Table of Contents

Introduction
Smart Card Basics
Overview & Applications
Why Smart Cards
Types of Chip Cards
Smart Card Form Factors
Integrated Circuits and Operating Systems
Smart Card Readers/Terminals
Smart Card Standards
System Planning & Deployment
Smart Card Information Security
Smart Card Data logging Security
Smart Card Data Security
Conclusions

References

Smart Card Basics

Smart Card or Chip card technology is fast becoming commonplace in our culture and daily
lives. We hope that this site will bring you a little closer in your understanding of this
exciting technology and the benefits it can bring to your applications.
If you have specific questions regarding a specific technology discussed below feel free to
send us an email and the appropriate site sponsor will respond.
Overview & Applications
A smart card, a type of chip card, is a plastic card embedded with a computer chip that
stores and transacts data between users. This data is associated with either value or
information or both and is stored and processed within the cards chip, either a memory
or microprocessor. The card data is transacted via a reader that is part of a computing
system. Smart card-enhanced systems are in use today throughout several key
applications, including healthcare, banking, entertainment and transportation. To various
degrees, all applications can benefit from the added features and security that smart
cards provide. According to Eurosmart, worldwide smart card shipments will grow 10%
in 2010 to 5.455 billion cards. Markets that have been traditionally served by other
machine readable card technologies such as bar-code and magnetic stripe are
converting as the calculated return on investment is revisited by the each card issuer
year after year.
First introduced in Europe nearly three decades ago, smart cards debuted as a stored
value tool for pay phones to reduce theft. As smart cards and other chip-based cards
advanced, people found new ways to use them, including charge cards for credit
purchases and for record keeping in place of paper.
In the U.S., consumers have been using chip cards for everything from visiting libraries
to buying groceries to attending movies, firmly integrating them into our everyday lives.

Several U.S. states have chip card programs in progress for government applications
ranging from the Department of Motor Vehicles to Electronic Benefit Transfer (EBT).
Many industries have implemented the power of smart cards into their products such as
GSM digital cellular phones to TV-satellite decoders.

Why Smart Cards

Smart cards greatly the convenience and security of any transaction. They provide tamperproof storage of user and account identity. Smart card systems have proven to be more
reliable than other machine-readable cards, such as magnetic-stripe and bar-code, with
many studies showing card read life and reader life improvements demonstrating much
lower cost of system maintenance. Smart cards also provide vital components of system
security for the exchange of data throughout virtually any type of network. They protect
against a full range of security threats, from careless storage of user passwords to
sophisticated system hacks. The costs to manage password resets for an organization or
enterprise are very high, thus making smart cards a cost-effective solution in these
environments. Multifunction cards can also serve as network system access and store
value and other data. Worldwide, people are now using smart cards for a wide variety of
daily tasks. These include:
SIM Cards and Telecommunication
The largest use application of smart card technology is in Subscriber Identity Modules
(SIM) as required by the standard for all Global System for Mobile Communication (GSM)
phone systems; each phone utilizes the unique identity as presented in the SIM to manage
the rights and privileges on that network and all other networks that are tied by agreement
to roam. This use case represents over half of all smart cards consumed each year. The
Universal Subscriber Identification Modules (USIM) is also being used to bridge the identity
gap as phones transition between a GSM and a UTMS or 3G network operator.
Loyalty and Stored Value
Another use of smart cards is stored value, particularly loyalty programs that track and
incentivize repeat customers. Stored value is more convenient and safer than cash. For
issuers, float is realized on unspent balances and residuals on balances that are never
used.
For multi-chain retailers that administer loyalty programs across many different businesses

and POS systems, smart cards can centrally locate and track all data. The applications are
numerous, from transportation systems, including parking and laundry, to gaming, as well
as all retail and many entertainment uses.
Securing Digital Content and Physical Assets
In addition to information security, smart cards achieve greater security of services and
equipment, because the card restricts access to all but the authorized user(s). Information
and entertainment is being delivered via satellite or cable to the home DVR player or cable
box or cable-enabled PC. Home delivery of service is encrypted and decrypted via the
smart card per subscriber access. Digital video broadcast systems have already adopted
smart cards as electronic keys for protection. Smart cards can also act as keys to machine
settings for sensitive laboratory equipment and dispensers for drugs, tools, library cards,
health club equipment etc. In some environments, smart card enabled- SD and microSD
cards are protecting digital content as it is being delivered to the mobile hand-sets/ phones.
E-Commerce
Smart cards make it easy for consumers to securely store information and cash for
purchasing. The advantages they offer consumers are:

The card can carry personal account, credit and buying preference information that
can be accessed with a mouse click instead of filling out forms.

Cards can manage and control expenditures with automatic limits and reporting.

Internet loyalty programs can be deployed across multiple vendors with disparate
POS systems and the card acts as a secure central depository for points or rewards.

Micro Payments - paying nominal costs without transaction fees associated with
credit cards, or for amounts too small for cash, like reprint charges.

Bank Issued Cards

Around the globe the bank controlled Co-ops (Visa, MasterCard, Discover, and
American Express) have rolled out millions of smart cards under the EMV (Europay,
MasterCard, VISA) standard. Often referred to as chip and PIN cards; these are the de
facto type of cards for bank issuance in most countries except the U.S. As Canada has
just recently started its regulatory shift of EMV cards the U.S. will be the sole island in
North America that has not yet made the adoption. This adoption is being driven by the
increased types of fraud for both credit and debit cards. Smart cards have been proven
to secure a transaction with regularity, so much so that the EMV standard has become
the norm.
As banks enter competition in newly opened markets such as investment brokerages,
they are securing transactions via smart cards at an increased rate. This means:

Smart cards increase trust through improved security. Two-Factor Authentication

insures protection of data and value across the internet. Threats such as the Man in
the middle and Trojan Horses that replay a user name and password are
eliminated

This is improving customer service. Customers can use secure smart cards for fast,
24-hour electronic funds transfers over the internet

Costs are reduced: transactions that normally would require a bank employees time
and paperwork can be managed electronically by the customer with a smart card

Healthcare Informatics
The explosion of health care data brings up new challenges to the efficiency of patient
care and privacy safeguards. Smart cards solve both challenges with secure, mobile
storage and distribution of everything from emergency data to benefits status. Many
socialized countries have already adopted smart cards as credentials for their health

networks and as a means of carrying an immediately retrievable Electronic Health

Record (EHR). Benefits include:

