A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed — by way of the ICC applications — and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting. Using smartcards is also a form of strong security authentication for single sign-on within large companies and organizations.
A Smart Card is a plastic card the size of a credit card with an integrated circuit built into it. This integrated circuit may consist only of EEPROM in the case of a memory card, or it may also contain ROM, RAM and even a CPU.
Most smart cards have been designed with the look and feel of a credit or debit card, but can function on at least three levels (credit - debit - personal information). Smart cards include a microchip as the central processing unit, random access memory (RAM) and data storage of around 10MB.
A smart card is a mini-computer without the display screen and keyboard. Smart cards contain a microchip with an integrated circuit capable of processing and storing thousands of bytes of electronic data. Due to the portability and size of smart cards they are seen as the next generation of data exchange.
Smart cards contain an operating system just like personal computers. Smart cards can store and process information and are fully interactive. Advanced smart cards also contain a file structure with secret keys and encryption algorithms. Due to the encrypted file system, data can be stored in separated files with full security.
Organizations are steadily migrating toward this technology. The days are numbered for a single mainframe used for computing every directive. Today, the delegation of tasks is being transferred to small, but dedicated smart cards. Their usefulness may soon exceed that of the standard computer for a variety of applications due, in part, to their portability and ease of use.
The smart card is an electronic recording device. Information in the microchip can instantaneously verify the cardholder's identity and any privileges to which the cardholder may be entitled. Information such as withdrawals, sales, and bills can be processed immediately and if/when necessary; those records can be transmitted to a central computer for file updating.
Smart cards are secure, compact and intelligent data carriers. Smart cards should be regarded as specialized computers capable of processing, storing and safeguarding thousands of bytes of data. Smart cards have electrical contacts and a thin metallic plate just above center line on one side of the card. Beneath this dime-sized plate is an integrated circuit (IC) chip containing a central processing unit (CPU), random access memory (RAM) and non-volatile data storage. Data stored in the smart card's microchip can be accessed only through the chip operating system (COS), providing a high level of data security. This security takes the form of passwords allowing a user to access parts of the IC chip's memory or encryption/decryption measures which translate the bytes stored in memory into useful information.
Smart cards typically hold 2,000 to 8,000 electronic bytes of data (the equivalent of several pages of data). Because those bytes can be electronically coded, the effective storage capacity of each card is significantly increased. Magnetic-stripe cards, such as those issued by banks and credit card companies, lack the security of microchips but remain inexpensive due to their status as a single-purpose card. Smart cards can be a carrier of multiple records for multiple purposes. Once those purposes are maximized, the smart card is often viewed as superior and, ultimately, less expensive. The distributed processing possible with smart cards reduces the need for ever-larger mainframe computers and the expense of local and long-distance phone circuits required to maintain an on-line connection to a central computer.
A "smart card" is also characterized as follows:
* Dimensions are normally credit card size. The ID-1 of ISO/IEC 7810 standard defines them as 85.60 × 53.98 mm. Another popular size is ID-000 which is 25 × 15 mm (commonly used in SIM cards). Both are 0.76 mm thick.
* Contains a security system with tamper-resistant properties (e.g. a secure cryptoprocessor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).
* Asset managed by way of a central administration system which interchanges information and configuration settings with the card through the security system. The latter includes card hotlisting, updates for application data.
* Card data is transferred to the central administration system through card reading devices, such as ticket readers, ATMs etc.
Smart cards can be used for identification, authentication, and data storage.
Smart cards provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention.
Smart card can provide strong authentication for single sign-on or enterprise single sign-on to computers, laptops, data with encryption, enterprise resource planning platforms such as SAP, etc.
The automated chip card was invented by German rocket scientist Helmut Gröttrup and his colleague Jürgen Dethloff in 1968; the patent was finally approved in 1982. The first mass use of the cards was for payment in French pay phones, starting in 1983 (Télécarte).
Roland Moreno actually patented his first concept of the memory card in 1974. In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first "CP8" based on this patent was produced by Motorola. At that time, Bull had 1200 patents related to smart cards. In 2001, Bull sold its CP8 Division together with all its patents to Schlumberger. Subsequently, Schlumberger combined its smart card department and CP8 and created Axalto. In 2006, Axalto and Gemplus, at the time the world's no.2 and no.1 smart card manufacturers, merged and became Gemalto.
The second use was with the integration of microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant's terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.
Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account, so that machines accepting the card need no network connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), France (Moneo), the Netherlands (Chipknip and Chipper), Switzerland ("Cash"), Norway ("Mondex"), Sweden ("Cash"), Finland ("Avant"), UK ("Mondex"), Denmark ("Danmønt") and Portugal ("Porta-moedas Multibanco").
The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones in Europe, smart cards have become very common.
The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.
With the exception of countries such as the United States of America there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country's national payment association, in coordination with MasterCard International, Visa International, American Express and JCB, develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.
The backers of EMV claim it is a paradigm shift in the way one looks at payment systems. In countries where banks do not currently offer a single card capable of supporting multiple account types, there may be merit to this statement. Though some banks in these countries are considering issuing one card that will serve as both a debit card and as a credit card, the business justification for this is still quite elusive. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.
For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen. The current level of fraud a country is experiencing, coupled with whether that country's laws assign the risk of fraud to the consumer or the bank, determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.
Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA. Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though the MIFARE Standard card from Philips has a considerable market share in the US and Europe.
Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent; For example in Malaysia, the compulsory national ID scheme MyKad includes 8 different applications and is rolled out for 18 million users. Contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.
Contact smart card
Contact smart cards have a contact area, comprising several gold-plated contact pads, that is about 1 cm square. When inserted into a reader, the chip makes contact with electrical connectors that can read information from the chip and write information back.
The ISO/IEC 7816 and ISO/IEC 7810 series of standards define:
* the physical shape
* the positions and shapes of the electrical connectors
* the electrical characteristics
* the communications protocols, that includes the format of the commands sent to the card and the responses returned by the card.
* robustness of the card
* the functionality
The cards do not contain batteries; energy is supplied by the card reader.
Smart Card Usage
The uses of smart cards are as versatile as any mini-computer. At a hospital emergency room, for example, the card could identify the person's health-insurance carrier and transfer all necessary information from the microchip to an admittance sheet. Tests, treatment, billing and prescriptions could be processed more quickly using the card. Major clinical findings could be added to the medical information section within the microchip.
In the U.S., smart cards are utilized in GSM mobile telephones, in DirecTV and EchoStar satellite receivers, and in the American Express Blue card.
Smart Card Operating Systems
Smart cards designed for specific applications may run proprietary operating systems. Smart cards designed with the capability to run multiple applications usually run MULTOS or Java Card.