An Introduction to
SMART CARDS
Part 1 of a Two-Part Series
by Steve Petri, Litronic, Inc.
(Originally published in Messaging Magazine, September/October 1999)

In recent months, industry pundits have begun to suggest that smart cards will one day be as important as computers are today. This statement is somewhat misleading, however, because it implies that smart cards are not computers, which in fact, they are.

This first article in a two-part series describes the history of smart cards, compares some different types, and discusses their low-level properties. To complete the picture, the second article in this series will discuss the standards that affect the adoption of smart cards in mainstream society, and how smart cards relate to today’s computer security systems.

Because smart cards are indeed tiny computers, it is difficult to predict the variety of applications that smart cards will make possible in the future. In fact, it is quite possible that smart cards will experience rapid increases in processing power, following "Moore’s Law"¹ and doubling in performance while halving in cost every 18 months as computers have for the past 2 decades.

Since their inception, smart cards have proven to be quite useful as a transaction, authorization, and identification medium in European countries. As their capabilities increase, they could become the ultimate "thin client," eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs. (The photographs could be viewed and/or exchanged using capable terminals or personal computers.) By containing various identification certificates, smart cards could be used to voluntarily identify attributes of ourselves, no matter where we are or to which computer network we are attached.

This article does not try to predict the future of smart card application possibilities, nor their impact on society. Instead, it focuses on the state-of-the-art for smart cards and their use in computer and network security systems. Similarly, this article is not scientifically comprehensive with regard to every detail of integrated circuit cards. Instead, it tries to strike a balance between accuracy and comprehensibility. The standards and references that are mentioned throughout the article can be used to find more specific information.

A Brief History of Smart Cards
The roots of the current day smart card can be traced back to the United States, in the early 1950s, when Diner’s Club produced the first all plastic card to be used for payment applications. The use of the synthetic material PVC allowed for longer lasting cards than the previous conventional paper-based cards. In this system, the mere fact that you were issued a Diner’s Club card allowed you to pay with your "good name" rather than cash. In effect, the card identified you as a member of a select group, and was accepted by certain restaurants and hotels that recognized this group.

VISA and MasterCard then entered the market, but eventually the cost pressures of fraud, tampering, merchant handling, and bank charges necessitated a machine-readable card. The subsequent introduction of the magnetic stripe allowed additional digitized data to be stored on the cards in a machine-readable format. This type of embossed card with a magnetic stripe is still the most commonly used method of payment. Magnetic stripe technology suffers from a critical weakness, however, in that anyone with access to the appropriate device can read, re-write, or delete the data. Thus a magnetic stripe card is unsuitable for storing sensitive data and, as such, requires an extensive online, centralized, back-end infrastructure for verification and processing.

As it turns out, this type of back-end infrastructure soon became prevalent in the United States, but was not as readily available in the European countries. As in any client/server architecture, one solution to a lack of back-end processing power is to beef up the back-end server side, but another solution is to make the client side more powerful, thus relieving some of the duties of the back-end. European countries seem to have preferred the client side approach, and made a huge improvement over magnetic stripe technology by introducing the integrated circuit card (ICC).

In 1968, German inventors Jürgen Dethloff and Helmut Grötrupp applied for the first ICC-related patents. Similar applications followed in Japan in 1970 and in France in 1974. In 1984, the French Postal and Telecommunications services (PTT) successfully carried out a field trial with telephone cards. By 1986, many millions of French telephone smart cards were in circulation. Their number reached nearly 60 million in 1990, and 150 million were projected for 1996.

As cryptography made great progress in the 1960s and security mechanisms could be proved mathematically, smart cards proved to be an ideal medium for safely storing cryptographic keys and algorithms. French banks were the first to field this type of card by introducing a chip-incorporating bank card in 1984. German banks began introducing them around 1997. Another application fielded in Germany included over 70 million smart cards that carried health insurance information.

Types of Cards
With "Identification Cards—Physical Characteristics" (standard 7810), the International Organization for Standardization defined the physical properties (such as flexibility, temperature resistance, and dimensions) for three different card formats (ID-1, ID-2, and ID-3). The smart card standard, ISO 7816, is based on the ID-1 format. In order to give perspective, this section describes several different types of ID-1 cards, including embossed cards, magnetic stripe cards, memory cards, microprocessor cards, cryptographic coprocessor cards, contactless smart cards, and optical memory cards.