Rapid, accurate identification of patients; improved treatment

Reduction of fraud with authentication of provider/patient visits and insurance

eligibility

A convenient way to carry data between systems or to sites without systems

Reduction of records maintenance costs

Embedded Medical Device Control

For years, embedded controllers have been in many types of machines, governing the
quality and precision of their function. In Healthcare, embedded smart cards ensure the
best and safest delivery of care in devices such as dialysis machines, blood analyzers
and laser eye surgery equipment.
Enterprise and Network Security
Microsoft Windows, Sun Microsystems (a subsidiary of Oracle Corporation) and all new
versions of Linux have built-in software hooks to deploy smart cards as a replacement
for user name and passwords. Microsoft has built a complete credential platform around
the Scard dll and Crypto Service Provider (CSP). With enterprises realizing that Public
Key Infrastructure (PKI)-enhanced security is what is needed for widely deployed
employees, a smart card badge is the new standard. Business-to-business Intranets
and Virtual Private Networks (VPNs) are enhanced by the use of smart cards. Users
can be authenticated and authorized to have access to specific information based on
preset privileges. Additional applications range from secure email to electronic
commerce.

Physical Access
Businesses and universities of all types need simple identity cards for all employees
and students. Most of these people are also granted access to certain data, equipment
and departments according to their status. Multifunction, microprocessor-based smart
cards incorporate identity with access privileges and can also store value for use in
various locations, such as cafeterias and stores. Many hotels have also adopted
ISO7816 type card readers into the hotel rooms for use by the staff.
All U.S. government and many corporations have now incorporated a contactless
reader as an access point to their facilities. Some companies have incorporated a
biometric component to this credential as well. The older systems deploy a simple
proximity card system as the gate keeper. But as the security requirements have
become stronger and the cost of ISO14443 standard systems have become cheaper,
the world is rapidly adopting this new standard. This market shift is partially driven by
the US governments adoption of the mandated Personal Identity Verification (PIV)
standard. There is a rich ecosystem of suppliers and integrators for this standard.

Types of Chip Cards

Smart cards are defined according to 1). How the card data is read and written and 2).
The type of chip implanted within the card and its capabilities. There is a wide range of
options to choose from when designing your system.
Figure 3-1: Types of chip cards

Card Construction

Mostly all chip cards are built from layers of differing materials, or substrates, that when
brought together properly gives the card a specific life and functionality. The typical card
today is made from PVC, Polyester or Polycarbonate. The card layers are printed first
and then laminated in a large press. The next step in construction is the blanking or die
cutting. This is followed by embedding a chip and then adding data to the card. In all,
there may be up to 30 steps in constructing a card. The total components, including
software and plastics, may be as many as 12 separate items; all this in a unified
package that appears to the user as a simple device.

Contact Cards
These are the most common type of smart card. Electrical contacts located on the
outside of the card connect to a card reader when the card is inserted. This connector is
bonded to the encapsulated chip in the card.
Typical smart card module
Typical Module
C1

C5
VCC

GRD

C2

NO
CONNE

NO
CONNE

C6

C3

CT

CT

C7

CLK

I/O

NO
CONNE

NO
CONNE

CT

CT

C4

C8

Card Contacts
*Image Courtesty of CardLogix
Increased levels of processing power, flexibility and memory will add cost. Single
function cards are usually the most cost-effective solution. Choose the right type of
smart card for your application by determining your required level of security and
evaluating cost versus functionality in relation to the cost of the other hardware
elements found in a typical workflow. All of these variables should be weighted against
the expected lifecycle of the card. On average the cards typically comprise only 10 to 15
percent of the total system cost with the infrastructure, issuance, software, readers,
training and advertising making up the other 85 percent. The following chart
demonstrates some general rules of thumb:

Card Function Trade-Offs

Memory Cards
Memory cards cannot manage files and have no processing power for data
management. All memory cards communicate to readers through synchronous
protocols. In all memory cards you read and write to a fixed address on the card. There
are three primary types of memory cards: 1). Straight, 2). Protected, and 3). Stored
Value. Before designing in these cards into a proposed system the issuer should check
to see if the readers and/or terminals support the communication protocols of the chip.
Most contactless cards are variants on the protected memory/ segmented memory card
idiom.
1) Straight Memory Cards
These cards just store data and have no data processing capabilities. Often made
with I2C or serial flash semiconductors, these cards were traditionally the lowest
cost per bit for user memory. This has now changed with the larger quantities of
processors being built for the GSM market. This has dramatically cut into the
advantage of these types of devices. They should be regarded as floppy disks of
varying sizes without the lock mechanism. These cards cannot identify themselves
to the reader, so your host system has to know what type of card is being inserted
into a reader. These cards are easily duplicated and cannot be tracked by on-card
identifiers
2) Protected / Segmented Memory Cards
These cards have built-in logic to control the access to the memory of the card.
Sometimes referred to as Intelligent Memory cards, these devices can be set to write
protect some or the entire memory array. Some of these cards can be configured to
restrict access to both reading and writing. This is usually done through a password
or system key. Segmented memory cards can be divided into logical sections for
planned multi-functionality. These cards are not easily duplicated but can possibly be
impersonated by hackers. They typically can be tracked by an on-card identifier.

3) Stored Value Memory Cards

These cards are designed for the specific purpose of storing value or tokens. The
cards are either disposable or rechargeable. Most cards of this type incorporate
permanent security measures at the point of manufacture. These measures can
include password keys and logic that are hard-coded into the chip by the
manufacturer. The memory arrays on these devices are set-up as decrements or
counters. There is little or no memory left for any other function. For simple
applications such as a telephone card, the chip has 60 or 12 memory cells, one for
each telephone unit. A memory cell is cleared each time a telephone unit is used.
Once all the memory units are used, the card becomes useless and is thrown away.
This process can be reversed in the case of rechargeable cards.

