This action might not be possible to undo. Are you sure you want to continue?
circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile butadiene styrene or polycarbonate . Smart cards may also provide strong security authentication for single sign-on (SSO) within large organizations. Contents [hide] 1 Overview 1.1 Benefits 2 History 3 Contact 3.1 Communication protocols 3.2 Signals 3.3 Reader 3.4 Protocol analysis 4 Contactless 4.1 Communication protocols 5 Hybrids 6 Applications 6.1 Computer security 6.2 Credit cards 6.3 Cryptographic smart cards 6.4 Financial 6.5 Health care (medical) 6.6 Identification 6.7 Schools 6.8 Public transit 6.9 Concessionary travel
controlling card blacklisting and application-data updates.76 millimetres (0. Another popular size is ID-000 which is nominally 25 by 15 millimetres (0.370 × 2.125 in). ATMs. Managed by an administration system which securely interchanges information and configuration settings with the card. Both are 0.10 Other 7 Security 7.98 millimetres (3.030 in) thick..984 × 0. ID-1 of the ISO/IEC 7810 standard defines cards as nominally 85.2 Physical disassembly 8 Problems 9 Terminology 10 See also 11 Notes 12 References 13 External links Overview Smart card used for health insurance in France A smart card may have the following generic characteristics: Dimensions similar to those of a credit card.6. protects in-memory information). Communicates with external services via card-reading devices.60 by 53.1 Differential power analysis 7.591 in) (commonly used in SIM cards). Contains a tamper-resistant security system (for example a secure cryptoprocessor and a secure file system) and provides security services (e. such as ticket readers.g. Benefits . etc.
Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary . The benefits of smart cards are directly related to the volume of information and applications that are programmed for use on a card. A single contact/contactless smart card can be programmed with multiple banking credentials. a smart card can be programmed to only allow a contactless transaction if it is also within range of another device like a uniquely paired mobile phone. receiving a patent only in 1982. starting in 1983. consumers only need to replace one card if their wallet is lost or stolen. while working for German company Giesecke & Devrient. This can significantly increase the security of the smart card. authentication. Governments gain a significant enhancement to the provision of publicly funded services through the increased security offered by smart cards. For example. loyalty programs and club memberships to name just a few. The contact pads on the card enables electronic access to the chip. Michel Ugon from Honeywell Bull invented the first microprocessor smart card. Individuals gain increased security and convenience when using smart cards designed for interoperability between services. Additionally.Smart cards can provide identification. For example. The first mass use of the cards was as a Télécarte for payment in French pay phones. the data storage available on a card could contain medical information that is critical in an emergency should the card holder allow access to this. In 1977. Multi-factor and proximity authentication can and has been embedded into smart cards to increase the security of all services on the card. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. In 1968 German electrical engineer Helmut Gröttrup and his colleague Jürgen Dethloff invented the automated chip card. In 1978. These savings are passed onto society through a reduction in the necessary funding or enhanced public services. medical entitlement. French inventor Roland Moreno patented the memory card concept in 1974. data storage and application processing. combining credit card and debit card properties. History A smart card. driver’s license/public transport entitlement.
In 2006. at the time the world's no. Visa and MasterCard have agreed to an easy-to-implement version that was deployed in 2004– 2006 in the USA. The second use integrated microchips into all French Carte Bleue debit cards in 1992. France (Mon€o). Most contactless fare collection implementations are . before the transaction was accepted. Finland ("Avant"). upgraded the specification in 2000 and in 2004. At that time. smart cards have become very common. most notably in Germany (Geldkarte). In 1998 a stable release of the specifications became available. EMVco. With the ubiquity of mobile phones in Europe. 2 and no. Motorola used this patent in its "CP8". with the introduction of smart-card-based SIMs used in GSM mobile phone equipment in Europe. Only very limited transactions (such as paying small highway tolls) are processed without a PIN. Contactless smart cards that do not require physical contact between card and reader are becoming increasingly popular for payment and ticketing applications such as mass transit and highway tolls. the Netherlands (Chipknip and Chipper). Visa. and Europay agreed in 1993 to work together to develop the specifications for smart cards as either a debit or a credit card. Customers inserted the card into the merchant's POS terminal. Smart-card-based "electronic purse" systems store funds on the card so that readers do not need network connectivity and entered service throughout Europe in the mid-1990s. The international payment brands MasterCard. In 2001. Bull had 1. With the exception of a few countries such as the United States EMVcompliant cards and equipment are widespread. 1 smart card manufacturers. Typically. UK ("Mondex"). EMVco's purpose is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version. Sweden ("Cash". The major boom in smart card use came in the 1990s. Denmark ("Danmønt") and Portugal ("Porta-moedas Multibanco"). Bull sold its CP8 division together with its patents to Schlumberger. The first version of the EMV system was released in 1994. Visa International. merged and became Gemalto.200 patents related to smart cards. a country's national payment association. Austria (Quick Wertkarte). Axalto and Gemplus. who subsequently combined its own internal smart card department and CP8 to create Axalto. then typed the PIN. Three years later. in coordination with MasterCard International. jointly plan and implement EMV systems.architecture to program the chip. American Express and JCB. Switzerland ("Cash"). Belgium (Proton). Norway ("Mondex"). the company responsible for the long-term maintenance of the system. decommissioned in 2004).
