INSS 690
Professional Seminar
University of Maryland
Management Information Systems
Smart Cards: Their History, Technology & Usage
Professor: Dr. John G. Meinke
Written by Donald R. Esser
1 October 2000
Outline
I. Abstract
III. Smart
Card History
C. Other
uses
VI. Embossed, Magnetic, & Smart
VII. The Makings of a
Smart Card
A. Chip Modules
VIII. Current Monetary Usage
IX. The Smart Market
C. Special Chip
XII. Sources of
Smart Card Information
Smart Cards have been
increasing in popularity in the last few years. They are small plastic cards the size of a credit card, but with
one difference. Instead of just having
embossed lettering and a magnetic strip to contain information, they also have
a computer chip. This chip is an
Integrated Circuit (IC) that can hold vast amounts of information and provide
users with multiple applications.
In the coming years more
and more Smart Cards will be in use, and companies involved with Smart Card
development, Smart Card software, and Smart Card deployment will have plenty of
work to do. Industrial and financial
usage will be at the forefront, but private usage will also be important. Smart Cards will replace keys, documents,
human actions, cash, and sometimes even palmtops and laptops. In the next ten years individuals will begin
collecting Smart Cards that replace, or simplify, passwords and keys. Then, the following decade will see a
decrease in the number of Smart Cards as one card begins to handle more and
more applications. The same card will
be used as an ID card, drivers license, key to the house and office, access to
home entertainment, a wallet, and much much more.
Computer chips of today
are like miniature cities. Instead of
holding one or two transistors as they did in the 1960s, they now can hold over
seven million. Instead of being two
dimensional, they are now three dimensional with capacitors, resistors,
transistors, and co-processors. Their
speed has increased tremendously as their size has decreased. Measuring in at only 3 atoms thick, current
silicon wafers pack a tremendous amount of information into a square smaller
than the average American postage stamp.
As an information
manager in any industry today, or as a common consumer or computer user, you
will need to be aware of the today's technology and trends involving Smart
Cards. This paper will analyze the
trends in microprocessor power over the last 30 years, look at the past,
present and future usage of Smart Cards, and lay out the Smart Card technology
that business leaders and IT professionals will have to know to stay
competitive in a rapidly changing global environment.
Smart Cards are
essentially credit cards with computer chips on them. More specifically they are plastic cards with one silicon chip,
approximately ¼ inch square, that can accomplish one or more functions. Currently the most common usage of Smart
Cards is with pay telephones. In this
arena, Smart Cards dominate. For
decades, however, Europeans have been using Smart Cards just as checks are used
in the United States, to purchase everyday items with them by debiting their
bank accounts. Other uses include
decrypting satellite television programming, unlocking doors, cash cards for
purchases, and as university identification.
They are important today
because as the costs of powerful integrated circuits continues to drop (with
their size) people are realizing that plastic cards can do a lot more for them
than simply exchange goods for credit.
Whereas a magnetic strip can only hold 1000 bits of information, a card
with a computer chip can hold upwards of 32 KB of information. That number will continue to increase in the
coming years.
Before discussing the
history of the Smart Card, it should be mentioned that the first plastic cards
came into use in the early 1950s in the United States. "The low price of the synthetic
material PVC (polyvinyl chloride) allowed robust, long-lasting cards to be
produced" (Rankl, 2000). Paper and
cardboard cards had been previously used, which couldn't withstand the stresses
of use and weather. The Diners Club in
1950 produced the first all-plastic payment card for general use. It became a status symbol because it was
intended for an exclusive group of people who could use their 'good name'
instead of cash to make purchases.
(Rankl, 2000) Once Visa and
MasterCard came into being, plastic cards for payment became common very
quickly, first in the US, then Europe, and then the rest of the world.
In the 1970s there were
several extreme improvements in the semiconductor industry. This paved the way for the development of
PCs and Smart Cards. Why create Smart
Cards, or make any improvements in credit cards at all? The two most important answers are fraud and
functionality. As credit cards
increased in popularity, they also increased in fraudulent use. This has been a serious problem for several
decades, and is the main reason people refuse to use the Internet to make
purchases. As to functionality, the
credit card initially required the merchant to type the 16 digit number into a
terminal. Later magnetic strips were
added, allowing sales clerks to simply swipe the cards. Still, paper receipts were needed for
signature verification. Also, with
every transaction there is still the need to telephonically verify the credit
card's legitimacy. So, credit cards are
not entirely secure and they are not paperless.
The first patent related
to Smart Cards was requested by two German inventors, Jurgen Dethloff and
Helmut Grotrupp in 1968 (Rankl, 2000).
