Types of smart cards for EMV Software

Philips Seminiconductor Mifare Contactless Smart Cards

An important place among the manufacturers of integrated circuits and smart cards is occupied by Philips Semiconductor. This company has developed a technology under the brand name Mifare, designed to create industry-standard contactless smart cards. Contactless cards are characterized by the absence of electromechanical contact with the device that receives and processes information from the card. Contactless smart cards belong to the group of passive cards that do not have batteries, they work flawlessly throughout the entire life cycle.

Mifare Contactless smart cards (BSC) are plastic cards with a microchip and a flat winding-antenna. When located in the electromagnetic field created by the information reader/writer, the antenna provides power to the card chip and information exchange between the card and the device. The RF interface provides interaction between the smart card and the reader at a distance of up to 10 cm.

Since Mifare BSCs use remote information reading technology and are not limited by the number of reads, they are used where reliable and fast cardholder service is required, while having a mass character. As a rule, these are payment for transportation, personal identification and access control systems, payment systems in trade, customer loyalty programs, etc. For example, for the company “ProfMaster”, which provides rental cabins in St. Petersburg with various technical characteristics, we have designed and put into operation a system for identifying employees and visitors using Mifare contactless smart cards. These cards have proven themselves in numerous applications. Currently, the Mifare standard has more than 40 million users worldwide and occupies 90% of the contactless smart card market.

An important feature of the BSC is the ability to place up to 16 different applications in the memory of the card. Each application is protected by two secret keys, which are stored in memory during card personalization. Access to the memory area and other operations with it are performed only when these keys are checked. Security is built, according to ISO 9798-2, on three-pass domain authentication. To place the information of each card application, the developer can use 48 bytes of area.

Characteristics of Mifare Contactless Smart Cards:

  1. Operating frequency 13.56 MHz;
  2. The exchange rate of the reader with the card is 106 Kbaud;
  3. anti-collision mode-processing more than one card while being in the reader field at the same time;
  4. the working distance from the antenna to the card is 100 mm (depending on the antenna geometry) with the possibility of simple and fast operations;
  5. half-duplex communication protocol between the reader and the card;
  6. the safety and reliability of the data during transmission is ensured.

Features of Mifare Contactless Smart Cards:

  1. State-of-the-art crystal technology that provides a high-speed process for memorizing the CMOS EEPROM standard;
  2. simple crystal design, requiring no external components other than the coil for the card;
  3. No battery power and non-contact power / data transmission.

Security in the use of a smart card is achieved by:

  1. Multiple three-pass authentication (DIS 9798-2 standard);
  2. encryption of data transmitted over the radio frequency channel;
  3. individual key setting for each sector to support multi-functional use with a key hierarchy (per application);
  4. unique serial number of the card;
  5. the transport key.

Special memory markup is possible to perform operations to increase and decrease the counter (such schemes are usually used for e-wallets, where the counter represents the card balance, and its increase and decrease is interpreted as crediting and debiting the e-wallet). Basic properties of Mifare Standard BSC:

  1. the exchange of information between the card module, which includes a chip with protected memory and an antenna, and the device for reading/writing information to the card is at a distance of up to 10 cm, the operation with the card memory takes an average of 10 ms, that is, almost instantly, which allows you to use the card as the most effective payment tool;
  2. high level of fraud protection, the card cannot be forged. The manufacturer guarantees the uniqueness of the card instance. Data exchange is carried out using an encrypted protocol, access to memory is possible only upon presentation of secret keys that are stored in the terminal’s security module and cannot be read from it. The keys are assigned by the issuer, which guarantees their protection from the card manufacturer and the payment scheme developer;
  3. The card has a large amount of memory. The memory is divided into 16 zones, each of which can be used to load applications intended for:
  • automated payment for travel on public transport and on toll highways;
  • mini-payments for services and goods (e-wallet);
  • identification of the cardholder in access control systems;
  • payphone payments;
  • payment for parking;
  • payment for air tickets;
  • payment systems on the territory of the educational institution / hostel, payment of utilities, etc.