CPU/MPU Microprocessor Multifunction Cards

These cards have on-card dynamic data processing capabilities. Multifunction smart
cards allocate card memory into independent sections or files assigned to a specific
function or application. Within the card is a microprocessor or microcontroller chip that
manages this memory allocation and file access. This type of chip is similar to those
found inside all personal computers and when implanted in a smart card, manages data
in organized file structures, via a card operating system (COS). Unlike other operating
systems, this software controls access to the on-card user memory. This capability
permits different and multiple functions and/or different applications to reside on the
card, allowing businesses to issue and maintain a diversity of products through the
card. One example of this is a debit card that also enables building access on a college
campus. Multifunction cards benefit issuers by enabling them to market their products
and services via state-of-the-art transaction and encryption technology. Specifically, the
technology enables secure identification of users and permits information updates

without replacement of the installed base of cards, simplifying program changes and
reducing costs. For the card user, multifunction means greater convenience and
security, and ultimately, consolidation of multiple cards down to a select few that serve
many purposes.
There are many configurations of chips in this category, including chips that support
cryptographic PKI functions with on-board math co-processors or JavaCard with
virtual machine hardware blocks. As a rule of thumb - the more functions, the higher the
cost.

Contactless Cards
These are smart cards that employ a radio frequency (RFID) between card and reader
without physical insertion of the card. Instead, the card is passed along the exterior of
the reader and read. Types include proximity cards which are implemented as a readonly technology for building access. These cards function with a very limited memory
and communicate at 125 MHz. Another type of limited card is the Gen 2 UHF Card that
operates at 860 MHz to 960 MHz True read and write contactless cards were first used
in transportation for quick decrementing and re-loading of fare values where their lower
security was not an issue. They communicate at 13.56 MHz, and conform to the
ISO14443 standard. These cards are often protected memory types. They are also
gaining popularity in retail stored value, since they can speed-up transactions and not
lower transaction processing revenues (i.e. VISA and MasterCard), like traditional smart
cards.
Variations of the ISO14443 specification include A, B, and C, which specify chips from
either specific or various manufacturers. A=NXP-(Philips) B=Everybody else and
C=Sony only chips. Contactless card drawbacks include the limits of cryptographic
functions and user memory, versus microprocessor cards and the limited distance
between card and reader required for operation.
Multi-mode Communication Cards
These cards have multiple methods of communications, including ISO7816, ISO14443
and UHF gen 2. How the card is made determines if it is a Hybrid or dual interface card.
The term can also include cards that have a magnetic-stripe and or bar-code as well.
Hybrid Cards
Hybrid cards have multiple chips in the same card. These are typically attached to each
interface separately, such as a MIFARE chip and antenna with a contact 7816 chip in

the same card.

Dual Interface Cards
These cards have one chip controlling the communication interfaces. The chip may be
attached to the embedded antenna through a hard connection, inductive method or with
a flexible bump mechanism.
Multi-component Cards
These types of cards are for a specific market solution. For example, there are cards
where the fingerprint sensor is built on the card. Or one company has built a card that
generates a one-time password and displays the data for use with an online banking
application. Vault cards have rewriteable magnetic stripes. Each of these technologies
is specific to a particular vendor and is typically patented.

Smart Card Form Factors

The expected shape for cards is often referred to as CR80. Banking and ID cards are
governed by the ISO 7810 specification. But this shape is not the only form factor that
cards are deployed in. Specialty shaped cutouts of cards with modules and/or antennas
are being used around the world. The most common shapes are SIM. SD and MicroSD
cards can now be deployed with the strength of smart card chips. USB flash drive
tokens are also available that leverage the same technology of a card in a different form
factor.
Integrated Circuits and Operating Systems
The two primary types of smart card operating systems: 1). Fixed File Structure and 2).
Dynamic Application System. As with card types, selection of a card operating system
depends on the application the card is developed for. The other defining difference is in
the encryption capabilities of the operating system and the chip. The types of encryption
are Symmetric Key and Asymmetric Key (Public Key).
The chip selection for these functions is vast and supported by many semiconductor
manufacturers. What separates a smart card chip from other microcontrollers is often
referred to as trusted silicon. The device itself is designed to securely store data
withstanding outside electrical tampering or hacking. These additional security features
include a long list of mechanisms such as no test points, special protection metal masks
and irregular layouts of the silicon gate structures. The trusted silicon semiconductor
vendor list below is current for 2010.

Atmel

EM systems

Felicia

Infineon

Microchip

NXP

Renasas

Samsung

Sharp

Sony

ST Microelectronics

Many of the features that users have come to expect, such as specific encryption
algorithms, have been incorporated into the hardware and software libraries of the chip
architectures. This can often result in a card manufacturer not future-proofing their
design by having their card operating systems only ported to a specific device. Care
should be taken in choosing the card vendor that can support your project over time as
card operating system-only vendors come in and out of the market. The tools and
middleware that support card operating systems are as important as the chip itself. The
tools to implement your project should be easy to use and give you the power to deploy
your project rapidly.
1)Fixed File Structure
This type treats the card as a secure computing and storage device. Files and
permissions are set in advance by the issuer. These specific parameters are ideal and
economical for a fixed type of card structure and functions that will not change in the
near future. Many secure stored value and healthcare applications are utilizing this type

of card. An example of this kind of card is a low-cost employee multi-function badge or

credential. Contrary to some biased articles, these style cards can be used very
effectively with a stored biometric component and reader. Globally, these types of
microprocessor cards are the most common.
2) Dynamic Application System
This type of operating system, which includes the JavaCard and proprietary MULTOS
card varieties, enables developers to build, test, and deploy different on card
applications securely. Because the card operating systems and applications are more
separate, updates can be made. An example card is a SIM card for mobile GSM where
updates and security are downloaded to the phone and dynamically changed. This type
of card deployment assumes that the applications in the field will change in a very short
time frame, thus necessitating the need for dynamic expansion of the card as a
computing platform. The costs to change applications in the field are high, due to the
ecosystem requirements of security for key exchange with each credential. This is a
variable that should be scrutinized carefully in the card system design phase.

