Browse Prior Art Database

Publication Date: 2002-Oct-21

Publishing Venue

The Prior Art Database


Background A smart card is a credit card sized piece of plastic with an integrated circuit chip embedded in it. Data placed on the chip can be read and updated when the card is inserted into a terminal or, in some cases, when it is simply placed in the proximity of a radio-frequency based smart card device. Applications include: • Prepayment for services. (prepaid phone cards) • Digital cash. (i.e., credit, debit and e-purse cards, ATM card, vending machines) • Loyalty cards for discounts. • Access control to buildings, computers or other secure areas. • Storing a patient's medical records. • Generating network IDs. There are two basic types of cards that are often called smart cards and some are decidedly smarter than others. The first is a simple memory card that, like the familiar magnetic stripe card, stores data. Unlike a magnetic stripe card, it can write new data over existing data many times and it can store, depending on the card, up to 32 Kbytes of information. While memory cards qualify as smart cards, at least in comparison with magnetic stripe technology, the integrated circuit card is the truly intelligent member of this family. It is really a tiny computer, complete with an operating system, and the ability to run multiple applications from the same chip. Because a smart card is programmable, applications and data can be downloaded onto it for a wide variety of uses, even on a single card. Because it has storage and processing capability, it can add or subtract value, like a debit card, a pre-paid phone card, or a loyalty card. The ability to act as a computer also brings security features not found in credit cards. Unlike the archetypal credit cards and their magnetic stripes, smart cards have an actual processor built right in and can be written to an infinite number of times. Smart cards require a high level of security, ensuring no one can "hack" the value off a card, or otherwise put unauthorized information on the card. Because it is hard to get at the data without authorization, and because it fits into one's pocket, a smart card is uniquely appropriate for secure and convenient data storage. On the software side of security, smart cards must ensure both authentication and authorization. The holder of a smart card is authenticated, via a PIN or other mechanism, to conduct certain types of business. Authorization refers to the types of information or activities the authenticated cardholder is entitled to. In the situation that the data you wish to access isn't on the card itself, a smart card can also do certification. In this process, the smart card produces a digital authentication certificate that allows the authenticated individual to access the described data. This is anticipated to be an increasingly interesting application when smart cards are used to access information on corporate intranets or on the Internet. The largest smart card markets are believed to be in the prepayment applications, access control, and electronic cash applications. The reason for this is the smart cards' intrinsic portability and security. People are looking for smaller and smaller ways to carry their data with them. Smart cards are another step in this direction. While the built-in processor gives it much capability, a smart card is not a stand-alone computer. It must be connected to other computers to be of use. Smart cards today contain an 8-bit micro-controller and hold 16 KB or more of information. To make a computer and a smart card communicate, one places the card in a smart card reader. The smart card reader, which is connected to a computer, is used either to pull information from it or add data to it. There is also a type of smart card, called a contact-less card, which transfers data over radio waves. In either case, they must be designed for high levels of data integrity, working under all conditions and keeping data safe even if exposed to power fluctuations, handling, heat or other outside influences. ISO7816 (world wide) specifications and EMV (Eurocard, Master card, Visa) specifications, allow voltage requirements for smart cards to come in two values- 3 volt and 5 volt. As a result, the smart card reader is not only responsible for communication, but must also provide the correct power supply voltage as required by any given smart card. ISO and EMV specifications also define the smart card clock operating frequency. Frequencies up to 20MHz are allowed.