• Home
• Membership Information
• About Smart Cards
• Smartex Events
• Industry Events
• What's New
• Affiliations
• Publications
• SmartExpress
• SmartexMoves
• SmartExposure
• Supplier Directory
• Contact Us

About Smart Cards

About Smart Cards and other Secure Media

Introduction
Smart cards were originally conceived in the 1970s, with suppliers quickly converging on using the physical format of the ubiquitous bank card.  Since then there has been a continual stream of developments, and smart technology has been incorporated into completely new products, often with different physical designs (form factor).  Our definitions used in the explanation of this complex product area are set out in this introduction.

The classic smart card is a standard credit card-sized plastic token (ID-0 size in the applicable international standard), within which a secure microchip has been embedded. The basic mobile phone SIM is simply a smaller form factor smart card (defined as ID-000 in a different international standard); this format is also used for the secure application module (SAM) found in many terminals. It is the embedded microchip that is the engine room of the smart card.  For the card to be ‘smart’, the chip must have in-built information security (infosec) functions - such functions are at the heart of all of the smart devices considered here.

The classic products connect to a card reader using a set of electrical contacts, but an alternative interface method has been developed, using short range electromagnetic fields - direct electrical contacts are not needed, and hence the term contactless card.  Cards incorporating both contact and contactless interfaces are now widely deployed, in particular as bank debit and credit cards.  Such cards are described as being dual interface, or simply combi. And the dominant contactless interface method, the Proximity interface, operating at up to 5 to 10cm between smart media and reader, has been further developed in the form of Near Field Communications (NFC) methods for use between a suitably equipped mobile phone or similar mobile device and either a terminal or a contactless smart card (or, indeed, certain types of RFID tag).

Smart media is the term for products containing secure microchips but encapsulated in a physical form that is different from the classic smart card or SIM.  Examples are: fobs, wrist bands, watches, flexible ID badges, disposable paper carriers of public transport tickets, passports, some types of USB secure memory or wireless networked dongles, trusted computing controllers installed on a PC motherboard, and even mobile phones that have a secure chip embedded in the phone body (but see below for the alternative method using an enhanced SIM containing a secure element).  In discussions we continue to refer to smart cards, although organisations such as ITSO Ltd, concentrating on the use of the contactless interface, are more likely to refer to smart media.

Smart cards come in three broad varieties:

• memory-only, with storage space only for data, and with a reasonable level of built-in security;
• microprocessor, in which the microchip, in addition to memory, embodies a processor controlled by a card operating system, with the ability to process data onboard, as well as carrying small programs capable of local execution - these chips generally incorporate stronger infosec functions than the basic memory card; 
• an intermediate version in which the chip is a microprocessor with a fixed program that ensures that the user sees only a single function: perhaps secure memory, perhaps an e-purse holding value.

Examples of smart cards in the three classes are:

• Mifare Classic® as a memory-only card; 
• EMV Chip and PIN cards for banking, also UK ID and eBorders cards, which have an application program stored in on-board memory; 
• Mifare DESFire with a microprocessor chip but presenting only a secure memory interface to the user.

Initially, the main storage area in such cards was EEPROM (Electrically Erasable Programmable Read-Only Memory), which - subject to defined security constraints - can have its content updated, and which retains current contents when external power is removed.  Further development added Flash memory technology for much greater storage capacity at lower cost, again with secure access controls, re-writeable and retaining its contents when external power is removed.

Smart cards offering strong security have special maths co-processors integrated into the microprocessor chip, able to perform quite complex encryption routines relatively quickly (thus called crypto cards) - but this comes at a cost, albeit a cost that reduces regularly.  All smart chips have hardware features to protect against intrusive attacks, and microprocessor chips include additional software security features in their operating systems.  Naturally, the quality of the protection increases as the chip suppliers implement stronger security functions, features that they regularly update in their current product families in order to combat the increased expertise of the attackers.

