1. Introduction
Internet technologies, through intranet and extranet applications, have proven themselves to be efficient and effective in streamlining existing processes from supply chain management to manufacturing logistics, from marketing to customer asset management, and by creating new value chains and businesses. Nevertheless, these changes and benefits signal only an evolutionary shift in the way we do business. The Internet-enabled economy resembles the conventional physical market in many aspects. Some of the new technologies and applications may even be unnecessary. American consumers, for example, regard smart cards as a redundant payment mechanism when checks, credit cards and ATM cards do an adequate job for current needs. What is the use of smart cards? Do we really need them? Will they ever take off?
2. Overview
Today, the SIM card’s basic functionality in wireless communications is subscriber authentication and roaming. Although such features may be achieved via a centralized intelligent network (IN) solution or a smarter handset, there are several key benefits that could not be realized without the use of a SIM card, which is external to a mobile handset. These benefits—enhanced security, improved logistics, and new marketing opportunities—are key factors for effectively differentiating wireless service offerings. This tutorial assumes a basic knowledge of the wireless communications industry and will discuss the security benefits, logistical issues, marketing opportunities, and customer benefits associated with smart cards.2.1. Smart Card Overview
The smart card is one of the latest additions to the world of information technology (IT). The size of a credit card, it has an embedded silicon chip that enables it to store data and communicate via a reader with a workstation or network. The chip also contains advanced security features that protect the card’s data.
Smart cards come in two varieties: microprocessor and memory. Memory cards simply store data and can be viewed as small floppy disks with optional security. Memory cards depend on the security of a card reader for their processing. A microprocessor card can add, delete, and manipulate information in its memory on the card. It is like a miniature computer with an input and output port, operating system, and hard disk with built-in security features.
Smart cards have two different types of interfaces. Contact smart cards must be inserted into a smart-card reader. The reader makes contact with the card module’s electrical connectors that transfer data to and from the chip. Contactless smart cards are passed near a reader with an antenna to carry out a transaction. They have an electronic microchip and an antenna embedded inside the card, which allow it to communicate without a physical contact. Contactless cards are an ideal solution when transactions must be processed quickly, as in mass transit or toll collection.
A third category now emerging is a dual interface card. It features a single chip that enables a contact and contactless interface with a high level of security.
Two characteristics make smart cards especially well suited for applications in which security-sensitive or personal data is involved. First, because a smart card contains both the data and the means to process it, information can be processed to and from a network without divulging the card’s data. Secondly, because smart cards are portable, users can carry data with them on the smart card rather than entrusting that information on network storage or a backend server where the information could be sold or accessed by unknown persons (see Figure).
Figure. Information
and Personalization
The top five applications for smart cards throughout the world currently are as follows:
- public telephony—prepaid phone memory cards using contact technology
- mobile telephony—mobile phone terminals featuring subscriber identification and directory services
- banking—debit/credit payment cards and electronic purse
- loyalty—storage of loyalty points in retail and gas industries
- pay-TV—access key to TV broadcast services through a digital set-top box
3. Introduction to Smart Cards in Wireless Communications
Smart cards provide secure user authentication, secure roaming, and a platform for value-added services in wireless communications. Presently, smart cards are used mainly in the Global System for Mobile Communications (GSM) standard in the form of a SIM card. GSM is an established standard first developed in Europe. In 1998, the GSM Association announced that there are now more than 100 million GSM subscribers. In the last few years, GSM has made significant inroads into the wireless markets of the Americas.
Initially, the SIM was specified as a part of the GSM standard to secure access to the mobile network and store basic network information. As the years have passed, the role of the SIM card has become increasingly important in the wireless service chain. Today, SIM cards can be used to customize mobile phones regardless of the standard (GSM, personal communications service [PCS], satellite, digital cellular system [DCS], etc.).
Today, the SIM is the major component of the wireless market, paving the way to value-added services. SIM cards now offer new menus, prerecorded numbers for speed dialing, and the ability to send presorted short messages to query a database or secure transactions. The cards also enable greeting messages and company logotypes to be displayed.
Other wireless communications technologies rely on smart cards for their operations. Satellite communications networks (Iridium and Globalstar) are chief examples. Eventually, new networks will have a common smart object and a universal identification module (UIM), performing functions similar to SIM cards.
4. Easing Logistical Issues
All subscribers may easily personalize and depersonalize their mobile phone by simply inserting or removing their smart cards. The card’s functions are automatically enabled by the electronic data interchange (EDI) links already set between carriers and secure personalization centers. No sophisticated programming of the handset is necessary.
By placing subscription information on a SIM card, as opposed to a mobile handset, it becomes easier to create a global market and a distribution network of phones. These noncarrier-specific phones can increase the diversity, number, and competition in the distribution channel, which can ultimately help lower the cost of customer acquisition.
Smart cards make it easier for households and companies to increase the number of subscriptions, thereby increasing usage. They also help to create a market for ready-to-use preowned handsets that require no programming before use.
Additionally, managing fraud is also eased by smart cards. In a handset-centric system, if a phone is cloned, the customer must go to a service center to have the handset reprogrammed, or a new phone must be issued to the customer. In a smart card–based system, the situation can be handled by merely issuing a new card; customers can continue using their current phones. The savings in terms of cost and convenience to both carrier and customer can be substantial.
5. Providing Value-Added Services
One of the most compelling benefits of smart cards is the potential for packaging and bundling various complementary services around basic mobile telephony services. These services can greatly reduce churn and increase usage and brand recognition (see Figure).
The SIM card’s chip can be programmed to carry multiple applications. The activation of new applications can be downloaded to the card over the air, in real time, thereby reducing the time (and cost) to market.
Providing value-added services such as mobile banking, Web browsing, or travel services creates a high cost of exit for the customer. Long-distance companies have successfully used joint programs with airline companies to ensure the long-term loyalty of their customers. The more services a customer receives, the more difficult it is for the customer to leave the service provider. Smart cards provide an excellent vehicle for surrounding the core wireless service with these other valuable services, and packaging- and service-bundling opportunities are numerous. Examples of such opportunities are as follows:
- GSM Cellnet and Barclaycard, Europe’s largest credit-card issuer, developed a wireless, financial-services smart card. The SIM card activates the user’s Cellnet GSM phone and also provides a Barclays services menu. The services available via this alliance include the following:
- access to Barclays credit-card information
- access to Barclays checking-account information
- access to Barclays customer care
- Initially, the Barclaycard services will be provided via live customer service representatives who will answer calls from customers. Future enhancements will enable users to pay household bills, shop, and access financial information services while on the move.