Multi-functionality of the Mifare smart card memory:

  1. The memory capacity of the card is 1KB, EEPROM standard, no battery power required;
  2. securely delimited 16 sectors that support multi-functional applications;
  3. each sector consists of four blocks (three for information and one for storing keys);
  4. the block is the smallest component that the user addresses, and consists of 16 bytes;
  5. each sector has its own set of access keys, which allows you to differentiate access to different applications;
  6. access to memory zones is flexible and can be changed by the user under different conditions;
  7. data storage period in memory up to 10 years;
  8. the maximum number of write cycles is up to 100 thousand.

Mifare smart cards can work with a wide range of read/write modules to meet different needs and requirements. Based on these modules, system integrators can easily create Mifare read/write devices that meet the individual needs of customers.

CryptoFlex and CyberFlex Smart Cards

The CryptoFlex smart card has a microprocessor and a mathematical cryptoprocessor, which provides all the advantages of the latest generation of smart cards. The CryptoFlex card provides a secure database with binary, linear, variable linear, and cyclic files that can be used for applications such as identity tools, as well as as a health system card or computer network security. Its design capacity allows the use of state-of-the-art public key algorithms, which improves key management at the system level. The set of its commands complies with the international ISO standards 7816-1/2/3/4.

The CryptoFlex operating system uses DES, 3-DES, and RSA cryptoprocessor algorithms to protect data in applications. The improved CryptoFlex command set allows you to use the authentication process, manage secret codes and electronic signatures, which ensures the integrity of the application. The use of 1024-bit RSA keys guarantees reliable protection. CryptoFlex offers perfect protection of electronic transactions. The main technological improvement is key management.

The CryptoFlex smart card can be fully adapted to the customer’s applications thanks to its dynamic and logical memory management system, which uses directories, subdirectories, etc. Compliance with the ISO 7816-4 standard makes CryptoFlex a good platform for managing multiple applications with a high level of security.

The CyberFlex smart card allows you to use the modern Java programming language and create secure Java applications based on smart cards that meet the needs of the corporate and consumer market. This can include personal identification, access to electronic networks, electronic financial transactions, mobile digital communications, health programs, loyalty programs, and much more. As an example of the use of cards of this type, we can cite the project of the office building of a legal agency that provides registration services for businesses and individuals, and in addition to the personal information of employees, we have implemented the ability to store access keys to the local network of the enterprise on smart cards.

The CyberFlex card allows you to download different, even non-cooperating, applications to a single smart card, each of which is protected. The smart card software can be updated after its release. This is very convenient, as it allows industries using this technology to quickly respond to changes in market requirements.

Java programmers can program smart cards for almost any application using the CyberFlex developer toolset. This technology allows you to develop smart card applications in accordance with the open standards used today in the software industry. Any program written in accordance with the Java Card API has a wide scope of use, since it can run on any smart card that meets the Java standards.

Technical specifications:

  1. microprocessor and cryptoprocessor;
  2. 4 KB of EEPROM;
  3. One 5V power supply;
  4. reliable data storage for 10 years;
  5. personalization or numbered serialization by thermal or laser printer;
  6. The operating system complies with the ISO standard 7816-1/2/3/4;
  7. Managing X. 509 compliant certificates;
  8. Protocol T = 0;
  9. dynamic and logical management of data files;
  10. data protection (PIN code, secret keys, mutual authentication, etc.);
  11. Uses DES, Triple-DES, RSA 1024 algorithms, can use RSA;
  12. Calculating the RSA digital signature;
  13. RSA Digital Signature Verification;
  14. internal RSA key generation;
  15. secure random number generator;
  16. Managing multiple RSA keys;
  17. Compatible with MultiFlex series products (3 and 8 KB).

Orga Systems ‘ Micardo Secure Smart Cards

Orga’s Micardo family of smart cards provides data security in the following important areas:

  1. secure identification and authentication with a digital signature or biometrics;
  2. protection of highly confidential medical data in health insurance cards;
  3. digital signatures for electronic business transactions as part of online banking operations or purchases of goods over the Internet.