They patented the idea of incorporating an integrated circuit into an
identification card. In 1974, Roland
Moreno registered his Smart Card patents in France. (Rankl, 2000). By that
time the semiconductor industry was able to supply the necessary integrated
circuits at reasonable prices. For the
next ten years a number of technical difficulties were resolved with Smart
Cards. Then, in 1984 the French postal
and telecommunications services (PTT) carried out a successful field trial with
telephone cards (Rankl, 2000). It was a
good thing for the Smart Card industry that its first real breakthrough was in
an area not already on the market. This
allowed the new technology to be fully exploited, as it didn't have to conform
to an earlier technological standard.
In the mid to late 70's
it was apparent to some that Smart Cards would one day hold an important place
in history. "The Smart Card
business will one day be as important as the computer business is today." (The director of the Department of Patents
at the French computer firm Honeywell Bull SA in 1978.) (Rankl, 2000)
The first French phone
cards used EPROM chips while the first German phone cards used EEPROM
chips. "By 1986, several million
'smart' telephone cards were in
circulation in France alone. Today
there are such telephone cards in over 50 countries.
Bank cards are more
complex, because of their need for cryptography. Cryptography is "The art or process of writing in or
deciphering secret code" (American Heritage, 1985). In the 1960s this art became a science
through the expansion of electronic data processing. Using mathematical
algorithms, computer engineers could actually calculate the strength of
security mechanisms in computer programs.
This technology was essential to the development of debit cards, and in
1984 the French were the first to bring the bank card into daily use. By 1994 all French bank cards included
chips. Austria took a further step in
1996 when it deployed a national electronic purse with optional applications.
In 1994 the US joined
Europe in planning for future Smart Card technology. Europay, MasterCard, and Visa worked out the specifications for
credit cards incorporating microchips.
This guaranteed mutual compatibility, and was "an important milestone
for the future worldwide use of Smart Cards for financial transactions"
(Rankl, 2000). It is called the EMV
specification, an acronym formed by the using the first letters of each of the
three companies involved.
Besides the bank card
and the "upgraded" credit card is the electronic purse. This is simply a Smart Card with a certain
amount of money loaded onto it. This
allows for making small purchases without paper cash, and is one of the large
drawing points of Smart Cards. Visa
used an electronic purse at the 1996 Olympic Summer Games in Atlanta. The first electronic purse was used in
Denmark in 1992. This is an area where
Smart Card technology can be exploited much further than it has been, and this
will require national and international standards. Currently, electronic purses are closed systems. They can only be used within certain regions
and/or for certain vendors.
The two categories of Smart Cards are memory cards and microprocessor
cards. Memory cards are used for such
applications as telephone cards. The
way they work is that with each use the amount of money available is
decremented. If magnetic-strip cards
had been used, it would have been very easy to re-write the original amount back
onto the card. This cannot happen with
memory cards because once a memory location has been written to, it cannot be
erased. These cards, therefore, can
only be used once, but are good as telephone cards and temporary electronic
purses for particular uses.
The second category of
Smart Card is much more useful.
Microprocessor cards began their debut with French bank cards. Then, after a reduction in the cost of Smart
Cards in the early 1990s due to mass production, Smart Cards became an
indispensable requirement in the European cellular phone. They paved the way for cellular technology
to sweep across the continent. The
Smart Card did two things for cell phones:
Increased the level of achievable security, and provided many more
marketing options for the sale of the services. Microprocessor Smart Cards have unlimited potential as
identification cards, access control cards, complex and secure electronic
purses, electronic signatures, and as multi-functional cards (Rankl,
2000).
Since the US government
is transitioning and will transition many functions from paper based to
"paperless," maximizing the use of the Internet and intranets, Smart
Cards are an extremely attractive option.
Security is paramount in the government, but security is always
hard. The Smart Card is a way to
greatly increase security while simultaneously decreasing its difficulty. This is because of the encryption ability of
the integrated circuits.
The Smart Card is also an excellent
option for small communities such as campuses and Army posts. The US Military Academy and the Air Force
Academy recently contracted for System Resources Cooperative (SRC) to begin a
phased project of outfitting both cadet populations with multi-functional ID
Cards. "In time, cadets
will be able to borrow a library book, receive a uniform item, or purchase a
can of soda-all in a paperless, cashless, environment using only the cadet
Card" (SRC, 2000). Satellite Smart
Card readers will be scattered throughout the campuses that will allow cadets
to update and access their cards. The
cards will function as an ID card, and may also be used to track attendance at
formations and classes. As the young
leaders of tomorrow at these two military academies experience the time and
cost savings of using Smart Cards, they will surely expect to see their use
increase rather than decrease throughout their military careers. I believe their expectations will be
fulfilled.
Figure 1. An
example University Smart Card.