With the exception of embossed cards and magnetic stripe cards, all of the cards described in this section are ICCs, which have conventionally come to be known as "smart cards." These are the newest and most clever additions to the ID-1 family, and they also follow the details laid down in the ISO 7816 series. These types of cards allow far greater orders of magnitude in terms of data storage. (Cards with over 20 Kbytes of memory are currently available.) Also, and perhaps most importantly, the stored data can be protected against unauthorized access and tampering. Memory functions such as reading, writing, and erasing can be linked to specific conditions, controlled by both hardware and software. In addition, smart cards are more reliable and have longer expected lifetimes than their magnetic stripe predecessors. One type in particular, namely the cryptographic coprocessor card, is becoming very important to current computer and network security systems.

• Embossed Cards
  Embossing allows textual information and/or designs on the card to be transferred to paper using a simple and inexpensive device. ISO 7811 specifies the embossed marks, covering their form, size, embossing height, and positioning. Transfer of information via embossing may seem primitive, but the simplicity of the system has made worldwide proliferation possible.
    
• Magnetic Stripe Cards
  The primary advantage that magnetic stripe technology offers over embossing is a reduction in the flood of paper documents. Parts 2, 4, and 5 of ISO 7811 specify the properties of the magnetic stripe, coding techniques, and positioning. The stripe’s storage capacity is about 1,000 bits and anyone with the appropriate read/ write device can view, alter, or delete the data.
    
• Memory Cards
  Although referred to as smart cards, memory cards are typically much less expensive and much less functional than microprocessor cards. They contain erasable programmable read-only memory (EEPROM) and read-only memory (ROM), as well as some address and security logic. In the simplest designs, logic exists to prevent writing and erasing of the data. More complex designs allow memory read access to be restricted. Typical memory card applications are pre-paid telephone cards and health insurance cards.
     
• Microprocessor Cards

Components of this type of architecture include a central processing unit (CPU), random access memory (RAM), ROM, and EEPROM. The operating system is typically stored in ROM, the CPU uses RAM as its working memory, and most of the data is stored in EEPROM. A rule of thumb for smart card silicon is that RAM requires four times as much space as EEPROM, which in turn requires four times as much space as ROM. Typical conventional smart card architectures have the properties reflected in Table 1.

Table 1. Conventional Smart Card Architectures   Component   Characteristics   RAM   256 bytes to 1 Kbytes   EEPROM   1 Kbyte to 16 Kbytes   ROM   6 Kbytes to 24 Kbytes   Microprocessor   8 bits at approximately 5 MHz   Interface Speed   9600 bps minimum, half-duplex

The serial I/O interface usually consists of a single register, through which the data is transferred in a half-duplex manner, bit-by-bit. Although the chip can be thought of as a tiny computer, the external terminal must supply the voltage, ground, and clock.

• Cryptographic Coprocessor Cards
  Although these cards technically belong to the microprocessor card category, they are separated here because of differences in cost and functionality. Because the common asymmetric cryptographic algorithms of the day (such as RSA) require very large integer math calculations, an 8-bit microprocessor with very little RAM can take on the order of several minutes to perform a 1024-bit private key operation. However, if a cryptographic coprocessor is added to the architecture, the time required for this same operation is reduced to around a few hundred microseconds. The coprocessors include additional arithmetic units developed specifically for large integer math and fast exponentiation. There is a drawback, however, and it is the cost. The addition of a cryptographic coprocessor can increase the cost of today’s smart cards by 50 to 100 percent. These cost increases will likely diminish, as coprocessors become more widespread.
   
• In spite of the increased cost, the benefits to computer and network security of including the cryptographic coprocessor are great, because it eliminates the need for the private key to ever leave the smart card. As we’ll see in the following sections, this becomes a critical factor for operations such as digital signatures, authentication, and non-repudiation. Eventually, though, the need for a cryptographic coprocessor and its associated cost will likely go away. This is because the basic processors could become powerful enough to perform the math-intensive operations, or other algorithms such as those based on elliptic curve technology could become popular. (Elliptic curve algorithms provide strong security without the need for large integer math, but haven’t yet found their way into widespread use.)
   
