Card Technology - Smart Cards
Smart Cards or Microprocessor chip cards comply with the same ISO 7816 standards as memory cards however they distinguish themselves from simple memory cards by virtue of an in built Central Processing Unit (CPU).
In order for the CPU to operate, it must have an operating system. This is usually written to the silicon during the manufacturing process as ROM, Read Only Memory. Once written, this form of memory cannot be changed.
In addition to the provision of ROM, a smart card requires RAM, Random Access Memory, which is used to store intermediate results of calculations. This fast for of memory is volatile ie it clears when power is withdrawn. RAM consumes the greatest amount of silicon and so is used sparingly.
The memory reserved for the storage of applications and associated file structures is EEPROM. In smart cards this useable memory ranges from 2 kbytes up to 16 kbytes. Soon 32 and 64 kbyte silicon will be on the market.
The limiting factor which restricts the amount of memory and the power of the CPU's on smart cards is the maximum footprint of silicon allowable whilst still complying with the ISO Standards for flex and torsion. 22 square millimetres is the nominal maximum cross sectional area of silicon permissible.
Smart cards are structured in much the same way as we structure PC's. There is a Master File (analogous to a root directory) within which are stored dedicated files (analogous to software packages such as Word for Windows, Excel etc). Within each dedicated file there are one or more Elementary Files which are used to store the data relevant to a given application (analogous to a Word File or a particular Excel spreadsheet). At both the Master File and Dedicated File levels there are Access Security constructs which provide a barrier to entry. The nature of the security barrier at each level is defined in the ISF (Information Security File).
Smart cards are capable of engaging PIN level security as well as DES (Data Encryption Standard) based authentication algorithms, proprietary Secret Key authentication algorithms and even Public Key or Asymmetric Algorithms such as RSA (Rivest Shamir Adelman). Time required to authenticate access to the MF or DF will depend on the key lengths used and the processor power. For complex Asymmetric Algorithm calculations, a second or co-processor is required in order that the time to authenticate is not impractical.
The topic of smart cards is very broad. There are many applications, many security constructs, many challenges and many benefits.
The principal application for smart cards is in the area of off-line transaction security. Where access to a central database is either impossible or impractical, smart cards provide a mechanism for securing a transaction between the terminal and the card. Both the terminal and the card are equipped to challenge each other and verify the response against an internal calculation. This Random Number based Challenge / Response technique is central to classic smart card authentication mechanisms.
Applications such as GSM SIM (Subscriber Identification Module), electronic purse and Pay TV Access are typical examples of smart card applications. Still more applications will emerge as marketeers and technologists begin to comprehend the utility of the technology and stop trying to graft smart cards onto applications well served by existing on-line magnetic stripe or Watermark Magnetic stripe solutions.
It is important to understand that whilst the security mechanisms employed within smart card architectures can be very strong – they can all be broken. The question is not whether it can be done, but whether the time and effort required justify the ultimate gain. In most cases cost effective attacks cannot be made. In the few cases where practical attacks have been perpetrated, the technology has advanced to meet the challenge. The ultimate security battle is never won – merely met for the time being.
Designed & created by indent.com.au