SMART CARDS
W. Kinsner
Department of Electrical & Computer Engineering
University of Manitoba
Developed for Course
24.424 Microprocessor Interfacing
October 10, 1999
Overview
- A smart card is similar in size to today's plastic credit card, as shown in Fig. 1 on the right, and has a chip embedded in it, as shown in Fig. 2 on the left. Smart cards differ from credit cards in using onboard memory chips and microprocessors or microcontrollers instead of magnetic strips. Generically, they are often referred to as chip cards. Each chip can hold 100 times the information contained on a standard magnetic-stripe card. Smart cards make personal and business data available only to the appropriate users. Banks, telecommunications, computer software and hardware companies, and airlines all have the opportunity to tailor their card products and services to customers. The set of applications available on smart cards may also help their customers.
Pervasiveness of Smart Cards
- In 1997, there were 1.3 billion smart cards in use. According to the consulting firm Frost & Sullivan, more than 676 million chip cards were issued in 1996. The approximate breakdown is as follows: 575 million phone; 15 million GSM; 36 million financial; 30 million dataq & ID cards, 17 million pay TV, and 3.8 million other cards. By the year 2000, an estimated 2.8 billion smart cards will be issued annually in the world.
All of the 80 million people in Germany now carry health care smart cards. Schlumberger, a major smart card manufacturer, predicts that, by the year 2001, more than 250 million patients In Europe and Asia will have health care smart cards. France will soon start using smart cards that talk to special "pay poles". Their public transportation system has ordered 15 million "contactless" smart cards that only need to be aimed at a pole for verification.
Original Patents
- Roland Moreno, a Frenchman, patented the concept of the memory card in 1974. In 1977, Michel Ugon (shown in the photograph, Fig. 3) from Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced on by Motorola. Today, Bull has 1200 patents related to smart cards.
Functional Types of Chip Cards
- Today, there are five types of chip cards:
- Memory cards
- Processor cards
- Electronic purse cards
- Security cards
- JavaCard
Memory cards contain only memory chips that can be preloaded and depleted, but their operational capabilities cannot be modified after cards have been produced. Clearly, these simplest read-only memory (with no processor) "stored-value cards" are not very "smart." The smarts come from a terminal, or in the case of phone cards, from the telephone. Such protected memory cards are used for stored-value (credit and debit), but not for security. The most common use of such cards today is for prepaid phone cards. The memory in 1997 was up to 20 Kbytes (KB). In 1998, the memory increased to 64K (e.g., ST19SF64 from SGS Thomson). Today, it is 1 MB.
Unlike the memory cards, the smart cards have embedded within them a processor and often a cryptographically enhanced co-processor. As shown in Fig. 4, the standard smart card microcontroller contains a CPU and blocks of memory including RAM, ROM, and some sort of nonvolatile memory (usually EEPROM). Today's smart card controller typically includes an 8-bit CPU (such as the Motorola 68HC05), 128 to 780 bytes of RAM, 4 to 20 KB of ROM, 1 to 16 KB of EEPROM on a single die, and (optionally) an on-chip hardware encryption module. There are plans for 32-bit RISC machines. Many chips use 0.6 to 0.8 µm geometries and die area of less than 25 mm squared.
Fig. 4. Architecture of a standard smart-card embedded microcontroller.
Cryptographically enabled smart cards, such as used by Netscape, will have a CPU, an advanced cryptographic coprocessor, EE-PROM, RAM, and run at 5 MHz. The advance of the new crypto cards is that they enable public key encryption, whereas older smart card technology could do cryptographic functions but it was slow (and used what is called private key encryption, which used only one key). Crypto smart cards can be configured to prevent "sequence attacks" in which the card is disabled if a PIN (personal identification number) is entered beyond a certain number of tries. They are still a small proportion of the overall market for smart cards.
Interface Types of Chip Cards
- The chip communicates either directly via a physical gold contact or remotely via a contactless electromagnetic interface. Consequently, smart cards typically fall into three categories:
- contact,
- contactless, and
- hybrid (combi).
Contact smart cards need to be inserted into smart card readers, which touch a conductive module on the surface of the card. Data, algorithm, and other information are transmitted via the physical contacts.
Contactless smart cards, on the other hand, make use of an electromagnetic signal and an antenna embedded within each card to create the interaction between the card and the card reader. The radio frequencies employed also provide the card with its power source. These nonbattery-powered cards need to come within 2 to 3 inches of the card reader to be powered. "Fast card" interfaces, such as those used by transportation fare cards, have greatly benefited from the contactless interface, which allows a customer to move the card near the device, instead of inserting and removing a card, which can slow down lines.
Hybrid smart card (also commonly referred to as combi smart cards) are dual-chip cards; with each chip having its respective contact and contactless interface, not connected to each other inside the card. Strictly speaking, the combi cards are different from hybrids in that they carry only a single chip that has both contact and contactless interfaces, either of which can communicate between chip and card reader.
Applications
-
- Smart Telephone Cards - A timer deducts your balance dynamically.
- Electronic Wallet - Replacing coins and paper money.
- Passports - The card acts as the repository for tickets and vouchers.
- Keys - Storage of security keys, passwords and access.
- Medical Records - Repository of medical history and insurance information.
- TV Top Terminals - Key to controlling access to TV programming.