Smart Card Readers/Terminals

Readers and terminals operate with smart cards to obtain card information and perform
a transaction.
Generally, a reader interfaces with a PC for the majority of its processing requirements.
A terminal is a self-contained processing device. Both readers and terminals read and
write to smart cards.
Readers
Contact
This type of reader requires a physical connection to the cards, made by inserting the
card into the reader. This is the most common reader type for applications such as ID
and Stored Value. The card-to-reader communications is often ISO 7816 T=0 only. This
communication has the advantage of direct coupling to the reader and is considered
more secure. The other advantage is speed. The typical PTS Protocal Type Selection
(ISO7816-3) negotiated speed can be up to 115 kilo baud. This interface enables larger
data transport without the overhead of anti-collision and wireless breakdown issues that
are a result from the card moving in and out of the reader antenna range.
Contactless
This type of reader works with a radio frequency that communicates when the card
comes close to the reader. Many contactless readers are designed specifically for
Payment, Physical Access Control and Transportation applications. The dominant
protocol under the ISO 14443 is MIFARE, followed by the EMV standards.

Interface
A contact reader is primarily defined by the method of its interface to a PC. These
methods include RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots,
parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Some
readers support more than one type of card such as the tri mode insert readers from
MagTek. These readers support magnetic stripe-contact and contactless read
operations all in one device.

Reader & Terminal to Card Communication

All cards and readers that follow ISO 7816-3 standards have a standardized set of
commands that enable communication for CPU cards.
These commands, called APDUs (Application Protocol Data Units) can be executed at a
very low level, or they can be scripted into APIs which enable the user to send
commands from an application to a reader.
The reader communicates with the card where the response to the request takes place.

From a technical perspective, the key is the APIs that are chosen. These layers of
software can enable effective application communication with smart cards and readers
from more than one manufacturer. Most terminal SDKs come with a customized API for
that platform. They are typically in some form of C, C++ or C # and will have the header
files included. Many smart card readers have specific drivers/APIs for memory cards.
For ISO7816 processor cards the PC/SC interface is often employed, but it has
limitations. This is especially important if you have both memory and microprocessor
cards that can are used in the same system. Some APIs give the software designer the
ability to select readers from multiple vendors.
The following are some of the function calls provided for transporting APDUs and their
functions:
Reader Select
Reader Connect
Reader Disconnect
Card Connect
Card Disconnect
Proprietary Commands for specific readers and cards
Allow ISO Commands to be passed to cards using standard ISO format
Allow ISO Commands to be sent to cards using a simplified or shortcut format
Applications Development
The development of PC applications for readers has been simplified by the Personal
Computer/Smart Card (PC/ SC) standard. This standard is supported by all major

operating systems. The problem with the PC/SC method is that it does not support all of
the reader functions offered by each manufacturer, such as LED control and card
latching/locking. When just using the drivers for each reader manufacturer, there is no
connection to the function of the cards.
The better choice is Application Programming Interfaces (APIs) that are part of readily
available in Software Development Kits (SDKs) that support specific manufacturers
card families.
Terminals
Unlike readers, terminals are more similar to a self contained PC, with most featuring
operating systems and development tools. Terminals are often specific to the use case
such as Security, Health Informatics or POS. Connectivity in the terminals is typically via
Transmission Control Protocol/Internet Protocol (TCP-IP) or GSM network. Many
terminals today feature regular OSs making deployment easier such as Datastrip with
windows CE or Exadigm with Linux.

Smart Card Standards

Primarily, smart card standards govern physical properties, communication characteristics,
and application identifiers of the embedded chip and data. Almost all standards refer to the
ISO 7816-1,2 & 3 as a base reference.
The International Organization For Standardization (ISO) facilitates the creation of
voluntary standards through a process that is open to all parties. ISO 7816 is the
international standard for integrated-circuit cards (commonly known as smart cards) that
use electrical contacts on the card, as well as cards that communicate with readers and
terminals without contacts, as with radio frequency (RF/Contactless) technology. Anyone
interested in obtaining a technical understanding of smart cards needs to become familiar
with what ISO 7816 and 14443 does NOT cover as well as what it does. Copies of these
standards can be purchased through ANSI American National Standards Institute:
www.ansi.org . Copies of ISO standards are for sale at www.iso.org.
Application-specific properties are being debated with many large organizations and groups
proposing their standards. Open system card interoperability should apply at several levels:
1). To the card itself, 2). The cards access terminals (readers), 3). The networks and 4).
The card issuers own systems. Open system card interoperability will only be achieved by
conformance to international standards.
This sites sponsors are committed to compliance with ISO and ITSEC security standards
as well as industry initiatives such as EMV, the Global Platform and PC/SC specifications.
These organizations are active in smart card standardization: The following standards and
the organizations that maintain them are the most prevalent in the smart card industry:
ISO/IEC is one of the worldwide standard-setting bodies for technology, including plastic
cards. The primary standards for smart cards are ISO/IEC 7816, ISO/IEC 14443, ISO/IEC
15693 and ISO/IEC 7501.

ISO/IEC 7816 is a multi-part international standard broken into fourteen parts.

ISO/IEC 7816 Parts 1, 2 and 3 deal only with contact smart cards and define the
various aspects of the card and its interfaces, including the cards physical
dimensions, the electrical interface and the communications protocols. ISO/IEC
7816 Parts 4, 5, 6, 8, 9, 11, 13 and 15 are relevant to all types of smart cards
(contact as well as contactless). They define the card logical structure (files and data
elements), various commands used by the application programming interface for
basic use, application management, biometric verification, cryptographic services
and application naming. ISO/IEC 7816 Part 10 is used by memory cards for
applications such as pre-paid telephone cards or vending machines. ISO/IEC 7816
Part 7 defines a secure relational database approach for smart cards based on the
SQL interfaces (SCQL).

ISO/IEC 14443 is an international standard that defines the interfaces to a close

proximity contactless smart card, including the radio frequency (RF) interface, the
electrical interface, and the communications and anti-collision protocols. ISO/IEC
14443 compliant cards operate at 13.56 MHz and have an operational range of up to
10 centimeters (3.94 inches). ISO/IEC 14443 is the primary contactless smart card
standard being used for transit, financial, and access control applications. It is also
used in electronic passports and in the FIPS 201 PIV card.

ISO/IEC 15693 describes standards for vicinity cards. Specifically, it establishes

standards for the physical characteristics, radio frequency power and signal
interface, and anti-collision and transmission protocol for vicinity cards that operate
to a maximum of 1 meter (approximately 3.3 feet).

ISO/IEC 7501 describes standards for machine-readable travel documents and has
made a clear recommendation on smart card topology.

