Card Technology has been around for more than 20 years. The first
major successful application was its use in the French payphone
system in 1984. Smart cards are now widely used in Hong Kong, especially
in transportation and telecommunication fee charging systems. It
is not unusual nowadays for a person to use more than one smart
card in his/her day-to-day living.
is Smart Card?
Smart Card Reader
card is actually a plastic card, with a size about that of a credit
card embedded within it a microprocessor chip. It was invented by
two German engineers in 1967.
with the traditional 125 bytes magnetic stripe card, smart card
provides larger storage capacity ranging from 1K bytes to 64K bytes.
It comprises of a microprocessor (CPU), ROM, RAM, EEPROM and a serial
communication interface. The built-in smartness enables smart card
to protect information stored in it from unauthorized access.
general, smart cards can be categorized into 5 different types according
to their physical characteristics, namely Memory card, Contact
card, Contactless card, Hybrid card and Combi card. Except memory
card, the others are capable of processing data.
card is the most commonly used smart card among the four. It can
be easily distinguished by the sharp gold plate chip on the card.
As for contactless card, the chip is embedded inside the card. Hybrid
and combi cards are combined contact-contactless smart cards.
card has co-existing chips that operate independently. In combi
card, both chips can communicate between themselves.
the history of smart card development, various standards have been
established for resolving the interoperability problem. The very
first standard was the ISO 7816 smart card standard published in
1987. With this ISO standard, smart cards could communicate by using
the same protocol.
other important standards are EMV (Europay, Mastercard and Visa)
and GSM (Global Standard for Mobile Communications). There are also
host (i.e. PC or mini-computer) side standards like PC/SC (Personal
Computer/Smart Card) and OpenCard Framework.
smart card vendors have developed their own proprietary smart card
operating systems, APIs and even card readers and device drivers,
resulting interoperability problems existed in many levels. A brighter
side of the story is that three emerging multi-function smart card
operating systems, Java Card, MULTOS (Multi-applications Operating
System), and Microsoft's Smart Card for Windows may help standardize
the smart card up to the application programming level. If these
OSs can become prevalent, smart card would be taken as a commodity
item like the PC components.
Smart cards are widely used in commercial fields as stored-value
and secure storage cards.
In the increasingly competitive and fast-changing business of banking
and finance services, banks are seeking to bring new value-added
services to their customers such as cash bonus point. Smart card
technology offers enormous opportunities through its ability to
deploy and manage multiple applications on a wallet-sized plastic
card. The smart card also promises to resolve security issues through
increasingly sophisticated methods of protection against theft and
fraud. In Hong Kong, many banks have started to issue smart credit
cards. More and more affinity credit cards will be issued so as
to retain customer loyalty or to attract new customers.
Telecommunication sector is one of the largest markets for smart
card applications. Payphone card and stored-value card were the
earliest smart card application and they are still occupying the
largest share of smart card market. In GSM/PCS mobile phones, SIM
cards carry the subscriber's information and are used to authenticate
user at each call. There are some value-added services such as mobile
banking, information on-demand which are made available using large
size smart cards.
Contactless smart card has been proven to be the most effective
means for handling mass transactions. A popular example in Hong
Kong is the use of Octopus card for charging transportation fees.
As smart cards are portable and capable of protecting confidential
data across electronic networks, they are ideal for storing medical
records, personal contact information and emergency medical data.
On a trial basis, the Hospital Authority has adopted smart card
for her Patient Card.
As smart card is portable, tamper-resistant and capable of processing
data, it is a suitable device for holding digital cash. Mondex and
VisaCash are two examples of electronic purses used in Hong Kong.
Smart cards can be personalized to control access to restricted
facilities, depending on user privileges and time restrictions.
For example, campus identity card of universities and residential
card is adopted in some private estates.
Key Infrastructure (PKI)
PKI provides a management framework for enabling public key cryptography
deployment. A key pairs (Public and Private Key) and a digital certificate
are the main components of the PKI. Private key and digital certificate
are kept by individual as their personal identity whereas public
key is made available to all users.
card is a suitable medium for storing private key and digital certificates
because of its security features. Data is encrypted when transmitting
between the reader and the card. A dedicated processor is responsible
for the encryption and decryption process. As such, the risk of
exposure of private key carried by a smart card is low.
In order to enhance the security of smart card authentication, biometric
identification techniques are used to replace the conventional PIN
method. While PIN is just a series of digits which cannot truly
represent the personal identity, biometric identification techniques
such as fingerprint and iris pattern identification can fill this
some banks in Britain and Japan have started to use iris pattern
to authenticate users on ATM machines. In the near future, biometric
identification will be integrated in the smart card operating systems
and users can use a combined PIN and biometric authentication scheme.
Smart Identity Card
card Resource center of HKUST