Smart card

Smart card, often referred to as a smart card or integrated circuit card (ICC), special plastic cards incorporating an integrated circuit (chip ) that includes a hardware logic, memory or a microprocessor. Smart cards are controlled by special card readers.

History

In the history of the smart card two inventors introduced their patents, the development of the smart card in its present form.

When first presented on 10 September 1969, the German inventor Jürgen Dethloff together with Helmut Gröttrup his idea to "build a special integrated circuit identifiers of " in a patent- a. The second inventor is the Frenchman Roland Moreno, who registered his patent in 1975. The website of the U.S. Patent and Trademark Office, it is registered under the Date 30 May 1978. He describes an "independent, electronic object, designed for the storage of confidential information " that enables access by entering a "secret codes " (PIN).

In the United States applies Vernon treasure as a basic patent holder (patent 1977).

Classification

Chip cards can be distinguished according to different criteria. The catchiest is the distinction between memory chip cards with simple logic and processor chip cards with their own card operating system and cryptographic capabilities.

This classification was long in conformity with the division into synchronous cards ( memory cards; protocols: 2wire, 3wire, ...) and asynchronous cards (processor chip cards; protocols: T = 0, T = 1). Meanwhile, there are also Secure memory cards with enhanced security features (DES or AES encryption ) and memory chip cards that work on asynchronous protocols ( GemClub Memo), the latter are thus very easily via the PC / SC system in your own applications to integrate.

Smart cards are also differentiated on the external interface. The contact chip cards are contactless RFID smart cards or transponder cards including Mifare or Legic cards over. Chip cards with multiple (different) chips are called hybrid cards, there are on the market but also chips that can be addressed via both interfaces ( dual interface cards). Together with PC/SC2 thus resulting innovative uses.

Construction

The main component of the chip card, the integrated circuit, which determines the capabilities of and thus the field of application of the smart card.

The chip is protected by the chip card module, so that the chip is not normally visible from the outside. The module also represents the connection to the outside world, the typical gold contacts of the chip card module are often incorrectly referred to as a chip. Although a common smart card chip for communication needs only five contacts, smart card modules have always determined by the size of the embedded chips, six or eight contacts, however, to correspond only to the ISO standards.

Finally, the module including chip is installed in a card. For this, a cavity is cut and the module is glued into a pre- printed card.

Many smart cards, especially for mobile, have a unique ICC-ID or ICCID, this is 19 - to 20 -digits, including a check digit.

Formats

The card dimensions are standardized according to ISO 7816 and available in accordance with this standard in three different sizes:

• ID-1: The largest and most widely used format ( 85.60 mm × 53.98 mm) is used in ATM cards, phone cards, the EU driving license or health insurance card. We also talk about credit-card format.
• ID -00: The median size ( 66 mm × 33 mm) has not yet found a larger application.
• ID -000: The smallest of the formats (25 mm × 15 mm) is used primarily for SIM cards in mobile phones use.

There are other typical sizes:

• Mini - UICC (12 mm × 15 mm): not much larger than the contact surfaces
• Visa Mini ( 65.6 mm × 40.0 mm): Visa proprietary format

The thickness of the cards of all sizes is uniform and is 0,762 mm (exactly 0.03 inches).

Memory chip cards

The simple smart cards consist of only one memory that can be read or written, for example, the health insurance card or phone card. Through the interface, it is possible to sequentially access the individual memory cells. Using memory cards, see where all that matters is the storage of data, but not on the unwinding of complex processes.

Depending on the chip used, the data can be protected by passwords or PINs before reading, or alteration by third parties.

Processor chip cards

Processor chip cards have a microprocessor, on which one can access the stored data. There is often no way to directly access the data area. The detour via the microprocessor makes it possible to protect the data on the card via cryptographic methods from unauthorized access. The ability to run on these microprocessors application-specific programs, offers many advantages compared to memory cards, eg smart cards, which are used as means of payment ( debit card ) or important data ( SIM cards for mobile phones, for example ). Often, the map also includes a signed key and serves as a decoder card (eg the pay-TV or other access systems). Already in the manufacture of parts of the chip card operating system ( COS) and the intended applications are loaded onto the card.