ICAO
The International Civil Aviation Organization (ICAO) issues guidance on the standardization

and specifications for Machine Readable Travel Documents (MRTD) such as passports,
visas, and travel documents. ICAO has published the specification for electronic passports
using a contactless smart chip to securely store traveler data.
FIPS (Federal Information Processing Standards) Developed by the Computer Security
Division within the National Institute of Standards and Technology (NIST). FIPS standards
are designed to protect federal assets, including computer and telecommunications
systems. The following FIPS standards apply to smart card technology and pertain to digital
signature standards, advanced encryption standards, and security requirements for
cryptographic modules.

FIPS 140 (1-3): The security requirements contained in FIPS 140 (1-3) pertain to areas
related to the secure design and implementation of a cryptographic module, specifically:
cryptographic module specification; cryptographic module ports and interfaces; roles,
services, and authentication; finite state model; physical security; operational
environment;

cryptographic

key

management;

electromagnetic

interference/

electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of

other attacks.

FIPS 201: This specification covers all aspects of multifunction cards used in identity
management systems throughout the U.S. government.

EMV - Europay, MasterCard and Visa formed EMV Company, LLC and created the
Integrated Circuit Card Specifications for Payment Systems. These specifications are
related to ISO7816 and create a common technical basis for card and system
implementation of a stored value system. Integrated Circuit Card Specifications for
Payment Systems can be obtained from a Visa, MasterCard or Europay member bank.
PC/SC - A globally implemented standard for cards and readers, called the PC/SC
specification. This standard only applies to CPU contact cards. Version 2.0 also dictates
PIN pad to card communications. Apple, Oracle-Sun, Linux and Microsoft all support this
standard.

Microsoft has built PC/SC into their smart card services as a framework that supports many
security mechanisms for cards and systems. PC/SC is now a fairly common middleware
interface for PC logon applications. The standard is a highly abstracted set of middleware
components that allow for the most common reader card interactions.
CEN (Comite Europeen de Normalisation) and ETSI (European Telecommunications
Standards Institute) is focused on telecommunications, as with the GSM SIM for cellular
telephones. GSM 11.11 and ETSI300045. CEN can be contacted at Rue de Stassart, 36 B1050 Brussels, Belgium, attention to the Central Secretariat.
HIPAA - The Health Insurance Portability and Accountability Act adopts national standards
for implementing a secure electronic health transaction system in the U.S. Example
transactions affected by this include claims, enrollment, eligibility, payment and coordination
of benefits. Smart cards are governed by the requirements of HIPAA pertaining to data
security and patient privacy.
IC Communications Standards - These existed for non-volatile memories before the chips
were adopted for smart card use. This specifically applies to the I2C and SPI EEPROM
interfaces.

Global System for Mobile Communication (GSM)

The GSM standard is dominant in the cell phone industry and uses smart cards called
Subscriber Identification Modules (SIMs) that are configured with information essential to
authenticating a GSM-compliant mobile phone, thus allowing a phone to receive service
whenever the phone is within coverage of a suitable network. This standard is managed by
the European Telecommunication Standards Institute. The two most common standards for
cards are 11.11 and 11.14.

OpenCard Framework
(Obsolete standard: for information only)
The OpenCard Framework was a set of guidelines announced by IBM, Netscape, NCI, and
Sun Microsystems for integrating smart cards with network computers. The guidelines were
based on open standards and provided an architecture and a set of application program
interfaces (APIs) that enable application developers and service providers to build and
deploy smart card solutions on any OpenCard-compliant network computer. Through the
use of a smart card, an OpenCard- compliant system should have enabled access to
personalized data and services from any network computer and dynamically download from
the Internet all device drivers that are necessary to communicate with the smart card. By
providing a high-level interface which can support multiple smart card types, the OpenCard
Framework was intended to enable vendor-independent card interoperability. The system
incorporated Public Key Cryptography Standard (PKCS) - 11 and was supposed to be
expandable to include other
public key mechanisms.
Global Platform
GlobalPlatform (GP) is an international, non-profit association. Its mission is to establish,
maintain and drive adoption of standards to enable an open and interoperable
infrastructure for smart cards, devices and systems that simplifies and accelerates
development, deployment and management of applications across industries. The GP
standard has been adopted by virtually all the banks worldwide for JavaCard-based
loading of cryptographic data. The standard establishes mechanisms and policies that
enable secure channel communications with a credential.
Common Criteria
Common Criteria (CC) is an internationally approved security evaluation framework

providing a clear and reliable evaluation of the security capabilities of IT products, including
secure ICs, smart card operating systems, and application software. CC provides an
independent assessment of a products ability to meet security standards. Securityconscious customers, such as national governments, are increasingly requiring CC
certification in making purchasing decisions. Since the requirements for certification are
clearly established, vendors can target very specific security needs while providing broad
product offerings.
Biometric Standards
Many new secure ID system implementations are using both biometrics and smart cards to
improve the security and privacy of an ID system.

ANSI-INCITS 358-2002, BioAPI Specification - (ISO/IEC 19784-1). BioAPI is

intended to provide a high-level generic biometric authentication modelone suited
for any form of biometric technology. It covers the basic functions of enrollment,
verification, and identification, and includes a database interface to allow a biometric
service provider (BSP) to manage the technology device and identification
population for optimum performance. It also provides primitives that allow the
application to separately manage the capture of samples on a client workstation, and
the enrollment, verification, and identification functions on a server. The BioAPI
framework has been ported to Win32, Linux, UNIX, and WinCE. Note that BioAPI is
not optimum for a microcontroller environment such as might be embedded within a
door access control reader unit or within a smart card processor. BioAPI is more
suitable when there is a general-purpose computer available.

ANSI-INCITS 398, Common Biometric Exchange Formats Framework (CBEFF) (ISO/IEC 19785-1). The Common Biometric Exchange Formats Framework (CBEFF)
describes a set of data elements necessary to support biometric technologies and
exchange data in a common way. These data can be placed in a single file used to
exchange biometric information between different system components or between
systems. The result promotes interoperability of biometric-based application

programs and systems developed by different vendors by allowing biometric data

interchange. This specification is a revised (and augmented) version of the original
CBEFF, the Common Biometric Exchange File Format, originally published as
NISTIR 6529.