drivers’ licenses. Contactless smart cards are part of ICAO biometric passports to enhance security for international travel. national. defined in ISO/IEC 7816-3 Signals . Smart cards are also being introduced in personal identification and entitlement schemes at regional. defined in ISO/IEC 7816-3 Block-level transmission protocol. though the MIFARE Standard card from Philips has a considerable market share in the US and Europe.custom and incompatible. Contact Illustration of smart card structure and packaging Contact smart cards have a contact area of approximately 1 square centimetre (0. and international levels. power is supplied by the card reader. In Malaysia. Communication protocols Communication protocols Name Description T=0 T=1 Character-level transmission protocol. including commands sent to and responses from the card basic functionality Cards do not contain batteries. comprising several gold-plated contact pads. and patient card schemes are appearing.16 sq in). the compulsory national ID scheme MyKad includes eight different applications and has 18 million users. Citizen cards. The ISO/IEC 7810 and ISO/IEC 7816 series of standards define: physical shape and characteristics electrical connector positions and shapes electrical characteristics communications protocols. These pads provide electrical connectivity when inserted into a reader.
GND Ground (reference voltage).. EEPROM). and used for USB interfaces and other uses.A smart card pinout VCC Power supply. C8 The two remaining contacts are AUX1 and AUX2 respectively.g.g. . Reader Smartcard Reader on a Laptop Contact smart card readers are used as a communications medium between the smart card and a host (e. ISO/IEC 7816-3:2006 designates it SPU. VPP ISO/IEC 7816-3:1997 designated this as a programming voltage .. as input and/or output. a computer. CLK Provides the card with a clock signal. RST Reset signal. for either standard or proprietary use.an input for a higher voltage to program persistent memory (e. C4. a point of sale terminal) or a mobile telephone. from which data communications timing is derived. used to reset the card's communications. I/O Serial input and output (half-duplex).
defined in Dual-interface cards implement contactless and contact interfaces on a single card with some shared storage and processing. Contactless Main article: Contactless smart card A second card type is the contactless smart card. contactless cards do not have an internal power source. They are often used for quick or hands-free transactions such as paying for public transportation without removing the card from a wallet. programmed differently and embedded in a different piece of PVC. Instead. Communication protocols Communication protocols Name Description ISO/IEC 14443 ISO/IEC 14443-4 Hybrids APDU transmission via contactless interface. called Andante. Like smart cards with contacts. This allows smaller and cheaper financial card terminals. they use an inductor to capture some of the incident radio-frequency interrogation signal. . and use it to power the card's electronics. cards are normally well below the telephone industry's 6 mA limit. in which the card communicates with and is powered by the reader through RF induction technology (at data rates of 106–848 kbit/s). although the EMV standard allows a chip card to draw 50 mA from its terminal. So. chip manufacturers are building to the more demanding GSM/3G standards. rectify it. Protocol analysis Hardware and software tools are available to monitor and analyse communications between smart cards and readers. These cards require only proximity to an antenna to communicate. which uses a chip with both contact and contactless (ISO/IEC 14443 Type B) interfaces. for example.Because the chips in financial cards are the same as those used in Subscriber Identity Modules (SIMs) in mobile phones. An example is Porto's multiapplication transport card.
