contact us site map
products & solutions
reader solutions
DT3000
DT3500
LT4000
FAQ
ic solutions
search:
about us products & solutions support partners news & events
printer friendly format

  1. What is a smart card and how is it used?
  2. What are the major benefits that smart cards offer consumers?
  3. What is a multiple application card?
  4. What is a contactless card?
  5. How is a chip card different from the magnetic stripe card that I carry in my wallet?
  6. Why is reloadability important to the development of the smart card vis-à-vis disposable cards?
  7. How secure and confidential are smart cards?
  8. What is PCMCIA or PC Card?
  9. Are smart cards standardized?
  10. Where do I get the ISO standards and the Europay/MasterCard/Visa specification?
  11. What contains ISO 7816?
  12. What contains Smart Card Payment Specifications?


1. What is a smart card and how is it used?

A smart card is a card similar in size to today's plastic payment card that has a chip embedded in it. By adding a chip to the card, it becomes a smart card with the power to serve many different uses. As an access-control device, smart cards make personal and business data available only to the appropriate users. Another application provides users with the ability to make a purchase or exchange value. Smart cards provide data portability, security and convenience. Smart cards help businesses evolve and expand their products and services in a changing global marketplace. Banks, telecommunications, computer software and hardware companies, and airlines all have the opportunity to tailor their card products and services to better differentiate their offerings and brands. The combination of applications available on smart cards also may help them to develop closer relationships with their customers.



2. What are the major benefits that smart cards offer consumers?

The benefits depend on the application. In general, applications supported by smart cards benefit consumers where their lifestyles intersect with information access and payment-related processing technologies. Some of these benefits include: the ability to manage or control expenditures more effectively, fraud reduction, reduced paperwork and elimination of the need to complete redundant, time-consuming forms, the potential of having one card with the ability to access multiple services, networks and the Internet.



3. What is a multiple application card?

The smart card has the capability of carrying multiple applications. A multiple application card can support different types of applications (e.g., healthcare, financial services, travel, and loyalty programs) on the card itself thereby reducing the number of cards in the wallet. For example, Visa's multiple application card plans call for a card to include a combination of Visa-developed credit, debit and stored-value functions along with member-developed Java card lets such as loyalty programs, local transit applications or drivers license programs. This open architecture will allow Visa issuers to add applications to existing cards after they have been issued while maintaining security "firewalls" between applications. A hybrid chip and magnetic stripe card is in use with nearly 60,000 students, faculty and staff at the University of Michigan and Western Michigan. The multi-application card features personal identification and dormitory security, banking, and a wide range of stored value functions for the purchase of food, books, photocopying and vending services.



4. What is a contactless card?

There are two types of contactless cards. The first is a contactless proximity card in which the card is read by inserting it in a special reader. The second is a remote contactless card in which the card can be read from a distance, such as at a tollbooth.



5. How is a chip card different from the magnetic stripe card that I carry in my wallet?

Existing magnetic stripe cards have limited capacities to carry information. A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).



6. Why is reloadability important to the development of the smart card vis-à-vis disposable cards?

There are markets for both disposable and reloadable cards. Disposable cards work well for an event and as a collectible card. Disposable is also desirable when people are traveling or visiting a location and may only want to purchase a stored value card for a specific amount of time. If the card were a multiple application card supporting for example debit and/or credit and stored value, the customer would not want to throw this type of card away. It would be more appropriate that the stored value application be reloadable.
A standalone reloadable card (as opposed to a standalone disposable card) is very attractive to some customers. This customer would tend to be someone who uses their stored value on a frequent basis perhaps for public transportation, corporate cafeteria etc. and wants to be able to reload the card on a periodic basis rather than have to buy a new card each time.



7. How secure and confidential are smart cards?

Smart cards actually offer more security and confidentiality than other financial information or transaction storage vehicles. A smart card is a safe place to store valuable information such as private keys, account numbers, passwords, or valuable personal information. It's also a secure place to perform processes that one doesn't want exposed to the world, for example, performing a public key or private key encryption. Chip cards have computational power to provide greater security, allowing verification of the cardholder. Entering a PIN is one method of verification. The benefit of the smart card is that you can verify the PIN securely, off-line.



8. What is PCMCIA or PC Card?

PCMCIA stands for Personal Computer Memory Card Industry Association, which in March 1995 changed its name to PC Card Industry Association to reflect the wide range of peripheral devices (modems, software, and games) which can be used in these slots on computers. PCMCIA was formed by 200 companies in the late 1980s to set standards for cards used in laptops, notebooks, palm computers etc. They established Type I, II & III standards. The cards are thinker than credit cards and are rigid. The have a very high bandwidth compared to ISO smart cards. People in the smart card industry like to refer to PC Cards and machine card and smart cards as people cards.



