Types of smart cards for the EMV program

This chapter is a brief introduction to the world of smart cards. We will try to familiarize the reader with the basics of smart card technology to help him understand the main idea of this book. If the reader wants to get a deeper knowledge of smart card technology, we will refer him to two books. The first book is Rankl and Effing [1], and the second is Guthery and Jurgensen [2]. These works contain comprehensive information on this topic. Readers who are familiar with smart card technology may skip this chapter.

Smart cards are often referred to as microprocessor cards or cards with embedded integrated circuits. A smart card is a card with an integrated circuit embedded in a plastic base. Its dimensions correspond to the dimensions of a regular credit card. Smart cards are used for data transmission, storage and processing. There may also be an area on the surface of the smart card for stamping information about its owner. There may be a magnetic stripe on the reverse side.

The main types of smart cards

The physical dimensions and properties of smart cards are defined in Section 1 of the ISO 7816 standard. ISO 7816 is a document that contains standards used in the smart card industry.
Usually a smart card does not have a power supply, display or keyboard. To communicate with the outside world, it must be inserted into a reader connected to a computer. Some cards allow you to read information contactless if the card is within the range of the reader.

Smart cards can be divided into several groups. The main difference: memory cards and cards with a built-in microprocessor. According to the principle of the device of the smart card reader mechanism, they are also divided into contact and contactless.

Comparison of memory cards and cards with a built-in microprocessor

The first commercially available smart cards were memory cards. Memory cards cannot be called smart cards in the conventional sense, because they do not contain a microprocessor. Only a memory chip or a chip with non-programmable logic is built into them.

The amount of memory in such cards is from 1 to 4 kilobytes. They are usually used as prepaid cards for pay phones, as well as for receiving other pre-paid goods and services.

Memory cards do not have a processor. To process data, they use a simple scheme that can execute several predefined instructions. The functionality of such a scheme is limited, and it cannot be reprogrammed. Therefore, memory cards cannot be reused. When the balance on the card has become zero, the card can be discarded.

Depending on the security requirements of the stored data, protected memory or security logic is used to protect against unauthorized access. For example, prepaid phone cards may have logic that does not allow you to increase the balance on the card. But, despite the security measures taken, it is quite easy to fake memory cards. The advantages of memory cards include a simple technology of their manufacture. Therefore, they are often used for applications where the main criterion is low cost.

Unlike memory cards, microprocessor cards, as the name implies, contain a built-in microprocessor. They have a much higher degree of protection and can perform many functions. The data stored in the microprocessor card is never directly accessible to external applications. The microprocessor controls data processing and memory access in accordance with a set of conditions (passwords, encryption, etc.), as well as in accordance with the instructions of external applications. Many modern models of microprocessor cards have built-in support for data encryption. Such cards are especially useful in cases where it is necessary to ensure data protection. Microprocessor cards have a very high level of flexibility. They can be optimized for a single application or configured to work with several different applications. The functionality of such cards is limited only by the amount of available memory and the processing power of the processor.

Microprocessor cards are widely used in access control systems, banking, retail, wireless communications, as well as in other areas where data protection and security considerations come to the fore.
These cards are mass-produced, therefore, compared with the beginning of the 90s of the twentieth century, their cost has significantly decreased. Now the cost of making one card ranges from $ 1 to $ 20. The main costs are for memory and embedded software.

In general, the term “smart card” refers to both memory cards and microprocessor cards. “Smart” translates as “intelligent, intelligent, with developed logic”. Therefore, in some publications, only microprocessor cards are considered smart cards, motivating this by the fact that their “intelligent” behavior is provided by an integrated microprocessor. The term “integrated circuit card” is also applicable to the cards of both types.
Since a universal programmable processor is required to support the Java Card computing environment, in this book we will use the term “smart cards” for microprocessor cards. Memory cards will not be discussed further.

Comparison of contact and contactless cards

To work, the contact card must be inserted into the reader. There are eight contacts on the card that come into contact with the corresponding contacts of the reader. A serial communication interface is used for data exchange. In the section we will discuss in detail the contacts of the smart card.

The contact card must be inserted into the mechanical reader, while being careful and correctly oriented. Therefore, contactless cards are used in situations requiring fast communication. Contactless cards, for example, are ideal for passing through turnstiles in public transport or for organizing access to various premises.

Contactless cards do not need to be inserted into the reader. An internal spiral antenna is used for communication. A battery or induced electromagnetic fields received by an antenna can be used for power supply. The data exchange between the contactless card and the reader is carried out using electromagnetic fields.

Due to the fact that the chip built into the contactless card is completely hidden inside it, such cards are free from many of the limitations inherent in contact cards: the absence of contacts prevents wear from prolonged use, there is no need to monitor the correctness of inserting the card into the reading device, the thickness of the card is not limited by the size of the slot of standard devices readings.

But contactless cards have their drawbacks. To establish communication and data exchange, the contactless card must be located at a certain distance from the reader. If the card has gone beyond the sensitivity zone of the reader, the operation is interrupted and the data is not fully transmitted. There is a risk of interception of transactions and transmitted data without the knowledge of the cardholder. In addition, the cost of contactless cards is higher than that of contact cards with similar capabilities.

All the examples in this book use contact cards, because they have become more widespread. Despite this, many of the provisions discussed here are equally applicable to contactless cards.