Smart Cards

As potential applications grow, computers in the wallet are making unobtrusive inroads

by Carol H. Fancher
SMART CARD contains memory and a micropressor underneath gold contact pads. The position of the pads is governed by standards so that cards and readers from many sources can work together.
 

SUBTOPICS:
Under the Hood
The Big Picture
Protecting Health
Personal Communication
Cards That Know You

ILLUSTRATIONS:
Smart-Card Applications
Smart Transactions
 

FURTHER READING

FURTHER LINKS

 

The semiconductor revolution has advanced to the point where the computing power that once took up an entire room can now be lost among the spare change, house keys or candy wrappers in the average pocket. For more than 10 years, "smart" credit cards incorporating tiny chips have been in use in France and other parts of Europe. A set of standardized contacts on the front of each card supplants or supplements the familiar coded magnetic stripe on the back. Although the U.S. has been lagging in the use of this technology, a series of ongoing pilot programs may soon change that situation. Some pundits have criticized smart cards as a technology endlessly in search of meaningful applications, but the divergent experiences of different countries show that the issues are more complicated.

Curiously, telecommunications policy has been one of the major influences on the deployment of smart cards. In the U.S., where telephone calls are cheap and it is a simple matter to attach a magnetic-stripe reader to a phone line, the fraud-reduction aspects of smart cards are not necessarily worth the extra expense. Instead merchants can dial up a central database to make sure a card is valid before completing a transaction. In Europe, where calls are generally more expensive and connecting modem-equipped devices to phone lines is more difficult, security was a significant driving force behind smart-card introduction.

The French, for example, made the switch during the mid-1980s because fraud rates were unacceptably high and rising. With smart cards, merchants do not have to go on-line to centralized databases. They can rely on personal identification numbers (PINs) to verify the ownership of a card simply by checking the PIN typed in by a customer against the record on the card itself. Furthermore, the chips are more resistant to tampering than magnetic stripes, which can be read and written on with readily available equipment. Over 20 million smart cards are now in use in France.

One motivation for smart-card introduction in the U.S. today is the possibility of multiple uses for the same card. In theory, the same silicon-imbued piece of plastic could serve as personal identification, credit card, automated teller machine (ATM) card, telephone credit card, transit pass, carrier of crucial medical information and cash substitute for small transactions in person or over the Internet. Additional uses are limited mostly by issuers' imaginations and consumer acceptance. As a single card becomes able to hold more parts of a person's life, security and privacy concerns will have to be met; cards of the future will probably be highly personalized.

Standardizing Intelligent Transactions

Smart cards are becoming more attractive as the price of microcomputing power and storage continues to drop. They have two main advantages over magnetic-stripe cards. First, they can carry 10 or even 100 times as much information-and hold it much more robustly. Second, they can execute complex tasks in conjunction with a terminal. For example, a smart card can engage in a sequence of questions and answers that verifies the validity of information stored on the card and the identity of the card-reading terminal. A card using such an algorithm might be able to convince a local terminal that its owner had enough money to pay for a transaction without revealing the actual balance or the account number. Depending on the importance of the information involved, security might rely on a personal identification number such as those used with automated teller machines, a midrange encipherment system, such as the Data Encryption Standard (DES), or a highly secure public-key scheme.

Smart cards are not a new phenomenon. They have been in development since the late 1970s and have found major applications in Europe, with more than a quarter of a billion cards made so far. The vast majority of chips have gone into prepaid, disposable telephone cards, but even so the experience gained has reduced manufacturing costs, improved reliability and proved the viability of smart cards. International and national standards for smart cards are well under development to ensure that cards, readers and the software for the many different applications that may reside on them can work together seamlessly and securely. Standards set by the International Organization for Standardization (ISO), for example, govern the placement of contacts on the face of a smart card so that any card and reader will be able to connect.

Industry-specific standards are being developed for cards to be used in applications as diverse as digital cellular phones, satellite and cable television and, of course, finance. Recently Visa, MasterCard and Europay agreed on a common specification for smart cards that defines the basic protocols for communication between cards and readers (analogous to the RS-232 standards that govern communication between personal computers and modems). The specification is general enough so that virtually any kind of information can be exchanged by hardware and software that conform to it. As a result, this agreement could bring the convenience of a single card for purchases, ATM withdrawals, frequent flier miles and even Internet access.

