Smart Card Technology
Smart card technology is often based on credit card-sized flexible plastic chip cards. The PVC card body contains an embedded micro-module – a single silicon integrated circuit chip with memory and microprocessor..
The micromodule has eight metallic pads on its surface, each designed to international standards for VCC (power supply voltage), RST (used to reset the microprocessor of the smart card), CLK (clock signal), GND (ground), VPP (programming or write voltage), and I/O (serial input/output line). Two pads are reserved for future use (RFU). Only the I/O and GND contacts are mandatory on a card to meet international standards; the others are optional.
When a smart card is inserted into a Card Acceptance Device (CAD), such as a point-of-sale terminal, the metallic pads come into contact with the CAD’s corresponding metallic pins, thus allowing the card and CAD to communicate. Smart cards are always reset when they are inserted into a CAD. This action causes the smart card to respond by sending an “Answer-to-Reset ” (ATR) message, which informs the CAD, what rules govern communication with the card and the processing of a transaction.
The micromodule on board the smart card is made up of certain key components that allow it to execute instructions supporting the card’s functionality. The Microprocessor Unit (MPU) executes programmed instructions. Typically, older version smart cards are based on relatively slow, 8-bit embedded microcontrollers. The trend has been toward using customized controllers with a 32-bit Reduced Instruction Set Computing (RISC) processor running at 25 to 32 MHz. The I/O Controller manages the flow of data between the Card Acceptance Device (CAD) and the microprocessor.
Read Only Memory (ROM) or Program Memory is where the instructions are permanently burned into memory by the silicon manufacturer. These instructions (such as when the power supply is activated and the program that manages the password) are the fundamentals of the Chip Operating System (COS) also known as the “Mask.”
Random Access Memory (RAM) or Working Memory serves as a temporary storage of results from calculations or input/output communications. RAM is a volatile memory and loses information immediately when the power supply is switched off.
Application Memory, which today is almost always double E-PROM (Electrically Erasable Programmable Read-Only Memory), can be erased electronically and rewritten. By international standards, this memory should retain data for up to 10 years without electrical power and should support at least 10,000 read-write actions during the life of the card. Application memory is used by an executing application to store information on the card.
ISO 7816 Standards – Standards are key to ensuring interoperability and compatibility in an environment of multiple card and terminal vendors. Integrated circuit card standards have been underway since the early 1980’s on both national and international levels. Basic worldwide standards for smart cards have been and continue to be established by the International Organization for Standardization, which has representation from over 70 nations. The ISO 7816 series is the international standard for integrated circuit cards.
COS Standards – Although smart cards conform to a set of international standards, there is currently no standard Chip Operating System (COS), or anything as common as Microsoft’s Windows, or UNIX. Each smart card vendor provides the market with a distinct product. The key discriminator among smart card products is the proprietary operating system each offers to the customer.
Key Features and Characteristics of Smart Cards
Cost: Typical costs range from $2.00 to $10.00. Per card cost increases with chips providing higher capacity and more complex capabilities; per card cost decreases as higher volume of cards are ordered.
Reliability: Vendors guarantee 10,000 read/write cycles. Cards claiming to meet International Standards Organization (ISO) specifications must achieve set test results covering drop, flexing, abrasion, concentrated load, temperature, humidity, static electricity, chemical attack, ultra-violet, X-ray, and magnetic field tests.
Error Correction: Current Chip Operating Systems (COS) perform their own error checking. The terminal operating system must check the two-byte status codes returned by the COS (as defined by both ISO 7816 Part 4 and the proprietary commands) after the command issued by the terminal to the card. The terminal then takes any necessary corrective action.
Storage Capacity: EEPROM: 8K – 128K bit. (Note that in smart card terminology, 1K means one thousand bits, not one thousand 8-bit characters. One thousand bits will normally store 128 characters – the rough equivalent of one sentence of text. However, with modern data compression techniques, the amount of data stored on the smart card can be significantly expanded beyond this base data translation.)
Ease of Use: Smart cards are user-friendly for easy interface with the intended application. They are handled like the familiar magnetic stripe bank card, but are a lot more versatile.
Susceptibility: Smart cards are susceptible to chip damage from physical abuse, but more difficult to disrupt or damage than the magnetic stripe card.
Security: Smart cards are highly secure. Information stored on the chip is difficult to duplicate or disrupt, unlike the outside storage used on magnetic stripe cards that can be easily copied. Chip microprocessor and Co-processor supports DES, 3-DES, RSA or ECC standards for encryption, authentication, and digital signature for non-repudiation.
First Time Read Rate: ISO 7816 limits contact cards to 9600 baud transmission rate; some Chip Operating Systems do allow a change in the baud rate after chip power up; a well designed application can often complete a card transaction in one or two seconds. Speed of Recognition Smart cards are fast. Speed is only limited by the current ISO Input/Output speed standards.
Proprietary Features: These include Chip Operating System (COS) and System Development Kits.
Processing Power: Older version cards use an 8-bit micro-controller clockable up to 16 MHz with or without co-processor for high-speed encryption. The current trend is toward customized controllers with a 32-bit RISC processor running at 25 to 32 MHz.
Power Source: 1.8, 3, and 5 volt DC power sources.
Support Equipment Required for Most Host-based Operations: Only a simple Card Acceptance Device (that is, a card reader/writer terminal) with an asynchronous clock, a serial interface, and a 5-volt power source is required. For low volume orders, the per unit cost of such terminals runs about $150. The cost decreases significantly with higher volumes. The more costly Card Acceptance Devices are the hand-held, battery-operated terminals and EFT/POS desktop terminals.