Orga has developed a set of smart cards that meet the individual needs of each customer:

  1. Micardo Public;
  2. Micardo Elliptic;
  3. JavaCard Open Platform (JCOP).

Micardo Elliptic smart cards versions 2.2/2.3 are designed to meet the requirements of the new generation of secure cards. These smart cards use the highly secure Orga chip operating system for smart cards in the PKI public key infrastructure, using elliptic curve cryptography ECC. This platform has the property of interoperability and can be easily integrated into different systems.

The Micardo Elliptic card provides an important security feature – the generation of cryptographic keys in the card. A pair of crypto keys can be safely generated in the card itself. This means that the secret key never leaves the smart card. As an example of the use of Micardo Elliptic smart cards, we have implemented a project of a loyalty system for one of the companies, a distinctive feature of the implemented system is the storage of all purchases on loyalty cards and a cumulative discount for regular customers. Moreover, the key matching algorithm is supported in accordance with the Diffie-Hellman method.

The Micardo Elliptic card complies with the German DIN specification for Digital signature cards, which is the basis for many national and international identification card applications. In addition, Micardo Elliptic is at the forefront of cryptographic technology thanks to the implementation of elliptic curve cryptography in digital signature schemes without the use of a cryptographic controller. An important quality of the Micardo smart card family is the provision of a high level of information security.

Consider, in particular, the main characteristics of the Micardo Elliptic version 2.3:

  1. Infineon SLE66CX322P microcontroller;
  2. ROM 136 KB;
  3. 4096 bytes of RAM;
  4. 32 KB EEPROM;
  5. the crypto controller is not used.

Micardo Elliptic Card Operating System:

  1. multiapplication OS for smart cards;
  2. Compatibility with ISO 7816 specifications:
  • DES-based security functionality;
  • built – in generation of a pair of crypto keys;
  • ECC elliptic curve cryptography for digital signatures.

Security features of Micardo Elliptic cards:

  1. DES and Triple-DES hardware:
  • secure transmission of your messages;
  • cryptographic services (checksums, MAC code, and encryption);
  1. the functions of digital signature based on elliptic curves, using the finite field;
  2. Compliance with ISO 7816-4/8/9:
  • hierarchical file system;
  • secure transmission of your messages;
  • OS command set OS;
  • access rules in extended format;
  1. SHA-1 secure hashing algorithm for digital signatures according to FIPS 180-1;
  2. secure app separation;
  3. Key matching algorithm using the Diffie-Hellman method (only MI-CARDO Elliptic version 2.3).

Orga Systems Smart Cards

Orga produces a large set of banking and identification smart cards of various types (Advantis/TIBC 3/0, GeldCarte, SmartEntry, M/Chip Lite, MChip Select on the Multos platform, Open Platform-DES, Open PlatformPK, Open Platform-DI, MICARDO Public, MICARDO Elliptic). The Advantis/TIBC 3.0 card supports the migration of EMV technology to Latin America. The Advantis card base is the TIBC version 3.0 operating system used today for Visa smart card programs in Latin America with the EMV application. TIBC 3.0 is officially certified by Visa International and Europay/MasterCard payment systems for compliance with EMV standards.

The MChip Lite card is a common card of the Europay and MasterCard payment systems and replaces the card with a magnetic stripe. As a lower-level EMV product, it follows a ready-made product strategy in that it offers card issuers a cost-effective, fast and easy implementation. This single-app card can be personalized as a MasterCard, Maestro (including ATM support), Cirrus, or EC Card.

MChip Select card with the developed MasterCard application, available on the highly secure (ITSEC E6) multiapplication platform Multos. The MChip Select card offers a wide and flexible range of features and personalization, and provides issuers with rich risk management and security features.
The Multos platform is one of the widely used operating systems for multiapplication cards in the banking industry and remains the preferred platform of the MasterCard payment system. The ability to add or remove applications after the card has already been issued creates greater flexibility in application throughout the issuer-client interaction. Smart card services can be updated at any time.

GeldKarte is closely linked to the German national debit payment system EC-cash and is one of the world’s largest e-wallet systems (more than 50 million chip cards have been issued). GeldKarte’s multi-functional chip provides applications such as loyalty card, e-parking, and PIN verification for debit transactions. For example, our company has implemented a loyalty system based on GeldKarte smart cards for the company “Regional Cable Bases”, which performs work on the unwinding and cutting of various types of cable (power and control), and for each client of the company, the card stores the current and cumulative discount. The card is one of the most promising technological platforms for payment applications.

