All About Smart Cards
A smart card is a fixed Integrated Circuit Chip (ICC) with either internal memory or intelligence memory microchip or a safe micro controller. It uses direct physical contact or remote contactless radio frequency network.
Apart from being cheap, the security of smart card memory chip memory is low compared to micro controller chip, widely used for high security applications. Micro controller chips have multiple functions, for example, editing, deleting, and adding components. It operates like a mini computer with an input/ output, operating system and a hard disk feature.
It can handle loads of data and on-card function (encryption, and digital signature) while interacting with the card reader. The smart cards- high performance functions and microprocessors are used for both small and huge projects.
Forms of a smart card
Smart cards come in either plastic cards or USB-based tokens. Plastic cards are widely used in fobs, Subscriber Identity Modules (SIM) used in GSM mobiles.
Categories of smart cards
Smart cards are categorized as:
- Dual interface
Contact smart cards
They use direct physical contact. For example, the use of finger prints for identification and access to wireless merchant services.
Contactless smart cards
These types require closeness to the electromagnetic reader. Both contact and contactless smart cards need electromagnetic signal to interpret data and power for internal chip for communication. Contactless uses radio frequency and contactless link to communicate. The distance should be between one-half to three inches of non-batteries powered cards.
Contactless is ideal for services that need fast and reliable quick response interface.
Hybrid smart cards
Hybrid smart card have double chip interconnected with both contact and contactless interface.
Dual interface cards
This is a single chip with both contactless and contact interface, it is considered for high safety applications.
How do manufacturers categories smart cards?
Manufacturers categorize smart cards based on models.
Java cards: These cards use NXP Java operating system, 5 models. They are applicable for both contactless and contact type of smart cards. They are made by NXP Germany
Basic cards: They use basic card operating system with many models. They use dual technology manufactured by ZeitControl Germany.
Mifare cards: They are low cost RFID based only. They use read only model. They are only compatible with contactless type of cards. They are patented by NXP Germany and made by companies worldwide.
Smart card features
A smart card contains the following features;
- Small, light and portable plastic card with magnetic stripe.
- A microchip that is compatible with most applications
- Antenna that uses electromagnetic signal to convey information
- Compatible card readers.
- In built drivers e.g. Windows 7
- It uses both software based token and password based token.
- Accommodates between 4,000 to 32, 000 users
- Offers protected storage
- Has a small Central Processing Unit (CPU)
- Flexible with multiple function
- Replaceable as long as it is reported to avoid duplication
- It uses encryption and authentication
Functions of a smart card
It is able to store huge amounts of data.
Telecommunication sector: It is widely used in SIM identification of GSM mobiles, a telephone pay card. It stores contacts, tokens, add, edit, delete of information.
Payment options: Credit cards and debit cards have a smart card transit payments system which incorporates merchants.
Identification: Smart cards are used for identification of employees, citizens, digital identification, licenses and online authentication devices.
Health function: In the health sector applications for medical records, citizen health identification cards and physical identification contacts.
How do you choose a suitable smart card?
The choice of a smart card depend on the application that it will be loaded on it. Most manufacturers do not sell smart cards with pre-loaded drivers. They are acquired separately at a fee. A user needs to understand the specifications, and the need for a smart card of choice, for example, PIV card uses US-based government specifications while Open PGP are based on open PGP open specifications.
PIV compliant smart cards can store up to three certificates while open PGP V2 card can store only one certificate. It only permits authentication and not encryption. Consider a smart card that has windows operating system, since it is compatible with most applications.
Some manufacturers require a user to acquire software development kit, e.g. PKCS number ne drivers (Firefox, Truecrypt, for a fee. PIV and GDIS cards are included by default on Windows 7.
Acquisition of a smart card
Before acquisition of a smart card, it is advisable for the consumers to buy a sample to test with application intended to be loaded on it. Weigh security, compatibility, efficiency, performance, functionality and reliability options before making a bulk purchase. Once a smart card is purchased it is not returned or exchanged. Smart cards are bought from the manufacturer then intended applications are loaded it, depending on the purpose of purchase.
In conclusion, smart card technology is globally adopted form of data storage and communication. The current digital technology era, it has enhanced high level security compared to the use of passwords alone which can be hacked by technology experts. Smart card technology has enhanced efficiency of areas that need high level security e.g. access to government buildings. However, this technology is prone to fraud, having tracks of digital marks in health records, banking sector, citizen identification can be easily duplicate. To detect and correct such anomaly a user’s privacy is heavily compromised. Smart card technology is a software based token that can easily be copy/pasted as opposed to password based technology but use of both technology is recommended to enhance security.