1. INTERACTIVE MULTITASK CREDIT CARD
TECHNOLOGY
Marc Rippen, Harry Braunstein, Craig Nelson, Carl Schuck, Concurrent Technologies Corporation, Largo, Florida
Philippe Guillaud, Innovative Card Technologies, Los Angeles, California
Philippe Blott, nCryptone, Boulogne, France
Abstract-The convergence of several technologies has
allowed the electronics industry to introduce the next
generation of interactive multi-tasking financial transaction
cards, with embedded power and processing capabilities.
The credit card started as a magnetized data plate carrying
the owners name, the account number, and the store(s)
where it could be used. Several generations of credit cards
have come and gone since then. The next generation of
credit card—smart cards—incorporate micro processing and
data storage capability and provide enhanced security for
financial transactions. Smart Cards have not yet gained
significant market share in the United States (U.S.). This
lack of market penetration is due, in part, for the need to
provide power and communications from the card reader to
access the smart chip, as well as the perceived lack of
apparent value added, given the cost to upgrade an extensive
network of card readers to facilitate that functionality. This
paper will deal with the next generation credit card.
Advances in robust micro-circuitry, nanotechnology,
displays, speakers, switches, and battery technology have
led to the development of credit/debit cards with
significantly enhanced capabilities. By introducing an
embedded power source, a credit card can be used to
provide novel modes of communication, such as the ability
to play audio files or produce complex audio encrypted data
and validate the authenticity of the transaction.
I. INTRODUCTION
A convergence of technologies has allowed the
electronics industry to introduce the next generation of
interactive, multi-tasking, financial transaction cards, with
embedded power and processing capabilities. The credit
card began as a magnetized data plate carrying the owners
name, the account number, and the store(s) where it could
be used. The next generation of credit card, smart cards,
incorporated micro-processing and data storage capability
and provided enhanced security for financial transactions. It
has not been able to gain significant market share in the
United States (U.S.). This lack of market penetration stems
from the need for the card reader to provide power to the
card. The lack of apparent value added, given the cost to
upgrade an extensive network to facilitate the new
functionalities has also contributed to the card’s lack of
acceptance. This paper will deal with the next generation
credit card. Advances in robust micro-circuitry,
nanotechnology, displays, speakers, switches, and battery
technology has led to the development of credit/debit cards
with significantly enhanced capabilities. By introducing an
embedded power source, a credit card can be used to
provide novel modes of communication, such as the ability
to play audio files, display information, produce complex
audio encrypted data, and validate the authenticity of the
transaction. The card can be used to provide a light source
for examining a bill in a dimly lit environment.
Credit/debit card security controls have not followed
pace with their increased monetary limits and frequency of
use. This gap has made these types of transactions a prime
target for criminal activity and has provided a market
opportunity for self-powered, interactive multi-tasking card
technology. The factors to improve fiscal protection are
faster data access and processing, and the ability to use
additional means to confirm the identity of the card bearer
prior to transaction completion. The next generation of
credit card offers this capability at the point-of-sale,
improving security for all. Data processing and other
functionalities designed into the card will allow for
encrypted sales and financial transactions both on-line and
through voice media, so that only the legitimate card holder
will be able to conduct these activities.
This paper will discuss the evolution of embedded
power technology, micro-circuitry, micro-passive displays,
micro-speakers, membrane switches, and micro-light
emitting diodes (LEDs) and how these technologies create
value to the card issuer, the user, and the merchant.
II. TECHNICAL CONCEPT
A new generation of smart card is based on an
embedded electronics platform containing a battery, a
secure microcircuit, a display for visual output, one or more
buttons for input, a speaker for output, biometrics sensors
and LEDs; all completely integrated in a credit card form
factor capable of meeting ISO standards. The integrated
security chip can be used to execute an algorithm that sends
a unique one-time security pass code to the display, or for
audio output to the handset microphone for telephone-based
audio confirmed transactions. The choice to use this
multifunctional platform approach is driven by the
following factors:
2. • Portability: the credit card, which can be carried in the
user’s wallet or pocket, is always within reach.
• The development of technology to allow the
introduction of advanced capabilities on a credit card
platform using smartcard chip-enabled functions such
as biometric authentication, unique one-time password
(OTP) generation, magnetic strip read/write, wireless
communications, visual display, and audio broadcast.
• The development of commercial sources for low power
displays, batteries, and other components in suitable
form factors.
• Recommendations to the U.S. financial industry by the
Office of the Comptroller of the Currency (OCC) and
Federal Financial Institutions Examination Council
(FFIEC) to use multiple means of authentication in all
electronic-based financial transactions.
