host data. A RSA keys used in banking|passport cards for sign card|transaction data (EMV). Special class (not wide one) of the smart cards (tokens) correspondence PKCS#11.
[FIXME. (That last paragraph needs some serious editing to be coherent and to be English.)]
They often include a random number generator.
[edit] Applications
[edit] Financial
The applications of smart cards include their use as credit or ATM cards, in a fuel card, SIMs for mobile phones, authorization cards for pay television, high-security identification and access-control cards, and public transport and public phone payment cards.
Smart cards may also be used as electronic wallets. The smart card chip can be loaded with funds which can be spent in parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. Examples are Proton, GeldKarte, Moneo and [[Quick E
[edit] Identification
A quickly growing application is in digital identification cards. In this application, the cards are used for authentication of identity. The most common example is in conjunction with a PKI. The smart card will store an encrypted digital certificate issued from the PKI along with any other relevant or needed information about the card holder. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are a privacy-enhancing technology, for the subject carries possibly incriminating information about him all the time. By employing contactless smart cards, that can be read without having to remove the card from the wallet or even the garment it is in, one can add even more authentication value to the human carrier of the cards.
The first smart card driver's license system in the world was issued in 1995 in Mendoza, a province of Argentina. Mendoza has a high level of road accidents, driving offenses, and a poor record of recovering outstanding fines.[citation needed] The smart licenses keep an up-to-date record of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph of the holder. Emergency medical information like blood type, allergies, and biometrics (fingerprints) can be stored on the chip if the cardholder wishes. The Argentina government anticipates that this new system will help to recover more than $10 million per year in fines.
Gujarat was the first state in India to introduce the smart card license system in 1999. To date the Gujarat Government has issued 5 million smart card driving licenses to its people.[citation needed] This card is basically a plastic card having ISO 7810 certification and integrated circuit, capable of storing and verifying information according to its programming.
Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card usually implements some cryptographic algorithm. Information about the inner workings of this algorithm can be obtained if the precise time and electrical current required for certain encryption or decryption operations is measured. A number of research projects have now demonstrated the feasibility of this line of attack. Countermeasures have been proposed.
[edit] Other
Smart cards are widely used to protect digital television streams. See television encryption for an overview, and VideoGuard for a specific example of how smartcard security worked (and was cracked).
[edit] Problems
Another problem of smart cards may be the failure rate. The plastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction. A card enclosure might be a good idea.
[edit] See also
- Electronic money
- EMV credit cards
- Java Card
- BasicCard
- MULTOS
- Biometrics
- RFID
- SIM
- Electronic passport
- Snapi
- Telephone card
[edit] Books
- W. Rankl & W. Effing, Smart Card Handbook, John Wiley & Sons, 1997, ISBN 0-471-96720-3
- Scott B. Guthery & Timothy M. Jurgensen, SmartCard Developer's Kit, Macmillan Technical Publishing, 1998, ISBN 1-57870-027-2, http://www.scdk.com/
[edit] External links
- Smart card at the Open Directory Project (suggest site)
- Smart Card Basics
- Smart Card Research and Training
- Latest Information on Smart Cards
- Introduction to Smart Cards
- Smart Card Factory Issues
- Smart Card Alliance
- OpenSC (open source smart card framework)
- Smart cards resources at the CITI (University of Michigan)
- The Open Card Consortium. http://www.opencard.org
- Asia Pacific Smart Card Forum
- FSFE's Crypto card Free Software Foundation Europe distribute smart cards which implement GnuPG
- ITSO
- GlobalTester - Open Source Tool for testing Smart Cards
[edit] Encryption
- The SmartCard Networking Forum
- Calypso Networks Association
- Calypso Standard
- Linux support for laptops with Smart Card readers.
[edit] Patents
- U.S. Patent 3971916 -- Methods of data storage and data storage systems
- U.S. Patent 4007355 -- Data-transfer system
- U.S. Patent 4092524 -- Systems for storing and transferring data
- U.S. Patent 4102493 -- Systems for storing and transferring data
- U.S. Patent 4211919 -- Portable data carrier including a microprocessor
- ES Patent ES2186534 -- Smart card reader for authentication and e-payment, including USB Token
[edit] Commercial Links
- AESYS, smartcard Security
- CardWerk - Smart Card Consulting and Software Development
- Smart Card News
- Smart Card Experts
- Oberthur Card Systems
- Giesecke & Devrient
- Gemalto
- Smartflex Technology
- FIME Laboratories
- CardsNow!Asia News
- Secure ID News
- Contactless News
- TechCard
- part of the ISO organization responsible for SmartCards
- Contactless Smart Card Manufacturers
- Loyalty Management
- Thames Group
- Metaca Corporation
- Sagem Orga
- HJP Consulting - The Smart Card Architects