Other Uses
The number of different uses out there for Smart Cards is nearly
endless. The limit is only man's
imagination. It is possible to have a
digital driver's license that can be checked and verified without ever removing
it from your pocket. Another option is
to have a personalized computing card that remembers your precise computing
preferences and loads the desktop, favorite web sites, MS Word font and set up
defaults automatically onto every computer you log into. Cards might be used to contain books, and
you might carry a pocket sized Smart Card reader with video display to read
your favorite books. Cards may also
contain health information, to be read and updated every time a person is seen
by a doctor. Contactless Smart Cards
will be used at toll booths, in mass transit, and at ski lifts. Contact cards will be in TV set-top boxes to
control what can and cannot be viewed.
Smart Cards might store pictures and personnel records. They will likely be used instead of
passports. They will accompany
shipments, such as cars and parts, to give disposition or further delivery
instructions. They will serve as
address books and organizers. The
potential of having numerous computers in one's wallet that all provide
extremely powerful applications automatically has only begun to be tapped
into.
Before the world of
Smart Cards can truly be opened up, as with other computing technologies,
standards must be in place. In fact,
many standards are already in place.
Two technical committees are concerned with the international
standardization of Smart Cards: ISO
TC68/SC6 and ISO/IEC JTC1/SC17. These
two committees have been working on Smart Card standards for over fifteen
years. "Most of the important
fundamental ISO standards for Smart Cards are now complete. They form the basis for further, more
application-oriented standards, which are currently being prepared by ISO and
the CEN (Rankl, 2000).
The Smart Card standards
have all been built upon the previous standards for identification cards. These include the ISO series 7810, 7811,
7812, and 7813. They define the
characteristics that are known as the "ID-1" format. Since Smart Cards are able to have embossed
lettering (raised lettering allowing for carbon paper print outs to be made of
credit card information) the durability of the packaging of the silicon portion
of the card must be extremely high.
The embossing mentioned
above is done by simple, inexpensive devices, and was once the only way credit
card information could be automatically transmitted. ISO 7811 includes detailed descriptions on the embossed lettering
including the type of font, precise size, and exact location on the card. The fact that this standard was in place
allowed for the widest proliferation of this technology, even in developing
countries. For this method of card
reading, no electricity or telephone connections are needed.
Magnetic-strip cards
brought the traditional embossed credit card to a new level. By swiping the card passed a read head all
of the critical payment information could be read electronically, requiring no
paper in the process. The major problem
with the magnetic strip is the ease of writing new information to it. A thief can acquire valid credit card
information and write it into a magnetic strip and use it wherever proper
identification procedures are not enforced.
Although magnetic strip manufacturers have come up with ways to make the
strips more secure, these ways are too costly to catch on internationally.
Smart Cards are superior
to the above two types of ID-1 cards.
Not only do they require no paper, but they are also extremely secure
and able to hold much more data. More
than 32 KB of data can be held on one chip.
This number will continue to multiply in the coming years. As to their security, they have three
components: the physical card, the
integrated circuit, and the operating system.
All three of these work together to secure the data being
transferred. In addition to these
benefits, the life of a smart card is longer than a magnetic-strip card, which
can only last for about 2 years.
"The fundamental characteristics and functions of Smart Cards are
laid down in the ISO 7816 series of standards" (Rankl, 2000).
According to the ISO
standard, a Smart Card is 85.6 mm by 54 mm and .76 mm thick with an embedded
microcontroller. This size follows the
conventions of ID-1. The card intentionally
has some flexibility, is small enough to easily fit in a wallet, and yet not so
small that it is easily lost. There are
two other Smart Card sizes. The
smallest is suitable for a cellular phone, and is called the ID-000. The third size is in between, and is called
the ID-00. Oftentimes, manufacturers
make only ID-1 cards. They then draw
the outline of the ID-000 or ID-00 and punch out the appropriate sized card for
the function it will perform. This
practice is usually done for cellular telephone cards.
A number of physical
security mechanisms are commonly used on Smart Cards. One of the more intriguing is the hologram. Holograms are a form of security because
only a few companies in the entire world actually produce them, and they are
not freely available (Rankl, 2000). The
Smart Card holograms of today are embossed holograms. After producing a master embossing stamp with the necessary
microstructures, daughter stamps are prepared by using electroplating
processes. The daughter stamps are then
placed on the plastic card and coated with vaporized aluminum. This coating is what produces the well-known
white-light reflection holograms. The
only way to remove the hologram is to destroy it. This makes for an obvious additional layer of security. Another equally intriguing feature is the
kinegram, a 3-D picture. These are made
in the same way as holograms, and have images that change abruptly when the
user changes the angle of the card.
They are used on the German Eurocheque (EC) card.