- Swedish bank PostGirot implemented a utility bill–payment application in the Telia Mobitel SIM card. Mobile phone users accessed the service by simple menu navigation and keying information such as origin and destination bank-account numbers, date of payment, and amount, which enables them to pay their utility bills away from home.
6.1 Other Industries and Institutions
Certain industries, in particular information technology (IT), government, and financial services, will lead the way to mass-market acceptance of smart cards.Large IT players are deploying public key infrastructure (PKI) to provide secure logical access to information. PKI is becoming the way to secure messaging and browsing of private information, leading the way to secure electronic commerce. Smart cards are the ideal vehicle to transport the digital certificate associated with the trusted third parties of PKI infrastructures. They provide secure certificate portability and can combine other security applications such as disk file encryption and secure computer log-on. The inclusion of smart-card readers in the equipment listed in the PC99 recommendation has already driven large computer manufacturers to integrate smart-card readers into their product offer (for example, Hewlett Packard and Compaq).
Government agencies around the world are relying on smart-card technology to secure off-line portable information, including identification documents and electronic benefit transfer systems. A Brazilian province has issued its drivers licenses on smart cards to allow the police to view securely stored ticket information immediately. The U.S. government is a major early adopter of smart cards. It has instituted numerous smart card identification programs for its defense department and recently announced that it will further explore the nationwide use of smart cards for electronic benefit transfers as a fraud reduction tool.
In the financial industry, large players such as Barclays and Citibank currently use SIM cards to provide banking information to mobile users via their GSM phones. Electronic purse systems based on VisaCash, Mondex, Proton, and other schemes are deployed around the world and account for tens of millions of cards in Asia, Europe, and Latin America. Major U.S. banks are considering or conducting trials of smart card-based systems. The push by these major financial services firms will serve to accelerate consumer acceptance.
6.2 Consumers Primed to Use Smart Cards
Research conducted by the Smart Card Forum, an interindustry association dedicated to advancing multiapplication smart cards, has generated the following statistics:- 45 percent of consumers are favorably disposed to using smart cards
- 25 percent of households would actually obtain these smart cards
- 44 percent of consumers are likely to use identification-type smart cards (telephone cards, gas cards, automated teller machine [ATM] cards, etc.)
7 Smart Card?
A smart card is a
credit-card sized plastic card embedded with an integrated circuit chip that
makes it "smart". This marriage between a convenient plastic card and
a microprocessor allows an immense amount of information to be stored, accessed
and processed either online or offline. Smart cards can store several hundred
times more data than a conventional card with a magnetic
stripe. The information or application stored in the IC
chip is transferred through an electronic module that interconnects with a
terminal or a card reader. A contactless smart card has an antenna coil which
communicates with a receiving antenna to transfer information. Depending on the
type of the embedded chip, smart cards can be either memory cards or processor
cards.
8. Classification of Smart Cards
Due to the communication with the reader and functionality
of smart cards, they are classified differently.
As smart cards have embedded microprocessors, they need
energy to function and some mechanism to communicate, receiving and sending the
data. Some smart cards have golden plates, contact pads, at one corner of the
card. This type of smart cards are called Contact Smart Cards. The
plates are used to supply the necessary energy and to communicate via direct
electrical contact with the reader. When you insert the card into the reader,
the contacts in the reader sit on the plates. According to ISO7816 standards
the PIN connections are below:
- I/O : Input or Output for serial data to the integrated circuit inside the card.
- Vpp : Programing voltage input (optional use by the card).
- Gnd : Ground (reference voltage).
- CLK : Clocking or timing signal (optional use by the card).
- RST: Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card). If internal reset is implemented, the voltage supply on Vcc is mandatory.
- Vcc : Power supply input (optional use by the card).
The readers for contact smart cards are generally a separate
device plugged into serial or USB port. There are keyboards, PCs or PDAs which
have built-in readers like GSM cell phones. They also have embedded readers for
GSM style mini smart cards.
Some smart cards do not have a contact pad on their
surface.The connection between the reader and the card is done via radio
frequency (RF). But they have small wire loop embedded inside the card. This
wire loop is used as an inductor to supply the energy to the card and
communicate with the reader. When you insert the card into the readers RF
field, an induced current is created in the wire loop and used as an energy
source. With the modulation of the RF field, the current in the inductor, the
communication takes place.
The readers of smart cards usually connected to the
computer via USB or serial port. As the contactless cards are not needed to be
inserted into the reader, usually they are only composed of a serial interface
for the computer and an antenna to connect to the card. The readers for
contactless smart cards may or may not have a slot. The reason is some smart
cards can be read upto 1.5 meters away from the reader but some needs to be
positioned a few millimeters from the reader to be read accurately.
There is one another type of smart card, combo
card. A combo card has a contact pad for the transaction of large data, like
PKI credentials, and a wire loop for mutual authentication. Contact smart cards are mainly used in electronic security whereas contactless cards are used in transportation and/or door locks.
The most common and least expensive smart cards are memory
cards. This type of smart cards, contains EEPROM(Electrically Erasable
Programmable Read-Only Memory), non-volatile memory. Because it is non-volatile
when you remove the card from the reader, power is cut off, card stores the
data. You can think of EEPROM, inside, just like a normal data storage device
which has a file system and managed via a microcontroller (mostly 8 bit). This
microcontroller is responsible for accessing the files and accepting the
communication. The data can be locked with a PIN (Personal Identification
Number), your password. PIN's are normally 3 to 8 digit numbers those are
written to a special file on the card. Because this type is not capable of
cryptography, memory cards are used in storing telephone credits,
transportation tickets or electronic cash.
Microprocessor cards, are more like the computers we use on
our desktops. They have RAM, ROM and EEPROM with a 8 or 16 bit microprocessor.
In ROM there is an operating system to manage the file system in EEPROM and run
desired functions in RAM.
As seen in the diagram
above all communication is done over the microprocessor, There is no direct
connection between the memory and the contacts. The operating system is
responsible for the security of the data in memory because the access
conditions are controlled by the OS.
---------------- --------
| 8 or 16 bit
| | Crypto |
Reader <===| microprocessor
|-----------| Module |
---------------- |
--------
|
|--->
RAM
CRYPTOGRAPHIC |
CARD |---> ROM
|
+--->
EEPROM
|
With the addition of a crypto module our smart card can now
handle complex mathematical computations regarding to PKI. Because the internal
clock rate of microcontrollers are 3 to 5 MHz, there is a need to add a
component, accelerator for the cryptographic functions. The crypto-cards are
more expensive than non-crypto smart cards and so do microprocessor card than
memory cards.