• Contactless Smart Cards
  Although the reliability of smart card contacts has improved to very acceptable levels over the years, contacts are one of the most frequent failure points in any electromechanical system due to dirt, wear, and so forth. The contactless card solves this problem, and also gives the issuer an interesting range of new possibilities. In particular, because these cards no longer need to be inserted into a reader, they could significantly improve end user acceptance. In addition, because no chip contacts are visible on the surface of the card, card graphics can express more freedom. Still, despite these benefits, contactless cards have not yet seen widespread acceptance. The cost is higher and not enough experience has been gained to make the technology reliable. Nevertheless, this elegant solution will likely have its day in the sun at some time in the future.
   
• Optical Memory Cards
  ISO/IEC 11693 and 11694 define standards for optical memory cards. These cards can carry many megabytes of data, but the cards can only be written once and never erased with today’s technology. Although the read and write devices for optical cards are still very expensive, they may find use in applications such as health care, where large amounts of data must be stored.

Low Level Properties of Smart Cards
This section addresses the low level properties of smart cards, including:

• physical and electrical properties,
• operating system,
• cryptographic capabilities,
• data transmission, and
• instruction sets.

Physical and Electrical Properties

Designated as ID-1, a smart card is described in ISO 7810 as having physical dimensions of 85.6 mm x 54 mm, with a corner radius of 3.18 mm and a thickness of 0.76mm. ISO 7810 also addressed embossing, magnetic stripes, and other physical properties; however, because the standard was developed in 1985, it did not address chip placement. Consequently, smart card chip placement is defined in ISO 7816-2, which was released in 1988. These physical characteristics are depicted in Figure 1. The minimum requirements for card robustness are specified in ISO 7810, 7813, and 7816 Part 1. These specifications address such factors as UV radiation, X-ray radiation, the card’s surface profile, mechanical robustness of the card and its contacts, electromagnetic susceptibility, electromagnetic discharges, and temperature resistance. ISO/IEC 10373 specifies the test methods for many of these requirements. The electrical specifications for smart cards are defined in ISO/IEC 7816 Parts 2 and 3, and GSM 11.11. Most smart cards have eight contact fields on the front face; however, because two of these are reserved for future use, some manufacturers produce cards with only six contact fields, in order to slightly reduce production costs. Electrical contacts are typically numbered C1 through C8 from top left to bottom right. Figure 2 shows the layout of these contacts for both the 6-field and 8-field configurations. Table 2 describes their functions.
	Table 2. Description of Contacts Position Technical Function   Abbreviation C1 Vcc   Supply voltage C2 RST   Reset C3 CLK   Clock frequency C4 RFU   Reserved for future use C5 GND   Ground C6 Vpp   External programming voltage C7 I/O   Serial input/output communications C8 RFU   Reserved for future use
The Vpp contact was used several years ago to supply voltage to EEPROMs for programming and erasing. However, with the advent of charge pumps that exist on the chip, the Vpp contact is rarely used today. The Vcc supply voltage is specified at 5 volts ±10 percent. There is an industry push for smart card standards to support 3-volt technology because all mobile phone components are available in a 3-volt configuration, and smart cards are the only remaining component that requires a mobile phone to have a charge converter. It is theoretically possible to develop 3-volt smart cards, but interoperability with current 5-volt systems would be a problem. Nonetheless, a wider voltage range handling 3 to 5 volts will probably become mandatory in the near future.

Operating System

Although typically only a few thousand bytes of programming code, the operating system for the smart card microprocessor must handle such tasks as:

• data transmission over the bi-directional, serial terminal interface;
• loading, operating, and management of applications;
• execution control and instruction processing;
• protected access to data;
• memory management;
• file management; and
• management and execution of cryptographic algorithms.

Cryptographic Capabilities

Current state-of-the-art smart cards have sufficient cryptographic capabilities to support popular security applications and protocols. This section describes common capabilities found in the crypto-enabled smart cards from leading vendors.

RSA signatures and verifications are supported with a choice of 512-, 768-, or 1024-bit key lengths. The algorithms typically use the Chinese Remainder Theorem (CRT) in order to speed up the processing. Even at the 1024-bit key length, the time needed to perform a signature is typically under 1 second. Usually, the EEPROM file that contains the private key is designed such that the sensitive key material never leaves the chip. In this case, even the cardholder can’t access the key material. In addition, use of the private key is protected by the user’s personal identification number (PIN), so possession of the card does not imply the ability to sign with the card. Some cards also implement the padding defined by RSA’s Public Key Cryptography Standard #1 (PKCS#1).

