Centrelink
Smart Card Technical Issues Starter Kit
Chapter 1

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 8 April 1998

© Xamax Consultancy Pty Ltd, 1998

This document was prepared for Centrelink. Its purpose was to support the consultation process between Centrelink and privacy advocates, during a project that was intended to lay the foundations for a variety of projects for Centrelink's client agencies that it was anticipated would involve smart cards

This is chapter 1 of an 8-part document whose contents-page is at http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html


1. Introduction to Smart Cards
1.1 A Starting Point

The term 'smart card' is subject to a variety of interpretations, but is most usefully understood as a conventional plastic card with a silicon chip added to it.

Some chips merely provide storage, and are roughly comparable to a high-capacity magnetic-stripe.

The more interesting chips also contain a micro-processor. The processor is programmable, and hence the card can be applied to all manner of purposes within large-scale systems.

The above is a revised extract from:

Clarke R. (1997) 'Smart Cards in Banking and Finance' The Australian Banker 111,2 (April 1997)


1.2 In Greater Depth

Magnetic-stripe cards have been applied for several decades in a wide variety of areas. Their applications are limited by a number of aspects of magnetic-stripe technology, such as its inherent lack of security, and the need for devices through which the card is 'swiped' to have considerable sophistication and, preferably, an on-line link to the service-provider's host computer.

A new generation of cards has become progressively available since their invention in 1974. These are commonly referred to as 'smart' cards (implying that they contain a processor) or 'chip cards' (which, more generally, implies that they contain a silicon chip capable of storage and/or processing). These can overcome deficiencies of magnetic-stripe technology, and create significant, new opportunities.

Trials commenced with storage-only chips in the late 1970s and with smart-cards during the early 1980s. Much of the initiative in the area has emanated from France and French companies, but Japanese and American suppliers have also been active in the area.

A chip-card is a standard-sized plastic card which contains an integrated circuit or 'chip' which gives the card the ability to store and/or process data.

Three different categories of chip-cards are usefully distinguished:

The mainstream area of development is in smart-cards.

The key advantages that a smart-card offers over magnetic-stripe technology are:

The more sophisticated smart-cards currently being deployed offer further capabilities, including:

The key disadvantages of chip-card technology are:

A standard-sized plastic card is only one possible 'carrier' for a chip. Others include rings, watches, bracelets and anklets. Chips can also be implanted directly into an object such as a carton, pallet or dog.

The above is a revised extract from:

Clarke R. (1996) 'Chip-Based Payment Schemes: Stored-Value Cards and Beyond' Xamax Consultancy Pty Ltd, Canberra, September 1996, pp. 4-7. For further information, see here.

Further introductory material is also provided by ACA (1996), and two recent Australian reports (ACFF 1996, and GTTC 1997, especially pp. 111-117, 9-10, 27-30).

For more detailed descriptions of chip-cards, see Svigals (1987), Chaum & Schaumüller-Bichl (1989), McCrindle (1990), Lokan (1991), Chaum (1991), Allen et al. (1996), Rankl & Effing (1997), Hendry (1997), Monk & Dreifus 1997, Guthery & Jurgensen (1998).

Two series of international standards define two different kinds of cards, one of which requires that the card be placed in contact with an appropriate device (ISO 7816) and the other of which communicates and is powered by being moved through an electro-magnetic field (ISO 10536).


1.3 Contact-Based and Contactless Cards

Most of the chip-cards that have been deployed to date depend on the card being placed quite precisely into a device which can provide at least power, and generally also a data interchange path. These are achieved through physical contacts, which are specified in the ISO 7816 series of standards. This approach requires that the person place the card in a device, wait, and take it out again afterwards. Contact cards have been shown to suffer some degree of wear, limiting the life of the card.

Fairly suddenly in 1992-93, effective contactless or 'proximity smart card' technology became available. Such a card needs to be close to the device with which it is to interchange data (e.g. within 10 cm), and may need to have a particular orientation (e.g. not be pointed away from the device at greater than, say, a 45 degree angle), but does not need to be in physical contact with the device. The ISO 10536 series of standards relate to contactless cards.

Proximity cards communicate, using radio-frequency (RF), with another, generally stationary chip that is installed in a terminal of some kind. Power is provided by induction, as a result of an antenna on the card being moved through a magnetic field provided by the stationary device. Exhibit 1 provides a diagrammatic overview of one particular example of the technology, the Mikron Mifare technology devised by an Austrian company now within the Philips group.