Depending on your application you should choose right card.
8.3. PC
cards
While any
IC-embedded card may be called a smart card, its distinguishing feature is its
use for personal activities. For example, PC cards (also known as PCMCIA cards)
have the same characteristics as a smart card but they are used as peripheral
devices such as modems or game cartridges. These PC cards are seldom called
smart cards since they are extension devices without personalization. In this
sense, a smart card is a processor card that allows persons to interact with
others digitally to conduct transactions and other personal activities.
9. Operating Systems
New trend in smart card operating systems is JavaCard
Operating System. JavaCard OS was developed by Sun Microsystems and than
promoted to JavaCard Forum. Java Card OS is popular because it gives
independence to the programmers over architecture. And Java OS based
applications could be used on any vendor of smart card that support JavaCard
OS.
Most of the smart cards today use their own OS for
underlying communication and functions. But to give true support for the
applications smart cards operating systems go beyond the simple functions
supplied by ISO7816 standards. As a result porting your application, developed
on one vendor, to another vendor of smart card becomes very hard work.Another
advantage of JavaCard OS is, it allows the concept of post-issuance application
loading. This allows you to upgrade the applications on smart card after
delivering the card to the end-user. The importance is, when someone needs a
smart card he/she is in need of a specific application to run. But later the
demand can change and more applications could be necessary.
Another operating system for smart cards is MULTOS
(Multi-application Operating System). As the name suggests MULTOS also supports
multi-applications. But MULTOS was specifically designed for high-security
needs. And in many countries MULTOS has achieved "ITSec E6 High" in
many countries.
And also Microsoft is on the smart card highway with Smart
Card for Windows.
In a point of view the above Operating Systems are
Card-Side API's to develop cardlets or small programs that run on the card. Also
there is Reader-Side API's like OpenCard Framework and GlobalPlatform.
10. Programming
This API depends on the card terminal used, but supplies
generic functions that allow communication with memory cards and processor
cards. This API is a low level interface to the reader. But still used because
it complies with the ISO7816 standards and have a simple programming logic
resembling assembly. You just send code byes along with the data packets and
receive the response.
PC/SC Workgroup is responsible for the development of the
PC/SC Specifications. Under Windows, MacOS and Linux corresponding APIs could
be found. Under Linux, pcsc-lite suit could be downloaded from http://www.linuxnet.com/.
OpenCard Framework, OCF, is an object-oriented framework
for smart card communications. OCF uses Java's inter-operability between
environments to deploy architecture and APIs for application developers and
service providers.
GlobalPlatform was formed in 1999 by organizations those
were interested in issuing multiple application smart cards. The major goal of
GlobalPlatform is to define the specifications and infrastructure for
multi-application smart cards.
As you could understand from above, the standardization
period of smart cards is not finished. The demand on smart cards is growing on
the basis of end-user and developer. In my opinion, if you are a developer or
in a decision making position, you should carefully analyse all the standards
as well as the companies manufacturing smart cards. As a developer’s point of
view, in the near future I think, Java will evaluate itself as the standard
because of portability and cross-platform uses in spite of its slowness and
fast evolution.
11. Applications
on Linux
In this section there will be applications that uses smart
cards for some reason on Linux environment. If you are a developer of a
software and your development environment is Linux please let me know. I will
add you in the list.
11.1. scas
SCAS is a simple program that checks the code inside the
card with the code inside the computer. As an example of showing a way of
authentication with memory cards scas is very good.
smartcard is a general smart card utility in Linux which
uses CT-API. With smartcard utility you can read/write data from/into smart
cards. As long as your reader can be accessed via CT-API, smartcard can be used
to control the reader. Currently smartcard could only be used with memory cards
using I2C or 3W protocols. There is also a GTK+/Gnome graphical front end which
support all functions of smartcard utility.
ssh-smart is a basic proof-of-concept of ssh identity on
smart card, as the author says. ssh-smart uses smartcard utility to communicate
with the smart card. Basically, ssh-smart-add tool (perl script) call
ssh-keygen to generate RSA public and private keys. Than puts the private key
on the memory card. Later the ssh-smart-addagent tool can be used to extract
the private key from the card to use with ssh-agent.
11.4. smarttools-rsa
This is another PAM Module for Unix systems but supports
RSA authentication through your private key on the smart card. You must have a
Schlumberger Cyberflex Access card or Schlumberger Cryptoflex for Windows Card
and a working reader to use this tool.
11.5. smartsign
This utility is some-complete PKI integration with the
smart cards. To use you must establish a working OpenCA and have Schlumberger's
"Cyberflex Access 16K" smart cards. During the certification process
of OpenCA, private key and public certificate can be stored on the smart card
and private key, later, could be used with Netscape to sign outgoing mails and
news. Also smartsign supports authentication of local users via a PAM Module
through a public key authentication. Smartsign comes with gpkcs11, a PKCS#11
implementation, smastsh, a command line shell that allows browsing smart card
contents, sign_sc/verify_sc to sign and verify any file with smart card.
11.6. CITI Projects
At CITI, Center for Information Technology Integration of
Michigan University, there are some new projects. For example, Webcard is a web
server running on a Schlumberger Cyberflex Access Java Card. Features a
stripped TCP/IP stack that supports HTTP only. The system is designed to have a
router which frames IP packets in ISO7816 and a Java Virtual Machine in the
card. Detailed technical report can be found at http://www.citi.umich.edu/projects/smartcard/webcard/citi-tr-99-3.html
12. Smart Card UsesLiterally, billions of smart cards are already in use. Worldwide smart card sales could reach 1.6 billion units in 1998, up 23% from 1.3 billion units in 1997. Western Europe accounts for about 70% of the current smart card uses, followed by South America and Asia with about 10% each, while North America languishes at less than 5%. However, most smart cards issued today are memory cards (see Table) with limited processing capabilities. Still, hundreds of millions of processor cards are already in use today.
Smart Cards Issued in 1996 (in million units)
____________________________________
Phone cards 605
Health cards 70
Banking 40
ID/access cards 20
Pay TV cards 20
GSM cards (mobile phone) 20
Transportation 15
Metering/vending 10
Others 10
------------------------------------
Total 810
____________________________________
Source: Smart Card Industry Association
Phone cards have become ubiquitous in Western Europe and Asia where coin-operated public phones are becoming nearly obsolete. These pre-paid cards increase payphone operator revenues, allow more sophisticated transactions via public phones, and have become advertising devices as well as collector's items. Although the popularity of phone cards contributed to a widening acceptance of smart cards by consumers, however, processor cards are projected to be the fastest growing smart card uses by the year 2000.
