Home Up Schumberger Payflex Gemplus MPCOS G&D StarCOS Infineon MULTOS Contactless Combi / Hybrid ACS Cards Oberthur

Smartcards - Integrated Circuit Card - ICC smart cards

A smart card is of the size of a credit card, which bears a small microprocessor. The microprocessor makes the card 'smart' and differentiates it from other plastic cards. The card can process instructions, just like a Personal Computer rather than just store information. These tiny chips are even more powerful than the bulky early personal computers that emerged in the early 70's.

The card can be programmed, and new applications could be added after its issue. It can also store comparatively large amounts of information and can control access to its stored information.

A smartcard is a credit card sized plastic card with a microchip module embedded according to the International Standards Organisation 7816 standard. There are several types of media that fall into the smartcard category. These devices have a lot of common features and may be described Simple smartcards, Smartcards, Super Smartcards and Contactless smartcards.

Most Smart cards, if not all, incorporate an integrated circuit chip (ICC) on the plastic card. This ICC is usually a micro-controller with limited computational power and I/O support. ISO uses the term, Integrated Circuit Card (ICC) to identify all those devices where an integrated circuit is contained within an ISO ID1 identification card piece of plastic.

The Smartcard looks like a common credit card, but the resemblance ends there. Hidden in the thickness of the plastic, a powerful brain controls the card's functions and opens access to networks and computers. It allows the card to capture, verify, store and transmit information (transactions) in a way that can be directed to mainframe computers for further processing. It can also validate the identity of the cardholder through network access.

A typical smart card has the same dimensions as a standard credit card and appears to be very similar with the exception of a set of gold contacts. When inserted into a reader, these contacts provide power to a microprocessor located on the smart card; the smart card is thus able to store and process information, in particular cryptographic keys and algorithms for providing digital signatures and for use with other encryption.

Because of their programmability, chip-based cards are capable of performing many further functions. Access to buildings and to locations within buildings can be regulated using such devices. Similarly, chip-cards can be an effective and efficient way to represent and check tickets, and to provide evidence of organisational membership.

In effect, the Smartcard is a portable data storage device. It can process information to authenticate the card, identify the cardholder, encrypt and decrypt messages, and generate electronic signatures. Thus, it provides an automated form of user accountability, as it maintains a log that keeps track of such things as who used the card, when the transaction took place, and what merchandise was bought. The magnetic strip card lacks this capability.

Since a smart card uses multi directional interaction between the card and the reader, true authentication of identity can be met in a more secure way than the traditional magnetic stripe card. The cardholder's identity is held on the card via a secret key. The smart card achieves this capability using a small built in computer (the smart chip).

This computer allows the card to interact with the card reader, not just pass information to it. Unlike magnetic cards, this identifier cannot leave the card so there is never an issue of 'sniffing' someone else's identifier. Historically, smart cards have been used as 'purse' or stored value cards. Such cards had little functionality and performed only minor computing tasks such as increasing or decreasing the stored value on the card.

EMV-compliant chip technology

To ensure chip cards are recognised and accepted in all countries where card payments are made, countries around the world are building them to an international specification originally set by the international card schemes Europay, MasterCard and Visa (EMV).

In 1996, Europay, MasterCard and Visa first released flexible specifications for smart card-based debit and credit payments. In 1999, the three card associations founded EMVCo, an independent organization, to manage and enhance EMV specifications as technology advances and the implementation of chip card programs become more prevalent.

Since then, EMVCo has published specification updates that factor in advancements in smart card technology, such as faster chip speeds. EMVCo also established a single approval process for POS terminals and ATMs to ensure cross-payment system interoperability.

Because smart cards can hold far more information than magnetic-stripe cards, and because data cannot be copied as readily from them as it can from magnetic stripe cards, issuers throughout the world are beginning to adopt the EMV standard.

According to a report published by Verifone, entitled "EMV: Global Framework for Smart Card Payments," Visa estimates that counterfeiting can be decreased by at least 70 percent with smart cards.

The financial industry in the United Kingdom became one of the first to endorse EMV specifications when card fraud soared there during the mid-‘90s. In 1999, the UK began converting its approximately 80 million mag-stripe debit and credit cards to smart cards, and began requiring ATMs and POS terminals to be equipped with EMV-compliant card readers.

Western Europe faced a deadline of January 2005 to make the smart card/EMV switch. Central and Eastern Europe, the Middle East, Africa and Asia/Pacific must make the move by January 2006.

American card issuers have been reluctant to adopt EMV because fraud has not been as great a problem as it is in countries like the UK.  It appears that Germany has seen a surge in credit card fraud which historically moves to the place of least resistance.

Chip cards will still have a magnetic stripe on the back for a number of years to ensure that cards can continue to be used where chip technology is not available.

There exist two types of so called chip cards. While one type of cards (memory cards) are just a bunch of E˛Prom storage, the second type of cards is more like a small computer. It includes a microcontroller with RAM for operation, ROM for holding the OS and E˛Prom for holding your data and your program. It communicates with the outer world through its chip contacts by use of a bi-directional serial interface. This interface and most other SmartCard related facts are standardized by the International Organization for Standardization (ISO) in ISO 7816 standard.