Some. EMV cards have contact and contactless interfaces. Non-EMV cards work like magnetic stripe cards. Quick VSDC—"qVSDC". and also to add another layer of encryption to critical parts of the secured disk. Cryptographic smart cards . such as FreeOTFE. Smart cards are also used for single sign-on to log on to computers. Asia and Europe followed in 2006. Credit cards Main articles: Contactless smart card and Credit card These are the best known payment cards (classic plastic card): Visa: Visa Contactless. There is an ISO/IEC 14443 PayPass implementation. This is a typical USA card technology (PayPass Magstripe and VISA MSD). The security of such a transaction is no greater than with a magnetic stripe card transaction.Applications Computer security The Mozilla Firefox web browser can use smart cards to store certificates for use in secure web browsing. Some disk encryption systems. Via contactless interface they work somewhat differently in that the card command sequence adopts contactless features such as low power and short transaction time. The cards do not hold/maintain the account balance. PayPass MChip American Express: ExpressPay Discover: Zip Roll-outs started in 2005 in USA. Contactless (non PIN) transactions cover a payment range of ~$5–50. Smart card support functionality has been added to Windows Live passports. MSD. Visa Wave. but not all PayPass implementations conform to EMV. They work as a normal EMV card via contact interface. All payment passes without a PIN. usually in off-line mode. can use smart cards to securely hold encryption keys. payWave MasterCard: PayPass Magstripe. TrueCrypt and Microsoft Windows 7 BitLocker.
The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage. Health care (medical) Smart health cards can improve the security and privacy of patient information. and public transport and public phone payment cards. (see applications section). Smart cards may also be used as electronic wallets. reduce health care fraud. Chipknip and Mon€o. to avoid the risk from having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card). No connection to the issuing bank is necessary. The most common way to access cryptographic smart card functions on a computer is to use a vendor-provided PKCS#11 library. Financial Smart cards serve as credit or ATM cards. provide a secure carrier for portable medical records. Identification . The smart card chip can be "loaded" with funds to pay parking meters and vending machines or at various merchants. Some of these smart cards are also made to support the NIST standard for Personal Identity Verification. provide secure access to emergency medical information. On Microsoft Windows the CSP API is also supported. enable compliance with government initiatives and mandates. authorization cards for pay television. mobile phone SIMs. The most widely used cryptographic algorithms in smart cards (excluding the GSM so-called "crypto algorithm") are Triple DES and RSA. household utility pre-payment cards. Examples are Proton. high-security identification and access-control cards. The German Geldkarte is also used to validate customer age at vending machines for cigarettes. support new processes for portable medical records. Most advanced smart cards include specialized cryptographic hardware that uses algorithms such as RSA and DSA. Such smart cards are mainly used for digital signature and secure identification. FIPS 201. Geldkarte. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. fuel cards. and provide the platform to implement other applications as needed by the health care organization.Cryptographic smart cards are often used for single sign-on. Today's cryptographic smart cards generate key pairs on board. so the holder of the card can use it even if not the owner.
The tachograph unit records speed violations for each driver and gives a printed report. In this study.A quickly growing application is in digital identification. driving offenses. In 1999 Gujarat was the first Indian state to introduce a smart card license system. cards can provide two. instead of the existing mechanical ones. and biometrics (fingerprints) can be stored on the chip if the card holder wishes. allergies. protected by a 1. Emergency medical information such as blood type. and a poor record of recovering outstanding fines. is impossible to break without a supercomputer working away for a hundred years ” . Turkey had a high level of road accidents and decided to develop and use digital tachograph devices on heavy vehicles. “ a national ID card. Examples include the U. Contactless smart cards that can be read from within a wallet or even a garment simplify authentication. Smart licenses hold up-to-date records of driving offenses and unpaid fines. and various identification cards used by many governments for their citizens. The first smart card driver's license system in the world was implemented in 1987 in Turkey. was first implemented in Turkey in 1987. Mendoza had a high level of road accidents. Department of Defense (DoD) Common Access Card (CAC). because the subject carries possibly incriminating information on the card.or three-factor authentication. to reduce speed violations. The driving hours for each driver is also being monitored and reported. license type and number. the cards authenticate identity. stating that the electronic driver's license application. The Argentina government anticipates that this system will help to collect more than $10 million per year in fines.S. The most common example employs Public key infrastructure (PKI). and a photograph.024-bit key code. They also store personal information. Since 1987. In 1990 the European Union conducted a feasibility study through BEVAC Consulting Engineers. in the form of smart cards. Combined with biometrics. In this application. chapter seven is dedicated to the experience in Turkey. titled "Feasibility study with respect to a European electronic drivers licence (based on a smart-card) on behalf of Directorate General VII". To date[when?] it has issued 5 million smart card driving licenses to its people. Smart cards are not always privacy-enhancing. the professional driver's licenses in Turkey are issued as smart cards and the driver is required to insert his driver's license into the digital tachograph before starting to drive. The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. A smart card driver's license system was later issued in 1995 in Mendoza province of Argentina.