9. Are smart cards standardized?

There are several common interest aspects of smartcard standards, but application specific proprieties are just under standardization. There are also several aspects, where just local standardization is needed; for example the memory map for stored value phone cards. We list here the international organizations active in smartcard standardization (the list is not exhaustive; current status of standards is not expressed): ISO/IEC JTC1 Information technology SC 17 Identification cards and related devices is interested in common smartcard issues. The list of some standards:
  • ISO 7810 Identification cards -- Physical characteristics. Specifies ID-1 format (85.60*53.98*0.76mm)
  • ISO/IEC 7812 Identification cards -- Identification of issuers.
  • ISO/IEC 7816 Identification cards -- Integrated circuit(s) with contacts. Parts 1-3 defines the communication of cards with contacts for both memory and processor cards. Parts 4-6 are related to specification of processor card operating system and are by their nature contact independent. Parts 7 and 8 will be the extensions of parts 4 and 6.
  • ISO/IEC 10536 Identification cards -- Contactless integrated circuit(s) cards. The standard specifies close coupling (slot and surface) cards communication (parts 1-3)
  • ISO/IEC 10373 Identification cards -- Test methods.
  • ISO/IEC 14443 Remote coupling communication cards.
ISO TC 68 Banking and related financial services SC 6 Financial transaction cards, related media and operations is representing interest of smart payment card issuers and is developing the standard series ISO 10202 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards (parts 1-8). CEN/CENELEC and ETSI are interested in telecommunications.
  • EN 742 Identification cards: location of contacts for cards and devices used in Europe. New edition specifies the format ID-000 used for GSM Subscriber Identity Module (SIM).
  • EN 726 Terminal Equipment (TE); Requirements for IC cards and terminals for telecommunication use. The standard is the technical basis for smart cards in Europe.
  • ETSI specified also the GSM SIM. The standard has two names: GSM 11.11 and I-ETSI 300045.
CEN/CENELEC is also working on:
  • Electronic purse file specification. Special and very important application file type in card mask. There have to be resolved very hard integrity and security problems.
  • Healthcare card. The aim is to develop the standard of European medical card, which enables easy identification of patient and fast query of his medical data, rising thus effectiveness of medical care.
Europay, MasterCard and Visa formed working group to create their "Integrated Circuit Card Specifications for Payment Systems". The specification was intended to create common technical basis to compete with Mondex specifications. The first version was based on cards with symmetric encryption and the key transportation was unresolved. Current status of the standard is unknown.

RSA is the leading company in public key cryptosystems development. Their PKCS#11 is functional specification of personal cryptographic token, used in computer security (also data security) systems.

National Institute of Standards and Technology (NIST) FIPS 140-1, "Security Requirements for Cryptographic Modules" concerns physical security of smartcard IC-s as they are one kind of cryptographic module.



10. Where do I get the ISO standards and the Europay/MasterCard/Visa specification?

ISO standards are delivered via your national ISO member body. Integrated Circuit Card Specifications for Payment Systems can be obtained from a Visa, MasterCard or Europay member bank. Note that the Part 1 release 1.0 May 23, 1994 bears the notice about the confidentiality of the document. The notice is not repeated on other issues.



11. What contains ISO 7816?

ISO 7816 Integrated Circuit Cards with Electrical Contacts The International Standards Organization (ISO) facilitates the creation of voluntary standards through a consensus-building process that is open to interested participants. ISO 7816 is the international standard for integrated-circuit cards (commonly known as smart cards) that use electrical contacts. Anyone interested in obtaining a technical understanding of smart cards needs to become familiar with what ISO 7816 does NOT cover as well as what it does. ISO 7816 does not address smart card applications. Most current and planned applications require custom files and coding. However, there are efforts under way to create common application standards. The most prominent current example is the cooperative development of financial payments standards by Europay International, MasterCard International and Visa International (EMV).

ISO 7816 has six parts. Some have been completed; others are currently in draft stage.

Part 1: Physical characteristics
ISO 7816-1:1987 defines the physical dimensions of contact smart cards and their resistance to static electricity, electromagnetic radiation and mechanical stress. It also prescribes the physical location of an IC card's magnetic stripe and embossing area.

