History
Smart card is a small device that resembles a credit card but contains an embedded microprocessor to store and process information. Magnetic-stripe cards, which store a very small amount of information (most typically used to identify the owner) and have no processing capability of their own, can be thought of as primitive smart cards. A true smart card contains 80 or more times as much memory, and the microprocessor allows information to be read and updated every time the card is used. Contact cards, which must be swiped through card readers, are less prone to misalignment and being misread but tend to wear out from the contact; contactless cards, which are read by holding the card in front of a low-powered laser, can be used in mobile applications, such as collecting tolls from cards as drivers pass through toll booths without stopping.
Developed in 1973 by the Frenchman Roland Marino, the smart card was not introduced commercially until 1981, when the French state telephone system adopted it as an integral part of its phone card network. This led to widespread use in France and then Germany, where patients have health records stored on the cards. A large-scale pilot program involving 40,000 people and 1,000 retail merchants and using smart cards as stored value, or electronic purse, cards—in which the card contains a stored monetary value that is decremented with each purchase and incremented by loading additional value onto the card through automated teller machines (ATMs) or public telephones—was initiated in Swindon, England, in 1995. Smaller pilots were held in Canberra, Australia; in the Atlanta, Ga., metropolitan area in conjunction with the 1996 Summer Olympic Games; in New York City; and in Guelph, Ontario. All of these achieved only limited customer acceptance and were shut down by 1998. Another major problem is that these and other smart card ventures do not have a common technology; global acceptability will come only after international standards are adopted.
As memory capacity, computing power, and data encryption capabilities of the microprocessor increase, smart cards are envisioned as replacing such commonplace items as cash, airline and theater tickets, credit and debit cards, toll tokens, medical records, and keys. Suggested government use of a single smart card to replace driver's licenses, passports, social security and welfare documentation, and the like has caused a debate concerning the civil liberty implications of such uses of the smart card.
|
|
Personalized Gift Cards |
| Driver Lincesing | Secure ID |
| Employer ID Cards | Smart Cards |
| Loyalty Cards | Student Identification |
| Membership Cards | Visitor Badges |
| National ID | Access Control |
Print bank cards on-demand at the branch level for improved business processes and customer service.
Increase customer satisfaction by producing credit, debit and ATM cards on-demand. Creating bank cards at the branch level means customers can start using the card immediately – making banks more competitive.
Communication with the outside world
A Smart Card and a Card Accepting Device (CAD) communicate via means of small data packets called APDUs (Application Protocol Data Units). The following characteristics of this interaction make it harder for third parties to attack the system successfully:
- Small bit rate (9600 bits per second) using a serial bi-directional transmission line (ISO standard 7816/3),
- half duplex mode for sending the information (data only travels in one direction at a time)
- The communication follows a sophisticated protocol, described below.
However, every external device communicating with the card makes it more vulnerable to attack via the communication link.
The Smart Card and the CAD use a mutual active authentication protocol to identify each other. The card generates a random number and sends it to the CAD, which encrypt the number with a shared encryption key before returning it to the card. The card then compares the returned result with its own encryption. The pair may then perform the operation in reverse.
Once communication is established, each message between the pair is verified through a message authentication code. This is a number that is calculated based on the data itself, an encryption key, and a random number. If data has been altered (for any reason, including transmission errors) message must be retransmitted. Alternatively, if the chip has sufficient memory and processing power, the data can be verified through a digital signature.
The most common encryption methods are symmetric DES (Data Encryption Standard), 3DES (triple DES) and public key RSA (Rivest-Shamir-Adleman's algorithm), allowing up 56, 168, and 1024 bit long keys, respectively. Unfortunately, these keys are not unbreakable, as explained by Ross Anderson and Markus Kuhn in their book `Design Principles for Tamper-Resistant Smart Card Processors'. The pair managed to crack the Dallas DS5002FP Secure Microcontroller, described at the time by one European signals intelligence agency as the most secure processor available on general sale. They used brute force methods on a PC enhanced with a couple of hundred dollars of extra hardware!
We Excel has always been a adaptable Smart Card Solutions provider with an in-depth knowledge of the technologies associated to smart card industry. We have a R&D smart card team have an out of the box knowledge of smart card tools and technologies.
| TECHNOLOGY EXPERTISE |
 |
|