The smart card is characterised by its ability to store much more data (currently up to several megabytes, although typically in the range 4K to 75K bytes) than is held on a magnetic stripe, all within a secure environment.  Data residing in the chip can be protected against external inspection or alteration, so effectively that the vital secret keys of the cryptographic systems used to protect the integrity and privacy of card-related communications can be held safely against all but the most sophisticated forms of attack. The ingenuity of cryptographers further supplements the physical security of the chip, ensuring that penetrating one card's security does not compromise an entire card scheme. The security features built into strong security smart card chips are amongst the most sophisticated of their type available in the commercial world. However, at the bottom end of the price range there are very low cost devices targeted at single use markets such as disposable public transport ticketing carnets, with security features appropriate for those markets.

Emerging smart products have the smart concept as the central feature of their microchip, and then surround the smart core with other building blocks and interfaces appropriate for the application area for which they are developed.  The smart core in the microchip is here described as the secure element within a sophisticated System on Silicon chip (SoS).  The physical appearance might be as a SIM (for example for use in NFC mobile phones, where it may be used to secure both over the air and NFC short range transactions), or perhaps as a USB dongle (for example for securing on-line transactions).

It is because of the combination of security and data storage features that smart cards became the consumer token of choice in many areas of the public sector and commercial worlds.  The Internet, in particular, is focussing the need for online identification and authentication (eID) between parties who cannot otherwise know or trust each other, and smart cards and other smart devices - coupled with effective cardholder verification techniques - are believed to be one of the most efficient and portable ways of enabling the new world of eID and eServices.  Interoperability is the key requirement to facilitate universal consumer acceptability: the ability of a card function developed by one organisation to be used without difficulty in schemes owned and operated by many organisations. So it is that the current world population of smart cards that are in active use is estimated at some 6 billion - a large proportion of that total is mobile phone SIMs.

Smart card functions
Smart cards have during the last 20 years been deployed in volume in more and more sectors of public and private marketplaces. Single-function cards are being used for the credit and debit functions of financial institutions, digital mobile telephony (small format SIM cards), retail loyalty and club membership schemes, corporate staff systems, cashless catering, subscription TV operations, public transport ticketing (including both high density mass transit and wide area concessionary travel), national ID cards, and many more. Recent deployment of single-function smart media in a larger format is in the very visible set of chip-enabled passport schemes.

With the advent of multi-application cards capable of carrying data relating to several functions, more complex schemes have been deployed and continue to spread, particularly by cities for their citizens, by central Governments for their residents, and on educational campuses for students and staff.  In this group, the EC is promoting a pan-European set of national schemes issuing multi-function citizen cards, usable as travel cards and for on-line eID, and due to be deployed by 2014.  Government in England is active in encouraging a rollout of multi-function card schemes in the period 2010 to 2015, with public transport tickets and travel passes as the core function..

In most of these schemes, simple data structures are held and updated within cards, normally comprising personal information about the cardholder and his or her accounting relationship with the card and application issuer, together with transactional data relating to the particular function.  Central processing systems often mirror this data, having collected it through a polling mechanism from the terminals that accept the particular cards and enable them to participate in the related transactions.

Most smart card schemes utilise one or more generic functions, this being one of several advantages offered by smart technology.  Another advantage of smart cards is that these functions are frequently associated with offline operations, i.e. functions performed without immediate access to the central system.  The generic functions of cards include general transaction-based storage, storage of kernel personal data and account reference information, and - increasingly - the storage of public transport tickets and of monetary value (electronic purse) able to be loaded and used/spent repeatedly during the life of the card.  For eID, digital certificates are stored in the card, and an authentication function is implemented; data encryption and electronic signature functions may also be included.

If, by contrast, a completely online scheme (where the user terminal can always make immediate contact with the central processing system) is implemented, the use of smart cards within such a scheme is threatened, because the data storage ability of the card might become redundant if recourse may always be made to the same data held centrally.  Nevertheless, the use of a secure token in the form of a smart card or other smart media (e.g. a fob) is increasingly seen as the way to authenticate scheme members when they access the scheme.  Such permanently online schemes are often commercially viable within a single organisation, particularly when it has only one physical site (e.g. a golf club), but consumer- and citizen-oriented scheme owners are increasingly recognising the benefits of issuing to the user a powerful, multi-function smart card.