III. DESIGN ISSUES
The first major design challenge to be overcome was to
find or develop a battery and other components that would
work within a credit card form factor. The typical ISO
standard credit card is less than 1 mm thick by 86 mm wide
by 54 mm high. The footprint required for the smart chip,
display, controls and, perhaps, embossed characters leaves
very little space available for the battery. The components
need to be very energy efficient, so to not drain the battery
prematurely. A target life of two years is typical for a credit
card. Along with power and size constraints, the card must
also be capable of surviving exposure to the environmental
conditions to which a typical user would subject it. It must
be capable of being flexed and must be temperature tolerant.
When carried in a purse, for example, it can see summer
temperatures of up 50°C in the U.S. (60°C in other parts of
the world) and winter temperatures of below -20°C. It must
be water resistant. The relative humidity to which a card is
exposed can vary from near zero to 100%: the card may
even be subjected to total immersion in water. The battery
must not leak. All of the components used must present no
safety or health issues and must be as environmentally
benign as possible for disposal issues.
IV. PACKAGING
In the manufacturing of self-powered smart card
devices, it is necessary to consider the existing
manufacturing infrastructure which supports the present
credit card manufacturing industry. The credit card industry
is very price driven. Hot lamination processing is used in
this industry to make the cards, as it is the most cost
effective method using white and clear polyvinyl chloride
(PVC) sheet materials. To reduce manufacturing
infrastructure entry barriers to powered card applications,
the card manufacturing equipment must be used as the
packaging process. In this packaging process, the
components of the cards are subjected to temperatures of up
to 150° C and pressures of up to 2100 kPa.
Batteries and components were selected on the basis of
their ability to survive this process. As this limited some of
the components that could be used, another method of
packaging was developed, referred to as “Cold Lamination.”
Several companies have developed proprietary polymer
materials that can flow at room temperature or slightly
higher, and embed all the components with low pressure.
This alternative method of packaging the card components
has opened the door to the use of passive visual displays and
rechargeable battery chemistry. Figures 1 and 2 illustrate
the smart card assembly.
Figure 1. Card Assembly.
Figure 2. Explosion of Card Assembly.
V. POWER SOURCE
Since credit cards are disposable and current user
behavior and infrastructure would not motivate or allow
users to recharge their cards, a primary battery approach
was initially taken. With the given design and packaging
requirements, the optimum battery was found to be a
primary Lithium polymer battery (LPB). The LPB uses a
solid state electrolyte, is flexible, environmentally benign,
and available in the needed form factor. Also, it can survive
the hot lamination processing and user environments. The
polymer electrolyte approach eliminates the leaking
problem, but because of the slower ionic transfer in solid
3. state electrolytes compared to liquid electrolytes, the
internal impedance of the batteries is greater than liquid-
based cells. LPB energy density (milli-ampere-hours (mAh)
per cubic millimeter (mm3
)) is lower than for liquid
electrolyte batteries. For example, 3 mAh/mm3
is typical of
LPBs, which is less than 10% of the energy density for a
typical AAA dry cell. The smart card Lithium polymer
batteries, 25mm x 30mm x 0.3mm, deliver 10-20 mAh at
3V. These performance limitations increased the technical
challenges in the design. A key challenge was finding a low
power display technology. Micro flexible passive display
technology was selected, as it only requires power in setting
the image on the display. Once set, the display requires no
power to maintain the image. Figure 3 illustrates a card
incorporating a display for OTP.
Figure 3. Smart card with OTP Display.
The next generation of interactive credit cards will
require a rechargeable battery if additional useful functions
are to be realized. For card users, it is believed that in order
to gain market acceptance, that recharging process must be
independent of the user. The smart cards being used in
Europe today, and the smart ID cards used by the U.S.
Department of Defense (DOD), are not self-powered. The
readers provide power to these cards at the point of use.
These readers could be used to recharge a battery while the
card is inserted for a transaction, without affecting the
transaction time.
VI. SOFTWARE
The smart card platform provides for a readily
programmable, software driven device in which components
are integrated, as needed, to support the card’s required
functionalities. The interaction and control of the
components within the platform, and to systems with which
the platform communicates, are programmable at the factory
and could be further programmed by the issuer and user to
brand or personalize its functionality. The systems
architecture is defined by the platform application and the
client. Security programming and software is driven by
platform applications and by validation to National Institute
of Standards and Testing (NIST), General Services
Administration (GSA), and/or banking standards. On-card
memory and processing ability allow for real time tracking
of account balances, loyalty rewards, and other utilization
data by the user and issuer. The details of the software and
the algorithms are not discussed in this paper for security
reasons.
VII. FINANCIAL TRANSACTIONS
A smart card platform can be used to hold and transmit
data via magnetic stripe or smartcard chip to allow for the
continued use of existing reader infrastructure in the U.S.
