What is a Smart Card?
• A smart card, chip card, or integrated circuit card (ICC) is
any pocket-sized card with embedded integrated circuits.
• Smart cards can provide identification, authentication,
data storage and application processing.
• Smart cards may also provide strong security
authentication for single sign-on (SSO) within large
• Smarts cards may have up to 8 kilobytes of RAM, 346
kilobytes of ROM, 256 kilobytes of programmable ROM,
and a 16-bit microprocessor.
It’s Generic Characteristics:
Dimensions similar to those of a credit card. ID-1 of the ISO/IEC
7810 standard defines cards as nominally 85.60 by 53.98
millimeters (3.370 in × 2.125 in).
Contains a tamper-resistant security system (for example a secure
crypto processor and a secure file system) and provides security
services (e.g., protects in-memory information).
Managed by an administration system which securely
interchanges information and configuration settings with the
card, controlling card blacklisting and application-data updates.
Communicates with external services via card-reading devices,
such as ticket readers, ATMs, etc.
• Mostly all chip cards are built from layers of
differing materials, or substrates, that when
brought together properly gives the card a
specific life and functionality.
• The typical card today is made from PVC,
Polyester or Polycarbonate.
• The card layers are printed first and then
laminated in a large press.
• The next step in construction is the blanking or
• This is followed by embedding a chip and then
adding data to the card. In all, there may be up
to 30 steps in constructing a card.
• The total components, including software and
plastics, may be as many as 12 separate items;
all this in a unified package that appears to the
user as a simple device.
Contact Smart card
• These are the most common type of smart card.
• Electrical contacts located on the outside of the card
connect to a card reader when the card is inserted.
• This connector is bonded to the encapsulated chip in the
• The use of contact smart cards as physical access
control is limited mostly to parking applications when
payment data is stored in card memory, and when the
speed of transactions is not as important.
Contactless Smart card
• A contactless smart card is a card in which the chip communicates
with the card reader through an induction technology similar to that
of an RFID (Radio Frequency Identification) (at data rates of 106 to
• These cards require only close proximity to an antenna to complete
• They are often used when transactions must be processed quickly or
hands-free, such as on mass transit systems, where a smart card can
be used without even removing it from a wallet.
Proximity Smart Card
• A proximity card or prox. card is a smart card which can be "read" without
inserting it into a reader device, as required by earlier magnetic stripe cards
such as credit cards.
• To use, the proximity card is held near an electronic reader unit for a
• The reader usually produces a "beep" or other sound to indicate the card
has been read.
• Proximity cards typically have a range of around 5 cm (2 inches) for reading,
so the user often leaves the card inside his or her wallet or purse, and
simply holds the wallet or purse near the reader.
• The term "proximity card" can refer to the older 125 kHz devices or the
newer 13.56 MHz contactless smartcards.
• Proximity cards can hold more data than a magnetic stripe card, for example
an electronic funds balance, and so can be used for contactless payment
systems. Many major banks are offering such cards.
Smart Card Reader
• A card reader is a data input device that reads data from a
card-shaped storage medium.
• Modern card readers are electronic devices that can read
plastic cards embedded with either a barcode, magnetic
strip, computer chip or another storage medium.
• A memory card reader is a device used for communication
with a smart card or a memory card.
Contact Smart Card Reader
This type of reader requires a physical connection
to the cards, made by inserting the card into the
This is the most common reader type for
applications such as ID and Stored Value.
The card-to-reader communications is often ISO
7816 T=0 only. This communication has the
advantage of direct coupling to the reader and is
considered more secure.
The other advantage is speed. The typical PTS
Protocol Type Selection (ISO7816-3) negotiated
speed can be up to 115 kilo baud. This interface
enables larger data transport without the overhead
of anti-collision and wireless breakdown issues that
are a result from the card moving in and out of the
reader antenna range.
Contactless Smart Card Reader
• This type of reader works with a radio
frequency that communicates when the card
comes close to the reader.
• Many contactless readers are designed
specifically for Payment, Physical Access
Control and Transportation applications.
• The dominant protocol under the ISO 14443
is MIFARE, followed by the EMV standards.
• The contactless smart card contains an antenna embedded within the plastic
body of the card.
• When the card is brought into the electromagnetic field of the reader, the chip in
the card is powered on.
• Once the chip is powered on, a wireless communication protocol is initiated and
established between the card and the reader for data transfer.
• The following four functions describe at a high level the sequence of events that
happen when a contactless smart card is brought near a card reader:
• Energy transfer to the card for powering the integrated circuit (chip)
• Clock signal transfer
• Data transfer to the contactless smart card
• Data transfer from the contactless smart card
• Hence, once the card is brought within range of an electromagnetic field of the
required frequency (13.56 MHz), the card will be powered up, ready to
communicate with the reader.
Communicating with a Smart Card Reader
The reader provides a path for an application to send and receive
commands from the card. There are many types of readers available, such
as serial, PC-Card, and standard keyboard models. Unfortunately, the ISO
group was unable to provide a standard for communicating with the
readers so there is no “one size fits all” approach to smart card
Each manufacturer provides a different protocol for communication with
• First, users have to communicate with the reader.
• Second, the reader communicates with the card, acting as the
intermediary before sending the data to the card.
• Third, communication with a smart card is based on the APDU format.
The card will process the data and return it to the reader, which will then
return the data to its originating source.
Smart Card Security
• Smartcard readers have been targeted successfully by criminals in
what is termed a supply chain attack, in which the readers are
tampered with during manufacture or in the supply chain before
• The rogue devices capture customers' card details before transmitting
them to criminals.
• The microprocessor on the smart card is there for security.
• The host computer and card reader actually "talk" to the
• The microprocessor enforces access to the data on the card.
• If the host computer read and wrote the smart card's random access
memory (RAM), it would be no different than a diskette.
Smart cards offer a number of features that can be used to provide or
enhance privacy protection in systems. The following is a brief
description of some of these features and how they can be used to
• Secure data storage
• Strong device security
• Secure communications
• Personal device