An aspect of Smart Cards
that some universities may see in the near future is the thermochrome (TC)
display. This kind of display can be
changed from time to time, giving the card face a different set of words and a
different picture. It works in the
following manner as quoted from The Smart Card Handbook: Second Edition:
A printing head with a
resolution of 200 or 300 dpi, such as is used in thermal-transfer and
dye-sublimation printers, heats individual points that are to be blackened on
the thermochrome strip. This is a
temperature sensitive strip, 10-15 micrometers thick, that is laminated to the
card. It darkens at each point that is
heated to 120 degrees Celsius. However,
this darkening can be changed back to a nearly transparent state by heating the
entire strip, which amounts to erasing the strip.
The major
problem with this technique is that it can be used illegally for unauthorized
changes to cards. It also requires
special readers with built-in thermochrome printers, but it is the only way to
economically have time-varying information on Smart Cards.
The body of the card
itself has to be quite rugged. Today's
Smart Card has eight different functional elements. The classification scheme for the card elements is shown in Figure
1. The minimum standards for the
toughness of the card are found in ISO standards 7810, 7813 and 7816. These standards include the following areas,
according to The Smart Card Handbook:
Second Edition:
·
ultraviolet radiation
·
X-ray radiation
·
the card's surface profile
·
mechanical robustness of the card and
contacts
·
electromagnetic susceptibility
·
electrostatic discharges
·
temperature resistance
Figure 2 (Taken from The Smart Card Handbook: Second
Edition)
Most cards are made out of PVC (polyvinyl chloride). It's inexpensive, but bad for the
environment. Vinyl chloride is a
carcinogen. When it is burned,
hydrochloric acid is released. Because
of these facts, less cards are being made with PVC every year. The substitutes, however, have to measure up
to the same tests of quality as far as flexibility, temperature tolerances and
so on. ABS (acrylonitrile butadiene
styrene) is one of them. This can
withstand high temperatures, can be processed in sheet form, and by injection
molding (not possible with PVC). It is
limited in its acceptance of color.
Benzene is a known carcinogen, but other than that it has no known
environmental disadvantages. ABS is
used in cellular telephone cards. Other
PVC substitutes are PC (polycarbonate) and PET (polyethylene
terephthalate). PC is used in making
compact discs, and has two environmentally unsafe ingredients. It also is expensive and requires high
temperatures for adding holograms and magnetic strips. PET is also known as polyester and in one of
its forms is difficult to laminate.
Other materials are being tested all the time, including one test
involving 600 Birchwood Smart Cards. 90%
of the test users had no problems with them, but they did not meet the requirements
of ISO for flexibility.
Since the most important
part of a Smart Card is the chip, the chip module, or vehicle that encloses the
chip and connects it to the plastic card is very important. Two things must be provided for:
1) Protection from the surroundings.
2) Electrical contacts with the outside.
The four most important
module types that did these two things are listed in Figure 3.
TAB chip-on-flex leadframe chip-on-surface
Figure 3 (From The Smart Card Handbook: Second Edition)
To connect the chip to
the five contact elements on the outside of the module, two methods are
used. One is to connect them by thin
gold wires. The other is to physically
bond the module to the chip (die bonding.)
TAB modules are not used
much anymore, but this was the primary way in the early 1990s. Chip-on-flex modules are the most widely
used types today. The way this works is
a portion of the finished plastic card is milled away. Then, the carrier materiel, made of
"flexible circuit board made from fiberglass-reinforced epoxy resin"
(Rankl, 2000) has holes punched in it to receive the wire bonds. The chip is placed into the flexible circuit. The chip contacts are connected by bonding wires
to the rear surfaces of the contact areas, and the chip and bonding wires are
encapsulated with a blob of plastic (Rankl, 2000).
The lead-frame modules
are cheaper to produce and use. They
are also simpler. The contact surfaces
of the module are held together by a plastic body. The chips are placed on this and connected to the leads with wire
bonding. After this the chip is covered
by black epoxy resin.
The chip-on-surface
process is without a module. It can be
used for memory chips only, because they are small enough. A laser removes the materiel where the chip
will be placed. The chip is glued in,
and a conductive silver paste is silk-screened onto the surface of the chip and
onto the card body, forming contact surfaces.
Then, "the chip and the leads to the contact areas are covered with
a non-conductive lacquer" (Rankl, 2000).
The basic electrical
specifications for the microcontrollers meet the requirements laid out in GSM
11.11, which is for cellular-phone Smart Cards. This is because so many different manufacturers had to come on
line with one way to connect to the telephone Smart Cards being produced, and
such large volumes of them were produced.
Smart Cards have eight
electrical contacts. Of these eight, three
are not presently used for anything.