The SmartEntry card with a single app provides full capabilities at a low cost and is the ultimate lower-level product. Multiapplication cards and Open Platform standards are becoming more and more attractive in the smart card market. The Open Platform smart card family, based on the Java Card 2.1 and Open Platform 2.0 specifications, consists of three card types:

  1. Open Platform-DES;
  2. Open Platform-PKI;
  3. Open Platform-DI.

All these cards are characterized by built-in applications such as:

  1. Visa Debit/Credit (VSDC version 2.4.0 or 2.4.1);
  2. Visa Card (version 1.6.1);
  3. Payment System Environment (for Open Platform version 2.0);
  4. Open Platform Card Manager (VOP 2.1.1).
    These applications are loaded only in ROM, leaving room for dynamic loading and deleting of other applications in the erasable memory of the EEPROM.

The Open Platform-DES card is a solution that reduces time to market and adds flexibility to use throughout the card’s lifecycle. The card offers the full functionality of the Open Platform product family (Visa Smart Debit/Credit, Visa Cash, Payment System Environment, Open Platform Card Manager), including an additional Visa Smart Access applet in ROM.

The Open Platform-PK card offers the full functionality of the Open Platform family of products, as well as the DES, 3-DES, RSA encryption algorithms and the use of the PKI public key infrastructure, which provides increased security. The Open Platform-DI (dual-interface) card combines the advantages of Java’s Open Platform Card and dual-interface technology and therefore offers the customer the highest flexibility of use. Dual interface technology allows you to maneuver between the limitations of contact and non-contact technologies.

Combining the advantages of different interfaces, the card can be used in a wide range of multiapplication scenarios. The Open Platform-DI card also offers the full functionality of the Open Platform product family (Visa Smart Debit/Cvedit, Visa Cash, Payment System Environment, Open Platform Card Manager) and provides DES, 3-DES, and RSA encryption algorithms.

Gemplus Smart Cards

Recently, EMV smart cards from Gemplus (France) have become widely used, supporting the most common specifications of the payment systems Europay, MasterCard and Visa in the world.Such cards are characterized by a high level of protection against fraud, they cannot be forged. Each card has a unique serial number that is not erased from the memory of the integrated chip, assigned by the chip manufacturer. Data is exchanged over an encrypted protocol, and a two-pass algorithm using random numbers and secret keys is used to authenticate the specified memory areas.

In the authenticated memory area, when the access conditions assigned during card personalization are met, read and write operations, as well as increment and decrement (special functions of the electronic wallet) are possible. The collision resolution algorithm allows you to work with a specific selected card, keeping all other cards under control. The average time for identifying a smart card (card request, anti-collision, card selection) is about 3 ms, reading a block of data (16 bytes) is 2.5 ms, writing a block is 9 ms, and operations with an electronic wallet take no more than 10 ms.

MPCOS EMV contact smart cards are available in versions with a memory capacity of 1, 2, 4, 8 and 16 KB. The contact pads comply with the ISO 7816 standard. The data exchange rate is 115200 baud. GemEasy 8000 contactless smart cards with a Mifare chip use a radio frequency interface that allows the card and reader to interact at a distance of up to 10 cm (depending on the antenna). For example, for the company “Dominant-TM”, which supplies a wide range of building materials, we have implemented a system for recording the working hours of employees of the company based on contactless smart cards GemEasy, which allowed the management of the construction company to get a modern and reliable tool for monitoring employees.

The memory capacity of the card is 8 KBIT, which is divided into 16 independent zones, each of which can be closed by access with two hierarchically organized secret keys (that is, up to 16 independent applications are possible on the BSC). The number of reads is unlimited. The number of write operations is 100000. The data exchange rate is 106 Kbaud. Smart cards with a dual GemTwin interface are available in versions with a memory capacity of 8, 16, 32, 64 and 128 KB. The contact pads comply with the ISO 7816 standard.