 In 2002. Card users may use their cards for other . By the start of 2009 the entire population of Spain and Belgium will have an eID card that is used for identification. such as medical records and skill sets. the Estonian government started to issue smart cards named ID Kaart as primary identification for citizens to replace the usual passport in domestic and EU use. and protect personal privacy by establishing a mandatory. buying public transport tickets.  Usage includes: Tracking student attendance As an electronic purse. authorization on various websites etc. Smart cards are also beginning to be used in emergency situations. which allows first responders to bypass organizational paperwork and focus more time on the emergency resolution. These cards contain two certificates: one for authentication and one for signature. to pay for items at canteens. This signature is legally enforceable. More and more services in these countries use eID for authorization. In 2004. Government-wide standard for secure and reliable forms of identification". reduce identity fraud. As of 2010 about 1 million smart cards have been issued (total population is about 1. produces cards that contain additional personal information. increase Government efficiency. to help the student maintain a healthy diet Tracking loans from the school library Public transit Main article: List of smart cards Smart cards and integrated ticketing have become widely used by public transit operators around the world. In light of this.3 million) and they are widely used in internet banking. Cards like these provide immediate access to information. WidePoint Corporation. The Smart Card Alliance issued a statement expressing the need to "to enhance security. a smart card provider to FEMA. emergency response personnel have now begun to carry these cards so that they can be positively identified in emergency situations. vending machines etc Tracking and monitoring food choices at the canteen. Schools Smart cards are being provided to students at schools and colleges.
These schemes are part of an additional service offered by some local authorities as an alternative for residents unable to make use of their bus pass. despite YTV's argument that the card owner has the right to a list of trips paid with the card. Smart cards have been issued as bus passes to qualifying residents. for example. One example is the "Smartcare go" scheme provided by Ecebs. The chip usually implements some cryptographic algorithm. Concessionary travel A highly successful use for smart cards within the UK is in concessionary travel schemes. such as small purchases. they have been criticized for presenting a privacy risk because it can allow the mass transit operator (and the government) to track an individual's movement.purposes than for transit. however. because they are engineered to be tamper resistant. There are. travel entitlements for elderly and disabled residents are administered by local authorities and passenger transport executives. Mandated by the Department for Transport. In Finland. the Data Protection Ombudsman prohibited the transport operator Helsinki Metropolitan Area Council (YTV) from collecting such information. However. The Malaysian government uses smart identity cards carried by all citizens and resident non-citizens. Security Main article: Smart card security Smart cards have been advertised as suitable for personal identification tasks. Toppan Printing Company (凸版印刷 Toppan insatsu?) has manufactured reusable smart cards for money transfer and made from paper instead of plastic. such information was used in the investigation of the Myyrmanni bombing. The personal information inside the MYKAD card can be read using special APDU commands. Some operators offer points for usage. Earlier. VideoGuard is a specific example of how smart card security worked (and was cracked). Other Smart cards are widely used to protect digital television streams. several . exchanged at retailers or for other benefits. however these smart cards can instead now be used by elderly and disabled people who qualify for concessionary taxi travel. Since April 2009. London's Oyster Card. Example include the Octopus Card used in Hong Kong. and San Francisco's Clipper card.
The reader returns an 8-digit signature. To address this problem. the higher the probability that normal use could damage it. Malware can override the communication (both input via keyboard and output via application screen) between the user and the application.. If the account holder's computer hosts malware. they permit much more detailed information (e. failure-management costs can be more than offset by fraud reduction. for large banking systems. Banks like Fortis and Dexia in Belgium combine a smart card with an unconnected card reader to avoid this problem.g. abrasives. a PIN and the transaction amount into the reader. but security is never 100% sure. the security model may be broken. Some implementations of symmetric ciphers can be vulnerable to timing or power attacks as well. Physical disassembly Smart cards can be physically disassembled by using acid. Terminology . This signature is manually entered into the personal computer and verified by the bank. However. or some other technique to obtain unrestricted access to the on-board microprocessor. photomicrographs of encryption hardware) to be extracted.g. Differential power analysis Differential power analysis involves measuring the precise time and electrical current required for certain encryption or decryption operations. the trojan Silentbanker) could modify a transaction. The malware (e. internet banking applications. Another problem is the lack of standards for functionality and security. unnoticed by the user. The Berlin Group launched the ERIDANE Project to propose "a new functional and security framework for smart-card based Point of Interaction (POI) equipment". The customer enters a challenge received from the bank's website. and the larger the chip.methods for recovering some of the algorithm's internal state.g. Problems The plastic card in which the chip is embedded is fairly flexible. Although such techniques obviously involve a fairly high risk of permanent damage to the chip. Client-side identification and authentication cards are the most secure way for e. Cards are often carried in wallets or pockets—a harsh environment for a chip. This can deduce the on-chip private key used by public key algorithms such as RSA. preventing malware from changing the transaction amount.