The current proliferation of consumer plastic, giving rise to serious purse and wallet bulge, is focussing card issuers on the challenge of providing multi-application platforms within smart cards, able to carry functions relating not only to the card issuer's business, but also carrying functions issued by third party application providers who may wish to rent space within such cards.  This requirement has given rise to the need for suitable platforms able to carry segmented data sets in a discrete way to ensure that one application provider's data cannot be compromised by a third party.  Accordingly, a number of multi-application platform products have been developed, not only by the more traditional smart card suppliers but, more unusually, by card scheme operators with an interest in issuing cards and then defraying costs by renting space within them.  Such multi-application platforms allow the addition and deletion of application data areas in-flight, without the need for replacing cards.  This ability in turn leads to major branding, customer service, ownership and control issues, many of which have yet to be addressed and resolved.  The increasing complexity also brings the problem of not easily being able to view the data held in the smart card. In some situations, difficulty with deciding which ticket or which authorisation data is to be used arises (particularly in public transport with its need to automate transactions, for which see below: Viewing and using secure data).

Stability in a time of technological progress
We live in a world of fast-moving technical change.  This is perhaps particularly relevant and challenging when related to smart cards, where hundreds of thousands of card-reading terminals need to be available, and tens of millions of smart cards need to be deployed, all with a potential life of several years.  Forwards compatibility, and cross border and cross scheme interoperability, are increasingly difficult to maintain against the background of rapid chip technology development.  This environment makes it extremely difficult for the confident development, acquisition and deployment of smart cards that, to support any reasonable business case, must be seen as long-term tokens.

A number of international standards bodies have concerned themselves with developing basic standards governing the physical and logical attributes of smart cards.  For a long time most of these lagged behind the realities of technical progress, not addressing application level and interoperability issues sufficiently to allow the development of software to proceed with confidence.  This left space for international card players to develop products according to specifications which they severally wish to have recognised as de facto standards. Particular market sectors, which have developed such specifications, include GSM (Global System for Mobile communications) and the main credit institutions in the EMV consortium (MasterCard - which now incorporates Europay - and Visa).  Several countries with strong central Governments did establish effective standards for national schemes, although England and Wales at first largely stood back and allowed the fragmented development of proprietary systems.  Programmes such as the eEurope Initiative and the UK National Smart Card Project only scratched the surface, but they also helped illustrate the problems.

It had been expected that, in the longer term, major players with global reach - such as Microsoft - would deploy cards and software in an effort to saturate the international market with a particular topography or architecture.  Indications now are that global businesses have been inhibited by the development of national (and also EU-wide) rules on personal privacy in relation to the personal data of billions of citizens.

Both public-private partnerships and industry collaborative developments have appeared as a way forward. These include:

• Global Platform, an industry consortium for smart card interoperability;
• the (now delayed to 2014) EC public sector initiative for a European Citizen Card that doubles up as a travel document
• moves for a common ID card specification across the EU, with eID functions included for secure online use, together with the public-private Project STORK to make progress on an interoperable infosec environment;
• for public transport ticketing that can co-exist with wider citizen eServices: ITSO as a UK specification and support Environment, VDV as a German specification, and umbrella international standards for Interoperable Fare Management - at the single country level (ISO standard) and for the card to terminal application level (CEN standard);
• USA Personal Identity Management (PIV) for public sector personnel, doubling up as building access.

Notable in the UK is that Scotland has established a national Entitlement Card scheme, albeit with only medium level security, and that in England there is cross-departmental collaboration on similar topics.

Standardisation continues: for through ticketing across Europe on public transport, for the combination of bank payment (EMV) and storage of entitlement data (e.g. for public transport) on a contactless interface EMV card, and for strong security transaction methods using NFC enabled mobile devices.

The advent of the cashless society
In the modern world, the widespread use of cash in the form of notes and coins is increasingly being seen to hamper the effective deployment of new forms of trading.  These transaction processes, as with face to face transactions, require immediate and anonymous payments.  In the long-term evolution from cowry shells and tally sticks to paper and metal coinage and beyond, it is abundantly clear that the electronic storage and transfer of money value is an imperative, particularly where low-value payments require to be made internationally over telecommunications networks.

