Smart Cards Features, Types, Security Features and Financial Applications

A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

The universal integrated circuit card, or SIM card, is also a type of smart card. As of 2015, 10.5 billion smart card IC chips are manufactured annually, including 5.44 billion SIM card IC chips.

Magnetic stripe technology remains in wide use in the United States. However, the data on the stripe can easily be read, written, deleted or changed with off-the-shelf equipment. Therefore, the stripe is really not the best place to store sensitive information. To protect the consumer, businesses in the U.S. have invested in extensive online mainframe-based computer networks for verification and processing. In Europe, such an infrastructure did not develop — instead, the card carries the intelligence.

The microprocessor on the smart card is there for security. The host computer and card reader actually “talk” to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card’s random access memory (RAM), it would be no different than a diskette.

Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.

The most common smart card applications are:

• Credit cards
• Electronic cash
• Computer security systems
• Wireless communication
• Loyalty systems (like frequent flyer points)
• Banking
• Satellite TV
• Government identification

Features

Secure data storage. Smart cards provide a way to securely store data on the card. This data can only be accessed through the smart-card operating system by those with proper access rights. This feature can be utilized by a system to enhance privacy by storing personal user data on the card rather than in a central database, for example. In this situation, the user has better knowledge and control of when their personal data is being granted access and who is involved.

Authentication. Smart cards provide ways to authenticate others who want to gain access to the card. These mechanisms can be used to validate users, devices, or applications wishing to use the data on the card’s chip. These features can protect privacy by ensuring that a banking application has been authenticated as having the appropriate access rights before accessing financial data or functions on the card, for example.

Encryption. Smart cards provide a robust set of encryption capabilities, including key generation, secure key storage, hashing, and digital signing. These capabilities can be used to protect privacy in many ways. For example, a smart-card system can produce a digital signature for an e-mail message, providing a way to validate the e-mail’s authenticity. This protects the message from being tampered with, and also provides the recipient with assurance about origination. The fact that the signing key originated from a smart card adds credibility to the origin and the intent of the signer.

Secure communications. Smart cards provide secure communication between the card and reader. Similar to security protocols used in many networks, this feature allows smart cards to send and receive data in a secure, private manner.

Biometrics. Smart cards provide ways to securely store biometric templates and perform biometric matching functions. These features can be used to improve privacy in systems that use biometrics.

Strong device security. Smart-card technology is extremely difficult to duplicate or forge, and has built-in tamper resistance. Smart-card chips include a variety of hardware and software capabilities that detect and react to tampering attempts, and help counter possible attacks.

Personal device. A smart card is, of course, a personal and portable device associated with a particular cardholder. The smart-card plastic is often personalized, providing an even stronger binding to the cardholder. These features, while somewhat obvious, can be leveraged to improve privacy. For example, a healthcare application might elect to store prescription information on the card vs. on paper to improve the accuracy and privacy of patient prescriptions.

Types

Contact less Smart Card:

This type of smart card establishes connection with the card reader without any physical contact. It consists of an antenna by means of which it is used to communicate using radio frequency band with the antenna on the reader. It receives power from the reader via the electromagnetic signal.

Contact Smart Card:

This type of smart cards is embedded with electrical contacts which are used to connect to the card reader where the card is inserted. The electrical contacts are deployed on a conductive gold-plated coating on the card surface.

Dual-interface cards:

This type of smart card is equipped with both contact less and contact interfaces. This type of card enables secure access to the smart card’s chip with either the contact less or contact smart card interfaces.

Memory based smart card:

This type of smart cards are embedded with memory circuits. It stores, reads and writes data to a particular location. It is straight memory card which is only used to store data or a protected memory card with a restricted access to the memory and which can be used to write data. It can also be a rechargeable or a disposable card which contains memory units which can be used only once.

Microprocessor based smart card:

This type of smart cards consists of microprocessor embedded onto the chip in addition to the memory blocks. It also consists of specific sections of files related with a particular function. It allows for data processing and manipulations and can be used for multi functioning.

Hybrid smart card:

Hybrid smart card embedded with both memory and microprocessor. Two different chips are used for different applications connected to a single smart card based on the different functionality as the proximity chip is used for physical access to prohibited areas while the contact smart card chip is used for sign in authentication.

Security Features

Laser Engraving:

Using different laser types with varying wavelengths, names, card numbers or other inscriptions can be engraved into cards in a manner that is easy on the card material. Through engraving, labelling is not removable. The process of engraving labels has simple and variable programming.

Ghost Images:

A ghost image is a semi-visible graphic, usually another photo of the cardholder, which is applied to the card. Sometimes ID numbers or logos with reduced transparency are also printed into the background of the card. The process is inexpensive and can be copied only with great difficulty.

Photos:

The most obvious and widely used security feature for personal identification is a passport photo. These are applied to the card in high quality through color printing, usually using the inkjet drop-on-demand method or sometimes through laser engraving and other techniques. Passport photos have the great advantage of functioning without a reading device. In addition, supplemental bio-metric data can be added to photos on driver’s licenses or ID cards to render them machine-readable.

Signature:

In addition to photos, reference signatures on cards are also a common safety feature, including when paying by debit or credit card. Security signature fields increase the copy protection in that the signing area can be damaged obviously by friction or contact with chemicals.

Financial Applications

Healthcare

With health care data rapidly increasing, smart cards assist with maintaining the efficiency of patient care and privacy safeguards. The cards allow medical facilities to safely store information for a patient’s medical history, instantly access the information and update it if needed and reduce health care fraud. Instant patient verification provides for immediate insurance processing. In addition, smart cards enable compliance with government initiatives, such as organ donation programs.

Computer & Network Security

Microsoft Windows, new versions of Linux and Sun Microsystems have begun using smart cards as a replacement for user names and passwords. Understanding that Public Key Infrastructure (PKI)-enhanced security is needed, a smart card badge is becoming the new standard. Using smart cards, users can be authenticated and authorized to have access to specific information based on preset privileges.

Banking & Retail

Some of the most common uses for smart cards are ATM cards, credit cards and debit cards. Many of these cards are “chip and PIN” cards that require the customer to supply a four- to six-digit PIN number, while others are known as “chip and signature” cards, needing only a signature for verification.

Other financial and retail uses for smart cards include fuel cards and public transit/public phone payment cards. They can also be used as “electronic wallets” or “purses” when the chip is loaded with funds to pay for small purchases such as groceries, laundry services, cafeteria food and taxi rides. Cryptographic protocols protect the exchange of money between the smart card and the machine, so no connection to a bank is needed.

Mobile Communications

For digital mobile phones, smart cards can also be used as identification devices. These cards are known as Subscriber Identity Molecules (SIM) cards. Each SIM card has a unique identifier that manages the rights and privileges of each subscriber and makes it easy to properly identify and bill them.