ATR: answer to reset BCD: binary-coded decimal CHV: card holder verification COS: card operating system DF: dedicated file IC: integrated circuit PC/SC: personal computer / smart card MF: master file PPS: protocol and parameters selection RFU: reserved for future use See also Access badge Access control Disk encryption Keycard lock Physical security BasicCard Biometrics Card printer Common Access Card (CAC) Credential Electronic money Electronic passport EMV .
cwhonors. ABI/INFORM Global database..x=13&submit.asp ^ Moneo's website (French) ^ EMVco ^ Smart Cards: More or 'Less'.si.GlobalPlatform ID card Java Card List of smart cards Magnetic stripe card MULTOS Open Smart Card Development Platform (OpenSCDP) Payment Card Industry Data Security Standard (PCI DSS) Proximity card Radio-frequency identification (RFID) Security engineering Single sign-on (SSO) Subscriber Identity Module (SIM) SNAPI Swipe card Telephone card Notes ^ Multi-application Smart Cards.edu/search? site=americanhistory&client=americanhistory&proxystylesheet=americanhis tory&output=xml_no_dtd&filter=0&q=roland+moreno&submit.org/Search/his_8. Cambridge University Press. . y=8&s=SS ^ http://www. ^ http://si-pwebsrch02.
the usage defined in ISO/IEC 7816-2:1999/Amd 1:2004 may have been superseded by ISO/IEC 7816-2:2007.dnielectronico.php3?Theme=Soft_v3Server ^ http://cgeers. Retrieved 2011-07-26. Retrieved 2009-03-27. 2005-08-01.theage.wordpress. ^ Power Analysis Attacks. Home web for The Berlin Group.html ^ Octopus Card Benefits ^ "Ecebs Knowledge Base".ac. Springer. Archived from the original on 2009-02-27.com ^ http://www.belgium. ABI/INFORM Global database.ifr.com/2008/02/03/monitoring-a-smartcard-reader/ ^ Mozilla certificate store ^ Security Token/Smartcard Support used by FreeOTFE ^ Smartcardalliance.org ^ smart card license system ^ Yes They Certainly Will.au/news/Breaking/Qld-schools-benefit-from-smartcards/2004/12/06/1102182194085. Toppan Printing Company.php ^ http://www. The Berlin Group.es/ ^ http://eid.creditcards.scardsoft. ^ http://www.uk/media/newsreleases/smartcard. ^ "Related Initiatives".^ ISO/IEC 7816-2:1999/Amd 1:2004 Assignment of contacts C4 and C8 (However. 2011.smartcarddetective.) ^ http://www.be/ ^ "Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery".com/main. "The aim of ERIDANE is therefore to . ^ http://www.com.html?from=moreStories ^ http://australia. Retrieved 2007-12-20. January 3.com/credit-card-news/cashless-lunches-cometo-australian-schools. ^ MYKAD SDK ^ "development of the "KAMICARD" IC card made from recyclable and biodegradable paper".
etc. External links Wikimedia Commons has media related to: Smart cards Smart card at the Open Directory Project Smart Card Alliance Secure ID Coalition OpenSC (open source smart card framework) The Smart Card Detective (smart card research platform) OpenSCDP (Open Smart Card Development Platform) Open Source Smart Card Project Smart card simulator SMACADU (open source smart card analyzing tools) ." References Rankl... Scott B. POS equipment integrated in supermarkets and department stores. Jurgensen (1998).). SmartCard Developer's Kit. vending machines and other unattended related terminals. Effing (1997).g. Smart Card Handbook. W. ISBN 1-57870-027-2. John Wiley & Sons. taxis. Guthery.propose a new functional and security framework for smart-card based Point of Interaction (POI) equipment to be used in a wide variety of retail environment : Point Of Sales (POS) devices in small shops. ISBN 0-471-96720-3. card readers to be used on the move (e. Timothy M. W. Macmillan Technical Publishing.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.