CLOUD COMPUTING 2020-21

DEFINITION

SMART CARD
A smart card is a physical card that has an embedded integrated chip that
acts as a security token. Smart cards are typically the same size as a driver's
license or credit card and can be made out of metal or plastic. They connect to
a reader either by direct physical contact (also known as chip and dip) or
through a short-range wireless connectivity standard such as radio-frequency
identification (RFID) or near-field communication (NFC).

The chip on a smart card can be either a microcontroller or an embedded

memory chip. Smart cards are designed to be tamper-resistant and use
encryption to provide protection for in-memory information. Those cards
with microcontroller chips can perform on-card processing functions and can
manipulate information in the chip's memory.
This paper explains what SMART CARD is and how SMART CARD works
Smart cards are used for a variety of applications, though most commonly are
used for credit cards and other payment cards. Distribution of smart cards in
recent years has been driven by the payment card industry's move to
support smart cards for the EMV payment card standard. Smart cards capable of
short-range wireless connectivity can also be used for contactless payment
systems; they can also be used as tokens for multifactor authentication.
International standards and specifications cover smart card technology, with
some focused on industry-specific applications. In the United States, smart
card technology conforms to international standards (ISO/IEC 7816 and
ISO/IEC 14443) championed by the Smartcard Alliance.

The first mass use of smart cards was the “Telecarte”, a telephone card for
payment in French pay phones which launched in 1983. Smart cards are now
ubiquitous and have largely replaced magnetic stripe (also known as "mag
stripe") card technology, which only has a capacity of 300 bytes of non-
rewriteable memory and no processing capability.

Dept. of Computer science and Engg 1

CLOUD COMPUTING 2020-21

The term "smart card" has been used as a label for a wide variety of hand-held
plastic devices containing mechanisms for storing and/or processing
information. There is much debate over exactly what capabilities and
characteristics a device must have in order to be considered a smart card. One
source states that a smart card is implemented "in a piece of plastic the size of a
credit card" and that "each smart card contains its own central processing unit
[which is] essentially a small computer." [MCIV 85, p. 152] Another source,
with a broader definition, suggests that a smart card "consists of an integrated
circuit chip or chips packaged in a convenient form to be carried on one's
person." [SVGL85, p. l] With the latter definition, the category of smart cards
includes integrated circuit data storage cards and key-shaped devices, which
may not have any computational powers. Magnetic stripe and optical laser
storage cards have also sometimes been referred to as smart cards, because they
have data storage capacity.

Smart Cards and the International Organization for

Standardization (ISO)
The International Organization for Standardization (ISO) develops
voluntarinternational standards in many scientific, technological and economic
fields. ISO has not defined or produced standards for any devices specifically
labelled as “smartcards.”
Smart Cards and the International Organization for Standardization (ISO)
Develops voluntary interna-tional standards in many scientific, technological,
and economic fields.

Dept. of Computer science and Engg 2

CLOUD COMPUTING 2020-21

ISO has not defined or produced standards for any devices specifically labelled
as "smart cards.

*What is Smart Card:-

 A smart card resembles a credit card size and shape, with an embedded microchip
that can be loaded with data, used for telephone calling, electronic cash payments, and
other applications, and then periodically refreshed for additional use.A Smart card is
a portable devices that contains some non-volatile memory and a
microprocessor. The microprocessor is under a gold contact pad on one side of the
card.Card contains some kind of an encrypted key that is compared to a secret key
contained on the user’s processor.

Security in a Generalized Smart Card

System.:
A generalized smart card system contains a smart card, a smart card reader/
write device, a terminal, a host computer, and the connections necessary to
interface these components.
On a superficial level, a smart card system resembles conventional data storage
card systems, such as automated teller machine (ATM) systems which use
magnetic stripe cards. However, because smart cards have computing powers
and greater capacity for protected data storage, smart card systems can provide
increased flexibility and security in many applications.
For example, a company that has proprietary information stored in its main
computer could use a smart card system to maintain and protect this sensitive
data in a scenario such as the following:
A smart card is issued to each employee who has a need to access the computer
system. Each employee's card is programmed with unique information, such as
a personal identification number (PIN). The smart card's microcomputer
performs a secret one-way transformation* on this PIN, to render it unreadable,
and then stores the transformed PIN in a secret part of its memory.
* A one-way transformation is a mathematical function which is easy to
perform but nearly impossible to reverse. That is, given the one-way transformation
function / and the result of this function R = f{D), it is extremely difficult to determine
the input to the function D.