One of these three may one day be used to allow for full duplex
transmission. The contacts in use are
for supply voltage, reset input, clock input, grounding, and serial
communications. The supply voltage is 5
volts (+/- 10%). Someday there will be
a range of between 3 and 5 volts because cellular phones are using 3 volts for
everything except the Smart Card.
The most interesting
aspect of Smart Card electricity is the contactless card. These cards can transfer data and energy
over short distances with no electrical lead contacts. Four things need to happen with all
contactless actions (Rankl, 2000):
·
energy transfer for supplying power to
the integrated circuit
·
transmission of the clock signal
·
data transfer to the Smart Card
·
data transfer from the Smart Card
Since there are no batteries thin enough, and since batteries are
poisonous, all energy used must be transferred using magnetic fields. For writing data to the card, it needs to be
closer to the field because this requires more power. The distances needed range from several millimeters to one
meter. Data transfer occurs using
digital modulation techniques.
The microcontroller
of the Smart Card (the chip) is different from typical PC
microcontrollers. Its primary
components include the CPU, the address/data bus and the memory, including RAM,
ROM, and EEPROM. These chips are
different from normal chips because all of the functional elements of an actual
computer have to be on them, but some typical chip elements are not necessary
for Smart Cards. Also, they need to be
as small as possible due to the potential to crack when bent. As to the state of the art, the "latest
and greatest" chips are never used.
200,000 transistors is typical even though chips exist with 9
million. This is because the chips must
be proven reliable before they can be used on a Smart Card. The size is also a consideration.
The processors are CISC and have 8 bit memory bus for between 6 and 30 KB
of memory. Hitachi puts out a 16 bit
RISC processor, however. RAM and EEPROM
are limited as much as possible due to their size per bit. Flash EEPROM and FRAM (ferroelectric
random-access memory) may be used in the future. 256-byte RAM is considered large because so much more EEPROM or
ROM can be put in the same space. The
technical difficulties of putting all three types of memory on one chip include
a considerable number of exposure masks.
Much consideration is given to the breakdown of RAM, EEPROM, and ROM to
maximize the efficiency of each.
Another important fact is that the space required for a certain amount
of data stored on the ROM of a Smart Card microcontroller is much more than that
required for the same amount of memory on a hard disk or a CD-ROM.
Because credit is such
an important factor in US economics, Smart Cards are (not surprisingly) making
inroads through that venue. American
Express and Visa are working to increase Smart Card usage while simultaneously
increasing customer satisfaction.
American Express has come up with a "Blue" card that performs
several key functions. MasterCard and
Visa are also both producing credit cards that are "much more than a
credit card."
One monetary use that is
growing in popularity is the electronic purse.
Using only a magnetic strip, debit cards can be charged at recharging
stations throughout a campus or manufacturing plant. They can then be used instead of cash for small money
transactions such as at a copy machine, vending machine or cafeteria. For these types of cards, no pin is
needed. Often such cards are also used
as the company ID card. They truly
point the way toward a cashless society as users see the convenience of simply
sliding a card into a machine and getting exactly what they want without
fussing with cash.
The world's # 1 Smart Card
manufacturer is Gemplus, a France based company. For years they have enjoyed their position and faced very little
real competition; twenty five years in fact (Matlock, 2000). Their dominance primarily revolves around
the European market. In 1999 the US
only made up 2% of all Smart Card purchases in the world while "Europe
accounted for 60%" (Matlock, 2000).
That is changing. According to
the research firm Dataquest, "world sales will climb from $2.4 billion
this year to $8.1 billion by 2004. And
much of that growth will come from the laggard U.S. market" (BW1). So, Gemplus has an opportunity to cash in
big, and so do all other up and coming Smart Card manufacturers. Although they aren't as impressive outwardly
as biometrics, the smart money is on Smart Cards.
The
Internet is the driving force behind this sudden interest in 30-year-old
technology. US web surfers continue to worry about using credit cards for
online purchases. Amex has already
issued $2 million of its Blue cards, all of which come with a PC Smart Card
reader. At least for these web-surfers,
Internet purchases can now be done conveniently, frequently, and without
worry. The vendor never sees a credit
card number or an expiration date. The vendor only sees a code that authorizes
the sale. That's all the vendor needs
to see.
Microsoft
is also focusing on the smart money of Smart Cards. Windows 2000 provides for user friendly use of Smart Card
readers, and MS Windows for Smart Cards is already in use. An "operating system" for Smart
Cards has a funny ring to it, but a Smart
Card is a computer. It is a
computer on a card that "knows" how much money you have in your
account, and can "remember" your anniversary, or your favorite flavor
of pizza. Bill Gates recently spoke at
a conference on Smart Cards. He
implored business leaders to focus on Smart Cards and promote their manufacture
and use. (McCarthy, 2000)
The
trend in computer technology is towards having the computer do more, and having
the person do (and remember) less and less.