One of the features of systems which use contactless cards is that they need comprise no moving parts whatsoever, which overcomes the risk of wear-and-tear undermining the quality of service. In addition, there is no slot awaiting damage through mis-use and vandalism.

Transmission and chip operation are both very quick. With the Mifare technology, for example, response to an authentication request requires only 3 milliseconds (ms). Reading of a block of data requires 2.5-4.5 ms, and write-and-re-read takes 9-11 ms. A typical ticketing transaction, involving full backup management on the card, requires less than 1/10th of a second. As a result, a transaction can be undertaken between a terminal and a card which is moving at speed through the small active zone.

Exhibit 1: An Example Contactless Card System

The distance over which the on-card chip and terminal chip can communicate is a design trade-off between cost, convenience, security and conformance with telecommunications regulations. Mikron, for example, have implemented two alternative operating distances:

Larger operating-distance alternatives may prove to be feasible. The technology can cope with a card within a wallet or purse, even if the wallet contains metal objects such as coins.

To cater for circumstances in which two or more cards are within the operating zone at the same time, Mikron has an anti-collision feature, which enables each to be distinguished and handled appropriately. It enables cards to be differentially handled even when they are stacked against one another, as commonly occurs when they are left in a wallet.

Proximity cards are especially attractive in circumstances in which the individual holding the card is moving and it is beneficial to enable them to keep moving, e.g. at entry and/or exit points to mass transit facilities, and sport and entertainment events.

For some time it appeared that proximity cards and contact cards would be complementary, and would be applied in rather different circumstances. Then it seemed that proximity cards might progressively supplant contact cards. Subsequently, it appeared that hybrid cards might become mainstream, with two chips supporting both forms of communication. Currently, it appears that hybrid chips will become the norm, with a single chip capable of communicating via either contact-based or proximity means.

The above is a revision of extracts from:

Clarke R. (1996) 'Chip-Based Payment Schemes: Stored-Value Cards and Beyond' Xamax Consultancy Pty Ltd, Canberra, September 1996, pp. 42, 108-112. For further information, see here.


References

ACA (1996) 'Smart cards' Choice (February 1996) pp. 20-23

ACFF (1996) 'Smart Cards and the Future of Your Money', Australian Commission For The Future, Melbourne, June 1996

Allen C.A., Barr W.J. & Schultz R. (1996) 'Smart Cards : Seizing Strategic Business Opportunities : The Smart Card Forum', Irwin, 1996

Chaum D. (1989) (Ed.) 'Smart Card 2000' North-Holland/Elsevier, 1991

Chaum D. & Schaumüller-Bichl I. (Eds.) (1989) 'Smart Card 2000' North-Holland/Elsevier, 1989

GTTC (1997) 'Smart Cards as National Infrastructure' Government Technology & Telecommunications Committee, September 1997, pp. 50-56

Guthery S.B. & Jurgensen T.M. (1998) 'Smart Card Developer's Kit' MacMillan, 1998

Hendry M. (1997) 'Smart Card Security and Applications' Artech House, 1997

Lokan C.J. (1991) 'The Design and Applications of Smart Cards' Austral. Comp. J. 23, 4 (November 1991) 159-164

McCrindle J. (1990) 'Smart Cards' Springer-Verlag, 1990

Monk J.T. & Dreifus H.N. (1997) 'Smart Cards : A Guide to Building and Managing Smart Card Applications', John Wiley & Sons, 1997

Rankl W. & Effing W. (1997) 'Smart Card Handbook' John Wiley & Sons, 1997

Svigals J. (1987) 'Smart Cards' Macmillan, 1987


International Standards

ISO 7810 - 7813 Series - Identification Cards (10 documents)

ISO 7816 Series - Identification Cards - Contact Cards (10 documents)

ISO 9796 -9797 Series - Security Techniques (3 documents)

ISO 9992 Series - Financial Transaction Cards (2 documents)

ISO 10116, 10118 - Security Techniques (2 documents)

ISO 10202 Series - Financial Transaction Cards - Security Architecture (8 documents)

ISO 10373 - Identification Cards - Test Methods (1 document)

ISO 10536 Series - Identification Cards - Contactless Cards ( 3 documents)

For a detailed list of international standards, see:

GTTC (1997) 'Smart Cards as National Infrastructure' Government Technology & Telecommunications Committee, September 1997


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 14 July 1998

Last Amended: 14 July 1998


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916