Dept. of Computer science and Engg 3

CLOUD COMPUTING 2020-21

Origins and Development Of Smart Card:

In 1970 a Japanese inventor, Kunitaka Arimura, filed the first patent for what
we would now call a SMART CARD. His patent was restricted to Japan and to
the technical aspects of the invention. Japanese cards manufactured under an
Arimura license.
 1970---Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card
concept.
 1974---Roland Moreno of France filed the original patent for the IC card, later dubbed
the “smart card”.
 1977---Three commercial manufacturers, Bull CP8, SGS Thomson, and
Schlumberger began developing the IC card.
 1979---Motorola developed the first secure single chip microcontroller for use in
French banking.
 1982---Field testing of serial memory phone cards took place in France – the world’s
first major IC card test.
 1984---Field trials of ATM bank cards with chips were successfully conducted.
 1986---14,000 cards equipped with the Bull CP8 were distributed to clients of the
Bank of Virginia and the Maryland
 1987---First large-scale smart card application implemented in the United States with
the U.S. Department of Agriculture’s nationwide Peanut Marketing Card.
 1991---First Electronic Benefits Transfer (EBT) smart card project launched for the
Wyoming Special Supplemental Nutrition Program for Women, Infants, and Children
(WIC).
 1992---A nationwide prepaid (electronic purse) card project (DANMONT) was
started in Denmark.
 1993---Field test of multi-function smart card applications in Rennes, France, where
the Telecarte function (for public phones) was enabled in a Smart Bank Card.
 1994---Europay, MasterCard, and Visa (EMV) published joint specifications for
global microchip-based bank cards (smart cards).
 1995---Over 3 million digital mobile phone subscribers worldwide begin initiating
and billing calls with smart cards.
 1996---Over 1.5 million VISACash stored value cards were issued at the Atlanta
Olympics.
 1998---Microsoft announced its new Windows smart card operating system. France
began piloting a smart health card for its 50 million citizens.
 1999---The Smart Access Common ID Card program established a contract vehicle
for use by all Federal agencies.

Dept. of Computer science and Engg 4

CLOUD COMPUTING 2020-21

How smart cards work

Smart card microprocessors or memory chips exchange data with card readers and other
systems over a serial interface. The smart card itself is powered by an external source, usually
the smart card reader. A smart card communicates with readers either via direct physical
contact or using a short-range wireless connectivity standard such as RFID or NFC. The card
reader then passes data from the smart card to its intended destination, usually a payment or
authentication system connected to the smart card reader over a network connection.
 Smart cards are portable data cards that must communicate with another device to
gain access to a display device or a network. Cards can be plugged into a reader,
commonly referred to as a card terminal, or they can operate using radio frequencies
Identification (RFID) Or Near-field Communication (NFC)

 When the smart card and the card reader come into contact, each identifies itself
to the other by sending and receiving information. If the messages exchanged do not
match, no further processing takes place.

 So, unlike ordinary bank cards, smart cards can defend themselves against
unauthorized users and uses in innovative security measures.

---------------------------------What is in the Card: ------------

 Typical Configurations:
 256 bytes to 4KB RAM

 8KB to 32KB ROM.

 1KB to 32KB EEPROM.

 Crypto-coprocessors (implementing 3DES, RSA etc., in

hardware) are optional.

 8-bit to 16-bit CPU. 8051 based designs are common.

