|
A smart technology
Smart card technologies are directly affecting the lives
of the common people in sectors such as Banking, Finance, Security, Transport
and Telecom. By Manjari Juneja
 Smart
card technology is becoming commonplace in our daily lives. These cards can
add convenience and safety to any transaction. A smart card is a plastic card
with a computer chip embedded in it that stores data about the user and his
or her transactions. The card's chip can be either a memory chip or a microprocessor.
The card data is accessed and written via a reader that is part of a computing
system. Smart card-enhanced systems are in use today for several key applications,
including healthcare, banking, entertainment and transportation. To various
degrees, all applications can benefit from the added features and security that
smart cards provide.
Regarding applications there are two kinds of smart cards namely contact-based
and contactless cards that can be used for a variety of applications such as
personal or object identification, financial transactions, entertainment, communication
and computing. In aspects of networking and ubiquitous computing, smart cards
are used to improve network security through user authentication, storage of
secure keys and data as well as for recording network service events. Besides
authentication, smart cards are also used to provide confidentiality, integrity
and non-repudiation.
The need
|
 "With
contactless smart cards, a card can be scanned by a reader without the
consumer having to physically take the card out from a wallet or purse,
which can be done in the fraction of a second. This is an important factor
for scenarios
requiring rapid turnaround and
processing, such as ticketing for mass transportation systems"
- Mahendran Kathiresan
Business Development Manager (Chip Card and Security), Infineon Technologies
|
|
 "With
the setting up of UID, the Indian government is going to use smart card
based technology. Administrators will be able to track initiatives that
are announced by the government. Users will not need to carry so many
documents around. In 2008, Smart card production was around 51 million
units. By 2013, it is expected that it will grow to around 108 million
units, at a CAGR of over 20%"
- Ganesh Ramamoorthy
Principal Research Analyst, Gartner
|
Smart cards greatly improve the convenience and security of
any transaction. They provide tamperproof storage of user and account identities.
Smart cards also provide vital components of system security for the exchange
of data through virtually any kind of network. They protect against a full range
of security threats, from careless storage of user passwords to sophisticated
system hacks. Multifunction cards can also facilitate network system access
and store value and other data.
Smart cards are being used across the world for a wide variety of daily tasks.
In India, some typical examples are Government Identification applications such
as electronic passports, national ID, health cards, driving licenses, social
security cards, and financial card applications such as credit/debit cards,
various prepaid cards and electronic passes or tokens for mass transportation.
Benefits
Smart cards offer various benefits such as quick transactions, inbuilt security,
portability, etc. and can be used for identification, validation, and data storage.
The major factor driving the adoption of smart card technology is the convenience
that it provides to the consumer. A single card can potentially be used for
multiple applications including transportation, banking and loyalty and reward
programs.
“With contactless smart cards, a card can be scanned
by a reader without the consumer having to physically take the card out from
a wallet or purse, which can be done in the fraction of a second. This is an
important factor for scenarios requiring rapid turnaround and processing, such
as ticketing for mass transportation systems,” said Mahendran Kathiresan,
Business Development Manager (Chip Card and Security), Infineon Technologies.
In India, contactless smartcards are the better option, given
the harsh environmental conditions. Contactless smartcards have a longer life
(around 10-15 years) and the reliability is very good. Contact-based smartcards
are less resistant and easily susceptible to various climatic factors like dust,
humidity, oil, wear and tear and lack sturdiness. Therefore contactless smart
cards and readers are much more durable in harsh, outdoor conditions and hence
better suited to the Indian environment.
Ashok Chandak, Senior Director, Global Sales and Marketing, NXP Semiconductors,
added, “NXP has been a pioneer in the field of contactless technology and
applications in the field of transportation, e-governance and banking, and follows
the global standard i.e. ISO/IEC 14443 for contactless smartcards. We provide
chips for token and e-passport systems with a share of over 80% of the global
pie for e-passport chipsets.”
| The Government of India launched the Unique Identification
(UID) program in summer 2008. This project intends to develop and implement
the necessary institutional, technical and legal infrastructure to issue
unique identity numbers to Indian residents. India’s population is
approximately 1.1 billion. The first priority of the government is to build
a national database containing the data of all citizens. Verification of
individuals will be based on biometrics (most likely multiple fingerprints).