ANSI-INCITS Biometric Data Format Interchange Standards. ANSI-INCITS has

created a series of standards specifying the interchange format for the exchange of
biometric data. These standards specify a data record interchange format for storing,
recording, and transmitting the information from a biometric sample within a CBEFF
data structure. The ANSI-INCITS published data interchange standards are shown
below. There are ISO equivalents to each standard listed here.

ANSI-INCITS 377-2004 - Finger Pattern Based Interchange Format

ANSI-INCITS 378-2004 - Finger Minutiae Format for Data Interchange

ANSI-INCITS 379-2004 - Iris Interchange Format

ANSI-INCITS 381-2004 - Finger Image Based Interchange Format

ANSI-INCITS 385-2004 - Face Recognition Format for Data Interchange

ANSI-INCITS 395-2005 - Signature/Sign Image Based Interchange Format

ANSI-INCITS 396-2004 - Hand Geometry Interchange Format

ISO/IEC 19794 series on biometric data interchange formats. Part 1 is the

framework, Part 2 defines the finger minutiae data, Part 3 defines the finger pattern
spectral data, Part 4 defines the finger image data, Part 5 defines the face image
data, Part 6 defines the iris image data, and still in development, Part 7 will define
the signature/sign time series data, Part 8 will define the finger pattern skeletal data

and Part 8 will define the vascular image data.

System Planning & Deployment

Smart card system design requires advance planning to be successful and to avoid
problems. It is highly recommended that you graphically diagram the flow of information for
your new system. The first question to consider is will the card and system transact
information, or value, or both? If it stores keys or value (i.e. gift certificates or sports
tickets), greater design detail is required than in data-only systems. When you combine
information types on a single card, other issues arise. The key to success is not to overrun
the system with features that can confuse users and cause problems in management. It is
recommended that you phase-in each feature set as each one is working. To properly
implement a functional smart card system, you should be able to answer the following
questions. NOTE: These are only general guidelines, provided as a basis for your individual
planning. Many other steps may be involved and are not mentioned here. For more
extensive planning information regarding identity management and national IDs, we
recommend that you review the GSA Smart Card Handbook. For bank-issued cards, we
recommend that you visit the Global Platform website.
Basic Set-Up

1) Is there a clear business case? Including financial and consumer behavior factors?
2) Will the system be single or multi-application?
3) What type of information do I want to store in the cards (ie; data or value)?
4) How much memory is required for each application?
5) If multi-application, how will I separate different types of data?
6) Will card data be obtained from a database? Or loaded every time?
7) Will this data concurrently reside on a database?
8) How many cards will be needed?
9) Are card/infrastructure vendors identified? What are the lead times?
Security Planning
1) What are the security requirements?
2) Does all, or only some of the data need to be secure?
3) Who will have access to this information?
4) Who will be allowed to change this information?
5) In what manner shall I secure this data i.e. encryption, Host passwords, card
passwords/PINs or all of these?
6) Should the keys/PINs be customer or system-activated?

7) What form of version control do I want?

Value Applications
1) Should the value in the cards be re-loadable or will the cards be disposable?
2) How will I distribute the cards?
3) How will cards be activated and loaded with value?
4) What type of card traceability should I implement?
5) What is the minimum and maximum value to store on each card?
6) Will there be a refund policy?

General Issuance
1) How many types of artwork will be included in the issuance?
2) Who will do the artwork?
3) What is needed on the card? For example signature panels, Magnetic-Stripe,
Embossing etc.
Multi-Application Card Systems
It is highly recommended that you graphically diagram the flow of information as shown.
Large distributed multifunction systems require lots of advance planning to make them
effective. Smart cards often act as the glue between disparate software applications and
use cases. Below is an example of a multifunction card that is issued by a large
enterprise or government. Everywhere you see a CD is a separate and distinct software
application that interacts with the data and service from the card.

3
1
4

5
?

15

17
7
16

The critical first step in this type of planning is to understand the data requirements on
the card as it relates to each disparate software application that your project will deploy.
Building a smart card system that stores value i.e. gift certificates, show tickets,
redemption points or cash equivalents requires an attention to detail not necessary in
other information management systems. The most important detail of a successful
stored value card is that the card and program are perceived by users as being
compelling, justifying the switch from other payment options.
User information and system wide training should be part of your budget. It is
recommended that you phase-in each feature set after the first one is working. Here is a
list of some questions that are pertinent to these systems in addition to the above
questions.
Deployment
As the minimum steps in deploying a stored value or multi-application system, establish
clear achievable program objectives;
1) Make sure the organization has a stake in the projects success and that
management buys into the project
2) Set a budget
3) Name a project manager
4) Assemble a project team and create a team vision
5) Graphically create an information - card and funds-flow diagram
6) Assess the card and reader options

7) Write a detailed specification for the system

8) Set a realistic schedule with inch-stones and mile-stones
9) Establish the security parameters for both people and the system
10)Phase-in each system element, testing as you deploy
11) Reassess for security leaks
12)Deploy the first phase of cards and test, test
13)Train the key employees responsible for each area
14)Set-up a system user manual
15)Check the reporting structures
16)Have contingency plans should problems arise
17)Deploy and announce
18)Advertise and market your system

Smart Card Security (Section 1)

Smart cards provide computing and business systems the enormous benefit of portable
and secure storage of data and value. At the same time, the integration of smart cards
into your system introduces its own security management issues, as people access
card data far and wide in a variety of applications.
The following is a basic discussion of system security and smart cards, designed to
familiarize you with the terminology and concepts you need in order to start your
security planning.
What Is Security?
Security is basically the protection of something valuable to ensure that it is not stolen,
lost, or altered. The term data security governs an extremely wide range of
applications and touches everyones daily life. Concerns over data security are at an alltime high, due to the rapid advancement of technology into virtually every transaction,
from parking meters to national defense.
Data is created, updated, exchanged and stored via networks. A network is any
computing system where users are highly interactive and interdependent and by
definition, not all in the same physical place. In any network, diversity abounds, certainly
in terms of types of data, but also types of users. For that reason, a system of security is
essential to maintain computing and network functions, keep sensitive data secret, or
simply maintain worker safety.
Type of Data

Security Concern
Basis of business income.

