It is a type of chip card (ie having its own specialized logic) that stores data and is able to exchange them with other systems. The information may be stored statically in the memory of the card or actively processed by the microprocessor embedded in the card. How does the card exchange data with the outside world? The only way of communication is a special reader that allows data transmission to computer systems. Traditional ATM and credit cards (with a few exceptions) simply have a magnetic strip on which a PIN is encoded. Pay attention to this feature when choosing between credit cards and personal loans.
There is no need to remind you how unsafe this solution is – copying the magnetic stripe is easy and hence numerous frauds related to “cloning” cards by dishonest sellers or “scanners” installed by thieves on ATM readers. Smart cards are useful wherever you need to securely store passwords, PIN numbers and other data needed for authorization. Smart cards generally look like regular magnetic stripe cards. The only difference visible at first glance is the lack of a magnetic stripe (although sometimes smart cards also have it) and the contacts brought out on the card. These are the electrical terminals of a high-integration circuit made in CMOS technology, which is the heart of the card. Always check trust sources when choosing a safe smart card.
Construction Of A Smart Card
Processor.
The basic function of the microprocessor is to control the reading and writing of data stored in memory.
In order to perform the operation, the user must enter the appropriate PIN number. The processor can control the number of failed attempts to enter the number and, after exceeding a predetermined number, can block the card.
The processor manages the memory of the card, which allows part of the memory to be dedicated to storing various information. This is used to create multifunctional cards (e.g. parking card and telephone card at the same time).
Memory.
The card may contain several types of memory:
- ROM – Read Only Memory,
- PROM – Programmable ROM – practically not used in ICC,
- EPROM – Erasable PROM – practically not used in ICC,
- EEPROM – Electrically EPROM – the most commonly used,
- RAM – Random Access Memory
The card must contain a ROM in which the operating system is stored (the so-called mask). The microprocessor mask determines how different memory areas are managed and accessed.
Memory is usually divided into three areas:
- free reading area – saved only once (when personalizing the card). It contains basic information about the card, e.g. name and surname of the owner, expiry date, card number.
- confidential area – saved only once, data is not changed when using the card. It contains, for example, card manufacturer’s data, card user’s data.
- working area – contains data that can be changed while using the card, e.g. information about recently performed transactions, about the available transaction limit. The rules of access to this area are determined in the card personalization process.
Why Smart Cards?
The most important reason for the growing popularity of smart cards is security and flexibility. Security, because the data stored on the card are resistant to eavesdropping, copying and unauthorized attempts to change data. Flexibility – because the data stored on the cards can be exchanged in any way with computer systems. Cards can also store almost any type of data, limited only by the performance and capacity of their internal memory. Many larger companies use smart cards as so-called badges, i.e. identification badges for employees and visitors to the company. Such badges can also be entry cards, count working time, and even be used to pay in a company bar or cafe. Cards can be used to authorize users of corporate networks – especially if they work remotely using VPN (Virtual Private Networks). In this case, the card stores the password that gives access to the internal network, e-mail and files, but only to the extent that the user is authorized to do so. Cards can be used to log on to a workstation, they can store passwords necessary to run programs working in the company (e.g. financial applications) or X.509 certificates, used to sign and encrypt e-mail. Companies that offer their customers smart cards as part of loyalty programs can accurately track their purchases and expenses, which gives valuable marketing insights. Smart cards are distinguished by the chip they use and their capabilities. The most common division is into memory cards and microprocessor cards. They have no processor and cannot independently manage the data they store. There are three types of memory cards.
Classification Of Chip Cards
Simple (so-called straight memory card). Cards of this type do not process data and are used for simple storage. These are the cheapest cards considering the amount of data they can store. You can think of them as the equivalent of floppy disks – and without write protection. Simple cards cannot identify themselves (define their “identity”) when inserted into the reader, and they do not store or run applications.
Cards with memory protection (so-called protected memory card). This type of card already has some logic built into it that controls access to the card’s memory. They are sometimes called Intelligent Memory. The entire memory or only a selected part of the data can be protected. Some of the cards may be in one of two states: Read-only or Write-only, and switching to, for example, the Write-only mode requires separate authorization (usually with a password or encryption key).
Stored value cards. Cards of this type are only used to store some specific values. Most use security built in at the production stage and cannot be removed, e.g. by resetting the card. The memory area of these cards is controlled by a special counter that blocks access to used cells. Cards of this type have no memory to store other data. In the case of calling cards, for example, the chip has up to 60 memory locations, each of which corresponds to one impulse. After using the pulse, one memory location is selected. Once the memory is full, the card becomes useless and can be discarded. However, in the case of rechargeable cards, the contents of the memory can be renewed.
Microprocessor cards. They have their own processor, specialized operating system and memory for storing data. Microprocessor cards are proper smart cards – they can run applications that can be installed through the reader. These types of cards can also manage files and applications. Access to data and programs is protected by a system of access rights
Services Provided by Smart Cards
access control – preventing unauthorized operations on card memory resources (e.g. reading, writing) – access to resources is possible after entering the PIN number,
data authentication (e.g. using a digital signature):
confirmation of the compliance of the identity of the data source with the declared one,
providing evidence by the card that it is the source of the data sent.
party authentication – confirmation (one-sided or mutual) of the identity of the parties participating in the communication session – e.g. using a key system (private and public) and the challenge-response technique,
confidentiality service – preventing unauthorized disclosure of user data during data transfer and storage (data is stored in an encrypted form, e.g. with the DES algorithm),
integrity service – preventing unauthorized modification or deletion of user data during:
data transfer – before data is sent, the value of the hashing function is determined on this data, which is then encrypted. After the recipient receives the data, the value of the hashing function is recalculated. The received value is compared with the value provided by the sender. Match means that the data was not changed during the transfer.
non-repudiation service – preventing the party participating in the session from refusing to confirm participation in a communication session.
Instead of a PIN
Entering the PIN number is a common method of restricting access to certain resources by unauthorized persons (e.g. entering a building / room)
Disadvantages of PIN protection:
- you have to remember it entering the PIN is a slow operation,
- an unauthorized person can obtain it as easily as a typical password moreover, it has all the other shortcomings of passwords.
Alternatives:
- scanning the retina of the eye,
- fingerprint download,
- face recognition.
- In particular, the fingerprint method has a good chance of being popularized. Suitable readers are available for less than $300.
These alternative security measures may work with Smart Card technology. For example, a fingerprint template can be stored on the card, so that the reader only has to compare two fingerprint templates (read from the card and downloaded from the user), instead of comparing them with all templates from the database of authorized users.
Modern Financial Tools
Thanks to smart cards, many services are available to you at no extra cost. So, you can pay for online purchases, use contactless payment, use the card for several functions at the same time, and even receive credits and loans on a smart card within a few minutes.
If, for example, you filled out an application for an online loan and your bank account is linked to a smart card, then you can pay with the funds received within a few minutes after submitting.
Thus, smart cards have a lot of advantages that allow you to use all modern tools at once and store all financial savings, a transport pass, and your ID on one card.