What is a Smart Card? A Smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, cash payments , and other applications, and then periodically refreshed for additional use.
Card Elements Magnetic Stripe Chip Embossing (Card Number / Name / Validity, etc.) Logo Hologram
Electrical signals description : Clocking or timing signal (optional use by the card). GND : Ground (reference voltage). VPP : Programming voltage input (deprecated / optional use by the card). I/O : Input or Output for serial data to the integrated circuit inside the card. AUX1(C4): Auxilliary contact; USB devices: D + AUX2(C8) : Auxilliary contact; USB device s: D - VCC : Power supply input : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card) . Fig : A smart card pin out RST CLK
CARD STRUCTURE Out of the eight contacts only six are used. V cc is the supply voltage, V ss is the ground reference voltage against which the Vcc potential is measured, V pp connector is used for the high voltage signal,chip receives commands & interchanges data.
8-bit to 16-bit CPU. 8051 based designs are common.
The price of a mid-level chip when produced in bulk is less than US$1.
Smart Card Readers Computer based readers Connect through USB or COM (Serial) ports Dedicated terminals Usually with a small screen, keypad, printer, often also have biometric devices such as thumb print scanner.
Disadvantages Smart cards used for client-side identification and authentication are the most secure way for eg. internet banking applications, but the security is never 100% sure. In the example of internet banking, if the PC is infected with any kind of malware , the security model is broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the internet banking application (eg. browser). This would result in modifying transactions by the malware and unnoticed by the user. There is malware in the wild with this capability (eg. Trojan. Silentbanker).
Remedies… Banks like Fortis and Dexia in Belgium combine a Smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, his PIN and the transaction amount into the card reader, the card reader returns an 8-digit signature. This signature is manually copied to the PC and verified by the bank. This method prevents malware from changing the transaction amount.