Projected Growth of Smart Cards
Source: The Smart Card Cyber Show
13. Technology and Players
For smart cards to carry out applications, several components must come together. The technology of smart cards include four critical segments.
13.1. Card Manufacturers
A smart card begins with a micro-controller produced by semiconductor manufacturers such as Siemens, Motorola and Thomson. This integrated circuit chip is attached to an electronic module by inserting into a cavity on the module. Then, terminals between the chip and the electronic module are interconnected. Finally, the chip-embedded electronic module is glued to a plastic card. The global leader in card manufacturing is Schlumberger who sold about half of all smart cards in use in 1997. A close second is Gemplus followed by Bull and De La Rue of France.
13.2. Card Terminals and Readesr
Smart cards may be read by conventional card reader or by wireless terminals. New devices similar to a floppy disk allow smart cards to be read by PC disk drive. Suppliers of POS and ATM card readers have expanded into smart card readers for their product lines, where some worldwide consolidation is occurring. For example, a market leader Grupe Ingenico is buying another player De La Rue of France.
13.3. Interface between Card and Terminal (API)
Electronic modules embedded in smart cards have contacts by which messages are exchanged between the card's IC chip and the card reader. International standards such as ISO 7816 have specified which contact handles what type of data but applications must be programmed to manage message exchanges that can be used by networked processors. An interoperable and multi-platform application programming interface (API) is critical for smart cards to carry out diverse functions. Open standards such as Java smart card API provides one of several proposed interfaces. Java Card API in particular offers a development tool for flexible, multi-platform applications–"Write Once, Run Anywhere"–for devices ranging from Network Computers, Web TV, smart phones and other consumer appliances. The industry leader Schlumberger, for example, has introduced EasyFlex and FastOS based on Java API.
13.4. Applications
The ultimate utility of smart cards is in the functions they carry out–for example, payment process, identification, network computing, health care management, benefits distribution and so on. Application programs handle data read by smart card readers and forward them to central computers located at the other end of the smart card infrastructure such as payment servers in banks, traffic control centers or mobile phone centers, credit card companies, transit authorities, governments, Microsoft and other service providers. Market players and stake holders in this end game for smart cards include a wide variety of firms and institutions including card issuers, content providers, Visa and MasterCard, banks, government agencies, security implementers such as Lucent Technologies, electronics manufacturers such as NEC, and service providers who want to exploit advantages of smart card technologies.
14. Smart Card Advantages
Compared to conventional data transmission devices such as magnetic-stripe cards, smart cards offer enhanced security, convenience and economic benefits. In addition, smart card-based systems are highly configurable to suit individual needs. Finally, the multifunctionality as payment, application and networking devices renders a smart card as a perfect user interface in a mobile, networked economy.
14.1. Customer Benefits
14.1.1 Full Portability of Services
The smart card effectively breaks the link between the subscriber and the terminal, allowing the use of any properly equipped terminal and helping to realize the wireless promise of any-time, anywhere communications. In fact, subscribers need not be constrained to using voice terminals only. A variety of other mobile communications devices such as personal digital assistants (PDAs) and personal intelligent communicators (PICs) are available that may have voice communications added as an integral part of their capabilities. If these other devices are equipped for smart cards, the potential for communications is increased. Similarly, data communications applications could benefit from the security features inherent in smart cards.14.1.2 International Roaming
Wireless customers often require the ability to place and receive calls when traveling abroad. For these customers, international roaming enabled by smart cards is quite valuable. For example, Ameritech, AT&T, and GTE have all instituted international roaming programs using GSM phones and smart cards. The program uses co-branded smart cards, which corporate customers bring with them when they travel abroad. Customers are given a telephone number from a GSM carrier, which allows them to be contacted in any of the countries that have international roaming agreements.14.1.3 Intersystem Roaming
The incompatibility of different communications radio interfaces and authentication protocols (time division multiple access [TDMA], code division multiple access [CDMA], GSM, personal digital cellular [PDC], mobile satellite systems, etc.) requires subscribers to make choices that constrain them to use only one particular type of handset that works with only one radio interface. With a smart card, it becomes possible for subscribers to use one handset for different interfaces and protocols. This feature is already implemented among the three frequencies used by the GSM platform (900, 1800, and 1900 MHz). American National Standards Institute (ANSI) telephone industry price index (T1P1).3 has recommended standards for a user identity module, a smart card that can be used with the major radio access methods. Thus, it becomes conceivable to have current GSM smart cards modified so that they can work with a CDMA handset. For example, North American GSM operators have designed a process to which the SIM holds both the GSM and advanced mobile phone service (AMPS) authentication algorithm and data to provide authentication on both networks in interroaming situations.14.1.4 Multiple Services on a Single Card
As mentioned earlier, maximum value is realized by the subscriber when multiple applications are stored on a single card (see Figure). A multiapplication smart card could provide access to airline reservation and ticketing systems and information networks, as well as a mobile telephone service. Considering the many cards that the average person carries these days (i.e., numerous credit cards, debit cards, employee ID cards), integrating more applications into a single card (or at least fewer cards) has obvious appeal and benefits. It is important to note that there is clear interest on the part other industries to package their services with mobile telephony. For example, research by Citibank indicates clearly that a substantial percentage of the company's customers would like to be able to conduct its banking on a variety of platforms, including wireless. Such services are already available using a standardized toolbox for smart-card application creation.14.1.5 Separation of Business and Personal Calls
The smart card allows customers to be billed separately for personal and business calls made on a single phone. For example, Airtel, a Spanish GSM operator, uses a SIM card with two sets of subscription information—one for corporate and the other for personal use. Airtel’s dual SIM cards have been well received in the corporate market.14.2 Enhanced Security Benefits
SIM cards have several features that enhance security for wireless communications networks. Smart-card supporters point to the potential of limiting or eliminating fraud as one of their strongest selling points.
SIM cards provide a secure authentication key transport container from the carrier’s authentication center to the end-user’s terminal. Their superior fraud protection is enabled by hosting the cryptographic authentication algorithm and data on the card’s microprocessor chip. SIM cards can be personal identification number (PIN) protected and include additional protection against logical attacks. With added PIN code security, SIM cards offer the same level of security used by banks for securing off-line payments.
Because the home network–authentication algorithm also resides in the card, SIM cards make secure roaming possible. They can also include various authentication mechanisms for internetwork roaming of different types.
Complete fraud protection (with the exclusion of subscription fraud) can only be provided in the context of a complete security framework that includes terminal authentication, an authentication center, and authentication key management. Smart cards are an essential piece of this environment, but only the complete architecture can allow fraud reduction and secure roaming.