Everyone today is complaining about how many passwords they must
remember. Sometimes it seems as if
every worthwhile web site requires a password, as well as the filling out of
pages of other personal information. As
a result, many web surfers use the same password over and over again. Smart Cards with Smart Card readers will
alleviate much of that burden and insecurity.
Personal information can be revealed to whomever the user chooses to
reveal it to, and can be concealed from all others. It needn't be typed over and over again, which will save quite a
bit of time, like computers are supposed to do. As more and more individuals and businesses begin to see this
reality, Smart Cards will flourish, despite their costs. Therefore, the smart money is surely with
this market today.
In the early 1960's, combining several components into one piece of
solid-state material called an integrated circuit became a reality. This was called small-scale integration
(SSI). Up to 12 gates (transistors)
were fit into a piece of square material that was about as wide as a pencil
lead. Into the late 1960's the number
of transistors increased to over 1,000 on a single chip. First, by using medium-scale integration
(MSI), system building blocks were designed.
Then complete subsystems ushered the computer world into the age of
large-scale integration (LSI). The LSI
integration pace, which was launched by the handheld calculator with all of its
circuitry on one chip (except the keyboard and the display), continued through
the 1970's. All the circuitry for complete
microcomputers were then found on a single chip. This was very large-scale integration, VLSI.
In the early 1960's, when SSI integrated circuits were first
manufactured, there were 10 gates in a package. The cost of the package was $10 and the cost per gate equaled
$1. With VLSI circuits having 50,000
transistors which could sell for $50 when first manufactured, the gate cost is
0.1 cent, "resulting in a cost reduction of 1000 times over the SSI circuit"
(Cannon, 1984).
A silicon chip or integrated circuit (IC) is made using several high tech
processes on a wafer of silicon. First,
a cylinder of silicon is sliced into very thin wafers. Then the wafers are polished on one
side. The polished side is then put
through a nine-step process of oxidation, photolithography, diffusion, and
metallization. These steps form the
many MOS (Metal-Oxide-Semiconductor) transistors on and in the silicon
slice. (Cannon, 1984). The steps
are detailed below:
1) Oxidation. Silcon dioxide (glass) is grown on the
silicon through a furnace process. This puts a thin layer of glass on top of
the silicon. The silicon beneath is of
"P type."
2) Photolithography. A layer of liquid photoresistant plastic is
added to the wafer. Then, a photo mask
is suspended above the wafer with "clear parts that pass light and dark
parts that block the light" (Cannon, 1984). Where the light is allowed to go through, the plastic "turns
into a gooey layer of photoresist (Intel, 2000). Where it is not, the plastic is then washed away, taking the
dioxide layer with it.
3) Diffusion. The areas of silicon no longer protected by
an oxide layer are then diffused with N-Type atoms passed over the slice in a
phosphorus gas while the wafer is in a 1200 degrees Celsius furnace (Cannon,
1984). This makes N-type 'source' and
'drain' areas in the P-type silicon.
The electricity will later flow through these source and drain areas.
4) Oxidation. This step is repeated so the entire wafer is
once again covered with glass.
5) Photolithography. Particular portions of the dioxide layer are
removed using photolithography a second time.
This reveals discrete parts where the aluminum (to be added) will touch
the silicon.
6) Metallization. A thin metal layer is placed over the entire
wafer so that transistors, diodes and resistors can be connected
electrically.
7) Photolithography. This process is repeated, this time removing
discrete portions of the metal that will not be needed.
8) Layering.
The wafer is then covered by another silicon layer. Actually another layer of silicon dioxide is
grown on top of the first layer. "Then, a layer
of polysilicon and another layer of photoresist are applied" (Intel
7). Following this, ultra violet light
is again used with a mask to wash away precise portions of the silicon dioxide,
and prepare for more metallization.
9) Separation. The circular wafer is cut into square
pieces, packaged, and tested.
Smart Cards can be divided
up into two categories, contact and contactless. Motorola has come out with a Card called the M-Smart Mercury
MM4000L. It "uses an application
specific integrated circuit (ASIC) optimized for contactless Smart Cards"
(Newsbytes, 2000). It provides the user
with 1 KB of EEPROM (electrically erasable programmable read only memory.
Electronic security is
one of the main reasons for deploying Smart Cards, but physical security is
also a popular consideration. Smart
Cards can replace keys. This has been
proven at universities, military bases, and in many hotels and motels. The US Department of Defense is in the
process of testing and deploying a DOD wide Smart Card that is
multi-purpose. It will contain an
actual photo, standard written personnel information, a chip, a magnetic
stripe, and two bar codes. The purpose
of the magnetic strip is physical security.