The virtual elimination of cash tokens is therefore a holy grail of national Governments, of Internet merchants and of financial institutions with a real interest in controlling and profiting from the 80% of high street transactions currently made with notes and coins. Such electronic money can take many forms, and has been endowed with a wide and misleading vocabulary including stored value and e-purse.  This has led to the development by a number of financial institutions of smart card-based products performing stored value functions, ranging from simple throw-away, burn-off cards such as payphone cards, to reloadable e-purse cards designed for low-value payments in a variety of outlets and even remotely over networks.

To date, single-function, generic e-purse cards, issued by financial institutions in various projects in a number of countries, have resulted in technical success but commercial failure in terms of usage rate.  Similarly, the mobile phone operators are not operating general use e-purses, with one major operator at least known to have never launched the product that was developed for them.  The consumer imperative and retailer benefits necessary for success have been almost completely lacking. The value of the pre-paid float is, however, attractive to telcos, transport operators and retailers.

Within the EU there have been two stages of regulation of e-money schemes, and most recently a merging of e-money and debit/credit card regulation into one Payment Services Directive - the aim is to simplify regulation and to encourage the market.  20 years on from early e-purse initiatives, the race for purse in Europe is again just beginning, with new players emerging to challenge the more traditional financial institutions as purse providers, and with matching technology for secure element storage in NFC mobile phones announced in 2010.

Dedicated pre-paid cards have been successful - as payphone cards, London’s PAYG Oyster cards, and pre-paid mobile phone SIMs.  The only truly successful examples of stored value are combined mass transit and e-purse tokens based on contactless technology, providing real convenience to consumers in Asian cities such as Hong Kong, and spreading through Japan from a regional mass transit base.  Smart card products to watch are therefore Japan’s Suica mass transit and Edy e-money card.  Sony's Edy, an accounted purse in a contactless card, is also used in Hong Kong’s Octopus mass transit card scheme (and, as a pre-requisite, the Octopus management company had to obtain a limited banking licence).  In the UK, watch sQuid, already with several local government sponsored deployments.

Fundamentals of card operation
Today's smart cards need electrical power from outside, plus a way for data to be transmitted to, and read from, the chip (and in a few cases during use of the card, data is only read out, and nothing is transmitted to the chip).  The cards need a timing signal (the clock) to synchronise data transmission (so that the data transmitter and receiver run at the same speed), and many microprocessor-based cards also use that timing signal to drive the microprocessor.

Perhaps unfortunately, but as a result of the historical development path of this technology, there are two types of electrical interface between smart cards and their associated card readers, as follows:

Traditionally, for use at the retail point of sale or in the banking environment, or as the GSM SIM card in the mobile 'phone, the card has a set of electrical contacts embedded in the surface of the plastic on one side.  This contact card technology is operated by inserting the card (in the correct orientation) into a slot in a card reader, which has electrical contacts that connect to the contacts on the card face.

For use in a mass transit environment, or wherever the cardholder is in motion at the moment of the transaction, radio frequency technology is used to transmit power from the reader to the card, and data is similarly transmitted over an air-gap of up to 10cms. The clock signal to the card is the RF carrier frequency.  This contactless card technology utilises an aerial coil laminated into the card, and allows communication even whilst the card is retained within a wallet or handbag. The same activation method applies to watches, pendants, baggage tags and buttons.  No electrical contacts, and therefore "contactless".

Cards with both a contact and a contactless interface (dual-interface or combi-cards) have appeared, These commonly have a single, dual-interface chip providing the many advantages of a single e-purse, single operating architecture, etc - the major deployment by bank debit/credit schemes.uses single chip cards.  However, there are cards that incorporate two chips that are isolated from each other – one chip for each interface.

The challenge of interoperability
In practice, and perhaps unfortunately for the card scheme owners and managers, different cards are usually not interchangeable.  Memory cards usually have different interface characteristics from microprocessor cards: different data formats and/or electrical signals across the interface between card and terminal.  Even amongst cards that appear similar, interchangeability is often a problem. But the situation is improving:

• The EMV bank debit/credit card schemes demand interchangeability from their various suppliers - and get it at the level at which the cards are used by the cardholder. 
• Chip-bearing passports are globally interoperable.
• In the UK, the ITSO Specification and scheme Licence require the acceptance of cards (and of NFC phones that emulate cards) with around half a dozen different interface specifications.

The challenge is to provide the different mixes of applications that various types of cardholder will want, while at the same time satisfying scheme and application owners.