 Current Applications:
 Payphones
 Mobile Communications
 Banking & Retail
 Electronic Purse

Dept. of Computer science and Engg 5

CLOUD COMPUTING 2020-21

 Health Care
 ID Verification and Access Control

**************************************************
**************************************************
**************************************************

 Uses of smart cards :

Smart cards are generally used in
applications that must deliver fast, secure transactions and protect personal
information such as credit cards and other types of payment cards, corporate
and government identification cards and transit fare payment cards. Smart cards
are also sometimes used to function as documents such as electronic passports
and visas.

Smart cards are often designed to be used with a PIN, for example, when
they are used as debit or ATM cards. Organizations also use smart cards for
security purposes; in addition to their use as multifactor authentication tokens,
the cards can also be used for authenticating single sign-on users.

Dept. of Computer science and Engg 6

CLOUD COMPUTING 2020-21

 Types of smart cards:

Smart cards can be categorized on
different criteria including by how the card reads and writes data, by the type of
chip implanted in the card and by the capabilities of that chip. Some of the
different of types of smart cards include

 Contact smart cards are the most common type of smart card. Contact
smart cards are inserted into a smart card reader that has a direct
connection to a conductive contact plate on the surface of the card.
Commands, data and card status are transmitted over these physical
contact points.

 Contactless smart cards require only close proximity to a card reader to

be read; no direct contact is necessary for the card to function. The card
and the reader are both equipped with antennae and communicate using
radio frequencies over the contactless link. A contactless smart card
functions by being put near the reader to be read.

 Dual-interface cards are equipped with both contactless and contact

interfaces. This type of card enables secure access to the smart card's chip
with either the contactless or contact smart card interfaces.
 Hybrid smart cards contain more than one smart card technology. For
example, a hybrid smart card might have one embedded processor chip
that is accessed through a contact reader as well as an RFID-enabled chip
used for proximity connection. The two different chips may be used for
different applications linked to a single smart card, as when the proximity
chip is used for physical access to restricted areas while the contact smart
card chip is used for single sign-on authentication.

 Memory smart cards contain memory chips only and can only store,
read and write data to the chip; the data on memory smart cards can be
over-written or modified, but the card itself is not programmable so data
can't be processed or modified programmatically. Memory smart cards
can be read-only and used to store data such as a PIN, password or public

Dept. of Computer science and Engg 7

CLOUD COMPUTING 2020-21

key; they can also be read-write and used to write or update user data.
Memory smart cards can be configured to be rechargeable or disposable,
in which case they contain data that can only be used once or for a limited
time before being updated or discarded.

 Microprocessor smart cards have a microprocessor embedded onto the

chip in addition to memory blocks. A microprocessor card may also
incorporate specific sections of files where each file is associated with a
specific function. The data in the files and the memory allocation are
managed with a smart card operating system. This type of card can be
used for more than one function and is usually designed to enable adding,
deleting and otherwise manipulating data in memory.
NOTE:Smart cards can also be categorized by their application, such
as credit card, debit card, entitlement or other payment card,
authentication token and so on.

Dept. of Computer science and Engg 8

CLOUD COMPUTING 2020-21

Single-Chip Versus Multiple-Chip

Smart -Card Microcomputers.

There are advantages and disadvantages to both the muliple-chip and the
single-chip smart card. A multiple-chip smart card may be less expensive to
produce, since it can incorporate several easily-attainable, low-cost IC chips. A
single-chip smart card, on the other hand, requires a more complex, specialized
chip, carefully designed to accommodate all the required circuitry for the
microprocessor, memory and I/O. [MCIV 85, p.155] In addition, a multiple-
chip smart card may be able to perform more functions and store more
information than a single-chip smart card. However, including more than one
chip in a smart card presents some difficult problems.

Dept. of Computer science and Engg 9

CLOUD COMPUTING 2020-21

During the course of its use, a plastic credit-card-sized device is subject to a

great deal of bending and twisting. To be reliable, a smart card IC chip must be
placed in one of the few areas of a card where the effects of such stress are
minimal. If several chips are to be contained in a smart card, some of them may
have to be placed in the higher-stress areas of the card, where they may be more
likely to break and cease to function. The connecting “wires" which are needed
to link several chips together may be similarly susceptible to damage.

