Frequently Asked Question section.
Table
of Contents
-
What
is a smart card?
-
What
are the benefits of smart cards over magnetic stripe cards?
-
What
is causing delay in implementing Java as the standard for interoperable
smart cards?
-
How
many smart cards have been issued worldwide, and what is the projected
growth for the year 2000?
-
What
is the world wide distribution of smart cards and what applications are
prevalent geographically?
-
What
is contained in the ISO 7816?
-
What
are the leading applications/projects to date?
What
is a smart card?
Identical in size and feel to credit
cards, smart cards store information on an integrated microprocessor chip
located within the body of the card.
These chips hold a variety of information,
from stored (monetary)-value used for retail and vending machines, to secure
information and applications for higher-end operations such as medical/healthcare
records. New information and/or applications can be added depending on
the chip capabilities.
Different types of cards being
used today are contact, contactless and combination cards.
Contact smart cards must be inserted
into a smart card reader. These cards have a contact plate on the face
which makes an electrical connector for reads and writes to and from the
chip when inserted into the reader.
Contactless smart cards have an
antenna coil, as well as a chip embedded within the card. The internal
antenna allows for communication and power with a receiving antenna at
the transaction point to transfer information. Close proximity is required
for such transactions, which can decrease transaction time while increasing
convenience.
A combination card functions as
both a contact and contactless smart card.
What
are the benefits of smart cards over magnetic stripe cards?
Smart cards allow thousands of
times the information storable on magnetic stripe cards. In addition, smart
cards are more reliable, perform multiple functions and are more secure
because of high security mechanisms such as advanced encryption and biometrics.
Smart cards can and will hold a
large amount of personal information, from medical/health history to personal
banking and personal preferences. What steps need to be taken, and by whom,
to guarantee the privacy of that information to the card holder?
Privacy is a technology-neutral
issue. It doesn't matter whether information is recorded on paper in a
doctor's office file or resides in a payroll application on a mainframe
computer. It is important to consider the privacy of information form the
time it is collected, through the life of its use and until the time it
is no longer needed and securely destroyed. It is not enough to protect
information on a smart card. You must be equally concerned about all forms
of the information from the original format in which it was collected (often
paper form) to any and all backups and centralized database copies.
The responsibility for the protection
of the data belongs to the organization that requests it from the individual.
Their staff must understand Fair Information practices and follow them.
There are many considerations beyond the typical analysis of who may read,
change, delete, or add information. The Information and Privacy Commissioner/Ontario
and the Advanced Card Technology Association of Canada have jointly developed
a procedure called "Smart, Optical and Other Advanced Cards: How to do
a Privacy Assessment." The first of its kind in the world, this procedure
is designed for card application developers and helps them to understand
privacy principles, build privacy protection into their applications and
document their steps. For more information, contact ACT Canada at (905)
683-1442.
*"Quarterly Question,"
Smart Link, "Volume 1, Number 3, 1997. Catherine A. Johnston, President
and CEO, the Advanced Card Technology Association of Canada (ACT Canada).
What
is causing delay in implementing Java as the standard for interoperable
smart cards?
Java is all card manufacturers'
undisputed interoperable language of choice for running multi-application
smart card platforms. It is the most secure general purpose language that
allows multiple applications to share smart card resources. Nearly all
smart card application providers using another interpreted language have
announced commitments to Java.
Nevertheless, because Java would
not run with acceptable performance on a simple PC/AT, smart card components
and operating systems needed to be retooled to offer correct response time
at an acceptable price. This effort is now well underway, beyond the existing
evaluation tools, and is available to 8-bit and 32-bit micro-controllers.
Commercial products for large roll-outs should be soon available.
Java, however, is only a language,
and even though an API has been defined by the Java Card Forum, applications
are still defined "at the interface" between the smart card and the terminal,
using conventional command exchanges. Most times, the terminal does not
know Java is the language used by the card and may not be Java aware at
all.
Using Java to develop applets in
the card has simplified the development of applications for smart cards,
but only preliminary work has been done on a main issue facing multi-application
cards: secure distribution of applets through a very diversified network
to cards not issued by the application issuer. We are slowly moving from
a 'card issuing mentality" to an "application issuing concept," and adapting
to this new paradigm will take more time and effort than using a given
language in a card, as it impacts the terminals, the network and many well
established marketing habits.
**"Quarterly Question,"
Smart Link, "Volume 2, Number 1, 1998. Gilles Lisimaque, Chief Technology
Officer for Gemplus, and SCIA Security Committee Chairman.
How
many smart cards have been issued worldwide, and what is the projected
growth for the year 2000?
In 1996, approximately 805 million
smart cards were issued, with an estimated 2.8 billion to be distributed
in 2000. The distribution is:**
| Card
Application |
1996* |
2000* |
Average
Annual
Growth |
| Pay
Phone |
605 |
1,500 |
29% |
| GSM |
20 |
45 |
25% |
| Health
Care |
70 |
120 |
14% |
| Banking |
40 |
250 |
105% |
| Identity/Access |
20 |
300 |
280% |
| Transportation |
15 |
200 |
247% |
| Pay
TV |
15 |
75 |
80% |
| Gaming |
5 |
200 |
780% |
| Metering/Vending |
10 |
80 |
140% |
| Retail/Loyalty |
5 |
75 |
280% |
*in millions
What
is the world wide distribution of smart cards and what applications are
prevalent geographically?
Smart cards are most prominent
in Western Europe, which holds 70% of the market. Worldwide distribution
is:**
| Region |
1996 |
2000 |
| North
America |
3% |
12% |
| South
America |
11% |
10% |
| Western
Europe |
70% |
40% |
| Asia |
10% |
30% |
| Rest
of World |
6% |
8% |
**Source: Phoenix
Planning & Evaluation
What
is contained in the ISO 7816?
ISO 7816 Integrated Circuit Cards
with Electrical Contact
The International Standards Organization
(ISO) facilitates the creation of voluntary standards through a consensus-building
process that is open to interested participants. ISO 7816 is the international
standard for integrated-circuit cards (commonly known as smart cards) that
use electrical contacts. Anyone interested in obtaining a technical understanding
of smart cards needs to become familiar with what ISO 7816 does NOT cover
as well as what it does.
ISO 7816 does not address smart
card applications. Most current and planned applications require custom
files and coding. However, there are efforts under way to create common
application standards. The most prominent current example is the cooperative
development of financial payments standards by Europay International, MasterCard
International and Visa International (EMV).
ISO has six parts. Some have been
complete; others are currently in draft stages.
What
are the leading applications/projects to date?
Carte Bancaire in France, 22 millions
of cards delivered. Chip is used to authenticate the card dynamically.
Telecarte in France, the first
large-scale stored value chipcard application. Chip contains just the memory.
Health insurance card in Germany,
memory card is issued to every German citizen.
The number of different Smart Card
based payment system pilots is estimated to 40 (ESCAT'94)
A sensible description of application
areas and valuable characteristics of Smart Cards in these areas is needed
here. Anybody willing to write it?
|
Smart Card