For prevention of electronic identity theft and fraud,
additional functionalities allow the card to provide
authentication security for card-reader-not-present
transactions. This can be done using OTP security and
applies to online and telephone banking, and to retail
transactions. Because transactions in these formats are most
vulnerable to fraud, the OTP function, combined with a
biometric on-card authentication function, could provide a
significant security and cost savings advantage for issuers,
as well as identity fraud protection for the users. For an
online transaction, the user experience would appear much
like a standard login. For example:
1. User accesses his/her bank Web site
2. User uses biometric authentication and/or enters login
ID and static password or Personal Identification
Number (PIN)
3. An OTP is generated and displayed on the card
4. User enters OTP onto Web interface
5. Web server contacts authentication server for
verification
6. Authentication server validates OTP with Application
Program Interface (API) middleware
7. User gains access to bank account and completes
transaction.
An OTP can also be supplied to electronic retailers to
verify card ownership during an e-commerce transaction
and to telesales agents during a phone transaction. Data
access security works in a similar way. When coupled with
a static PIN code and/or on card biometric authentication,
OTP provides multi-factor authentication, such as that
recommended by financial institutions of the Office of the
Comptroller of the Currency (OCC) in their advisory letter
AL 2001-8, which introduced the document generated by
FFIEC, entitled: “Authentication in an Internet Banking
Environment,” October 12, 2005. A PIN can be used with
the OTP and biometric authentication in several different
ways. The first method is through a Web or phone
interface, with on-card biometric authentication and/or a
PIN, in conjunction with an OTP entered separately (as is
described above). Another option is entering a concatenated
code (the PIN and OTP combined into one string). Thirdly,
the PIN can be entered into the card in order to receive an
4. OTP. Fourthly, the PIN entered is used in a calculation of
the OTP (thus a wrong PIN would generate an invalid
OTP).
One desired functionality for financial cards is wireless
financial transaction capability. Non self powered cards
have been used for the last decade but are limited as they
use very short range radio frequency identification (RFID)-
based transactions. Other wireless technologies exist that
can be integrated into a card platform to provide for contact
free use of the device. One such technology utilizes Zigbee
communications protocols providing for 20 to 30 meter
range with very low power consumption at a low
bandwidth. This would be ideal, because bandwidth is not a
critical factor with typical card applications.
VIII. SECURITY
On card Biometric Fingerprint Authentication is a very
desirable functionality that is presently available and
enabled in a powered smart card platform. It can be used to
allow the generation of OTP so that existing financial
exchange infrastructure can be used without costly
upgrades.
OTP is the result of a cryptographic calculation with a
single direction. The algorithm, defaulted to Open
Authorization (OATH) event-based, can also be changed
upon request. For this reason, a provision was made
regarding the capacity of the chip used. The OATH
algorithm is a good choice because it is becoming an
industry standard, backed by a global consortium of more
than 60 authentication companies. Thus, the adoption of
this standard throughout the entire security marketplace will
make it possible for the OTP card to be compatible with the
necessary middleware. The OATH cryptographic
calculation uses a starting seed of 20 bytes. This seed is
hashed through the algorithm, and the result is the seed of
the subsequent calculation. Thus, the starting seed is no
longer present in the card once the first calculation has been
carried out. This characteristic guarantees that the seed
which allows the authentication of the card is no longer in
the hands of the user but only on the side of the protected
server.
It is important to take additional measures to secure the
information inside the card. A fraud attempt may include
opening the card to collect information (tampering method).
In order to avoid this kind of attack, all the sensitive
components are put together in the same chip and a chip bit
lock is activated which allows no one, not even the
manufacturer, access to the sensitive areas of programming
that could be manipulated to gain access to sensitive
information. Thus, the attack becomes much more difficult,
and even impossible, without implementing considerable
technological means. Moreover, all sensitive information is
stored in the volatile memory of the chip in random access
memory (RAM) and only exists as long as the chip is
electrically powered. Any attempt to open the card, if it
succeeds, would cause a simultaneous rupture in the
electrical supply, and would erase the contents of the
memory along with the sensitive data. In the long term, the
chip currently used may be replaced by an Europay,
MasterCard and Visa (EMV) chip. As this type of protected
chip has not been initially designed to function from an
embedded power source, adaptations are being developed to
take this characteristic into account and to guarantee a 2-
year lifespan to meet ISO standards.
IX. CUSTOMER BENEFITS
The smart card platform provides many benefits to both
the customer and the user. The ability for on card biometric
authentication embedded directly into a card platform makes
it impossible to use a stolen card. It provides financial
service providers a means for product differentiation and a
major decrease in fraud liability costs for card-not-present
transactions. The smart card platform can also be used to
track loyalty programs on a transaction basis and to redeem
points for goods or services. In addition, the card could
provide positive identification of the bearer for other
applications.
X. ADVERTISING AND PROMOTIONS
Given the functionality of wireless communications,
on-card displays and audio on-card processing and memory;
the smart card platform can also be used to communicate
with or reward a user on a real time basis at the point of
sale. Other in-store devices can trigger personalized
displays based upon wireless communications with the
user’s cards.