Once enrolled in the UID-database each person will be given a Universal
Identification Number (UIN). Deployment of the UIN will start by 2010 and
the goal is to have the entire population registered by 2013-2014. The UID
program does not have the scope to roll-out smart cards. It is an initiative
to have a database containing the entire population’s UINs.
Once a UID database is in place, the issued UIN can be
used as a ‘unique’ identifier in various smart card based programs
such as: Driver’s License, Financial Inclusion, Employment Cards,
Health Cards, Micro Finance, etc. Card issuance can then be done by various
‘registrars’ or government departments.
“NXP is keen to participate in the UID program
as it was the sole supplier of all 2.3 million chips for the initial pilot
projects launched by the Ministry of Home in 2007. The chips which are
mostly deployed in coastal and border areas, as checked by the government,
are working perfectly as they comply with the highest level of security
and reliability conditions as defined by Common Criteria EAL5+,”
said Ashok Chandak, Senior Director, Global Sales and Marketing, NXP Semiconductors.
|
Verticals driving growth
|
 "NXP
has been a pioneer in the field of contactless technology and applications
in the field of transportation, e-governance and banking, and follows
the global
standard i.e. ISO/IEC 14443 for
contactless smartcards. We provide chips for tokens and e-passport systems
with a share of over 80% of the global pie for e-passport chipsets"
- Ashok Chandak
Senior Director, Global Sales and Marketing, NXP Semiconductors
|
Due to the escalating security consciousness all over the
world and the needs of security-related projects, smart cards have found greater
application in e-government projects, banking services, access control (physical
and logical) large-scale National ID projects, telecom, automotive, transport,
etc. The use of smart cards in the financial services sector has also been on
the rise buoyed by their increasing use for transactions, online payments, money
transfer, etc. The popularity of smart cards is primarily driven by the need
for greater security to prevent fraud on cards which need secure operations,
for example credit cards, transportation cards and identification cards, etc.
Another widespread application is mobile communications, with ICs beings used
in SIM cards. This is true of India also as mobile communications are the most
widespread application.
Varun Bansal, Head of Smart Card Division, STMicroelectronics,
said, “The use of smart cards is limited only by our imagination. The technology
is mature and readily available. Smart cards can be used in various applications
such as Transit, Network Security, GSM, Banking, PDS, PAN, e-Passport etc. The
government is the largest vertical driving growth when it comes to smart cards
apart from telecom, banking etc. The challenge is that the major market for
smart cards is the government and that there is no fixed tenure for deploying
these solutions. Unless there is a guarantee of tenure, it becomes difficult
to deploy. The government should give a minimum assurance of tenure of at least
four to five years. Standardization as well as checks and balances need to be
there. There is an urgent need for some kind of infrastructure to ensure compliance.”
| A smart card resembles a credit card in size and
shape, but inside it is completely different. The innards of a smart card
usually contain an embedded microprocessor. The microprocessor is under
a gold contact pad on one side of the card.
The microprocessor on the smart card is there for
security purposes. The host computer and card reader ‘talk’
to the microprocessor, which enforces access to data on the card. If the
host computer read and wrote directly to the smart card's random access
memory (RAM), then a smart card would be no different from a diskette
which is why it has to communicate with the card’s microprocessor
to do so.
Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes
of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor.
The smart card uses a serial interface and receives its power from external
sources like a card reader. The processor uses a limited instruction set
for applications such as cryptography.
|
Technological trends
From a technological standpoint the trend is that chips are becoming smaller,
with more memory and stronger cryptographic functions. Chip sizes are now 0.22um
or smaller for cost effectiveness. Bigger memory sizes are required in situations
whereby multiple applications are required or for multimedia applications such
as High Density SIM cards. Likewise, cryptographic operations are becoming stronger
and faster, with a likelihood of Elliptic Curve Cryptography replacing the RSA
algorithm.
