Smartcard

Smart Card Readers & CAC/HSPD-12 Readers
A full line of smart card readers and CAC and HSPD-12 smart card readers. USB, serial and PCMCIA interfaces available along with the CAC software. Biometric units and keyboards also.
www.itsecuritymall.com

Smart Credit Card
Compare and Apply for a Credit Card. Visa, MasterCard, and Amex.
www.creditstep.com

Smart Card Reader
The learder of smart card readers. Multipurpose and multifunctional.
www.idteck.com

Smart Card
Help Secure Your Building. Call ADT® at 1-888-576-7751 Today.
www.ADT.com

Cards Smart
Looking for Cards Smart? Find It Locally.
purelocal.com/cards-smart

Olympus Smart Media
128Mb In Stock, Now $79; 64mb $59 Same Day Ship. & 30 Day Cash Back.
www.MemorySuppliers.com

Cac Smart Card Reader
Looking For cac smart card reader? Buy All Computer Accessories Here.
SmartCardReader.TechSerious.com

Smart Card at Digi-Key
Search Our Huge Selection of Quality Electronic Components Today.
www.DigiKey.com

Olympus Smart Media
We Offer 3,500+ Storage & Media Choices. Compare olympus smart media.
BizRate.com

Online Smart Card Training Only $29
Web based online Smart Card training courses that are CEU accredited. 12 months of unlimited access only $29, including audio.
www.securityceu.com




Warning: mkdir() [function.mkdir]: Permission denied in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: mkdir() [function.mkdir]: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 12

Warning: fopen(/home/templatecore2cache//*cluesnet.com/2e/2e85bb4babae6fc02826cb3490888233d86755bc.tc2cache) [function.fopen]: failed to open stream: No such file or directory in /home/webs/affiliatelib2/CacheManager.php on line 130

Warning: fwrite(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 131

Warning: fclose(): supplied argument is not a valid stream resource in /home/webs/affiliatelib2/CacheManager.php on line 132



A smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally Polyvinyl chloride, but sometimes Acrylonitrile butadiene styrene. The card may embed a Holography to avoid counterfeiting.

Overview A "smart card" is also characterized as follows:

Benefits Smart cards provide a means of effecting business transactions in a flexible, secure way with minimal human intervention and in a standard way.

History The chip card was invented by Germany rocket scientist Helmut Gröttrup and his colleague Jürgen Dethloff in 1968; the patent was finally approved in 1982. The first mass use of the cards was for payment in French payphone, starting in 1983 (telephone card).

Roland Moreno actually patented his first concept of the memory card in 1974. In 1977, Michel Ugon from Groupe Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced by Motorola. Today, Bull has 1200 patents related to smart cards.

smart card, combining credit card and debit card properties. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. The gold contact pads on the card enables electronic access to the chip.

The second use was with the integration of microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant's terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.

Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account, so that machines accepting the card need no network connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), the Netherlands (Chipknip and Chipper), Switzerland ("Cash"), Sweden ("Cash"), Finland ("Avant"), UK ("Mondex"), Denmark ("Danmønt") and Portugal ("Porta-moedas Multibanco").

The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based Subscriber Identity Module used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones in Europe, smart cards have become very common.

The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.

With the exception of the United States there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country's national payment association, in coordination with MasterCard International, Visa International, American Express and Japan Credit Bureau, develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.

The backers of EMV claim it is a paradigm shift in the way one looks at payment systems. Though some banks are considering issuing one card that will serve as both a debit card and as a credit card, the business justification for this is still quite elusive. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.

For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen. The current level of fraud a country is experiencing determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.

Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA.Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though the MIFARE card from Philips has a considerable market share in the US and Europe.

Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent, and contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.

Contact smart card Contact smart cards have a small gold chip about 1cm by 1cm on the front. When inserted into a Card reader, the chip makes contact with electrical connectors that can read information from the chip and write information back.

The ISO 7816 and ISO 7810 series of standards define:

The cards do not contain battery (electricity); energy is supplied by the card reader.

Contact smart card reader

Contact smart card readers are used as a communications medium between the smart card and a host, e.g. a computer, a point of sale terminal, or a mobile telephone.

