One of the biggest problems we face as individuals in the information age is the bulging wallet or purse. Unless we are very lucky, however, it does not bulge with cash, but rather with the numerous bits of plastic and paper we have to carry with us on a daily basis in order to prove our entitlement to this or gain access to that.

Wouldn�t it be nice if we only had to carry one card? A card which will allow us to make purchases (both as a credit and a debit card � maybe even using "electronic cash"), borrow a library book, make a phone call, gain access to my place of work, participate in a few well-chosen store loyalty schemes, and contains all our driving licence, passport, National Insurance, personnel and medical records.

As far-fetched as this dream may sound, we already have the technology to do this � it is called a smart card. Similar in appearance to a standard credit card, the smart card sports a small gold-coloured computer chip approximately one centimetre square.

Most of you will already be familiar with the smaller format smart cards for use in cellular telephones, known as Subscriber Information Module (SIM) cards. The most common implementation of the full-size card in the UK is the ones used as a "viewing card" for satellite television services.

Smart cards are already considered "everyday" items in many European countries, however. Over 100 million pay phone cards and 22 million bank cards are in use in France; 80 million health insurance cards have been issued in Germany; more than 50 countries have implemented pay phone technology; and over 20 countries are using some form of "Electronic Wallet".

Depending on the designated function of the smart card, the on-board chip can consist of anything from simple EPROM memory (i.e. in the case of a telephone card) to a full-blown tamper-proof "computer-on-a-chip", including an 8-bit microprocessor, RAM, ROM and EEPROM.

The on-board CPU can process, share and store information, allowing the card to be used in a variety of applications. As well as being able to store much more information than the standard magnetic strip card, the key advantage to smart card technology is the ability to process information in line with pre-programmed guidelines. This "programmability" provides the flexibility required in order to allow the card to assume multiple "personalities" � as a library ticket one minute, and an electronic purse the next.

In the future, it should even be possible for multiple applications stored on the same card to interact with each other. Smart cards also provide us with so much more in the way of security that has been hitherto available with software-only solutions. They provide an additional "physical" level of security over and above that offered by the usual password protection mechanisms.

For instance, if a password is compromised it is a simple matter for an unauthorised user to gain access to a protected system. When access to that system also requires the physical presence of a smart card in a reader (coupled with the entry of a PIN number to provide access to that card), life is made that much more difficult for the would-be hacker.

An additional benefit of smart cards is their ability to store a user�s personal encryption keys and digital certificates. The fact that almost any number could be stored securely within a card means that we can issue a separate key per application per user if necessary. It also means we can use keys of the maximum length allowed by law in any given country, without having to rely on manual entry by the user.

Once the keys and certificates are safely stored within the card memory, they become completely portable, whereas at the moment, a user�s digital certificate is often locked to a particular application on a single machine � say a web browser on our machine at the office. It is even possible for the encryption process itself to be performed by the card, which is often far more secure than a PC.

The portability and security factors combine to make smart card technology suitable for a wide range of applications for the general public, including customer loyalty shcemes, electronic banking, travel and transport, on-line services, electronic cash and payment mechanisms.

In the enterprise, there are obvious applications such as physical access control to buildings and secure areas, and logical access control to networks and other resources.

Many people will already be familiar with the SecurID card from Security Dynamics, a hardware-based access token. Well, Security Dynamics has recently introduced the SecurID 1100 Smart Card, the first smart card to work with its ACE/Server strong authentication enterprise security solutions.

The new smart card combines security with convenience, enabling organisations to use a single card to protect network and application resources from unauthorised access as well as for corporate identity, physical security, loyalty, electronic purse and other applications.

Based on the Gemplus MPCOS multi-application microprocessor card, the SecurID 1100 Smart Card provides the Ace/Server authentication as well as offering more than 7K of free EEPROM memory space for installing additional applications.

This moves us a small step closer to having a single card for everything, though there is still an awful long way to go before we can throw away our bank cards, driving license and passport and replace them all with a single piece of plastic (however smart it may be).

Summary

• Smart cards can contain both memory and processor, allowing them to act as pure repositiories or to run on-borad applications
• There are two main types of cards � contact and contactless. The first requires physically inserting in or swiping by a card reader. The second merely needs to pass within the vicinity of a reading device.
• New cards are appearing that will allow several applications to be stored and run on a single card. This allows the card to act as a passport one minute, and an electronic wallet the next.
• New smart card applications will enable a wide range of facilities on the next generation of "smart phones", allowing you to browse the web and order good using just your cell phone.

Glossary

Smart Card - Also called IC card. A card formed of a plastic body and a micromodule embedded in a special cavity.

Contact Smart Card - A smart card that operates by physical contact between the reader and the smart card's different contacts

Contactless Smart Card - A smart card that communicates with an antenna by means of a radio frequency signal. There is no need of physical contact between the card and a reader

Electronic Purse - A small portable device which contains electronic money. The smart card is the ideal device to implement an electronic purse. It is sometimes called the electronic wallet or the stored value card (SVC).

SAM (Security Access Module) - A dedicated microprocessor unit that enables active authentication with appropriate memory or microprocessor card.

SIM (Subscriber Identification Module) - A specific type of smart card for GSM systems holding the subscriber's ID number, thus allowing him to call from any GSM device

Top�������� Home

NSS Awards

Group Test Reports

Articles/White Papers

Contact

Home

Send mail to webmaster with questions or�
comments about this web site.
Copyright � 1991-2005 The NSS Group Ltd.
All rights reserved.