Part 2: Dimensions and Location of Contacts
ISO 7816-2:1988 Defines the location, purpose and electrical characteristics of the card's metallic contacts:

C1: VCC (Supply voltage)
C2: RST (Reset)
C3: CLK (Clock signal)
C5: GND (Ground)
C6: VPP (Programming voltage)
C7: I/O (Data input/output)

Contacts C4 and C8 have no function and need not be physically present on the card

Part 3: Electronic Signals and Transmission Protocols
ISO 7816-3:1989 defines the voltage and current requirements for the electrical contacts defined in Part 2 and asynchronous half-duplex character transmission protocol (T=0). Smart cards that use a proprietary transmission protocol carry the designation, T=14. In practical terms, that means the card is not compatible with ISO 7816. Proprietary protocol is used in German health care cards.
Amendment 1:1992 Protocol type T=1, asynchronous half-duplex block transmission protocol.
Amendment 2:1994 Revision of protocol type selection

Part 4: Inter-industry Commands for Interchange
ISO 7816-4 is a Draft International Standard that will establish a set of commands across all industries to provide access, security and transmission of card data. Within this basic kernel, for example, are commands to read, write and update records.

Part 5: Numbering System and Registration Procedure for Application Identifiers
ISO 7816-5:1994 establishes standards for Application Identifiers (AIDs). An AID has two parts. The first is a Registered Application Provider Identifier (RID) of five bytes that is unique to the vendor. The second part is a variable length field of up to 11 bytes that RIDs can use to identify specific applications.

Part 6: Inter-industry data elements
ISO 7816-6 is in DIS stage. It describes encoding rules for data needed in many applications e.g. name and photograph of owner, his preference of languages etc.



12. What contains Smart Card Payment Specifications?

Europay International, MasterCard International and Visa International (EMV) are cooperatively developing specifications to facilitate the use of smart cards for payments worldwide. These specifications build upon the ISO 7816 standards that have been developed for smart cards, which use electrical contacts. The EMV specifications, now currently in draft and subject to revision and refinement, are grouped into three parts:

Part I: Electromechanical Characteristics, Logical Interface, and Transmission Protocols
Part II: Data Elements and Commands
Part III: Transaction Processing

Part I: Electromechanical Characteristics, Logical Interface, and Transmission Protocols
This part of the specification concentrates on physical and logical elements of the interaction between smart cards and electronic terminals used for payment transactions. Building on the ISO 7816 standards, this part describes the physical dimensions of the card, the location of mandatory and optional electrical contacts and the electrical characteristics of such basic card operations as input/output, clock signal, reset, supply voltage and electrical contact resistance.

Also in this part are descriptions of a terminal's mechanical and electrical characteristics. These parallel the subsection on card characteristics.

All elements of a transaction session between a card and a terminal's interface device (IFD) are described. A transaction session begins when a card first enters an IFD and activates the electrical contacts of both. The card provides an answer to the IFD's reset signal, which establishes communication between the two. Following a transaction between the card and IFD, the IFD sends a reset signal that leads to the deactivation of both card and terminal. Other subsections detail the physical transportation of device and transaction data, answer to reset and transmission protocols. The specifications permit two transmission protocols: character protocol (T=0) or block protocol (T=1). A card may support either but not both. (Note: Some card manufacturers adhere to neither of these protocols. The transmission protocols for such cards are described as T=14. That is technical shorthand for "proprietary protocol." Such cards conform neither to ISO 7816 nor the EMV specifications.)

Part II: Data Elements and Commands
This part defines data elements and files, the commands required to execute financial transactions and terminal requirements. When data elements are exchanged between cards and terminals, they become data objects. These objects can be simple or complex depending on how they have been processed. All data objects reside in data files.

Data files in a card, when viewed from the terminal, appear in a tree structure whose main branches are application definition files that are application-specific. This structure allows diverse applications to be maintained separately within a single card. It also provides a point of entry to an application and a logical framework to attach data files specific to an application. The commands that pass between cards and terminals are defined in terms of message structure, coding conventions and logical channels. Commands are application-specific and begin with a fixed-length header followed by a variable-length body. Application Protocol Data Units, or APDUs, pass between cards and terminals in a command-response format. These commands authenticate cards and terminals; they also read, verify and manage data. This part also contains three detailed annexes: Data Elements Table, Data Objects and Secure Messaging.

Part III: Transaction Processing
This part defines the content and flow of payment transactions for both cards and terminals, establishing common core functions for international interchange transactions. However, card issuers may also create functions that are unique to specific applications and payment systems. Mandatory data objects and data files must be present for cards to conform to EMV specifications. Cards and terminals may also use optional data objects that are contained in data files defined by these specifications. If these options are exercised, they must conform to the specifications. One subsection describes the flow of transactions. Smart card transactions normally occur off-line, but there are procedures that facilitate on-line interactions under certain conditions. Another subsection details the functions used to process transactions. Part III concludes with an annex, Coding of Data Elements, and an Application Selection Example in a second annex.



..............................
Download Reader Brochure
Contact Mako Technologies for consulting on possible Reader Solutions to benefit your subscribers and your bottom line.

    home | contact us | site map       © 2012 Mako Technologies, All Rights Reserved.