In addition to the increased chances of breakage, a multiple-chip smart card

may present a risk in terms of the security of the information to be stored within
the card. It may be possible for an adversary to "eavesdrop" on the chip-to-chip
connections and extract secret data from a multiple-chip smart card. Since it
contains no chip-to-chip connections, the single-chip smart card is generally
considered more reliable and more secure than the multiple-chip card. For these
reasons, the single-chip smart card is currently preferred for many applications.

Although it has some limitations, a single-chip smart card can perform all the
functions of a microcomputer. The following sections describe the components
of a microcomputer microprocessor, memory, and input/output —as they may
be implemented in a single smart card IC chip.

-: The Smart Card Microprocessor:-

The microprocessor is thecomponent which makes a smart card "smart" and
distin-guishes it from cards designed to simply store data. The microprocessor
and its associated operating system enables the smart card to "make its own
decisions" concerning whern it will store data in its memories and under what
circumstances it will transfer informa-tion through its input/output interface.
The microprocessor itself consists of three major components: the arithmetic
logic unit (ALU), the control unit, and the bus.

 The ALU provides the basic logic and arithmetic functions for the
microcomputer.It also contains small storage spaces, called registers,
which are needed for performing computations, such as addition or
multiplication. The ALU interacts with the memory and the input/output
in order to coordinate the operations of the microcomputer.
 The control unit assures that the timing of events in the various parts of
the micro-computer are coordinated.

Dept. of Computer science and Engg 10

CLOUD COMPUTING 2020-21

 The bus provides a link between different parts of the smart card
microcomputer.
There are many possible configurations for the bus, which may be comprised of
several segments.

For example, one segment of the bus may link two registers in the ALU
together, another may link the input/output interface to the microprocessor, and
still another may link the microprocessor to the main memory of the smart card.
In general, smart cards are designed such that the bus does not directly connect
the input/output to the main memory. The microprocessor may be linked
between the input/output and the main memory in order to "stand guard" over
information entering and leaving the memory..

LIFE CYCLE OF SMARTCArds:

Dept. of Computer science and Engg 11

CLOUD COMPUTING 2020-21

 Barriers to Acceptance of Smart Cards::

Dept. of Computer science and Engg 12

CLOUD COMPUTING 2020-21

 Present lack of infrastructure to support the smart card, particularly in

the U.S., necessitating retrofitting of equipment such as vending
machines, ATMs, and telephones.
 Proprietary nature of the Chip Operating System. The consumer must
be technically knowledgeable to select the most appropriate card for the
target application.
 Relatively higher cost of smart cards as compared to magnetic stripe
cards. (The difference in initial costs between the two technologies,
however, decreases significantly when the differences in expected life
span and capabilities, particularly in terms of supporting multiple
applications and thus affording cost sharing among application providers-
are taken into account).
 Lack of standards to ensure interoperability among varying smart card
programs.
 Unresolved legal and policy issues related to privacy and confidentiality
or consumer protection laws.
 Smart credit cards became common as banks embraced the EMV
standard.
 Another advantage of smart cards is that once information is stored on
a smart card, it can't easily be deleted, erased or altered. As such, smart
cards are good for storing valuable data that can't be -- or shouldn't be --
easily reproduced.
 Smart card technology is generally safe against electronic interference
and magnetic fields, unlike magnetic stripe cards. In addition,
applications and data on a card can be updated through secure channels so
issuers do not necessarily have to issue new cards when an update is
necessary. Multiservice smart card systems can enable users to access
more than one different service with just one smart card.
Smart cards can provide a higher level of security than magnetic stripe
cards as they can contain microprocessors capable of processing data directly
without remote connections; even memory-only smart cards can be more secure
because they can securely store more authentication and account data than
traditional mag stripe cards.

