[Title Logo] [Title]
[Research] [Teaching] [Service] [Personal]
[Links] [What's New] [Home]


Kinsner's Home What's New Repository Tutorials Smart Cards

TUTORIALS IN 1999:
SMART CARDS

SMART CARDS

W. Kinsner

Department of Electrical & Computer Engineering
University of Manitoba

Developed for Course
24.424 Microprocessor Interfacing
October 10, 1999

[Smart Card]

Overview

[Smart Card Chip]
A smart card is similar in size to today's plastic credit card, as shown in Fig. 1 on the right, and has a chip embedded in it, as shown in Fig. 2 on the left. Smart cards differ from credit cards in using onboard memory chips and microprocessors or microcontrollers instead of magnetic strips. Generically, they are often referred to as chip cards. Each chip can hold 100 times the information contained on a standard magnetic-stripe card. Smart cards make personal and business data available only to the appropriate users. Banks, telecommunications, computer software and hardware companies, and airlines all have the opportunity to tailor their card products and services to customers. The set of applications available on smart cards may also help their customers.

Pervasiveness of Smart Cards

In 1997, there were 1.3 billion smart cards in use. According to the consulting firm Frost & Sullivan, more than 676 million chip cards were issued in 1996. The approximate breakdown is as follows: 575 million phone; 15 million GSM; 36 million financial; 30 million dataq & ID cards, 17 million pay TV, and 3.8 million other cards. By the year 2000, an estimated 2.8 billion smart cards will be issued annually in the world.

All of the 80 million people in Germany now carry health care smart cards. Schlumberger, a major smart card manufacturer, predicts that, by the year 2001, more than 250 million patients In Europe and Asia will have health care smart cards. France will soon start using smart cards that talk to special "pay poles". Their public transportation system has ordered 15 million "contactless" smart cards that only need to be aimed at a pole for verification.

[Michel Ugon]

Original Patents

Roland Moreno, a Frenchman, patented the concept of the memory card in 1974. In 1977, Michel Ugon (shown in the photograph, Fig. 3) from Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced on by Motorola. Today, Bull has 1200 patents related to smart cards.

Functional Types of Chip Cards

Today, there are five types of chip cards:

  1. Memory cards
  2. Processor cards
  3. Electronic purse cards
  4. Security cards
  5. JavaCard

Memory cards contain only memory chips that can be preloaded and depleted, but their operational capabilities cannot be modified after cards have been produced. Clearly, these simplest read-only memory (with no processor) "stored-value cards" are not very "smart." The smarts come from a terminal, or in the case of phone cards, from the telephone. Such protected memory cards are used for stored-value (credit and debit), but not for security. The most common use of such cards today is for prepaid phone cards. The memory in 1997 was up to 20 Kbytes (KB). In 1998, the memory increased to 64K (e.g., ST19SF64 from SGS Thomson). Today, it is 1 MB.

Unlike the memory cards, the smart cards have embedded within them a processor and often a cryptographically enhanced co-processor. As shown in Fig. 4, the standard smart card microcontroller contains a CPU and blocks of memory including RAM, ROM, and some sort of nonvolatile memory (usually EEPROM). Today's smart card controller typically includes an 8-bit CPU (such as the Motorola 68HC05), 128 to 780 bytes of RAM, 4 to 20 KB of ROM, 1 to 16 KB of EEPROM on a single die, and (optionally) an on-chip hardware encryption module. There are plans for 32-bit RISC machines. Many chips use 0.6 to 0.8 µm geometries and die area of less than 25 mm squared.

[Architecture]

Fig. 4. Architecture of a standard smart-card embedded microcontroller.

Cryptographically enabled smart cards, such as used by Netscape, will have a CPU, an advanced cryptographic coprocessor, EE-PROM, RAM, and run at 5 MHz. The advance of the new crypto cards is that they enable public key encryption, whereas older smart card technology could do cryptographic functions but it was slow (and used what is called private key encryption, which used only one key). Crypto smart cards can be configured to prevent "sequence attacks" in which the card is disabled if a PIN (personal identification number) is entered beyond a certain number of tries. They are still a small proportion of the overall market for smart cards.