Under the Hood

Standards dictate a card's shape and electrical connections, but the technology inside has gone through significant evolution. The simplest "memory" cards contain only nonvolatile memory and a limited amount of logic circuitry for control and security. They typically serve as prepaid telephone cards-a terminal inside the pay phone writes a declining balance into the card's memory as the call progresses; the card is discarded when its balance runs out.

Smart cards are more sophisticated and contain a chip with a central processing unit and various kinds of short- and long-term memory cells. Some versions may also incorporate a special coprocessing circuit for cryptographic operations to speed the job of encoding and decoding messages or generating digital signatures to validate the information transferred. [For more information on the kinds of cryptographic protocols that could be employed in smart cards, see "Confidential Communication on the Internet," by Thomas Beth; Scientific American, December 1995, and "Achieving Electronic Privacy," by David Chaum; Scientific American, August 1992.] Smart-card standards place no limitation on the amount of processing power in the card as long as the chip in question can fit the space allotted for it under the contact pad. Current smart cards, made by firms such as Giesecke & Devrient, Gemplus, Schlumberger and Solaic, range in price from less than $1 to about $20. (The silicon inside the cards is made by companies such as Motorola, Siemens and SGS-Thompson.) A magnetic-stripe card, in contrast, may cost between 10 and 50 cents, depending on whether the card is bare or incorporates a photograph or a holographic patch and on how many cards are made at once.

Because the cards are dependent on an outside power source provided by the reader interface, any information held in conventional random-access memory (RAM) will be lost every time it is removed from a reader. Hence, smart-card microprocessors use only a few hundred bytes of RAM as a scratchpad for working on transactions in progress. The software that controls a card's operations must survive from one use to the next, and so it occupies between three and 20 kilobytes of permanent nonvolatile read-only memory (ROM). The contents of the ROM are fixed in the chip when it is made. The personal, financial or medical data that give each card value to its owner reside in an alterable nonvolatile memory (EEPROM, for electrically erasable programmable read-only memory) of between one and 16 kilobytes.

The need for security influences the design and handling of the card, its embedded circuitry and its software. Microprocessors used in smart cards are specifically designed to restrict access to stored information and to prevent the card from use by unauthorized parties. Typically a card will work only in a well-characterized operating environment.

For example, criminals may attempt to force the card to operate outside certain voltage or clock frequency ranges in the hope that it will display weaknesses that can be exploited; a properly designed device will automatically fail to respond under such conditions. In some cases, circuit links may be designed to become inoperable once a card has been programmed, so that vital data cannot be altered. Manufacturers also employ special tamper-resistant techniques that would prevent a thief from getting to the microscopic circuitry directly.

Most smart cards require physical contact between the card and pins in the reader, but a growing set of applications depends on so-called contactless cards. Short-range cards operate by electrical inductive or capacitive coupling with the reader and card a millimeter or so apart; longer-range ones communicate by radio signals. (The radio-frequency energy emitted by the reader also powers the cards, which must therefore be extremely sparing of current.) Contactless smart cards are often used in situations where transactions must be processed very fast, as in mass-transit turnstiles. Transit system operators in Hong Kong, Washington, D.C., Manchester, England, and about a dozen other cities have tested contactless cards; Hong Kong will issue three million cards by 1997.

Developers and users are working together to develop firm standards for long-range contactless cards. Efforts are also under way to standardize hybrid cards that can communicate either directly or by radio links. Lufthansa, the German national airline, has already begun issuing a hybrid card to frequent fliers; the contactless part serves as an ID card for the firm's paperless ticketing system, and the contacts make for a European-standard smart credit card. Roughly 350,000 will be in circulation by year's end.

The smart card is a technical achievement in its own right; it is, however, merely the most identifiable part of a vastly larger transaction system that surrounds it. The traits of this infrastructure may have much more influence on the evolution of the card's role in society than do the characteristics of the card itself. It is therefore important to see how the card would function as part of the larger system to understand why it might be appealing.

The Big Picture

 Consider, for example, the stored-value card, at present the most common application of chip-card technology. The attractions of such a card hinge on the relatively high overhead costs of alternatives such as credit cards or cash. Even in the U.S., verification costs are too high to allow a profit on conventional card transactions smaller than a few dollars. The stored-value card minimizes transaction costs by carrying monetary value directly, instead of merely acting as a pointer to an account. It transfers the digital equivalent of bills or coins to a merchant's digital "cash register," whereupon they can be deposited in a bank. Children, tourists and others who do not have a local bank account can use these cards, which can even be sold from vending machines.