Advantages of Smart Cards:

Dept. of Computer science and Engg 13

CLOUD COMPUTING 2020-21


 More secure:-Smart cards offer more security and confidentiality than
any other financial or transaction card on the market.They use encryption
and authentication technology which is more secure than previous
methods associated with payment cards.
 Safe to transport:-Another advantage to having a smart card is their
use the banking industry.These cards give the holder the freedom to carry
large sums of money stolen.They are also safe because the cards can be
easily replaced, and the person would have to know the pin number to
access its store value.
 Offer a variety of benefits:- Smart cards Offer a variety of benefits
to merchants, financial institutions, and other card issuers such as faster
transaction, increased sales, reduced costs, easier book-keeping, and
fewer losses.
 Time-saving:- Making a payment with a smart card saves a lot of time
because its chip contains details about the owner in a non-encrypted form
and the user doesn’t have to explicitly provide details for verification.

 Double as an ID card:- They can provide complete identification in

certain industries. There are numerous benefits of using smart cards for
identification.
For example, a driver’s license that has been created using smart card
technology can give the police the ability to quickly identify someone
who’s been stopped for speeding or reckless driving.

 The safe place to store sensitive information:- Smart cards are a

safe place to store sensitive information such as keys, passwords or
personal information.
 Less expensive:- As compared to debit and credit cards, smart cards
are less expensive and provide faster transaction processing.
 Prevents fraud:- Other benefits of using smart cards for identification
can be used by governments to prevent benefits and social welfare fraud
to ensure the right person is receiving the welfare benefit

Disadvantages of smart cards

Dept. of Computer science and Engg 14

CLOUD COMPUTING 2020-21

~While smart cards have many advantages, the cards themselves -- as well as
the smart card readers -- can be expensive
 Easily Lost:-Smart cards are small, lightweight and can be easily lost if
the person is irresponsible. Since smart cards have multiple uses, the loss
may be much more inconvenient.If you lose a card that doubles as a debit
card, bus pass and key to the office, you would be severely
inconvenienced for a number of days.
 Security:- Another drawback of using smart cards is their level of
security. They are more secure than swipe cards. However, they are not
as secure as some in the general public would believe. This creates a false
sense of security and someone might not be as diligent as protecting their
card and the details it holds.
 Slow Adoption:- If used as a payment card, not every store or
restaurant will have the hardware necessary to use these cards. One of the
reasons for this is since technology is more secure, it is also more
expensive to produce and use.Therefore, some stores may charge a basic
minimum fee for using smart cards for payment, rather than cash.
 Possible Risk of Identify Theft:- Smart cards are vulnerable to
hardware hacking, which means that data stored in the card can be altered
or corrupted.For criminals seeking a new identity, they are like gold,
based on the amount of information it can contain on an individual.
~Another disadvantage of smart cards is that not all smart card readers are
compatible with all types of smart cards. With multiple types of smart cards
available, some use nonstandard protocols for data storage and card interface;
some smart cards and readers also use proprietary software that is incompatible
with other readers.
~While smart cards can be more secure for many applications, they are still
vulnerable to certain types of attack. Attacks that can recover information from
the chip are possible against smart card technology. Differential power analysis
can be used to deduce the on-chip private key used by public key algorithms
such as RSA. Some implementations of symmetric ciphers can be vulnerable to
timing attacks or differential power analysis as well. Smart cards may also be
physically disassembled in order to gain access to the on-board microchip.

Examples of Smart Card:

Dept. of Computer science and Engg 15

CLOUD COMPUTING 2020-21

Conclusion:
The self-containment of smart card makes it resistant
to attack as it does not need to depend upon potentially vulnerable external
resources.
Because of this characteristic, smart cards are often used in different
applications, which require strong security protection and authentication. Smart
card technology is emerging, applications are everywhere.
*Smart cards enhance service and security
*Perfect security does not exist, even not for smart cards
*Risk analysis is essential
*Smart card applications inccludes
*Payment cards, including debit or credit cards issued by commercial credit
card companies and banks.
*Electronic benefits transfer (EBT) cards, which are used for distribution of
government benefits such as the U.S. Supplemental Nutrition Assistance
Program.
*Transit cards can be used by local and regional transit systems to process
payments as well as give riders points on their purchases.
*Smart cards are used as ID cards issued by schools, corporations and
government entities to control access to physical locations.
*Medical institutions use smart cards to securely store patient medical records.

Dept. of Computer science and Engg 16