What Makes Smart Cards So Smart?

E mpty out the contents of your wallet, and you're likely to find a jumble of plastic and paper, several credit cards, a driver's license, a health- care ID and perhaps even a few frequent-flier cards. You also might find a fistful of dollar bills accompanied by chunks of loose change.

What if you could magically combine all of those things into one neat package? Instead of digging for coins when you make a phone call, hop onto the subway or drive through the toll booth, just insert the card into a special slot. That's the promise of smart cards.

At its simplest, a smart card is a credit-card size1 tamper-proof plastic2 payment card that has a microprocessor chip embedded into its body. Smart cards typically store 500 times3 the data of a magnetic strip card and offer functions for secure information storage and information processing utilizing VLSI4 chip technology. They use a serial interface and receive their power from external sources such as a smart card reader. The processor uses a limited instruction set for applications such as cryptography.

The primary duty of the embedded microprocessor in the smart card is security. This chip controls a secure file system that computes cryptographic functions and actively detects invalid access attempts. The host computer and smart card reader actually "talk" to the microprocessor, granting access to the data on the card. With the proper application of file-system access rights, a smart card can be safely used by multiple, independent applications.

The ancestors of today's smart cards were the plastic "identity tokens" used in the retail financial marketplace. These "tokens" were a significant improvement allowing merchants to accept payment in an abstract form (essentially "on credit") from customers whose identity they could not personally vouch for.

As the convenience of credit cards became better established and their use became more accepted, it became essential to maintain interoperability among credit cards from various issuers and different transaction equipment from more than one vendor, and in more than just one country. The initial task of worldwide interoperability rested in the early establishment of international standards for the smart cards and the equipment to utilize them.

The venue of choice for establishing such standards was the International Standards Organization (ISO). Additionally, the International Electrotechnical Commission (IEC) collaborated with the ISO in the development of standards. In the United States, the American National Standards Institute (ANSI) functioned as a primary standard-setting body. Some of the accepted standards were ISO standards, and others were joint ISO/IEC/ANSI standards accepted by all three bodies.

A smart card differs from a magnetic stripe card, or typical credit card, in that a magnetic stripe card has no VLSI circuitry and thus no active security procedures or built-in tamper-resistance. Therefore, the stripe is really not the best place to store sensitive information. Anyone with an appropriate credit card reader can skim whatever data there is on the magnetic stripe card.

The smart card also is distinguished from "SuperSmart" or "token" cards, which require a small LCD (liquid crystal display) to indicate the time of day encrypted using an internal key, programmed at the time of card manufacture. These cards have no storage capabilities and no interface to external computer systems. They perform a single, well-defined function used in authentication protocols.

Within the family of smart cards, there are two primary categories: cards with contacts and cards without contacts. Contact cards contain physical contact points on the surface of the card that allow transmission of commands, data and status information between the card and a card reader. A contact card requires insertion into a smart card reader with a direct connection to a conductive micromodule on the surface of the card (typically gold plated). It is via these physical contact points that transmission of commands, data and card status takes place.

A contactless card requires only close proximity to a smart card reader, typically two to three inches for non-battery-powered cards, which is ideal for applications such as mass transit that require fast card interface. Both the smart card reader and the contactless smart cards have an antenna, and it is via this contactless "link" that the two communicate. Most contactless cards also derive power for the internal chip from this electromagnetic signal via induction rather than through one of the contacts.

Additionally, two additional subcategories have developed from the contact and contactless cards: hybrid cards and combi cards.

A hybrid card has two chips, each with its respective contact and contactless interface. The two chips are not connected, but for many applications this hybrid serves the needs of consumers and card issuers.

Just emerging is the combi card, which is a single chip card with a contact and at the same time a contactless interface. With combi cards, it is now possible to access the same chip via a contact or contactless interface, with a high level of security. The transportation and banking industries are expected to be the first to take advantage of this technology.

The computer chips used in all of these cards fall into two basic categories as well: memory chips and microprocessor chips.

Think of the memory chip as a small floppy disk with optional security. Memory cards can hold from 103 bits to 16,000 bits of data. They are less expensive than microprocessor cards but with a corresponding decrease in data management security. They depend on the security of the card reader for their processing and are ideal when security requirements permit use of cards with low to medium security.

The microprocessor chip can be thought of as a miniature computer with an input/output port, operating system and hard disk. Microprocessor chips are available in 8-, 16- and 32-bit architectures. Their data-storage capacity ranges from 300 bytes to 32,000 bytes, and larger sizes are expected as semiconductor technology advances.

In the next few years, it is expected that 16- and 32-bit RISC processors running at 20MHz are likely to become available on smart cards. This will define a new generation of smart cards - the power requirements and frequency radiation of these processors cannot be handled within the current standard format.5

A card must not be able to access the application until the following "handshaking" checks have been completed successfully:

+ Card authentication - Establishing that the card is genuine (not forged, counterfeited or tampered with).

+ Card reader authentication - Establishing that the card reader is genuine.

+ Cardholder access - Making sure that the cardholder is authorized to use particular services.

Of major concern for potential smart card users is security against fraud and preventing the release of their confidential financial or personal information to unauthorized individuals. A variety of security precautions can be integrated into smart cards during their fabrication, with the specifications scaled to the relative importance of the security issues for various applications.

