A smartcard or smart card is a tiny secure cryptoprocessor embedded within a credit card-sized or smaller (like the GSM SIM) card.
Smart cards were invented and patented in France by Roland Moreno in the 1970s. Their first mass usage was payment in the French payphones starting from 1983 (TÚlÚcarte). The second one was the integration of a microchip into all French debit cards (Carte Bleue ).
The ISO/IEC 7816 series of standards define:
- the physical shape of the smart card
- the positions and shapes of its electrical connectors
- the communications protocols and power voltages to be applied to those connectors
- the functionality
- the format of the commands sent to the card and the response returned by the card
The cards do not contain a battery; power is supplied by the card reader.
In a contact-type smart card, the chip can be recognised by an area of gold-plated contacts about 1 cm² close to the short side of the card. Normally the contact communication is relatively slow (9.6-115.2 kbit/s). There is currently a trend towards implementing USB 1 on these contacts (up to 10 Mbit/s), but there is not yet a final standard.
ISO 7816:5 defines numbering for ISO 7816 smart cards. An application identifier (AID) consists of an Registered Application Provider Identifier (RID), identifying the vendor, then a Proprietary Application Identifier Extension (PIX), identifying the application offered by the vendor. A RID can be either assigned by the ISO/IEC 7816-5 Registration Authority (TDC Services A/S), or be an ISO 7812 IIN followed by the FF hexadecimal.
A second type is the non-contact type called contactless smart card, where the chip communicates with the card reader through wireless self-powered induction technology (106-848kbits/s).
The standards for the contactless protocol for smart cards are ISO/IEC 14443 (type A and B) from the year 2001, which allows communication distances up to 10 cm. There have been proposals for ISO 14443 type C, D, E and F that have yet to be accepted by the ISO standards committee. An alternative standard for contactless smartcard is ISO 15693, which allows communication distances up to 50 cm.
An example of a widely used contactless smartcard is Hong Kong's Octopus card, which predates the ISO/IEC 14443 standard. For use on public transportation, Malaysia introduced the Touch 'n Go smartcard in 1997, Paris introduced the Calypso card in October 2001, and London introduced the Oyster card in January 2004. In 2002, the Chicago Transit Authority introduced the Chicago Card. Taipei also has smartcard system called EasyCard from Taipei Smart Card Corporation.
A related contactless technology is RFID (radio frequency identification) that in certain cases can be used for similar applications to contactless smartcard such as for electronic toll collection. RFID generally do not include writeable memory or microcontroller processing capability as contactless smartcard do.
There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Malaysia's multi application smartcard identification called MyKad that uses both contact Proton and contactless Mifare (ISO 14443A) chips.
The applications of smartcards include their use as credit or ATM cards, SIMs for mobile phones, authorization cards for pay television, high security identification and access control cards, public transport tickets, etc.
Smart cards may also be used as electronic wallets . The smart card chip can be loaded with electronic money, which can be used to pay parking meters, vending machines, and merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. Examples for this are Proton, GeldKarte , Moneo and Quick .
A large growing application is smart ID cards. In this application the cards are used for authentication of identity. Examples include the US DOD Common Access Card, and their use by many governments as ID cards for their citizens. When combined with biometrics smartcards can provide two or three factor authentication. Smart cards are a privacy enhancing technology and when used in conjunction with appropriate security and privacy policies can form a highly effective identity authentication technology.
Smartcards have been advertised as suitable for these tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card normally implements some cryptographic algorithm. Information about the inner workings of this algorithm can be obtained if the precise time and electrical current required for certain encryption or decryption operations is measured. A number of research projects have now demonstrated the feasibility of this line of attack. Counter measures have been proposed.
Another problem of smart cards may be the failure rate. The plastic card in which the chip is embedded is fairly flexible, and first time users are insufficiently careful with their card. Smart cards are often carried in wallets or pockets, which is a fairly harsh environment for a chip. However, for large banking systems, the failure management cost is more than compensated by the fraud cost reduction.
More information, research, and news on smart cards
Smart card manufacturers
Smart card chip manufacturers
Smart card applications