The magnetic strip will be used for entering both soldier barracks and
work areas.
One potential problem
with the security aspects of Smart Cards is the Smart Cards themselves. A card as powerful as the one the DOD
intends to deploy will be an attractive target to criminals. Since the chip on this card will be used for
PKI and other computer related uses, it will have to be placed in a computer,
or at least in a Smart-Card reader attached to a computer. In the fast paced environment of the US
military, a soldier is extremely likely to forget about the card in a rush to
obey his next order in a "high speed" fashion. This will result in a security
violation. However, unlike simply
leaving a set of keys on the table, that give a thief access to one home and
one car (if he can figure out who's keys it is), leaving a Smart Card unattended
will provide a wide range of opportunities for the thief. In addition to having access to a soldier's
living and working areas, the Smart-Card thief will be able to gain access to
the Internet, potentially "secure" data files, and volumes of
personal information that could lead to other Smart Card thefts or breeches in
national security.
As the military locks up
more and more items, physical security becomes more challenging. One of the biggest challenges is the
maintenance and management of so many physical keys. The keys themselves must be locked up, and the key to the keys
must be kept on someone's person. With
Smart Cards, I expect that much of the burden previously withstood by the key
control custodian or key manager will be transferred to the individual. Rather than looking for an open key box, the
cunning thief will focus on the individual Smart Card left unwittingly in a
computer. As Smart Cards become more
powerful and multi-functional, they will have to become carefully guarded items,
or physical security will get worse rather than improve.
Sources of Smart Card Information
As an increasingly
popular tool and technology, Smart Cards enjoy quite a bit of limelight
today. A number of books, several
magazines, and many web-sites are devoted to Smart Card usage, and the understanding
of this new technology. A few of the
books are included in the following list, which is available online at www.smartcardcentral.com/books.
Smart Card
Handbook: Putting the World at Your Fingertips
By: L. Robert Tolley Diane L. Johnson
21st Century Money, Banking & Commerce
by Thomas Vartanian, Robert Ledig & Lynn Bruneau
Smart Card Security and Applications
By Mike Hendry
Smart Card Developers Kit
By Scott Guthery and Timothy Jurgensen
Smart Cards: A Guide to Building and Managing Smart Card
Applications
By J. Thomas Monk and Henry N. Dreifus
Smart Cards: Seizing Strategic Business Opportunities
By Catherine Allen
Smart Cards
By Jose Luis Zoreda, Jose Manuel Oton
Digital Cash
By Peter Wayner
Smart Card Handbook
By W. Rankl & W. Effing
Smart Cards: The Global Information Passport
By Jack Kaplan
Applied Cryptography
By Bruce Schneier
Java Cryptography
By Jonathan B. Knudsen
American Card
Technology, Inc. (2000). Smart Card
Central: American Card Technology. [Online].
Available: http://www.amercard.com/
[12 Sep 2000].
American
Heritage. (1985). American Heritage Dictionary: Second College Edition. Houghton Mifflin Company. 1985.
Arar,
Yardena. (2000). "Smart Credit Cards Make Shopping
Safer. PCWorld. Mar 2000.
Brekke, Dan. (2000). "Cash Futures: Will the change in your pocket ever change?" PC Computing. Jan 2000.
Cabinet
Office. (2000). Central IT Unit:
Cabinet Office. [Online].
Available: http://www.citu.gov.uk/
[12 Sep 2000].
Cannon, Don L.
& Luecke, Gerald. (1984). Understanding Microprocessors. Howard W. Sams & Co. 1984.
CardShow. (2000).
"Summary of Smart Cards & Systems." [Online]. Available: http://www.cardshow.com/EN. [10 Sep 2000].
Card
Technology. (2000). "U.S. Issuers
Ready Smart Card Rollouts." [Online].
Available: http://cardshow.com/EN/Public/Fil/244.html. [12 Sep 2000].
Cryptoflex. (2000).
"Cryptoflex Smart Cards For Windows 2000 Available Worldwide via
Schlumberger Web Store." Federal
Computer Market Report. 8 May 2000.
Dennis,
Sylvia. (2000). "MasterCard, Visa, Europay Give Green
Light On Smart Cards." Newsbytes. 12 Jan 2000.
Digital
Privacy. (2000). "Smart Cards and Security!"
[Online]. Available: http://www.digital-privacy.com/main.html. [12 Sep 2000].
EDGE. (2000).
"Atmel to Jointly Develop Securie Windows Powered Smart Card
Systems With Microsoft; Three Year
Agreement Puts Atmel in Secure Internet E-commerce Arena." EDGE:
Work-Group Computing Report. 8
May 2000.
EDGE. (2000).