Finally, it should be noted that biometric smart-card applications such as voice or fingerprint recognition could be added to provide maximum fraud prevention. Smart cards could then combine the three basic security blocks of possession, knowledge, and characteristics (see Figure ).
14.3 ConvenienceOne use of the old fashioned memory cards is to replace various identification cards. Smart cards will combine paper, plastic and magnetic cards used for identification, automatic teller machines, copiers, toll collection, pay phones, health care and welfare administration. Universities, firms and governments rely on smart identification cards since they can contain more detailed data and enable many services to be integrated. Health care cards, for example, reduce document processing costs by allowing immediate access to personalized patient information stored in smart cards. Most other smart card uses combine identification function with specialized purposes as in military PX cards, government's Electronic Benefit Transfer cards, and university ID cards that are also used to pay for food and photocopies.
14.4 Economic Benefits
Smart cards reduce transaction costs by eliminating paper and paper handling costs in hospitals and government benefit payment programs. Contact and contactless toll payment cards streamline toll collection procedures, reducing labor costs as well as delays caused by manual systems. Maintenance costs for vending machines, petroleum dispensers, parking meters and public phones are lowered while revenues could increase, about 30% in some estimates, due to the convenience of the smart card payment systems in these machines.
14.5 Customization
A smart card contains all the data needed to personalize networking, Web connection, payments and other applications. Using a smart card, one can establish a personalized network connection anywhere in the world using a phone center or an information kiosk. Web servers will verify the user's identity and present a customized Web page, an e-mail connection and other authorized services based on the data read from a smart card. Personal settings for electronic appliances, including computers, will be stored in smart cards rather than in the appliances themselves. Phone numbers are stored in smart cards instead of phones. While appliances become generic tools, users only carry a smart card as the ultimate networking and personal computing device.
14.6 Multifunctionality
The processing power of a smart card makes it ideal to mix multiple functions. For example, government benefit cards will also allow users access to other benefit programs such as health care clinics and job training programs. A college identification card can be used to pay for food, phone calls and photocopies, to access campus networks and to register classes. By integrating many functions, governments and colleges can manage and improve their operations at lower costs and offer innovative services.
15 Marketing Opportunities
In addition to the value-added services they can provide, smart cards provide many marketing opportunities to network operators.
15.1 Brand Recognition
Smart cards provide a means for greater brand exposure and reinforcement. The cards can be considered mini-billboards, providing frequent opportunities for the customer to be exposed to a brand name. Compared to other advertising media, they provide a cost-effective vehicle for achieving a high number of brand exposures to a targeted audience. Network operators with limited brand recognition can co-brand their cards with companies with greater brand equity to strengthen their market positions.15.2 Customer Loyalty Programs
Smart cards can play an extremely valuable role in a carrier’s customer retention efforts. The data on a smart card is a digital representation of the customer’s habits; i.e., number of calls, services accessed, merchandise purchases, etc. This rich database of customer information makes it possible for network operators to develop highly targeted or one-to-one marketing. Carriers are then able to provide services and offerings particularly suited to their customers, increasing customer loyalty to the carrier.15.3 Direct Marketing
With their convenient form factor, smart cards can be used in direct-mail campaigns to sell wireless subscriptions, both for prospecting and subscription renewal. Using temporary or prepaid smart cards, network operators have a low-cost channel for selling their services. In addition, subscription changes, renewals, and upgrades are easily handled by sending new cards in the mail (see Figure 4).
Figure 4. A Direct
Marketing Scenario
15.4 Advertising
Two services, used in conjunction with smart cards, provide network operators with possibilities for highly targeted advertising. Short message service (SMS) and cell broadcast leverage smart cards to send advertising or informational messages that appear on the handset display to wireless users.15.5 Trial Subscriptions
Smart cards are an ideal vehicle for trial subscriptions. Programmed as prepaid cards, they can attract new customers to try wireless services with limited, defined financial risk for both the network operator and the consumer.15.5 Incidental Revenues
Network operators issuing smart cards can generate additional revenue by selling memory space on the card to other companies. For example, available space can be sold to gas stations so that the smart card can also be used as a debit card for gas purchases. The card’s surface can also be used for imprinting the participating company’s brand, for which the carrier can receive fees for space advertising.16. Drive Toward Cashless Society
Smart cards were first developed as a payment method to simplify small value transactions. Commonly called as a stored-value card, the data contained in a smart card represents a monetary value that can be added or reduced as transactions are carried out. This has proven to be useful in Western Europe and Asia where public transportation and public phones are widely used.
In North American, the popularity of checks, credit cards and debit cards makes smart cards a less attractive alternative. But in countries where the public phone system is less than optimal, a smart card-based payment system offers convenience without increasing investment in phone infrastructure. In some countries, the increasing use of smart cards is also leading to advancements in banking services and the acceptance of credit and debit cards by consumers.
16.1 Benefits
A cost effective, secure and convenient alternative to cash transactions is needed as cash is still the most important payment method in terms of number of transaction. Over 80% of transactions are made in cash. Smart cards offer several advantages over checks and credit cards:
- Reduced handling costs
- Improved ease of use
- Lowered costs in infrastructural supports such as banking system and phone networks
- Versatility of combining credit, debit and stored value cards in one convenient platform
- Lower transaction costs
- Ability to carry out offline, online and peer-to-peer transactions
The world leader in smart card payment system is Mondex International which is the international franchising organization that licenses its right to a local Mondex originator in each country. A Mondex originator then creates electronic cash units serving as a given nation's currency. In each country, several Mondex issuers actually issue, distribute and resell cards to consumers. The Mondex card functions as an electronic purse that downloads and stores cash values. Mondex cards are read at time of transaction verified either through telephone line, on site through Mondex wallets which allow transfers between cards, or via the Internet by inserting the card into a standard smart card reader connected to a PC.
Mondex is one of several electronic cash payment systems. Other systems such as DigiCash are purely a form of electronic cash developed for online transactions. However, differences between pure electronic cash and smart card (stored value) based payment system are increasingly less obvious since electronic cash can be stored in a smart card and exchanged offline and a Mondex card reader can be connected to a personal computer allowing online transactions.