Authenticating the cardholder
Whilst properly designed smart cards cannot in practice be counterfeited, little progress has been made to ensure that it is the accredited cardholder who is using the genuine card.  This problem is particularly acute in the e-world, where consumers are transacting business at terminals without operators able to conduct adequate verification routines.

The most common method used for cardholder verification at present is to give the cardholder a PIN (Personal Identification Number) which he or she has to remember: the cardholder has to type in the PIN at each request for signing a message, or perhaps only once per session (e.g. when the card is inserted in the card reader).  PINs, however, have several disadvantages, including the risk of being stolen or abused.  The only truly effective method of Cardholder Verification is the measurement of a physiological characteristic unique to an individual and incapable of fraudulent replication or abuse.  Such biometrics include Iris and Retinal scans, Face or Hand geometry, and of course DNA, but the most likely and most acceptable attribute is the fingerprint.  In production systems using fingerprint recognition, the fingerprint sensor is in the terminal, but the fingerprint profile data may be either in the terminal side of the card-to-terminal interface, or preferably held within the card itself (a fingerprint profile takes up only a few hundred bytes of data space).  Prototype cards where the fingerprint sensor is on the card surface are now in development and may one day be a commercial proposition. In the meantime, a number of major national schemes around the world are incorporating fingerprint biometrics using optical or proximity readers associated with keyboards, mice and point-of-sale terminals.

Viewing and using secure data
To view the information held in a smart card or other smart media requires a terminal device.  This is satisfactory when the card is used in conjunction with a suitable application running on a personal computer.  In the wider context, it is also satisfactory when using the smart card to hold securely only a single, fixed dataset with the printing on the surfaces of the card or other media demonstrating its purpose - examples are photocards, holding permission to enter a building or holding a public transport season ticket. Other examples are bank debit and credit cards, and passports.

Some schemes where the data in the card changes as the card is used have developed satisfactory data viewing solutions for both user and scheme operator.  For example, London’s Oyster scheme has self-service terminals at Underground and DLR stations, validators with displays at some stations, and hand held card viewers for Docklands Light Railway Train Captains.  Oyster also has the option to register the card and thus view the back office shadow account and transaction history on the Internet and also authorise automatic top-up of the PAYG purse (but it is reported that few card holders opt for auto top-up).

On the UK National Rail network, nearly 50% of journeys are made using season tickets.  A smart card with surface printed photograph is a suitable carrier for that ticket, and an automatic gate at the railway station can very quickly make the decision to let the passenger pass through or refuse access.  But if there is more than one ticket product in the card, the gate guarding entry to the network will have difficulty deciding which product to use, and may have to make a decision to let the passenger into the network based on the possibility that at least one product is valid for travel from that station.  For proper management of the network, a time consuming decision has to be made later, perhaps by a Train Manager or at an interactive terminal or manned counter at the destination.

London’s Oyster scheme, as used by Transport for London (TfL) on the Underground, operated initially within a completely closed mass transit system that has a simple fare structure.  Around the world other metropolitan area mass transit schemes have a similar architecture.  The automatic gates at entry and exit have simple decisions to make. The Oyster scheme has since been extended to parts of the heavy rail network, where ticket and payment products for services provided by both TfL and National Rail are valid.  As a result, the problems of making decisions at automated gatelines intrudes on management of the transport network.

Two methods using mobile phones instead of classic smart cards are available for resolving the problem of decision making where the data is complex and the unattended terminal has to make a rapid decision.  Both involve the passenger in selecting the ticket product to use, before reaching the gate line or demonstrating the ticket product to a Train Manager or other inspector.

In the first method a smart card is not used: the mobile phone is used to store and display the ticket product to be used, including displaying a 2D barcode that carries both the encoded ticket product and security data, and the gateline implements optical scanning of the phone’s display.  This method can only display the ticket product for secure checking, not cancel it.

In the second method the mobile phone and SIM card together implement both a secure element and a contactless interface using NFC methods.  The secure element is used to hold the ticket product or other product data (e.g. payment product) in the same secure manner as it is held in a smart card.  This method operates like a smart card, with the added advantage that the user is holding a complete terminal incorporating the secure element.