"Motorola Introduces Versatile New Contactless Card Acceptance
Device." EDGE: Work-Group
Computing Report. 8 May 2000.
EDGE. (2000).
"Motorola Launches Flexible Multi-Application Smart Card
System." EDGE: Work-Group Computing Report. 8 May 2000.
Elsis. (2000).
"Card readers & EFT/POS terminals." Elsis Electronines Systemos. [Online]. Available: http://www.elsis.lt/english/pk_skaitytuvai_e.html.
[11 Sep 2000].
Fattah,
Hassan. (2000). "Motorola Gets Smart." MC Technology Marketing Intelligence. Feb 2000.
Frook,
John. (1998). "MasterCard CEO Pushes Smart Card Technology."
Technology News. 4 Feb 1998.
Gemplus.
(2000). "Gemplus and Sun
Microsystems give Java Card SIM ToolKit technology a boost with worldwide
development contest." [Online].
Available: http://www.gemplus.com/about/pressroom/press/wireless/2000/gdc.htm. [12 Sep 2000].
Gray, Douglas F. (2000). "Four more firms to build Windows-based smart cards." Network World. 8 May 2000.
Harris, Susan
E. (1982). Electronic Miniatures, a Buyer's Guide. Tab Books Inc. 1982.
Individual.com. (2000).
"VeriFone Ships Omni 3300 Multi-Application Terminal; GE Card
Services to Install New Terminals at Shaw Industries." [Online]. Available: http://www.scia.org/knowledgebase/default.htm. [12 Sep 2000].
Intel. (2000).
"Processor Hall of Fame." [Online]. Available: www.intel.com. [26
Sep 2000].
Kern,
Josh. (1999). "Embedding the Solution." Computer Dealer News. 5
Nov 1999.
Mastercard
International. (2000). "Our Cards: Smart Cards." [Online].
Available: http://www.mastercard.com/ourcards/smartcard/. [11 Sep 2000].
Matlack,
Carol. (2000). "The U.S. Is Wising
Up to Smart Cards." BusinessWeek
online. 28 Aug 2000. [Online]. Available:
http://www.businessweek.com/2000/00_35/b3696209.htm. [1 Oct 2000].
Marks, Myles
H. (1986). "Basic Integrated
Circuits." Tab Books Inc. 1986.
McCarthy,
Jack. (2000). "Gates Pushes Smart Cards." Network World. 15 May
2000.
Newsbytes. (2000). "Motorola Intros New Contactless Smart Card." Newsbytes PM. 1 Feb 2000.
Purdue. (2000).
"Smart Cards: The Future of
Information." [Online]. Available:
http://www.tech.purdue.edu/it/resources/aidc/smcard.htm#history. [12 Sep 2000].
Racom. (1998).
"Hitachi Licenses Ferroelectric Smart Card Technology from Racom
and Ramtron." Racom Systems Inc.
[Online]. Available: http://www.businesswire.com/webbox/bw.020298/593946.htm. [12 Sep 2000].
Rankl, W.
& Effing, W. (2000). The Smart
Card Handbook: Second Edition. John Wiley & Sons LTD. Brisbane.
2000.
Rutrell,
Yasin. (2000). "Gates Makes a Pitch For Smart Cards –
Microsoft chairman calls on vendors to step up efforts to support
hardware-based security." 15 May
2000.
Siemens
Business Services GmbH & Co.
(1999). "Smart Card
Technology Leader." [Online].
Available: http://www.ic.siemens.com/sbs/en/offerings/services/SmartCard/About/index.html
[12 Sep 2000].
Smart Card
Bookstore. (2000). "Current Smart
Card Titles." [Online]. Available:
www.smartcardcentral.com/books. [11 Sep 2000].
SRC. (2000). " Smart Card" System at Military
Academies." System Resources
Corporation. [Online]. Available: http://www.srcorp.com/smartcard.html. [17 Sep 2000].
Sun. (2000).
"Industry Leaders Announce New Smart Card Technology
Specification." [Online].
Available: http://chatsubo.java.sun.com/features/1998/04/card_announce.html. [12 Sep 2000].
Taffe,
Joanne. (1997). Info World Electric. "Microsoft backs corporate smart card
use, unveils development kit." [Online].
Available: http://software.idg.net/crd_smart_9061.html
Williams, Molly.
(2000). "National
Semiconductor to Ship
Long-Awaited 'Sytem-on-a-Chip.'"
Wall Street Journal. 18 Sep
2000.
Xamax Consultancy Pty
Ltd. (1996). 'Chip-Based Payment Schemes:
Stored-Value Cards and Beyond' [Online].
Available: http://www.anu.edu.au/people/Roger.Clarke/EC/CBPSBk.html
[12 Sep 2000].