XI. NEXT STEP
Driven by identity theft, globalization, and the global
war on terrorism, many western countries are in the first
stages of developing identification cards; many of which
will include some biometric authentication capability. In
theory one card could function for many applications. This
card could act as a driver’s license, passport, employee ID,
automated teller machine (ATM), locator and
communications device.
Smart cards have been very successful in reducing
fraudulent use of credit cards in Europe to near negligible
levels. They have not been used by the U.S. credit card
industry because of high per card costs and the high cost of
replacing the existing magnetic card reader infrastructure.
The development of a powered smart card platform which
can operate with any existing reader and incorporate
biometric authentication is a very technically viable option.
The process to introduce this technology to the marketplace
5. will be driven by the cost to manufacture these cards, which
is, in turn, a function of volume and the maturity of critical
technologies.
6. CONCLUSIONS
The use of interactive multitask credit card technology
(Smart Cards) is expected grow quickly because:
1. It is a great technology to reduce fraud and identity
theft
2. The technology’s market share will grow with time and
cost savings
3. The technology enables the increased mobility of the
users
4. The technology facilitates financial transactions
5. The technology opens the financial market to a new set
of business opportunities.
ACKNOWLEDGEMENTS
Figures 1 and 2 are from nCryptone’s Web site:
http://www.ncryptone.com. Figure3 is from Innovative
Card Technologies.
REFERENCES
1 [1] General Services Administration Office of
Government-wide Policy (2004), Government Smart
Card Handbook, Retrieved May 1, 2006 from:
http://www.smartcardalliance.org/industry_info/index.c
fm.
2 [2] D. Davis Balaban, T. Rueter, and K. Woodward,
(2006), The Future of Smart Cards, Card Technology,
Retrieved May 5, 2006 from:
http://www.cardtechnology.com/article.html?
id=200603015RXWB9XC.
3 [3] Office of the Comptroller of the Currency
Advisory Letter 2001-8 to use Federal Financial
Institutions Examination Council, “Authentication in an
Internet Banking Environment,” July 20, 2001.
Retrieved May 4, 2006 from:
http://www.ffiec.gov/PDF/pr080801.pdf.
4 [4] R. Arnfield, (2006), What Was That Number
Again, Card Technology, 10(4), 34-43.
5 [5] A. Shah, (2004), Visa Toys with Credit Card
Displays Small LCD Could Display Account Info, but
Challenges Remain, PC World, Retrieved May 3, 2006
from:
http://www.pcworld.com/news/article/0,aid,115910,00.
asp.
6 [6] T. Jackson, (2006), Save a Tree, Forbes.com,
Retrieved May 4, 2006 from:
http://www.eink.com/press/coverage.html.
7 [7] Solicore Company Website, Retrieved May 3,
2006 from: http://solicore.com.
7. CONCLUSIONS
The use of interactive multitask credit card technology
(Smart Cards) is expected grow quickly because:
1. It is a great technology to reduce fraud and identity
theft
2. The technology’s market share will grow with time and
cost savings
3. The technology enables the increased mobility of the
users
4. The technology facilitates financial transactions
5. The technology opens the financial market to a new set
of business opportunities.
ACKNOWLEDGEMENTS
Figures 1 and 2 are from nCryptone’s Web site:
http://www.ncryptone.com. Figure3 is from Innovative
Card Technologies.
REFERENCES
1 [1] General Services Administration Office of
Government-wide Policy (2004), Government Smart
Card Handbook, Retrieved May 1, 2006 from:
http://www.smartcardalliance.org/industry_info/index.c
fm.
2 [2] D. Davis Balaban, T. Rueter, and K. Woodward,
(2006), The Future of Smart Cards, Card Technology,
Retrieved May 5, 2006 from:
http://www.cardtechnology.com/article.html?
id=200603015RXWB9XC.
3 [3] Office of the Comptroller of the Currency
Advisory Letter 2001-8 to use Federal Financial
Institutions Examination Council, “Authentication in an
Internet Banking Environment,” July 20, 2001.
Retrieved May 4, 2006 from:
http://www.ffiec.gov/PDF/pr080801.pdf.
4 [4] R. Arnfield, (2006), What Was That Number
Again, Card Technology, 10(4), 34-43.
5 [5] A. Shah, (2004), Visa Toys with Credit Card
Displays Small LCD Could Display Account Info, but
Challenges Remain, PC World, Retrieved May 3, 2006
from:
http://www.pcworld.com/news/article/0,aid,115910,00.
asp.
6 [6] T. Jackson, (2006), Save a Tree, Forbes.com,
Retrieved May 4, 2006 from:
http://www.eink.com/press/coverage.html.
7 [7] Solicore Company Website, Retrieved May 3,
2006 from: http://solicore.com.