Type of Access
Highly selective list of

Drug Formula

Competitor spying

executives
Relevant executives and

Accounting, Regulatory

Required by law

departments
Relevant executives and

Personnel Files

Employee piracy

departments

Employee ID

Non-employee access.

Relevant executives and

Inaccurate payroll,
benefits assignment

departments
Individuals per function and

Facilities

Access Authorization

clearance such
as customers, visitors, or
vendors

Building safety, emergency

response

Outside emergency
All employees

response

What Is Information Security?

Information security is the application of measures to ensure the safety and privacy
of data by managing its storage and distribution. Information security has both
technical and social implications. The first simply deals with the how and how
much question of applying secure measures at a reasonable cost. The second
grapples with issues of individual freedom, public concerns, legal standards and how
the need for privacy intersects them. This discussion covers a range of options open
to business managers, system planners and programmers that will contribute to your
ultimate security strategy. The eventual choice rests with the system designer and
issuer.
The Elements Of Data Security
In implementing a security system, all data networks deal with the following main
elements:
1) Hardware, including servers, redundant mass storage devices, communication
channels and lines, hardware tokens (smart cards) and remotely located devices
(e.g., thin clients or Internet appliances) serving as interfaces between users and
computers

2) Software, including operating systems, database management systems,

communication and security application programs
3) Data, including databases containing customer - related information.
4) Personnel, to act as originators and/or users of the data; professional personnel,
clerical staff, administrative personnel, and computer staff

The Mechanisms Of Data Security

Working with the above elements, an effective data security system works with the
following key mechanisms to answer:
1) Has My Data Arrived Intact? (Data Integrity) This mechanism ensures that data
was not lost or corrupted when it was sent to you
2) Is The Data Correct And Does It Come From The Right Person? (Authentication)
This proves user or system identities

3) Can I Confirm Receipt Of The Data And Sender Identity Back To The Sender?
(Non-Repudiation)
4) Can I Keep This Data Private? (Confidentiality) - Ensures only senders and
receivers access the data. This is typically done by employing one or more
encryption techniques to secure your data
5) Can I Safely Share This Data If I Choose? (Authorization and Delegation) You can
set and manage access privileges for additional users and groups
6) Can I Verify The That The System Is Working? (Auditing and Logging) Provides a
constant monitor and troubleshooting of security system function
7) Can I Actively Manage The System? (Management) Allows administration of your
security system

Smart Card Security (Section 2)

Data Integrity
This is the function that verifies the characteristics of a document and a transaction.
Characteristics of both are inspected and confirmed for content and correct authorization.
Data Integrity is achieved with electronic cryptography that assigns a unique identity to data
like a fingerprint. Any attempt to change this identity signals the change and flags any
tampering.
Authentication
This inspects, then confirms, the proper identity of people involved in a transaction of data
or value. In authentication systems, authentication is measured by assessing the
mechanisms strength and how many factors are used to confirm the identity. In a PKI
system a Digital Signature verifies data at its origination by producing an identity that can
be mutually verified by all parties involved in the transaction. A cryptographic hash
algorithm produces a Digital Signature.
Non-Repudiation
This eliminates the possibility of a transaction being repudiated, or invalidated by
incorporating a Digital Signature that a third party can verify as correct. Similar in concept
to registered mail, the recipient of data re-hashes it, verifies the Digital Signature, and
compares the two to see that they match.
Authorization and Delegation
Authorization is the processes of allowing access to specific data within a system.
Delegation is the utilization of a third party to manage and certify each of the users of your
system. (Certificate Authorities).

Authorization and Trust Model

Auditing and Logging

This is the independent examination and recording of records and activities to ensure
compliance with established controls, policy, and operational procedures, and to
recommend any indicated changes in controls, policy, or procedures.
Management
Is the oversight and design of the elements and mechanisms discussed above and
below. Card management also requires the management of card issuance, replacement
and retirement as well as polices that govern a system.
Cryptography/Confidentiality
Confidentiality is the use of encryption to protect information from unauthorized
disclosure. Plain text is turned into cipher text via an algorithm, and then decrypted back
into plain text using the same method.
Cryptography is the method of converting data from a human readable form to a
modified form, and then back to its original readable form, to make unauthorized access
difficult. Cryptography is used in the following ways: Ensure data privacy, by encrypting
data

Ensures data integrity, by recognizing if data has been manipulated in an

unauthorized way

Ensures data uniqueness by checking that data is original, and not a copy of the
original. The sender attaches a unique identifier to the original data. This unique
identifier is then checked by the receiver of the data.

The original data may be in a human-readable form, such as a text file, or it may be in a
computer-readable form, such as a database, spreadsheet or graphics file. The original
data is called unencrypted data or plain text. The modified data is called encrypted data
or cipher text. The process of converting the unencrypted data is called encryption. The
process of converting encrypted data to unencrypted data is called decryption.
Data Security Mechanisms and their Respective Algorithms

In order to convert the data, you need to have an encryption algorithm and a key. If the
same key is used for both encryption and decryption that key is called a secret key and
the algorithm is called a symmetric algorithm. The most well-known symmetric algorithm
is DES (Data Encryption Standard).

The Data Encryption Standard (DES) was invented by the IBM Corporation in the
1970s. During the process of becoming a standard algorithm, it was modified according
to recommendations from the National Security Agency (NSA). The algorithm has been
studied by cryptographers for over 30 years. During this time, no methods have been
published that describe a way to break the algorithm, except for brute-force techniques.
DES has a 56-bit key, which offers 256 or 7 x 1016 possible variations. There are a very
small numbers of weak keys, but it is easy to test for these keys and they are easy to
avoid.
Triple-DES is a method of using DES to provide additional security. Triple-DES can be
done with two or with three keys. Since the algorithm performs an encrypt-decryptencrypt sequence, this is sometimes called the EDE mode.

The Advanced Encryption Standard (AES) is the newest symmetric-key encryption

standard adopted by the U.S. government. The standard comprises three block ciphers,
AES-128, AES-192 and AES-256, adopted from a larger collection originally published
as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192
and 256 bits, respectively. The AES ciphers have been analyzed extensively and are
now used worldwide, as was the case with its predecessor, the Data Encryption
Standard (DES).
AES was announced by National Institute of Standards and Technology (NIST) as U.S.
FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization
process in which fifteen competing designs were presented and evaluated before
Rijndael was selected as the most suitable. It became effective as a Federal
government standard on May 26, 2002 after approval by the Secretary of Commerce. It
is available in many different encryption packages. AES is the first publicly accessible
and open cipher approved by the NSA
for top secret information.