Although smart cards have the ability to generate RSA key pairs, this can be very slow. Typical times needed for a 1024-bit RSA key pair range from 8 seconds to 3 minutes. The larger times violate the ISO specifications for communications timeout, so specialized hardware or software is sometimes necessary. Also, the quality of the key pairs may not be extremely high. The lack of computing power implies a relatively weak random number source, as well as relatively weak algorithms for selecting large prime numbers.

The Digital Signature Algorithm (DSA) is less widely implemented than RSA. When it is implemented, it is typically found only at the 512-bit key length.

Smart cards support the ability to configure multiple PINs that can have different purposes. For example, applications can configure one PIN to be a "Security Officer" PIN, which can unblock the "User" PIN or re-initialize the card after a set number of bad PIN attempts. Other PINs can be configured to control access to sensitive files or purse functions.

The Data Encryption Standard (DES) and triple DES are commonly found in the leading smart cards. They usually have the option to be used in a Message Authentication Code (MAC) function. However, because the serial interface of a smart card has a low bandwidth, bulk symmetric encryption is very slow. In addition, to make it difficult to extract information about the chip operating and file systems, various methods of hardware security monitoring are enabled on leading smart cards. A one-time, irreversible fuse typically disables any test code built into the EEPROM. In order to avoid card cloning, an unalterable serial number is often burned into the memory. The cards are designed to reset themselves to a power-on state if they detect fluctuations in voltage, temperature, or clock frequency. Reading or writing of the ROM is usually disabled. Because every vendor has their own (usually proprietary) schemes for these measures, it is always good to inquire and/or request reports from independent testing laboratories.

Electronic purse functionalities are often present, but they are typically based on symmetric key technologies such as DES and triple DES. Thus, a shared secret key enforces the security of many of these schemes. Common hashing algorithms include SHA-1 and MD-5; but again, the low bandwidth serial connection hinders effective use of bulk hashing on the card.

Random number generation (RNG) varies among card vendors. Some implement a pseudo-random number generator, for which each card has a unique seed. In this case, random numbers cycle through, dependent on the algorithm and the seed. Some cards have a true, hardware-based random number generator, which uses some physical aspect of the silicon. It is best to check with the vendor for details of the RNG if it will be used in a cryptographically sensitive context.

Communications protocols on smart cards at the command level often have a built-in security protocol. These are typically based on symmetric key technology and allow the smart card itself to authenticate the read/write terminal or vice versa. However, the cryptograms and algorithms for these protocols are usually specific to a given application and terminal set.

Data Transmission

All communications to and from the smart card are carried out over the C7 contact. Thus, only one party can communicate at a time, whether it is the card or the terminal. This is termed "half-duplex." Communication is always initiated by the terminal, which implies a type of client/server relationship between card and terminal. After a card is inserted into a terminal, it is powered up by the terminal, executes a power-on-reset, and sends an answer to reset (ATR) to the terminal. The ATR is parsed, various parameters are extracted, and the terminal then submits the initial instruction to the card. The card generates a reply and sends it back to the terminal. The client/server relationship continues in this manner until processing is completed and the card is removed from the terminal.
ISO/IEC 7816-3 defines the physical transmission layer, including the voltage-level specifics that end up translating into the "0" and "1" bits. Logically, there are several different protocols for exchanging information in the client/server relationship. These are designated "T=" plus a number, as summarized in Table 4.
The two protocols most commonly seen are T=0 and T=1. (T=0 is the most popular.) Figure 3 presents a brief overview of the T=0 protocol. The references contain more detailed information and descriptions for all of the protocols. In the T=0 protocol, the terminal initiates communications by sending a 5-byte instruction header, which includes a class byte (CLA), an instruction byte (INS), and three parameter bytes (P1, P2, and P3). This header may be followed (optionally) by a data section. Most commands are either incoming or outgoing from the card’s perspective, and the P3 byte specifies the length of the data that will be incoming or outgoing. Error checking is handled exclusively by a parity bit appended to each transmitted byte. If the card correctly receives the 5 bytes, it returns a 1-byte acknowledgment equivalent to the received INS byte. If the terminal is sending more data (incoming command) it sends the number of bytes it specified in P3. After receiving the complete instruction, the card can process it and generate a response. All commands have a 2-byte response code, SW1 and SW2, which reports success or an error condition. If a successful command must return additional bytes, the number of bytes is specified in the SW2 byte. In this case, the GET RESPONSE command is used, which is itself a 5-byte instruction conforming to the protocol. In the GET RESPONSE instruction, P3 is equal to the number of bytes specified in the previous SW2 byte. GET RESPONSE is an outgoing command from the card’s point of view. The terminal and card communicate in this manner, using incoming or outgoing commands, until processing is complete.