Since the chips in the financial cards are the same as those used for mobile phone Subscriber Identity Module(SIM) cards, just programmed differently and embedded in a different shaped piece of PVC, the chip manufacturers are building to the more demanding GSM/3G standards. So, for instance, although EMV allows a chip card to draw 50mA from its terminal, cards are normally well inside the telephone industry's 6mA limit. This is allowing financial card terminals to become smaller and cheaper, and moves are afoot to equip every home PC with a card reader and software to make internet shopping more secure.

Contactless smart card A second type is the contactless smart card, in which the chip communicates with the card reader through RFID induction technology (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete transaction. They are often used when transactions must be processed quickly or hands-free, such as on mass transit systems, where smart cards can be used without even removing them from a wallet.

The standard for contactless smart card communications is ISO 14443, dated 2001. It defines two types of contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There had been proposals for ISO 14443 types C, D, E and F that have been rejected by the International Organization for Standardization. An alternative standard for contactless smart cards is ISO 15693, which allows communications at distances up to 50 cm.

Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications.

Image:SingapourMetroCard.jpg] in the Helsinki area; the card is read remotely.Image:OctopusFrontNew.jpg], a contactless smart card.

A related contactless technology is RFID (radio frequency identification). In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection. RFID devices usually do not include writeable memory or microcontroller processing capability as contactless smart cards often do.

There are dual-interface cards that implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Porto's multi-application transport card, called Andante ticket, that uses a chip in contact and contactless (ISO 14443B).

Like smart cards with contacts, contactless cards do not have a battery. Instead, they use a built-in inductor to capture some of the incident radio-frequency interrogation signal, rectifier it, and use it to power the card's electronics.

Communication protocols {| class="wikitable"|+Communication protocols!Name!Description|-|T=0|Byte-level transmission protocol|-|T=1|Block-level transmission protocol|-|T=CL|APDU transmission via contactless interface ISO 14443|}

Credit card contactless technology These are the best known payment cards (classical plastic card):

Roll-outs started in 2005 in USA (Asia and Europe - 2006). Contactless (non PIN) transactions cover a payment range of ~$5-50. There is an ISO 14443 PayPass implementation. All PayPass implementations may be separated on EMV and non EMV.

Non-EMV cards work like magnetic stripe cards. This is a typical card technology in the USA (PayPass Magstripe and VISA MSD). The cards do not control amount remaining. All payment passes without a PIN and usually in off-line mode. The security level of such a transaction is no greater than with classical magnetic stripe card transaction.

EMV cards have two interfaces (contact and contactless) and they work as a normal EMV card via contact interface. Via contactless interface they work almost like a EMV (card command sequence adopted on contactless features as low power and short transaction time).

Cryptographic smart cards Most advanced smart cards are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and Digital Signature Algorithm on board. Today's cryptographic smart cards are also able to generate key pairs on board, to avoid the risk of having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card).

Such smart cards are mainly used for digital signature and secure identification (see applications section).

The most common way to access cryptographic smart card functions on a computer is to use a PKCS11 library provided by the vendor. On Microsoft Windows platforms the Cryptographic Service Provider API is also adopted.

The most widely used cryptographics in smart cards (excluding the GSM so-called "crypto algorithm") are DES (Triple DES) and RSA. The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage.

Applications Financial The applications of smart cards include their use as credit or automatic teller machine cards, in a fuel card, subscriber identification modules for mobile phones, authorization cards for pay television, pre-pay utilities in household, high-security identification and access-control cards, and public transport and public phone payment cards.

Smart cards may also be used as electronic wallets. The smart card chip can be loaded with funds which can be spent in parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. Examples are Proton card, Geldkarte and Mon€o.

Identification A quickly growing application is in digital identification cards. In this application, the cards are used for authentication of identity. The most common example is in conjunction with a Public key infrastructure. The smart card will store an encrypted digital certificate issued from the PKI along with any other relevant or needed information about the card holder. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are a privacy-enhancing technology, for the subject carries possibly incriminating information about him all the time. By employing contactless smart cards, that can be read without having to remove the card from the wallet or even the garment it is in, one can add even more authentication value to the human carrier of the cards.