If different keys are used for encryption and decryption, the algorithm is called an
asymmetric algorithm. The most well-known asymmetric algorithm is RSA, named after
its three inventors (Rivest, Shamir, and Adleman). This algorithm uses two keys, called
the private key. These keys are mathematically linked. Here is a diagram that illustrates
an asymmetric algorithm:

Asymmetric algorithms involve extremely complex mathematics typically involving the

factoring of large prime numbers. Asymmetric algorithms are typically stronger than a

short key length symmetric algorithm. But because of their complexity they are used in
signing a message or a certificate. They not ordinarily used for data transmission
encryption.

Smart Card Security (Section 3)

As the card issuer, you must define all of the parameters for card and data security.
There are two methods of using cards for data system security, host-based and cardbased. The safest systems employ both methodologies.

Public Key Keep (Asymmetric Card)

Closed multi-session encryption

Mutual authentication (SHA 1, SHA 256)

OTP (One Time password

encryption (Symmetric
Key Card)

Biometric Password
Card

Host-Based System Security

A host-based system treats a card as a simple data carrier. Because of this, straight
memory cards can be used very cost-effectively for many systems. All protection of the
data is done from the host computer. The card data may be encrypted but the
transmission to the host can be vulnerable to attack. A common method of increasing
the security is to write in the clear (not encrypted) a key that usually contains a date
and/or time along with a secret reference to a set of keys on the host. Each time the
card is re-written the host can write a reference to the keys. This way each transmission
is different. But parts of the keys are in the clear for hackers to analyze. This security
can be increased by the use of smart memory cards that employ a password
mechanism to prevent unauthorized reading of the data. Unfortunately the passwords
can be sniffed in the clear. Access is then possible to the main memory. These
methodologies are often used when a network can batch up the data regularly and
compare values and card usage and generate a problem card list.

Card-Based System Security

These systems are typically microprocessor card-based. A card or token-based system
treats a card as an active computing device. The interaction between the host and the
card can be a series of steps to determine if the card is authorized to be used in the
system. The process also checks if the user can be identified, authenticated and if the
card will present the appropriate credentials to conduct a transaction. The card itself can
also demand the same from the host before proceeding with a transaction. The access
to specific information in the card is controlled by A). The cards internal Operating
System and B). The preset permissions set by the card issuer regarding the files
condition. The card can be in a standard CR80 form factor or be in a USB dongle or it
could be a GSM SIM Card.
Threats To Cards and Data Security
Effective security system planning takes into account the need for authorized users to
access data reasonably easily, while considering the many threats that this access
presents to the integrity and safety of the information. There are basic steps to follow to
secure all smart card systems, regardless of type or size.

Analysis: Types of data to secure; users, points of contact, transmission. Relative

risk/impact of data loss

Deployment of your proposed system

Road Test: Attempt to hack your system; learn about weak spots, etc.

Synthesis: Incorporate road test data, re-deploy

Auditing: Periodic security monitoring, checks of system, fine-tuning

When analyzing the threats to your data an organization should look closely at two

specific areas: Internal attacks and external attacks. The first and most common
compromise of data comes from disgruntled employees. Knowing this, a good system
manager separates all back-up data and back-up systems into a separately partitioned
and secured space. The introduction of viruses and the attempted formatting of network
drives is a typical internal attack behavior. By deploying employee cards that log an
employee into the system and record the time, date and machine that the employee is
on, a company automatically discourages these type of attacks.

External attacks are typically aimed at the weakest link in a companys security armor.
The first place an external hacker looks at is where they can intercept the transmission
of your data. In a smart card-enhanced system this starts with the card.

The following sets of questions are relevant to your analysis. Is the data on the card
transmitted in the clear or is it encrypted? If the transmission is sniffed, is each session
secured with a different key? Does the data move from the reader to the PC in the

clear? Does the PC or client transmit the data in the clear? If the packet is sniffed, is
each session secured with a different key? Does the Operating System have a back
door? Is there a mechanism to upload and download functioning code? How secure is
this system? Does the OS provider have a good security track record? Does the card
manufacturer have precautions in place to secure your data? Do they understand the
liabilities? Can they provide other security measures that can be implemented on the
card and or module? When the card is subjected to Differential Power attacks and
Differential Thermal attacks does the OS reveal any secrets? Will the semiconductor
utilized meet this scrutiny? Do your suppliers understand these questions?
Other types of problems that can be a threat to your assets include:

Improperly secured passwords (writing them down, sharing)

Assigned PINs and the replacement mechanisms

Delegated Authentication Services

Poor data segmentation

Physical Security (the physical removal or destruction of your computing hardware)

Security Architectures
When designing a system a planner should look at the total cost of ownership this
includes:

Analysis

Installation and Deployment

Delegated Services

Training

Management

Audits and Upgrades

Infrastructure Costs (Software and Hardware)

Over 99% of all U.S.- based financial networks are secured with a Private Key
Infrastructure. This is changing over time, based on the sheer volume of transactions
managed daily and the hassles that come with private key management. Private Keybased systems make good sense if your expected user base is less than 500,000
participants.
Public Key Systems are typically cost effective only in large volumes or where the value
of data is so high that it is worth the higher costs associated with this type of
deployment. What most people dont realize is that Public Key systems still rely heavily
on Private Key encryption for all transmission of data. The Public Key encryption
algorithms are only used for non-repudiation and to secure data integrity. Public Key
infrastructures as a rule employ every mechanism of data security in a nested and
coordinated fashion to insure the highest level of security available today.

PKI-Public Key Infrastructure

How it works. Typical System

Conclusions

The smart cards improve the convenience and security of any transaction
where it can be either money transaction, bill payment, income tax, etc. It also provide
tamper-proof storage of user and account identity without being stolen or hacked by any
source It also protect against a full range of security threats.

References

http://www.iso.org

http://www.cardlogix.com
http://www.nist.gov
http://www.cioinsight.com
http://www.commoncriteriaportal.org

http://www.istpa.org

http://www.smartcardalliance.org

http://www.pcscworkgroup.com