There are several upcoming innovative deployments for smart cards including
Near Field Communications (NFC), high density SIM (HD-SIM) and machine-to-machine
(M2M). Although NFC is not a new technology, it has the potential to reach mass
deployment if workable business models can be agreed upon by industry participants.
This includes using a mobile phone for making payments, ticketing or access
control. HD-SIM opens up the possibility of having applications, including multimedia
data, mobile TV and multi-application download capabilities. In a M2M environment,
devices communicate with other devices through a secure SIM controller. In such
environments, numerous operations can be performed and monitored at the same
time. An example is telematics whereby M2M technology is used to transmit real
time data between the vehicle and a remote location.
| Contact-based cards have to be in physical contact
with other devices to enable transactions and the transfer of information.
Contactless technology refers to a scenario wherein the user does not need
to physically swipe a card through a reader to initiate a particular action,
typically access control, monetary transactions or reading of certain data.
This entails activation of the card and reading/interaction with the reader
in a split second, while ensuring accuracy and confidentiality of the transaction
as well as avoiding unintentional activation.
For the greater part smart card standards use ISO
7816, which governs the physical properties, communication characteristics,
and application identifiers of the smart chip and the embedded data as
a base reference. The ‘smartness’ of a card is defined by how
fast the processor is and its ability to perform cryptographic security
operations. There are internationally approved security evaluation frameworks
such as Common Criteria (CC) that provide an independent, clear and reliable
evaluation of the security capabilities of smart card operating systems.
|
Security as a challenge
There are multiple perceptions which pose challenges, such as the desirability
of putting multiple kinds of valuable information on a single device as well
as perceived security and privacy issues in combining information from various
sources such as a government ID and personal financial information. An even
larger factor is the requirement for a unified backend which can support disparate
databases administered by different organizations.
While it is technically possible to combine multiple smartcard applications
on a single card, and this is already being used in certain scenarios such as
mass transportation wherein a single card stores transaction data as well as
functions as access control for entry/exit from the terminals; a major challenge
here lies in combating the perceived and actual threats to the confidential
data that is stored on smart cards.
As there is increased interest in smart card applications today and with smart
cards being used for a host of applications, another key challenge is the development
and adaptation of international standards as well as financial industry specifications
to ensure national and global interoperability in the use of smart cards, with
an emphasis on security and interoperability.
Other common challenges involved are addressing issues of privacy and convenience
especially with respect to financial and banking applications. The use of basic
solutions such as insecure contact cards, bar coded cards in such applications
can lead to hacking or cloning of not only such cards but financial transactions
leading to quite embarrassing situations for banks and the people behind such
solutions.
The diversity and effectiveness of attacks on smart card applications have increased.
Attacks are now targeting individual areas on the chip or even individual transistors,
so that conventional protection mechanisms may fail.
A hardware-based integral security concept provides protection against such
increasingly sophisticated security attacks. Rugged chip designs are called
for which overcome the disadvantages of analog protection functions (such as
calibration), which allow for the complete encryption of all chip functions
from memory, to buses, to the processor core and of all stored, processed or
transmitted data, and provide error correction across the entire chip architecture.
Error correction means that the errors introduced by attackers are detected
and countermeasures are initiated at a chip level before the chip can disclose
its confidential data.
Ganesh Ramamoorthy, Principal Research Analyst, Gartner, said, “With the
setting up of UID, the Indian government is going to use smart card based technology.
Administrators will be able to track initiatives that are announced by the government.
Users will not need to carry so many documents around. In 2008, Smart card production
was around 51 million units. By 2013, it is expected that it will grow to around
108 million units, at a CAGR of over 20%.”
manjari.juneja@expressindia.com
|