The first smart card driver's license system in the world was issued in 1995 in Mendoza, a province of Argentina. Mendoza has a high level of road accidents, driving offenses, and a poor record of recovering outstanding fines. The smart licenses keep an up-to-date record of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph of the holder. Emergency medical information like blood type, allergies, and biometrics (fingerprints) can be stored on the chip if the cardholder wishes. The Argentina government anticipates that this new system will help to recover more than $10 million per year in fines.

Gujarat was the first state in India to introduce the smart card license system in 1999. To date the Gujarat Government has issued 5 million smart card driving licenses to its people. This card is basically a plastic card having ISO 7810 certification and integrated circuit, capable of storing and verifying information according to its programming.

Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to be tamper resistant. The embedded chip of a smart card usually implements some cryptography. Information about the inner workings of this algorithm can be obtained if the precise time and electrical current required for certain encryption or decryption operations is measured. A number of research projects have now demonstrated the feasibility of this line of attack. Countermeasures have been proposed.

By the start of 2009 the entire population of Belgium will have an eID card, that is issued by the Belgian Governement and that is used to identify an individual. These cards contain 2 certificates: one for authentication and one for signature. This signature is legally adopted. More and more services in Belgium are using the eID card as an authorisation token. More information on

Other Smart cards are widely used to protect digital television streams. See television encryption for an overview, and VideoGuard for a specific example of how smartcard security worked (and was cracked).

Problems Another problem of smart cards may be the failure rate. The plastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction. A card enclosure might be a good idea.

Using a smart card for mass transit presents a risk for privacy, because such a system enables the mass transit operator (and the authorities) to track the movement of individuals. In Finland, the Data Protection Ombudsman prohibited the transport operator Helsinki Metropolitan Area Council from collecting such information, in spite of YTV's argument that the owner of the card has the right to get a list of journeys paid with the card. Prior to this, such information was used in the investigation of the Myyrmanni bombing.

Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware, the security model is broken. Theoritically a malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user.

Manufacturers ChipsAtmel Hitachi, Ltd. Infineon Technologies NXP Semiconductors (former Philips Semiconductors) Samsung Electronics Sony STMicroelectronics Unicore Microsystems
CardsASK (contactless cards) Gemalto Giesecke & Devrient ITG (contactless cards) Oberthur Card Systems Sagem Orga Toppan printing

See also

Terminology ATR:Answer to ResetBCD:Binary-coded decimalCHV:Card Holder VerificationCOS:Card operating systemDF:Dedicated FileIC:Integrated circuitPC/SC:Personal computer / smart cardMF:Master FilePPS:Protocol and Parameter SelectRFU:Reserved for Future Use

Books

External links

Encryption

Patents



Smart Card News Home Page
Smart Card News is an independent International subscription newsletter launched in 1992. The newsletter is considered, by the industry, to be the definitive source for information ...

Smart Card Centre @ RHUL
Smart Card Centre - research, training and consultancy. ... ROYAL HOLLOWAY, UNIVERSITY OF LONDON Information Security Group. Welcome to the Smart Card Centre

Smart card - Wikipedia, the free encyclopedia
A smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information.

Smartcard Focus :: Home
Distributor and retailer of smart cards, smartcard readers, software applications and development kits. Including both contact and contactless technologies.

SmartConnect - Background
Welcome to the SmartConnect website. A site dedicated to the outputs of the National Smartcard Project

smart card from FOLDOC
smart card. Any plastic card (like a credit card) with an embedded integrated circuit for storing information. Smart cards are being incorporated into soldier's dog-tags and used ...

Smart Card Developments Ltd. smart card system development
Provides development of smart-card systems. Contains company profile, list of services and contact details.

Smart Card Readers
SMART CARD READERS: EZMini. Miniature smart card reader with integral USB connector - No cable. £49.00 excl. VAT £57.58 incl. VAT

SmartCard Networking Forum
The SmartCard Networking Forum is a group of representatives from local authorities throughout the UK who are involved in using, planning to use or simply interested in exploring ...

The Smart Card Club - Home
The Smart Card Club is a UK professional association devoted to education and networking for smart card technology and applications.





 
Copyright © 2008 opini8.com - All rights reserved.
Home | Terms of Use | Privacy Policy
All Trademarks belong to their repective owners.
Many aspects of this page are used under
commercial commons license from Yahoo!