Having a microcontroller inside a Smartcard is an advantage of this technology. This is because only the microcontroller is in control of all other parts (communication, RAM, ROM and E˛Prom). This means only the program executed by the microcontroller has access to data stored in E˛Prom and so your program decides which data is exchanged with the outer world and which conditions are required before this data can be exchanged.

Smart cards come in two varieties: memory and microprocessor. Memory cards simply store data and can be viewed as a small floppy disk with optional security. A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port operating system and hard disk with built-in security features.

Smart cards have two different types of interfaces: contact and contactless. Contact smart cards are inserted into a smart card reader, making physical contact with the reader. However, contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security.

The SmartCard is a microchip-based card that uses technology similar to the technology found in computers. Just like the magnetic stripe found on other cards, smart cards can hold personal information and other machine instructions. What makes these cards different is that the chip can store up to 1,000 times more information than magnetic striped cards.

It can also make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).

Memory-only cards store programs or data. They replace transaction vouchers, magnetic media or currency. As they contain no processing capabilities or significant security, they are often used as a stored-value card or “electronic purse” for relatively inexpensive transactions like telephone tolls, rapid-transit fares, and road tolls. Microprocessor cards, by contrast, can process data. They often replace magnetic-stripe cards, transaction vouchers, identity cards and currency. This card processes data based on procedures stored within it, including cryptographic procedures for security purposes.

Microprocessor cards themselves come in two kinds, distinguished by their memory. Information in EPROM (erasable programmable read only memory) can be erased, and the memory can be reused, without complex processes. Once EEPROM (electrically erasable programmable read only memory) has been used, it cannot be reused without going through a process to erase the information utilizing an electronic tool. Choosing between the two kinds for use in a Smartcard comes down to economics. The EPROM card is more expensive. But the EEPROM card must reissue once its memory has been used up.

Magnetic strips on credit cards are easy to clone, and are used by fraudsters to make illegal transactions in other people's names. It is also cheap to do so, using devices that can cost as little as US$2,251. Return on investment is thus immediate for fraudsters when cloning a corporate credit card, for instance.

The chip card is much more difficult to clone, because the data is encrypted, and safety measures of encryption and decryption are incorporated on both the card and the terminal reader side, through public key infrastructure (PKI).

The chip card is also authenticated by a personal identification (PIN) number, which reduces the risk of the card being used by persons other than the cardholder although even that may be replaced by security measures that incorporate biometrics, such as fingerprint identification, for an even more secure environment.

The smartcard is a PKI enabling device. It enables the storage of digital keys and certificates on a microchip within a physically secure device. Once stored or created on the smartcard, your private keys can never be removed. As such, all signing and encryption activity takes place on the smartcard.

Another major advantage of the chip card is the ability to load multiple applications on the chip, which means that it can be used for more applications than just payments such as secure e-commerce, loyalty points, insurance policies and identification data - photo and fingerprint - to be loaded on the card.

Multi-function Smart Card Now Under a Dollar

03/05 - MasterCard has teamed up with technology companies including Keycorp Limited of Australia, Infineon Technologies AG of Germany and a number of leading regional and global smart card manufacturers to deliver the US$0.99 white card, based on the new MULTOS step/one platform.

MasterCard first introduced the MULTOS-based multi-application smart card under its US$2.99 chip program in December 2000. In December 2003, MasterCard brought down the price of its state of the art, multi-application MULTOS card by 33 percent to US$1.99.

The new US$0.99 smart card contains M/Chip, the MasterCard EMV credit/debit application, and the MasterCard Open Data Storage program (MODS), which allows for the secure storage and retrieval of personal data for loyalty, e-ticketing and more. Issuers also have the option of loading other value-added applications of their choice to the card. The ability to offer these high specification smart cards at such a competitive price was made possible by the increasing adoption of smart cards and MasterCard’s collaboration with key industry players.

Smart Card Memory Types - ROM Read only memory (mask ROM), EEPROM (Electrically erasable PROM), RAM (Random access memory)

Information on the manufacture of smart cards. Wafers, chips and modules, chip classifications, memory chip, microcontroller chips, operating systems, readers and terminals.

U. S. Government Smart Card Handbook - resource guide on smart cards

Smartcard standards and specifications

Documentation on smart cards, memory cards, cryptography and applications from SDlogic.

Schlumberger Payflex
Gemplus MPCOS
Cryptoflex 16k and 8k
GPK 4K, 8K, 16K
USB tokens based on CardOS/M4, such as Aladdin eToken PRO, etc.
Starcos SPK 2.3 (e.g. Rainbow iKey 3000)
JCOP 31bio

OpenSC Smart Card Driver Names

The supported internal card driver names in OpenSC are

etoken - Aladdin eToken and other Siemens CardOS cards
flex - Schlumberger Multiflex/Cryptoflex
cyberflex - Schlumberger Cyberflex
gpk - Gemplus GPK
miocos - MioCOS 1.1
mcrd - MICARDO 2.1
setcos - Setec cards
starcos - STARCOS SPK 2.3
tcos - TCOS 2.0
openpgp - OpenPGP Card v1.0
jcop - JCOP cards with BlueZ PKCS#15 applet
oberthur - Oberthur AuthentIC .v2/CosmopolIC.v4
belpic - Belpic cards
emv - EMV compatible cards