Interface Types of Chip Cards

The chip communicates either directly via a physical gold contact or remotely via a contactless electromagnetic interface. Consequently, smart cards typically fall into three categories:
  1. contact,
  2. contactless, and
  3. hybrid (combi).

Contact smart cards need to be inserted into smart card readers, which touch a conductive module on the surface of the card. Data, algorithm, and other information are transmitted via the physical contacts.

Contactless smart cards, on the other hand, make use of an electromagnetic signal and an antenna embedded within each card to create the interaction between the card and the card reader. The radio frequencies employed also provide the card with its power source. These nonbattery-powered cards need to come within 2 to 3 inches of the card reader to be powered. "Fast card" interfaces, such as those used by transportation fare cards, have greatly benefited from the contactless interface, which allows a customer to move the card near the device, instead of inserting and removing a card, which can slow down lines.

Hybrid smart card (also commonly referred to as combi smart cards) are dual-chip cards; with each chip having its respective contact and contactless interface, not connected to each other inside the card. Strictly speaking, the combi cards are different from hybrids in that they carry only a single chip that has both contact and contactless interfaces, either of which can communicate between chip and card reader.

Applications

  • Smart Telephone Cards - A timer deducts your balance dynamically.
  • Electronic Wallet - Replacing coins and paper money.
  • Passports - The card acts as the repository for tickets and vouchers.
  • Keys - Storage of security keys, passwords and access.
  • Medical Records - Repository of medical history and insurance information.
  • TV Top Terminals - Key to controlling access to TV programming.
  • Food Stamps - Eliminate paper and allows tracking of every dime.

Horizontal standards

The standards can classified as "horizontal" and "vertical". Horizontal standards can be used by all applications, while vertical standards are specific to a system.

  • ISO 7816 series, part 1 to 10 Standard
    describes the lowest-level interface to a contact smart card. It is at this level that data bytes are transferred between card reader and card. The standard ISO-7816 defines the size of the card, the physical characteristics of the plastic, including the temperature range and flexibility, position of the electrical contacts and how the microchip communicates with the outside world. It also defines various commands such as file selection, file reading and writing, file searching, file operations, identification, authentication, file management, program execution, and special instructions. An example of the handshaking protocol is shown in Fig. 5.

    [Protocol]

    Fig. 5. A smart-card handshaking protocol.

  • ISO 14443 Standard
    describes the contactless smart cards.
  • PC/SC -- the standard for communicating with smart cards connected to Win3.1/Win95/NT machines.
  • OCF -- an all-Java interface for communicating with smart cards from a Java environment. (Soon OCF will allow developers to write to OCF and perform the translation, so there will be no need to write to PC/SC.)
  • JavaCard -- describes the JavaCard and what it supports.

Vertical standards

A number of standards have also been defined for specific applications, including digital cell phones, credit card functions (Europay, Mastercard, Visa) and electronic purses (Visacash, Multos, Proton).
  • Mondex -- digital cash that uses smart cards only. The Mondex approach does not allow cash to exist outside of the card.
  • VisaCash -- debit card that keeps track of the cards on the server.
  • Proton -- another form of E-cash.
  • MPCOS-EMV -- general-purpose card that lets you implement your own type of currency or token.
Other vertical standards are described by the Smart Card Industry Association, SCIA.

Card Developers

A number of developers provide compliant smart cards, including

as well as industry giants

Chip Manufacturers

The chips are manufactured by

Notice that in January 1999, Motorola sold its smart-card chip business (the Smart Information Transfer, SIT) to Atmel, a San Jose, California-based maker of microcontrollers, advanced logic, mixed-signal nonvolatile memory, and radio-frequency semiconductors.

Cost of Smart Cards

The wholesale price of smart cards can be broken down as
  • Protected memory cards - 25 cents (U.S.)
  • Microprocessor - $3-$4
  • With cryptographic co-processor - $6-$7

For the end user, a crypto smart card ends up being between $12 and $15.