17. Smart Cards As a Payment System
A payment function is an integral part of most smart card applications because most services accessible by smart cards must be paid one way or the other. But before smart cards are widely used as a preferred payment method in electronic commerce, two outstanding issues must be resolved:
- legal protection for loss and fraud
- demand and supply for microtransactions
17.1 Legal Protection and Liability
Currently, a cash balance stored in Mondex is not insured or protected against loss or theft. In comparison, a credit card user is liable only to a minimum determined by legislation such as Regulation E. Being a cash equivalent, however, a stored value on a Mondex card is not recoverable if the card is lost or stolen. Several electronic cash payment systems guard against such losses by an elaborate encryption mechanism or a required authentication in each transaction. They, however, add significant transaction costs minimizing their advantages over cash or checks. A cost effective guarantee or assurance on stored values must be established to protect consumers. But legal opinions regarding the liability and rights of issuers and users of electronic cash vary widely. In general, online stored value systems which do not rely on smart cards may be protected by existing Federal Reserve regulations as long as the funds are considered to be in consumer deposit accounts. Offline systems are left to voluntary arrangements between card issuers or financial institutions and consumers.
17.2 Microtransactions and Micropayments
A more convenient, low-cost payment method is necessary for low-value transactions. There are many examples of micropayments already in use: toll and bus fare collections, copy machine payments, parking meters and vending machines. Coins and tokens used in all of these examples can be substituted by smart cards. However, will there be substantial demand for microtransactions and micropayment methods in electronic commerce? The answer will depend on how information and other digital products are sold online. Bundling and subscription plans are based on aggregating small charges into a periodic bill that is large enough to utilize conventional credit card payments. If sellers and consumers prefer to aggregate products and services, there will be little need for a flexible payment system. On the other hand, unbundling and customizing products require a payment system which can facilitate small charges, for example one or two cents for a Web page. Before smart cards and electronic cash are used widely, the demand for, and supply of, microproducts and microtransactions must precede.
Even when these issues are resolved and smart cards become a preferred payment method for electronic commerce, the excitement over smart card technologies and the ready embrace by many developers of these technologies are due more to the explosion of applications than to being a convenient form of payment. The smart card platform has already expanded into the mainstream computing and commercial arena as a versatile technology to implement innovative services in a mobile network.
18. Smart Networking
A smart card as an interoperable computing device has become the ultimate utility of processor cards. Today's networked societies revolve around accessing the worldwide information superhighways. As more people log-in to the network and more and more activities take place through networks, online security is of utmost importance. Smart card technologies provide strong security through encryption as well as access control based on identification technologies such as biometrics. Information kiosks and phone booths equipped with smart card readers will become network centers. Smart cards are the world’s smallest mobile computers.
Mobile Communications By the year 2000, global mobile networks will enable a real time connection to anywhere, anytime. Global networks based on low earth orbiting satellites such as Teledesic and Iridium are in the works or already in operation. Mobile phones are gearing up to be a truly global communications network via Global Services for Mobiles (GSM) system. Phones come equipped with a smart card slot to enable integrated services. For example, Schlumberger's SIM (Subscriber Identification Module) card can take care of call personalization, payment, security and other services such as linking your phone with your PC using a GSM phone. A smart network can also operate through a reader terminal installed at home or in offices, at a convenient store or a gas station, at an information kiosk in libraries or a phone center at airports or even on a remote hiking trail.
19. Integrated and Customized Services
Smart cards go beyond replacing existing cards. Smart cards are interface devices that allow users to digitally interact with firms, consumers and products in the networked world. Smart cards are closer to a personal mobile computer.
Electronic Ticketing Traffic management and fare collection systems often impose heavy operating costs in public transit systems and toll highways. Prepaid cards have proven to be very effective and popular in saving time and resources in managing traffic and passenger flows and improving services. Contactless smart cards send data via radio frequency waves eliminating long lines. The amount of information on smart cards also allow new type of services which are customized for specific groups of users, and the user data can be collected and analyzed by a central server further improving services. Such ticketing systems can also be used in sports arenas, concert halls, amusement parks and other venues processing admissions.
Smart Vending Smart card vending systems are used for petroleum dispensors, various vending machines and parking meters. Smart card-based vending systems not only simplify payment processes but also enable customized services. For example, a smart parking meter can charge a fraction of a minute or levy different amounts depending on the customer profile, time of day or zones. Smart vendors also provide marketing incentives such as discounts and coupons to reward loyal customers based on purchasing behaviors. Smart vending thus allows a total integration of payment, marketing and services in a networked enterprise.
Example: "The Smart Village"
The Smart Village envisioned by Schlumberger, the largest smart card seller, illustrates the vision of a networked world where smart card-based services and products inhabit our every day lives. This smart marketplace includes: GSM payphones and mobile telecommunication, private site smart pay phones, smart ticket vending machines at transit terminals, smart pay and display units at parking lots, smart fuel dispenser at gas stations, contactless, remote and prepaid card terminals in retail locations, smart health care management and network access based on secured, personalized smart cards.
Example: Resort and Park Management
Smart resort cards issued and managed by Leapfrog Smart Products Inc. are smart cards that allow cashless transactions in RV parks for in-park transactions that include admission and usage fees as well as vending and laundry services. Cards are also used to record annual membership payments, to grant physical access to the park, and to store information such as medical records for emergency usage. Several loyalty programs such as coupons and reward vouchers are also stored and managed on the cards.
The infrastructure required for such an integrated service is relatively simple: doors and gates, POS terminals in each RV park, vending machines and washers are retrofitted to accept 8K Gemplus cards which cost about $10.75 each. Operational benefits, as elaborated by Leapfrog, include:
- increased gross revenues
- decreased pilfering and fraud
- decreased administrative cost
- increased security
- streamlined accounting procedures
- increased overall profit
Example: Performance Art Revue
When customer profiles, product information and payment data are combined, a simple smart card becomes a versatile operating, marketing and management tool. One Yellow
Rabbit Performance Theatre of Calgary, Canada, has introduced smart card-based season tickets. Using StarGenix smart cards, the season pass is a convenient and cost-saving ticketing and stored-value system. The card contains ticket, performance, reservation and cardholder information as well as a stored-value component redeemable for bar service and the theatre's products sold at its stores.
20. Agreeing upon Standards: The Last Hurdle
The key ingredient for smart cards to succeed is interoperability and standardization in hardware and applications. Without such standards, potential card issuers and users take a severe risk in investing in new technologies that may not be compatible with future generation technologies. Hardware standards have been an integral part of smart card development in the last few years while application specific standards have only begun to emerge.
20.1 Hardware Standards
Hardware standards specify physical and communications dimensions of smart cards. International Standard Organization (ISO) 7816 is a global standards which lay out physical characteristics of cards and contacts, transmission protocols, interindustry commands for interchange and rules for applications and data elements. ISO 10536 specifies similar characteristics for contactless cards. Several other ISO standards have been developed or under review which control local and global interchange message specifications, card accepting devices and security architecture.