Instruction Sets

There are four international standards that define typical smart card instruction sets, which include more than 50 instructions and their corresponding execution parameters. Specifically, the four standards include GSM 11.11 (prETS 300608), EN 726-3, ISO/IEC 7816-4, and the preliminary CEN standard prEN 1546.

Although found in four separate standards, the instructions are largely compatible, and can be classified by function as follows:

• file selection,
• file reading and writing,
• file searching,
• file operations,
• identification,
• authentication,
• cryptographic functions,
• file management,
• instructions for electronic purses or credit cards,
• operating system completion,
• hardware testing,
• special instructions for specific applications, and
• transmission protocol support.

Of the possible instructions, a smart card will typically implement only the subset specific to its application. (This is due to memory or cost limitations.)

Smartcard Readers (Terminals)

Although commonly referred to as "smart card readers," all smart card-enabled terminals, by definition, have the ability to read and write as long as the smart card supports it and the proper access conditions have been fulfilled. In contrast to smart cards, which all have very similar construction, smart card readers come in a variety of form factors, with varying levels of mechanical and logical sophistication. Some examples include readers integrated into vending machines, handheld battery-operated readers with a small LCD screen, readers integrated into GSM mobile phones, and readers attached to personal computers. Mechanically, readers have various options, including whether the user must insert/remove the card versus automated insertion/ejection mechanisms, sliding contacts versus landing contacts, and provisions for displays and keystroke entry. Electrically, the reader must conform to the ISO/IEC 7816-3 standard. This section focuses on readers attached to personal computer systems, because those have the largest impact on computer and network security. Many reader types are available off-the-shelf in today’s market, and each has its pros and cons, as summarized in Table 5.  MM

Footnote:
1. Some of the information for this article was gathered about 18 months ago, and 'conventional smart card architectures' have indeed followed Moore's Law and increased in computing power. At current time, smart cards can be found with 32 bit architectures and 32 to 64 Kbytes of EEPROM.

References:

• ISO 7810: 1995, Identification Cards—Physical Characteristics
• ISO 7811: 1995, Identification Cards—Recording Technique
• ISO 7813: 1995, Identification Cards—Financial Transaction Cards
• ISO 7816: 1987-1995, Identification Cards—Integrated Circuit Cards with Contacts
• ISO/IEC 10373: 1993, Identification Cards—Test Methods
• ISO/IEC 11693: 1995, Optical Memory Cards
• ISO/IEC 11694: 1995, Optical Memory Cards—Linear Recording Method
• GSM 11.11: 1995, European Digital Cellular Telecommunications System
• EN 726-3: 1994, Identification Card Systems—Telecommunications Integrated Circuit Cards and Terminals
• prEN 1546: 1995, Identification Card Systems – Inter-Sector Electronic Purse
• Renkl, W., and Effing, W.: Smartcard Handbook, Chichester: John Wiley & Sons, 1997
• PC/SC: http://www.smart cardsys.com/
• PKCS#11: http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-11.html
• Opencard: http://www.opencard.org/
• Javacard: http://www.javasoft.com/products/javacard/index.html
• CDSA: http://developer.intel.com/ial/security/
• Microsoft CryptoAPI: http://www.microsoft.com/workshop/prog/security/capi/cryptapi.htm
• Paul Kocher: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems: http://www.cryptography.com/timingattack/paper.html
• Mondex: http://www.mondexusa.com/
• Proton: http://www.protonworld.com/
• VisCash: http://www.visa.com/cgi-bin/vee/nt/chip/main.html?2+0

For information on article reprints, contact Jay Devine, Communications Manager at jay.devine@ema.org.

Back to Table of Contents