For those applications for various services, or for purchases of low value, the level of security is not required to be very high. However, for sophisticated smart card use in banking transactions, or for the transport of confidential personal information, the level of security must be high and must have the complete confidence of both customer and provider.

There are two main approaches to ensuring security:

+ Encryption - Information is disguised to hide its substance from unauthorized access. Encryption also can be used to verify the integrity of information - for example, by applying a digital signature. The most secure smart cards include a separate co-processor for advanced encryption processes.

+ Biometrics - Where unique physical or behavioral characteristics of the cardholder are used - such as fingerprints, eye (retina) patterns, signatures and voice characteristics.

Incorporated into smart card design is a physical tamper-resistance circuitry that responds to interference by blocking the output function. Covering the chip is a dielectric "passivation layer" designed to protect the chip from impurities and dust and prevent passage of radiation associated with illegal probes, including electron-beam microscopy. The circuitry is capable of reacting to light (indicating the passivation layer has been broken), temperature, voltage and frequency fluctuations outside the specified operating range.

There are physical memory-protection mechanisms, including memory scrambling, that make reverse engineering more difficult and hinder an attack trying to erase, or "skim," selected data items in the memory. Once tests have been passed and the card is ready for distribution to issuers, fuses are then used during the manufacturing cycle to permanently disable various "test" mode(s), which adds another level of security.

Let us not forget that security breaches commonly occur within existing credit cards, checks and health-record systems. Smart cards reduce the risk of such breaches to levels well below those already existing in other systems. The risk of disclosure of confidential information or processes is still the most sensitive aspect for both smart cards and other applications in the general field of electronic commerce.

Besides the security attributes, integrated into smart card design, there exists the ability to keep records of sequential invalid access attempts. This technology will deny further access to the card or to the targeted file once the count reaches a certain limit. In some forms, the limit is configurable, while in others it is fixed at a small number such as 3 or 7.

When a valid access is reached, the count is reset to zero. Exceeding that limit either invalidates the card entirely or puts it in a state where only a limited set of operations are available. Denial of access after a small number of invalid attempts is reached halts any "password guessing" attacks on the card.

Smart card usage6, can be grouped into three basic types of market segments:

1. Authentication applications - Smart cards can authenticate cardholders and smart card readers, thus allowing cardholders to gain access to a system to make transactions and electronically assign them complete transactions locally without the delay of online processing.

2. Stored-value transactions - Units of value are stored on the smart card as the electronic equivalent of cash and later used for purchases. It also is used to store value as credits for goods and services - for example, ticketing or canteen facilities. Smart cards are increasingly being used as "loyalty cards" to provide incentives to customers by storing token values when purchases are made. More sophisticated smart cards have the ability to be "recharged" with value. Other variations of smart cards are discarded when the credits are used up. In either case, smart cards remove the handling and record-keeping associated with collection, collating or issuing of cash or items of value.

3. Data and information - Smart cards can be used to store portable records that need to be independent of fixed locations - for example, vital medical information. Thus, instead of just indicating that a person has medical insurance, a card can store details of the coverage and provide basic medical information, such as lists of drug sensitivities, current conditions being treated, the name and phone number of a patient's doctor and other facts vital in an emergency. They could be used for any application where information needs to travel with that object.

Next generation smart cards offer network access, e-commerce, wireless services and much more. To ensure widespread adoption of these services, researchers must make sure that the programs, or applets, implementing these services do not compromise the security of the systems.

Researchers are performing innovative work to develop validation for smart card products and special tools that go far beyond conventional testing. Several different types of personalized smart cards also are being tested.

Because of the rapid changes in technology and the varying applications, it would appear likely that a large number of smart cards gradually will appear within the next five years. If this becomes the case, then interoperability and a common set of standards will be even more necessary to encourage widespread adoption by the consuming public.

1 ISO 7813 defines the card size as: Width 85.47mm - 85.72mm, Height 53.92mm - 54.03mm, Thickness 0.76mm + 0.08mm. (The thickness dimension is particularly critical in smart card applications because any variation in thickness can cause communication failure).

2 PVC was traditionally used in the manufacture of cards and enabled a higher printing resolution. Such cards are laminated as three layers with transparent overlays on the front and back. More recently, ABS has been used which allows the card to be produced by an injection-molding process.

3 Smarts cards may have up to 1 Kbytes of RAM, 16 Kbytes of programmable read-only memory, 24 Kbytes of read-only memory (ROM), with an 8-bit microprocessor running at 5 MHz.

4 Very Large Scale Integration; integration of thousands or more transistors on a single chip, enabling single-chip implementations of CPU, RAM, ROM, etc.

5 Range from ISO/IEC 7810 - 1995-08-15, through ISO 7816-6, which define the physical characteristics, recording techniques, definition of Integrated Circuits (IC Chips) and their contact specifications, protocols and data elements of smart cards. The initial specification that leads to smart cards is ISO/TEC 7810, which defines physical characteristics labeled ID-1, which details the generally accepted size and shape of a credit card, or smart card. The ID-2 and ID-3 labels are simply larger sizes, but with the same physical definitions as ID-1 card types.

6 Based upon the CCTA Report, 1994, from the United Kingdom Government Centre for Information Systems.