- Food Stamps - Eliminate paper and allows tracking of every dime.
Horizontal standards
- The standards can classified as "horizontal" and "vertical". Horizontal standards can be used by all applications, while vertical standards are specific to a system.
Vertical standards
- A number of standards have also been defined for specific applications, including digital cell phones, credit card functions (Europay, Mastercard, Visa) and electronic purses (Visacash, Multos, Proton).
- Mondex -- digital cash that uses smart cards only. The Mondex approach does not allow cash to exist outside of the card.
- VisaCash -- debit card that keeps track of the cards on the server.
- Proton -- another form of E-cash.
- MPCOS-EMV -- general-purpose card that lets you implement your own type of currency or token.
Other vertical standards are described by the Smart Card Industry Association, SCIA.
Card Developers
- A number of developers provide compliant smart cards, including
as well as industry giants
Chip Manufacturers
- The chips are manufactured by
Notice that in January 1999, Motorola sold its smart-card chip business (the Smart Information Transfer, SIT) to Atmel, a San Jose, California-based maker of microcontrollers, advanced logic, mixed-signal nonvolatile memory, and radio-frequency semiconductors.
Cost of Smart Cards
- The wholesale price of smart cards can be broken down as
- Protected memory cards - 25 cents (U.S.)
- Microprocessor - $3-$4
- With cryptographic co-processor - $6-$7
For the end user, a crypto smart card ends up being between $12 and $15.
Smart Card Readers
- Reader drivers compliant with the RSA Data Security's PKCS#11 standard (public key cryptography standard, also known as Cryptoki (which stands for cryptography token integration) include readers from such vendors as
- Datakey,
- Chrysalis-ITS,
- Litronic Corporation, and
- Fisher International
Litronic has
- "dumb pass through" readers (for $49);
- "PIN (personal identification numbers) pass protect mode" keyboard readers; and
- "PIN pass protect mode readers with microcontrollers," ($79).
Smart Cards & Other Technologies
- Gartner Group has prepared the following comparison of smart cards:
|
Maximum Data Capacity |
Processing Power |
Cost of Card |
Cost of Reader & Connection |
Magnetic Stripe Cards |
140 bytes |
None |
$0.20 - $0.75 |
$750 |
|
Memory Cards |
1 Kbyte |
None |
$1 - $2.50 |
$500 |
|
Processor (Smart) Cards |
8 Kbytes |
8-bit cpu, moving to 16- and 32-bit |
$7-$15 |
$500 |
|
Optical Memory Cards |
4.9 Mbytes |
None |
$7 - $12 |
$3,500 - $4,000 |
Resources
- Carol H. Fancher, "Smart cards,"
- Scientific American, August 1996.
- Soon-Yong Choi and Andrew B. Whinston, "Smart cards,"
- The University of Texas at Austin, May 1998.
- Rinaldo Di Giorgio, "Smart cards: A primer -- Develop on the Java platform of the future,"
- Java World, December 1997.
- Carol Hovenga Fancher, "Designing for Smart Cards, Part 1: What's a Smart Card All About,"
- Circuit Cellar, pp. 28-33, July 1998.
- Bobby Crouch, "Designing for Smart Cards, Part 2: Practical Implementation,"
- Circuit Cellar, pp. 60-65, August 1998.
Trisha Gorman, "Smart cards come to the Web,"
- Netscape, March 1997. (Includes a number of resources)
- Rinaldo Di Giorgio, "Interview with a smart card guru Patrice Peyret of Integrity Arts,"
- Java World, December 1997.
- A. Aranda, "The intelligent telephone today and tomorrow: innovative
smart card applications in GSM,"
- SOLAIC Smart Cards, Groupe SLIGOS, Frankfurt/Main.
- "Welcome to Smart Cards,"
- Smart Card Industry Association (SCIA). This Gemplus document is 2.5 MB. There are also other downloadable documents.
- "Glossary of Smart Card Terms,"
- JavaCard Special Interest Group.
- "Smart Card Industry Association (SCIA),"
- Many resources available at this site. Smart card museum, going back to 1974.
- http://www.chipcard.ibm.com/overview/sc_2.htm
- A technical overview of smart card technology is provided at this IBM site.
- "List of 23 Smart Cards,"
- E-Commerce One, October 1999.
- iButton
- As reported here (What's New) a few weeks back, Dallas Semiconductor has used Java technology in their iButton, a portable computer chip armored in stainless steel and wearable as jewelry or other personal accessory. In fact, the iButton in the Java Ring gained attention as the first successful application of the Java Card 2.0 specification. A Java technology-enabled iButton conforms to the Java Card 2.0 specs and adds enhancements for a superior Java programming environment -- such as 32-bit Java technology integers, automatic garbage collection, and a true-time clock. Each iButton has a unique ROM registration number to which a PIN number can be attached for the same level of security banks use. Moreover, the ROM number is Java technology-accessible and supplements IP addresses, making all mobile iButtons globally addressable.
Besides being physically tough and tamper-resistant, the Java technology-enabled iButton carries 800,000 transistors for cryptographic processing. A high-speed processor with a math accelerator performs the encryption to generate a digital signature in less than one second. One iButton's high-capacity NV SRAM can support multiple applications, thus maximizing the possibilities for a variety of secure Java Card technology transactions.
|