Such cards are particularly attractive for pay phones, parking meters, photocopiers and vending machines. By eliminating the coin box, they remove a tempting target for thieves and vandals. Although digital tills must be secured against both unauthorized emptying and stuffing with counterfeit electronic cash, these problems appear easier to handle than their physical counterparts.

Bypassing the handling of money in paper or metallic form could generate significant savings. Economists estimate that counting, moving, storing and safeguarding cash cost about 4 percent of the value of all transactions. The interest lost by holding cash instead of keeping money on deposit is also substantial. The Royal Bank of Canada, which is participating in digital-cash trials in Ontario, keeps about a billion dollars on hand at all times.

The costs per transaction of stored-value cards tend to be lower than those for credit cards and cash, but initial capital costs tend to be higher. The cards themselves cost more, and whoever pioneers their use must bear the expense of installing an infrastructure of card readers. In addition, software designed to process transactions by credit and debit card must be modified to deal with the new form, which more closely resembles a digital traveler's check. A typical smart-card reader costs over $100, roughly comparable to the price of the box that reads a magnetic-stripe card and calls a credit-card company to verify a transaction. There are over 13,000 smart-card readers in the U.S. versus more than five million devices capable of dealing with conventional credit cards.

More than two dozen companies are working on smart-card readers, and prices will no doubt drop with volume production. Nevertheless, the amount of equipment that must be installed is substantial. Outside the U.S., the number of stored-value cards is steadily growing, with major national programs implemented or planned in Australia, Canada, Chile, Colombia, Denmark, Italy, Portugal, Singapore, Spain, Taiwan, the U.K. and elsewhere. Levels of consumer acceptance vary; the cards provide clear potential savings for banks and merchants, but transforming those benefits into incentives for users can be difficult. National banking authorities are also understandably cautious about what is in effect a new method of printing money, with no fixed rules about whose authority guarantees its value.

Most stored-value cards now in use are disposable. Reloadable devices would work the same way for making purchases but would have extra software that would enable a consumer to transfer money to a depleted card. (Encryption or other security techniques would help ensure that a card could be recharged only in a legitimate transaction.) Citibank, Chase Manhattan, Visa and MasterCard are assembling a pilot program for stored-value cards in New York City. The companies will issue reloadable smart cards to approximately 50,000 customers; the cards will also have magnetic stripes for conventional transactions. About 500 stores, restaurants and other merchants will have readers capable of accepting electronic-cash transactions. More than one million stored-value cards are also being issued for the 1996 Olympic Games in Atlanta; they can be used in Olympic venues and at several thousand nearby shops.

A number of groups are backing competing smart-card schemes for stored value. All use essentially the same hardware, but their software differs. Manufacturers of card readers are therefore developing equipment capable of handling multiple protocols. It is not yet clear which system consumers will favor, and each has its own strengths and weaknesses. The stored-value protocols of the New York and Atlanta pilot programs, for example, are relatively simple but limited-for example, there is no provision for rescinding or replacing the value of a card that is lost or stolen. The DigiCash system, which relies on complex cryptographic protocols, is both secure and untraceable but requires more processing power and hence more expensive cards. The British Mondex system, meanwhile, is intended as a full-scale secure cash replacement: electronic money can pass from one user to another indefinitely without being redeposited in a bank. A trial is under way in Swindon in the southwest of England, and another one is beginning in Guelph, Ontario, where even parking meters will accept digital currency.

Protecting Health

In a mark of the technology's versatility, smart cards can also carry vital medical information. Instead of just indicating that a person has medical insurance, for example, a card can store details of the coverage. It can also provide basic medical information, such as lists of drug sensitivities, current conditions being treated, the name and phone number of a patient's doctor and other information vital in an emergency. An intelligent card that carries only the information most relevant to current treatment can streamline care significantly even as it bypasses the potentially intractable privacy and ownership concerns that would arise if health care administrators attempted to place every patient's complete medical history on a chip for easy portability.

Indeed, simply automating the process of entering a person's name and account number into medical forms can make insurance processing much more efficient. Germany has recently begun to issue to all its citizens chip cards that will carry their basic health insurance information, and France is investigating a similar program. Both countries have thus far decided against storing more sensitive data on chips until legal, ethical and security issues can be ironed out.

