Previous | Table of Contents | Next |
Smart cards present a variety of faces, depending primarily on the type of integrated circuit chip embedded in the plastic card and the physical form of the connection mechanism between the card and the reader. They can be very inexpensive tokens for financial transactions such as credit cards, telephone calling tokens, or loyalty tokens from a variety of businesses. They can be access tokens for getting through locked doors, riding on a train, or driving an automobile on a toll-road. They can function as identity tokens for logging in to a computer system or accessing a World Wide Web server with an authenticated identity. Three such variants are of particular interest:
The very earliest smart cards were memory cards containing an integrated circuit chip comprised of only nonvolatile memory and the necessary circuitry to read and write that memory. Today, such cards still constitute the largest number of smart cards in use. These cards are relatively inexpensive and provide modest security for a variety of applications.
A memory card, as its name implies, is a card that contains an embedded integrated circuit chip providing nonvolatile memory for storing information in a permanent or semi-permanent fashion. The circuitry of the smart card exposes, through a standard electrical connector, the control lines for addressing selected memory locations as well as for reading and writing those memory locations through the electrical connectors on the face of the card. There is no on-board processor to support a high-level communications protocol between the reader and the card. Rather, memory cards use a synchronous communication mechanism between the reader and the card. Essentially, the communication channel is always under the direct control of the reader side. The card circuitry responds in a direct (synchronous) way to the very low-level commands issued by the reader for addressing memory locations and for reading from or writing to the selected locations. In some recent memory cards, security enhancements have been incorporated through the provision of memory addressing circuitry within the chip that requires a shared secret between the terminal (which is writing to the card chip) and the chip itself. These are often called logic cards.
A contactless card has an integrated circuit chip embedded within the card; however, it makes use of an electromagnetic signal to facilitate communication between the card and the reader. With these cards, the power necessary to run the chip on the card is transmitted at microwave frequencies from the reader into the card. The separation allowed between the reader and the card is quite smallon the order of a few millimeters. However, these cards offer a greater ease of use than cards that must be inserted into a reader. This ease of use can be mitigated by other factors.
With the current state of technology, the data transfer rate between the reader and the contactless card may be restricted by the power levels that can be achieved in the card; that is, for such cards without an internal power source (for example, a battery), the power to run the on-card processor must be derived from a signal transmitted to the card from the reader. The power levels achieved typically allow only a very small separation (a few millimeters) between the card and the reader. Further, a feedback mechanism from the reader to the card through which card holder verification is done is a bit more awkward with the contactless card. Consequently, these cards are most popular for uses where the possession of the card is deemed to be adequate authorization for card use.
Except for the physical mechanism used to transfer information between the reader and the card, contactless and contact-based cards are very similar in overall architecture. This book focuses mainly on smart cards that make use of electrical connections between the cards and the readers. This type of microprocessor-based smart card combines all the necessary ingredients for an enhanced-security computing platform. It integrates both memory and a central processing unit into a single integrated circuit chip. This minimizes the opportunity to intercept well-defined electrical signal patterns moving between processor and memory elements. Keep in mind that the security resulting from this integrated packaging is not infallible. The smart card is tamper-resistant, not tamper-proof.
The impetus for creating smart cards was the need for secure tokens that can contain information and can provide a secure platform for certain processing activities. These capabilities were greatly facilitated with an innovative packaging approach for the principal elements of a computer system, as illustrated in Figure 2.1. Specifically, all the basic components of a computer system are incorporated into a single integrated circuit chip. This means that the physical connections between these components are embedded within a monolithic (silicon) structure. This, in turn, means that it is difficult for an observer to intercept signals passing between these components (within the chip). The net result is a more secure computer system than is normally achieved with macroscopic physical connections between components.
Figure 2.1. Elements of a smart card computer system.
The smart card packaging approach consists of putting the central processing unit, all the memory, and the I/O electronics into the same integrated circuit chip, rather than presenting them in the form of various chips which are then tied together through some type of electrical connections. Why is this simple packaging approach so profound? Because it provides all the necessary capabilities in a very small physical package and it conceals the interconnections between the various computer elements inside the chip itself, thereby enhancing the security of whats going on (or whats stored) in the computer.
Previous | Table of Contents | Next |