20.2 Application Standards
Application-centered standards are developed to resolve communications and data exchange conflicts between the cards and the institutions which process these data. By limiting to specific solutions, these standards often include both hardware and application standards. For example, electronic purse standards (CEN, Mondex or EMV) describe card's physical characteristics, data and application interfaces and transaction procedures that involve financial institutions. Payment standards such as Secure Electronic Transaction (SET) or Chip-Secure Electronic Transaction (C-SET) are protocols which facilitate exchanging and validating transaction data. For mobile communications based on smart cards, European ETSI standards provide a basic framework under Global Services for Mobiles (GSM) based on Subscriber Identification Module (SIM).
20.3 Local Standards
As more industry-specific applications appear, local standards are evolving to manage integrated transactions between end users' smart cards and processing institutions. Such standards eliminate the need for expensive and inflexible custom interfaces and allow industry-wide integration. For example, health care card standards intend to create a common computing framework to identify patients, query their medical data, process payments and allow health care management in a distributed environment. The health care industry is also developing Electronic Medical Record standards to facilitate technological developments and applications. Smart card technologies are only a harbinger of things to come. To maximize their usefulness and promote wider acceptance by users, standards across industry users must be available whether it is for traffic management, electronic benefit transfers, health care or travel services.
20.4 Network Computing Standards
With the exponential growth in computing power and a drive toward miniaturization, smart cards will ultimately function as a mobile networking interface for personal use. A group of technology companies under the OpenCard Framework is now working to extend industry standards for network computer into smart cards. A smart card in this capacity is inserted to Network Computers, public phone booths, networked information
kiosks and LAN terminals to become your personal computer. A key element in allowing smart cards as a computing platform is an interoperable operating system or an application programming interface which can be incorporated into smart cards' processors. A leading candidate is Sun Microsystems' Java smart card API which allows developers to create multi-platform applications. The much-hyped Network Computers could become terminals that accept Java-enabled smart cards.
Unlike European and Asian consumers, Americans seem to be reluctant to swap their credit cards and ATM cards with smart cards. An average consumer in the U.S. uses his or her ATM cards 15 times per month according to a Star Systems, Inc., survey, and the increased use of cards at POS terminals is the single most important factor in this trend. Compared to this growing trend toward using plastic cards, the reluctance in using smart cards stems primarily from the public's perception of smart cards as an electronic payment system. Although ATM card holders report "some interest" in using smart cards, security is the primary concern in storing money on their cards. Several pilot programs, however, are introducing the versatility of smart cards to consumers.
21.1 Smart Card Pilots
Several large scale pilot projects are aimed at testing the future acceptance of smart cards. The most publicized try-out during the 1996 Atlanta Summer Olympics had a mixed result. Regardless, transit authorities in San Francisco, Washington, D.C., and Finland are rolling out smart card systems for transit management. 120,000 members of Quebec Soccer Federation of Canada will soon be using smart cards for registration at tournaments, at McDonald's restaurants, and for several promotional and reward programs. States of Ohio and Wyoming are testing smart card technologies to deliver government benefit payments.
21.2 Long-Term Benefits of Smart Cards
Despite growing interests, smart card-based systems are not entirely cost effective compared to many alternatives when one considers only the immediate costs and benefits. For example, a welfare benefit distribution program using magnetic-stripe cards cost less than smart card-based systems due to initial capital investment and the cost of cards. Nevertheless, long-term benefits are substantial. Ohio expects to reduce its monthly cost of benefit distribution from $3.84 to $2.89 per household by using smart cards. In addition, transaction data associated with smart cards allow the state to cut down benefit frauds and abuses substantially.
Larger and more important benefits are less obvious at this stage of smart card technologies. Most smart card applications available today seem only to duplicate functions carried out successfully and effectively by existing methods. The advanced banking and financial systems and efficient communications networks in the U.S. work against adopting smart cards. Like cellular phones which may be useful in less developed countries with limited phone lines and high communications costs, smart cards are readily accepted in countries where consumers and businesses do not trust checks and other debt instruments, or there is a high incidence of inflation, fraud, crime and other factors favoring cash. For smart cards to gain a wider acceptance, interoperable hardware, simple user interface and more applications must appear to satisfy consumers who expect to use the same card in different retail outlets and for different purposes. Considering that Java smart card API was introduced in 1996, smart card technologies do have enormous potential to become the next killer application for the digital economy.
The future prospect for smart cards critically depends on introducing multifunctional cards and overcoming the simplistic view of smart cards as a payment medium. The Internet as a distributed and interoperable computing network provides a perfect setting for smart cards to become the ultimate network computing platform. Further developments in mobile networks and digitally-interfaced consumer appliances all point to smart cards playing the role of the ultimate personal computing and communications devices. In the networked economy where smart cards provide a smart infrastructure, physical products become smart products.
Opportunities largely depend on the developments in applications and a standardized user interface that allow users to interact with smart products over a network.
22.1 Smart Products
Smart products, like smart cards, are made smart by marrying physical products with computing power. However, the nature of smart products is changing from a product with a lot of computing power embedded within the product itself to a product with a smart interface. For example, a smart highway is equipped with sensors that interact with smart automobiles which come with their own on-board computers and sensors. Nevertheless, this involves a significant cost to upgrade millions of miles of highways. The marriage between information superinfrastructure and physical highways seems impractical.
The solution is not to equip highways and automobiles with powerful computers but to engineer them to interact with smart devices. With an accurate global positioning system,
sensors need not be embedded in highways. The location of a vehicle can be determined by interfacing an automobile's computer with a satellite. Much of the automobile's computing is done through smart cards and remotely connected servers. Similarly, consumer appliances can be equipped with smart card readers instead of installing product-specific computers. For example, cellular phones interact with smart cards to access personal information instead of storing it in each phone. In essence, smart network computers and smart products can be less powerful and more standardized when interfaced with smart cards.
22.2 Portfolio Products
The future of production and consumption is based on customization which often involves unbundling and re-bundling different products, changing contents and pricing individually. Unlike the economy where mass produced goods help reduce production costs, the economy of customization is concerned with increasing choices for consumers. Managing such an economy is challenging as the number of products explodes and transactions become extremely complex.