In France and Japan, kidney patients can carry cards that hold their dialysis records and treatment prescriptions. Dialysis patients often need their blood cleansed two or three times a week. Each session involves a particular set of machine parameters and a personalized combination of drugs as well as the use of a kidney dialysis machine. Before the introduction of the smart cards, patients could go only to the local dialysis center where their records were kept, but now they have the geographic mobility most of us take for granted. Security checks built into the cards help to ensure that no one except doctors and other authorized persons can read or update treatment information. 

Personal Communication

Because the telecommunications costs involved in verifying credit-card transactions have played a crucial role in the history of smart cards, it is perhaps appropriate that one of the device's most innovative applications is at the heart of a new generation of mobile communications. The Global System of Mobile Communications (GSM) is a technical specification for digital cellular telephones; about 10 million people have GSM phones, and service is available or under development in more than 85 countries. Every GSM handset is designed to accept a smart card that carries information about the telephone number of the card's owner and the suite of services it can access. A Swiss executive traveling to Belgium can just remove the smart card from her GSM unit at home and plug it into a rented or borrowed unit at her destination. When callers dial her number, the switching system will automatically locate the handset with her smart card anywhere in the world and deliver the call to it. In addition, the smart card can encrypt the transmission, preventing the casual eavesdropping possible with other forms of cellular phones.

As with other smart-card applications, the U.S. lags behind many nations in GSM services. There are a few pilot programs in place, but widespread deployment is not expected until 1997. The GSM systems being built in the U.S. operate at a frequency of 1.9 gigahertz instead of the 1.8 gigahertz used elsewhere and employ two competing, incompatible technologies. As a result, handsets may be useless outside their home range. The smart cards that animate them, however, should work anywhere. 

Cards That Know You

If smart cards can give identity to an electronic device, will they eventually serve as foolproof credentials for humans as well? Smart cards can carry much more information than the paper or plastic rectangles that are used to constitute drivers' licenses, insurance cards or other kinds of identification. And they can probably carry it more securely.

ID cards often have a picture and signature so that authorities can make sure the bearer matches the card. Smart cards can store a PIN to improve security, but they can also add a catalogue of other biometric identifiers: voiceprints, fingerprints, retina scans, iris scans or dynamic signature patterns. Presented with a card holding a reference pattern of some kind, computers can determine with a remarkable degree of accuracy how well its bearer matches that pattern. Customs authorities in the Netherlands have already tested a system to speed passport checking at the airport for frequent fliers: the person puts a finger on a glass plate, and a video camera captures the fingerprint; a computer then compares the video image with a reference print stored on the smart card. With the template on a smart card, there is no need to connect to a centralized database to confirm a person's identity.

Such matching techniques are as yet imperfect-the smart cards function well, but the algorithms for deriving and comparing the biometric patterns are still imperfect. Furthermore, designers must decide whether they are more interested in rejecting impostors or making sure that legitimate cardholders are always accepted. A card that subjects its owner to the embarrassment of an ID mismatch even once a year is unlikely to find wide acceptance.

This consideration and others suggest that smart cards have reached a first plateau of technological maturity: their capacity is no longer the limiting factor in systems that employ them. Instead their future depends on software design, economics, liability and privacy concerns, consumer acceptance and a host of other political and personal issues.


Further Reading

"Get Set! Smartcards Are Coming to America." Patrick Gauthier in Portable Design, Vol. 1, No. 6, pages 31-34; May 1996.

"A Chip Off the Old Security Block." Andrea McKenna Findlay in Card Technology (Faulkner & Gray), Vol. 1, No. 2, pages 52-60; May/June 1996.

"Cryptographic Smart Cards." David Naccache and David M'Raihi in IEEE Micro, Vol. 16, No. 3, pages 14-24; June 1996.

"Public-Key Security Systems." Mahdi Abdelguerfi, Burton S. Kaliski, Jr., and Wayne Patterson in IEEE Micro, Vol. 16, No. 3, pages 10-13; June 1996.


Futher Links

Smart card information from AIT World

Smart card FAQ

Smart card links from CompInfo

Smart card links from Gemplus




Página creada y actualizada por grupo "mmm".
     Para cualquier cambio, sugerencia,etc. contactar con: fores@uv.es
     © a.r.e.a./Dr.Vicente Forés López
      Universitat de València Press
   Creada: 15/09/2000 Última Actualización: 18/06/2001