Technological Development

Smart Card Technology

Smart Card Technology has been around for more than 20 years. The first major successful application was its use in the French payphone system in 1984. Smart cards are now widely used in Hong Kong, especially in transportation and telecommunication fee charging systems. It is not unusual nowadays for a person to use more than one smart card in his/her day-to-day living.

Photo of Smart Card Reader
Smart Card Reader
What is Smart Card?

Smart card is actually a plastic card, with a size about that of a credit card embedded within it a microprocessor chip. It was invented by two German engineers in 1967.

Comparing with the traditional 125 bytes magnetic stripe card, smart card provides larger storage capacity ranging from 1K bytes to 64K bytes. It comprises of a microprocessor (CPU), ROM, RAM, EEPROM and a serial communication interface. The built-in smartness enables smart card to protect information stored in it from unauthorized access.

In general, smart cards can be categorized into 5 different types according to their physical characteristics, namely Memory card, Contact card, Contactless card, Hybrid card and Combi card. Except memory card, the others are capable of processing data.

Contact card is the most commonly used smart card among the four. It can be easily distinguished by the sharp gold plate chip on the card. As for contactless card, the chip is embedded inside the card. Hybrid and combi cards are combined contact-contactless smart cards.

Hybrid card has co-existing chips that operate independently. In combi card, both chips can communicate between themselves.

Interoperability

Throughout the history of smart card development, various standards have been established for resolving the interoperability problem. The very first standard was the ISO 7816 smart card standard published in 1987. With this ISO standard, smart cards could communicate by using the same protocol.

Two other important standards are EMV (Europay, Mastercard and Visa) and GSM (Global Standard for Mobile Communications). There are also host (i.e. PC or mini-computer) side standards like PC/SC (Personal Computer/Smart Card) and OpenCard Framework.

Different smart card vendors have developed their own proprietary smart card operating systems, APIs and even card readers and device drivers, resulting interoperability problems existed in many levels. A brighter side of the story is that three emerging multi-function smart card operating systems, Java Card, MULTOS (Multi-applications Operating System), and Microsoft's Smart Card for Windows may help standardize the smart card up to the application programming level. If these OSs can become prevalent, smart card would be taken as a commodity item like the PC components.

Smart Card Application
Smart cards are widely used in commercial fields as stored-value and secure storage cards.

Banking and Loyalty
In the increasingly competitive and fast-changing business of banking and finance services, banks are seeking to bring new value-added services to their customers such as cash bonus point. Smart card technology offers enormous opportunities through its ability to deploy and manage multiple applications on a wallet-sized plastic card. The smart card also promises to resolve security issues through increasingly sophisticated methods of protection against theft and fraud. In Hong Kong, many banks have started to issue smart credit cards. More and more affinity credit cards will be issued so as to retain customer loyalty or to attract new customers.

Telecommunication
Telecommunication sector is one of the largest markets for smart card applications. Payphone card and stored-value card were the earliest smart card application and they are still occupying the largest share of smart card market. In GSM/PCS mobile phones, SIM cards carry the subscriber's information and are used to authenticate user at each call. There are some value-added services such as mobile banking, information on-demand which are made available using large size smart cards.

Transportation
Contactless smart card has been proven to be the most effective means for handling mass transactions. A popular example in Hong Kong is the use of Octopus card for charging transportation fees.

Healthcare
As smart cards are portable and capable of protecting confidential data across electronic networks, they are ideal for storing medical records, personal contact information and emergency medical data. On a trial basis, the Hospital Authority has adopted smart card for her Patient Card.

Electronic Payment
As smart card is portable, tamper-resistant and capable of processing data, it is a suitable device for holding digital cash. Mondex and VisaCash are two examples of electronic purses used in Hong Kong.

Physical Access Control
Smart cards can be personalized to control access to restricted facilities, depending on user privileges and time restrictions. For example, campus identity card of universities and residential card is adopted in some private estates.

Future Trends

Public Key Infrastructure (PKI)
PKI provides a management framework for enabling public key cryptography deployment. A key pairs (Public and Private Key) and a digital certificate are the main components of the PKI. Private key and digital certificate are kept by individual as their personal identity whereas public key is made available to all users.

Smart card is a suitable medium for storing private key and digital certificates because of its security features. Data is encrypted when transmitting between the reader and the card. A dedicated processor is responsible for the encryption and decryption process. As such, the risk of exposure of private key carried by a smart card is low.

PhotoBiometric Technology
In order to enhance the security of smart card authentication, biometric identification techniques are used to replace the conventional PIN method. While PIN is just a series of digits which cannot truly represent the personal identity, biometric identification techniques such as fingerprint and iris pattern identification can fill this gap.

Recently some banks in Britain and Japan have started to use iris pattern to authenticate users on ATM machines. In the near future, biometric identification will be integrated in the smart card operating systems and users can use a combined PIN and biometric authentication scheme.

Related Link

Smart Identity Card

Smart card Resource center of HKUST

BackTop

2004 | Important notices Last revision date: 31/08/2007