What is a smart card?

Our search engines reporting shows that many people ask "What is a smart card?" question. So let's answer it.

In very few words: a smart card or chip card is a miniature computer squeezed into micro size and implanted into the card body. What makes chip card "smart" is fact that it has microprocessor that can perform many funcions and calculations.

By same token not every card is smart even that it looks like that to the naked eye. For example memory cards are not smart. They are simple memory storages for some data. Similar to USB stick. Nothing smart there.

WHO INVENTED IT?

First idea came from inventor in Japan in 1970. French inventor and after that Germans claimed patents for first practical smart card in 1974. Ideas were great but whole thing took off in 1990 and later when technology of microcircuits was developed enough to make chips.

Both France and Germany introduced smart cards on large scale by sending a health card to every citizen. French Vitale system si probably oldest smart health card system in the world.

MORE ABOUT CHIPS  

Chip comes in 2 basic appearances as embedded inside a card invisible to naked eye and visible as small metallic square.

Contactless chip communicates with smart card reader wirelessly at distance of up to 4 INCH (10 cm). No physical contact needed. It is sometime called RFID (Radio Frequency ID) card.

Contact chip has to be inserted in reader and there reader contacts made connection to chip contacts. Smart chip has 6 or 8 contacts in shape that is specific to certain manufacturer. Those contacts are: power, ground, IN/OUT communications line, reset and clock.

WHAT IS IN THE CHIP?

Smart chip is really a computer even that it doesn't look like it. It has a processor, RAM, ROM, EEPROM, often math co-processor. What makes chip "smart" is OS (Operational System). Every day we encounter Windows, Linux, Mac OSX, Android, iOS operational systems. Most popular OS found in smart cards is Java. Not  "big" Java running in PCs but rather special smart card version. Java OS is made by Oracle - SUN Microsystems from USA.

Another popular smart card OS is Basic Card OS Made by Zeit Control from Germany. There are few more OSs used in smart chips. For end user it is like using browser in Windows or Mac OSX = no difference. Both do same thing, funcionality wise.

There is another important piece of data about smart chips. How much EEPROM memory they have. As we learned chips are very, very small. Maybe 2-3 millimeters square only so memory size is very small, anything between few hundred bytes and 150kbytes. Could be more but for standard popular sizes it would be: 1k, 2k, 8k, 16k, 32k, 40k, 64k, 72k, 80k, 145k.

People easily got hooked up on getting as big memory sized chip card as possible. 2 things: memory size makes quite impact on chip price and bear in mind that programs and data in chip may be very small so paying for big memory card may be waste.

WHAT HAPPENS WHEN CARD IS INSERTED OR PRESENTED TO READER?

Chip is powered up! It is very important to understand that chip does not have battery or any power source. It gets power from reader. As soon as powered up microprocessor wakes up, answers to reset signal and identifies itself with short digital message called ATR. Answer To Reset. 

At this time it is important to recognize that reader reads and writes back to chip as needed. Common name is reader but again, it is reader and writer. Always! Also, it is important to recognize that reader is means of communication between smart chip and PC or smart card terminal. Reader does not have any programming in it's chips. It is actually PC talking to chip and smart card answering back. 

Conclusion: chip card must be powered up to do anything and card alone can't perform anything useful. It happens when card communicates with other computer or standalone terminal.

HOW TO PROGRAM SMART CARD?

There are 2 parts to funcional program for smart card:

  1. Software that is loaded into the chip
  2. Software written for computer that will communicate with cards

Since smart card has specific OS person who wants to create working application for smart card needs to write program in that OS. Software packages that enable writing smart card applications are called SDK (Software Development Kit) packages. Simply said, chip with Java OS needs program written in JAVA OS. Basic Card needs program written in ZC Basic. There is no other way to do it. We carry various SDK packages found here.

PC part or terminal part is done in OS that resides in PC. Windows comes to mind, Linux or Android come to mind first.

ENCRYPTION

Power of smart cards lays in fact that content can and should be encrypted. That makes data stored in the smart card very secure. When strong encryption is properly applied we consider chip to be the most secure place in the world to hold secret. Common secret data would be: banking information, personal ID, medical information, payment information, membership data, driver's license info, insurance data or really anything that comes to mind.

There are different encryption techniques like: DES, RSA, AES. While they represent lock to card data, secret keys represent key to the lock. Usually written in HEX form keys look like this: A8 BC D6 EE 2F BB ... Those secret keys are very long numbers which makes it very hard, practically impossible to just guess it. Result is pretty simple: no secret keys, no access to the data in chip!

 

POPULAR MISCONCEPTIONS ABOUT SMART CARDS

Government can track card holders. With contact chip card that is absolutely impossible. Remember, chip is like a light bulb. Has to be powered up in order to work. In case of contactless card chip has to be powered up by antenna RF field coming from antenna. Card's antenna has to pickup that energy in sufficient amount in order to turn on the chip. For that to happen card has to be very close to antenna or antenna. Up to 4 INCH sounds like normal reading distance to communicate with contactless card. That means reading across the room is practically impossible. Antenna to create so much RF field would have to be really big, let's say door size.

By the way with so much power it would be dangerous for people.

To protect contactless cards from intruders card holders keep cards in metallic pouches in side their wallets. Super simple and very effective.

When inserted card appears in Window file explorer. No they are not. If they would be the same as an USB stick plain memory they would. But they have microprocessor inside and Windows can't simply access cards content and filing system.

Text or similar file could be sent to the chip. Not really. Since cards does not show up as memory device in host computer that can't be done. Programmer has to create interface application that will do desired things and read and write to card.

Smart cards could be cloned. Also not. Each card has embedded serial number from factory. It can not be changed so other card can't be clone of first card.

Smart cards could be hacked so bank cards or similar could be made fake. Every smart card should be encrypted, often with comination of different encryption techniques. That makes break in into the card super hard or entirely impossible.

Card keys could be read by electronic microscopes. Now this is something out of James Bond movie. Theory says that under huge magnification it is possible to read actual bits of data, or keys. One would have to remove chip, peel off or disolve epoxy layers protecting back of the chip, peel off electronic layers to reach the one around microprocessor. All this is very long shot and manufacturers constantly improve technologyand layout of the layers masking live layers with ones that do nothing but protect deep center. Meddling with this makes sure destruction of main layer.

Power analysis can reveal the keys. Idea is that hackers equipped with oscilloscope can query chip and watch and record it's responses. Again this is some of the experiment more than science. It works mostly with contactless cards, kind of. Manufacturers know how to disquise and mask chip's power demand so no clues could be drawn out of it.

 


That is a story about smart cards. Hopefully it wasn't boring, You asked for it!