A smart card-enabled system offers a versatile management tool in such an economy. For example, smart credit cards issued by American Express can be loaded up with airline tickets and hotel reservations. A travel plan may also include rental cars, admissions to concerts and amusement parks, long distance phone bills, food and drinks. Arrangements may change in real time necessitating coordination and adjustments among different vendors. Such an integrated product or service has to be managed by computers and requires spontaneous interactions with all parties involved. Instead of carrying a personal computer to do the job, all transactions within such an integrated (‘portfolio’) service plan can be managed through a single smart card by inserting it into a public or mobile phone or a network terminal at business locations.
As we already know smart cards are secure place to hold
sensitive data, such as money and identity. And if the identity is the subject
we should talk about PKI, Public Key Infrastructure, and smart cards.
Think that, you are working in a company with many branch
offices and many facilities. In such large companies often employers have
access permissions to different physical places. Also you access the servers
inside the company for various purposes like sending mail, uploading the web
pages and accessing the databases of the company. Just think, one password for
each server and one key for each door and some money in your wallet to buy food
or drink from the local restaurant.
Actually you could just use a smart card. If you use a
microprocessor card and a the cards operating software or Java cardlets permit,
you could use only one card for all these. For this scenario to work, the
company must establish a local CA, Certificate Authority. Below there is a
diagram showing the structure of a PKI simply, as described in RFC 2459.
+---+
| C | +------------+
| e | <-------------------->|
End entity |
| r | Operational +------------+
| t | transactions ^
|
| and management |
Management
| / | transactions |
transactions
|
|
| PKI users
| C | v
| R | -------------------+--+-----------+----------------
| L | ^ ^
|
|
| | PKI management
|
|
v | entities
| R | +------+ |
| e | <---------------------|
RA | <---+ |
| p |
Publish certificate
+------+ | |
| o | | |
| s | | |
| I | v v
| t |
+------------+
| o |
<------------------------------|
CA |
| r |
Publish certificate
+------------+
| y |
Publish CRL ^
|
|
|
+---+ Management |
transactions |
v
+------+
| CA |
+------+
|
- end entity: user of PKI certificates and/or end user system that is the subject of a certificate;
- RA: registration authority, i.e., an optional system to which a CA delegates certain management functions; (in some implementations, where you register your self to the system)
- CA: certification authority; (Your public key, can be issue when you register yourself or can be self-issued, is signed and your certificate is issued to you at CA)
- repository: a system or collection of distributed systems that store certificates and CRLs, Certificate Revocation Lists, and serves as a means of distributing these certificates and CRLs to end entities.
In fact, this is just a simplified view of the entities
PKI. The employer or the end entity just applies to the CA or RA to get a
certificate A certificate is just a public key digitally signed with the
issuer's, CA, private key. By signed with the CA's private key, all which trust
the CA, can also trust the end entity. Your digital ID is ready. Just write
your digital ID and private key to your smart card. Or a better way, new smart
cards are deployed with embedded functions that generate public and private
keys inside the card which means your private key is not exported to anywhere.
New deployed cards are capable of PKI functions which you
do not need to export the private key to the application you use. For example
when you want to send a signed mail, your mail applications first generates a
hash of the document you just wrote and starts the communication with the card.
Your application sends the hash value to the card which is than signed with
your private key inside the card. By this way your private key is never
exported to the public, your computer.
Also, while accessing your remote shell account you could
use ssh, secure shell, client. In man page of OpenSSH, an authentication method
for ssh protocol 2 is described. Main purpose of the method is true
identification of the person trying to access the account and secure connection
between the host, if the user is accepted. Theoretically, only you can know
your private key. Although your private key is only readable by yourself, this
could be a security risk. But if your private key is inside a smart card, this
is an increased security. Of course, a smart card can get lost. But at this
point another security subject is on the line, your PIN. Generally speaking,
smart card's security comes from two things, one you know and one you own.
SSH is not the only application that smart cards can be
used. Other applications like, money transactions on the net, identification of
yourself to the website you connect can be done with smart cards. The system is
more or less the same. Your identification is checked via your private key and
secure session is started with your keys. Than application specific part comes
which is designed and deployed by the service provider of the application. Some
money transactions are just done inside the smart card but some applications
just ask the card for your banking account number. There could be more methods.
Electronic locks that can communicate with a smart card can
be found on the market. PKI can support, in addition to the mutual
authentication between the card and the reader, access accounting in the
building. Just mutual authentication can be used or the lock ask to a local
server that keeps the user data and checks if the user is permitted to go
behind the door. And whether the permission is granted or not the server keeps
the tracks of the access trials.
With integration of smart cards into PKI world, many more
applications could be built. These application are mostly security specific or
to ease the life of the customers.
24. Further
Information
In this section there are places to visit for more in-depth
information.
Some news groups are:
From the MUSCLE Project, <sclinux@linuxnet.com>, Smart Card Developers mailing list. The subject of the
list is smart card development under Unix and Mac OS. Just send <majordomo@linuxnet.com> with subscribe linux in the body of your mail. Also you can
reach the archives at The Mail Archive. See linuxnet.com
mailing list page for more information.
There are a huge number of informative web sites available.
They could change and get outdated.
A good starting point is Movement for the Use of Smart Cards in a
Linux Environment home page, an information central for
documentation, project pages and much more.
Also, USENIX Workshop on Smartcard Technology
can take your interest.
Please let me know if you have any other leads that can be
of interest.
As all HOWTOs should be, this document will retain in
"Under Development" phase as long as smart card technology is not
obsolete.
- The part about the physical characteristics of smart cards should be re-organized.
- In the "Programming" section there must be more information about the standards of programming smart cards.
- A new section of examples must be added.
- Scenario section (e.g. Building a Corporate PKI) should be added with in-depth information. (I will add some time in a few weeks :))
- There could be a section about the tamper resistance of smart cards. How tamper resistance is supplied and how secure is smart cards against new high-tech gamers. (I have found some references and information but they must be organized before adding.)
Wow, it seems like I have many things to add :))
By the year 2000, an estimated 2.8 billion smart cards will be issued annually in the world. But 70% of these cards will be in use in Western Europe and Asia while North America will account for only about 12% of the business. Nevertheless, even in North America, the prospect for processor cards is not as gloomy as phone cards. If the current trend will persist, there will be over 100 million processor cards in use in North America. These smart cards allow merchants to integrate products, payment and customer service and customize pricing and marketing efforts based on real user behaviors in real time. Smart cards as a secure payment system has garnered the keenest attention in the marketplace. However, smart cards are an indispensable commercial infrastructure in a networked marketplace which combine the functions of purses, credit cards, ID cards, tickets, coupons and tokens with data for personalized settings. The electronic persona in the digital world will be indeed in the form of a smart card and no enterprise solutions should ignore its potential impacts on business.