The smart cards can be used as secure information or key store, but they also provide various security services such as authentication, encryption, signature and so on, which can be used in a trusted environment. Since the private key stored on the smart card and not this leave the Espy of the key is not possible, which is why a signature generation on the smart card is very safe.

In Processor chip cards has its own operating system is running. This can be, for example Basic Card, CombOS, CardOS, JCOP, MTCOS, MULTOS, SECCOS, Sicrypt, STARCOS or TCOS.

The processor cards can again be divided into two categories. These are cards with a fixed set of commands that can only be adjusted by the manufacturer of the operating system and user-programmable cards that can be expanded via a development environment to your own commands or commands. Cards with a fixed instruction set typically implement commands in accordance with the ISO7816 standard (ISO7816 -4 and following). Examples of cards with fixed instruction set are CardOS, STARCOS, SECCOS and TCOS. Freely programmable card also partly follow this standard, but can also be extended by an additional proprietary commands. For this purpose, they mostly implement a virtual machine. Examples include the Java cards (eg JCOP ), MULTOS and the Basic Card.

Smart card application

The applications on the processor chip cards themselves are, despite standardization by ISO 7816, largely on the smart card operating system. PKCS # 15 application on the standardized chip card itself, while for use by computer applications, the PKCS # 11 standard interface. Besides that, there proprietary interfaces such as CSP ( Cryptographic Service Provider ) from Microsoft.

Java card

Java Cards are microprocessor cards with a reduced Java Virtual Machine operating system. With these cards, a programmer after completing the card via a card reader and a special charging software new programs called applets that load onto the card. For cards with very specific functionalities can be cost-effectively produced in small series. Java Card operating systems are, for example, JCOP (IBM / NXP) or Smart Cafe ( Giesecke & Devrient ). Details are specified by the industry association Global Platform, this is to ensure a degree of interoperability.

Basic Card

The Basic Card is a programmable in BASIC microprocessor card that works like the Java Card with a Virtual Machine. The applications created in BASIC can be transferred after compilation with a card reader in the card. The development environment is available free of charge. Cards are also available in small quantities for everyone. The card is suitable for small and private projects.

Host / software API

The interaction between computer systems and smart card reader and smart card applications is standardized in the PC / SC standard. The version 2 of the PC / SC specification covers next higher class card readers and the integration of asynchronous memory chip cards and contactless smart card into the PC / SC system, such as an ATR ( Answer to Reset ) of these cards is formed. Some drivers of card reader manufacturers are now PC/SC2-konform. The older CT - API ( " Application Programming Interface Card Terminal " ) is in the context of published TeleTrusT Germany MKT specification ( MKT stands for " Multifunctional card terminal " ) have been defined. This specification is distributed mainly in the German-speaking countries. CT-API is the main reason used, since the use of elements höherklassiger smart card reader ( pinpad, display) is standardized. Access via PC / SC was proprietary to PC/SC2.

Manufacturer

In Germany the competitors Giesecke & Devrient, Sagem Orga, Winter AG, PPC Card Systems and the Federal printing market leader worldwide Gemalto na are (50 % worldwide, 30 % in Europe) and Oberthur Technologies. The world market will cover 2007 estimated 2.9 billion cards, of which an estimated 70 % for mobile phones ( SIM cards), 16 % EC cards and credit cards, ID cards for the rest of passports to Skiausweise, tickets etc.

With more than 10,000 systems installed, the Mühlbauer AG with its headquarters in the Bavarian Roding one of the leading consultant and manufacturer of hardware and software solutions for the production and personalization of chip and plastic cards. Patented smart card reader for special tasks ( mobile and forensics ) offers the Becker & Partner GmbH (Aachen).

Test of chip cards

With the increasing proliferation of smart cards, it is also becoming increasingly important to ensure and to verify the performance of these cards. The tests extend from tests of the plastic body to application testing of smart card applications. An open source tool, which allows to easily perform tests this application, Global tester is based on Global Platform, a standard for open and interoperable infrastructure for smart cards and terminals.