Smart Card Readers

Reader drivers compliant with the RSA Data Security's PKCS#11 standard (public key cryptography standard, also known as Cryptoki (which stands for cryptography token integration) include readers from such vendors as
  • Datakey,
  • Chrysalis-ITS,
  • Litronic Corporation, and
  • Fisher International

Litronic has

  • "dumb pass through" readers (for $49);
  • "PIN (personal identification numbers) pass protect mode" keyboard readers; and
  • "PIN pass protect mode readers with microcontrollers," ($79).

Smart Cards & Other Technologies

Gartner Group has prepared the following comparison of smart cards:

Maximum Data
Capacity
Processing
Power
Cost of
Card
Cost of Reader
& Connection
Magnetic Stripe Cards 140 bytes None $0.20 - $0.75 $750
 
Memory Cards 1 Kbyte None $1 - $2.50 $500
 
Processor (Smart) Cards 8 Kbytes 8-bit cpu, moving to 16- and 32-bit $7-$15 $500
 
Optical Memory Cards 4.9 Mbytes None $7 - $12 $3,500 - $4,000

Resources

Carol H. Fancher, "Smart cards,"
Scientific American, August 1996.

Soon-Yong Choi and Andrew B. Whinston, "Smart cards,"
The University of Texas at Austin, May 1998.

Rinaldo Di Giorgio, "Smart cards: A primer -- Develop on the Java platform of the future,"
Java World, December 1997.

Carol Hovenga Fancher, "Designing for Smart Cards, Part 1: What's a Smart Card All About,"
Circuit Cellar, pp. 28-33, July 1998.

Bobby Crouch, "Designing for Smart Cards, Part 2: Practical Implementation,"
Circuit Cellar, pp. 60-65, August 1998.

Trisha Gorman, "Smart cards come to the Web,"

Netscape, March 1997. (Includes a number of resources)

Rinaldo Di Giorgio, "Interview with a smart card guru Patrice Peyret of Integrity Arts,"
Java World, December 1997.

A. Aranda, "The intelligent telephone today and tomorrow: innovative smart card applications in GSM,"
SOLAIC Smart Cards, Groupe SLIGOS, Frankfurt/Main.

"Welcome to Smart Cards,"
Smart Card Industry Association (SCIA). This Gemplus document is 2.5 MB. There are also other downloadable documents.

"Glossary of Smart Card Terms,"
JavaCard Special Interest Group.

"Smart Card Industry Association (SCIA),"
Many resources available at this site. Smart card museum, going back to 1974.

http://www.chipcard.ibm.com/overview/sc_2.htm
A technical overview of smart card technology is provided at this IBM site.

"List of 23 Smart Cards,"
E-Commerce One, October 1999.

iButton™
As reported here (What's New) a few weeks back, Dallas Semiconductor has used Java™ technology in their iButton, a portable computer chip armored in stainless steel and wearable as jewelry or other personal accessory. In fact, the iButton in the Java Ring™ gained attention as the first successful application of the Java Card™ 2.0 specification. A Java technology-enabled iButton conforms to the Java Card 2.0 specs and adds enhancements for a superior Java programming environment -- such as 32-bit Java technology integers, automatic garbage collection, and a true-time clock. Each iButton has a unique ROM registration number to which a PIN number can be attached for the same level of security banks use. Moreover, the ROM number is Java technology-accessible and supplements IP addresses, making all mobile iButtons globally addressable.

Besides being physically tough and tamper-resistant, the Java technology-enabled iButton carries 800,000 transistors for cryptographic processing. A high-speed processor with a math accelerator performs the encryption to generate a digital signature in less than one second. One iButton's high-capacity NV SRAM can support multiple applications, thus maximizing the possibilities for a variety of secure Java Card technology transactions.



[Small Logo] Thanks for the visit. Your suggestions and questions are always welcome (v.1.68)
[Copyright]