Smart Card, Smart Card

At that time, Bull had 1200 patents related to smart cards. In 2001, Bull sold its CP8 Division together with all its patents to Schlumberger. Subsequently, Schlumberger combined its smart card department and CP8 and created Axalto. In 2006, Axalto and Gemplus, at the time the world's no.2 and no.1 smart card manufacturers, merged and became Gemalto.

Citizen cards, drivers licenses, and patient card schemes are becoming more prevalent; For example in Malaysia, the compulsory national ID scheme MyKad includes 8 different applications and is rolled out for 18 million users. Contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.

It defines two types of contactless cards ("A" and "B"), allows for communications at distances up to 10 cm. There had been proposals for ISO/IEC 14443 types C, D, E, F and G that have been rejected by the International Organization for Standardization. An alternative standard for contactless smart cards is ISO 15693, which allows communications at distances up to 50 cm.

In certain cases, it can be used for applications similar to those of contactless smart cards, such as for electronic toll collection.

Most advanced smart cards are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and DSA on board. Today's cryptographic smart cards are also able to generate key pairs on board, to avoid the risk of having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card).

The smart card chip can be loaded with funds which can be spent in parking meters and vending machines or at various merchants. Cryptographic protocols protect the exchange of money between the smart card and the accepting machine. There is no connection to the issuing bank necessary, so the holder of the card can use it regardless of him being the owner. Examples are Proton, Geldkarte, Chipknip and Mono. The German Geldkarte is also used to validate the customers age at vending machines for cigarettes.

In this application, the cards are used for authentication of identity. The most common example is in conjunction with a PKI. The smart card will store an encrypted digital certificate issued from the PKI along with any other relevant or needed information about the card holder. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and the use of various smart cards by many governments as identification cards for their citizens. When combined with biometrics, smart cards can provide two- or three-factor authentication. Smart cards are not always a privacy-enhancing technology, for the subject carries possibly incriminating information about him all the time. By employing contactless smart cards, that can be read without having to remove the card from the wallet or even the garment it is in, one can add even more authentication value to the human carrier of the cards.

To date the Gujarat Government has issued 5 million smart card driving licenses to its people. This card is basically a plastic card having ISO/IEC 7810 certification and integrated circuit, capable of storing and verifying information according to its programming.

See television encryption for an overview, and VideoGuard for a specific example of how smart card security worked (and was cracked).

The embedded chip of a smart card usually implements some cryptographic algorithm. There are, however, several methods of recovering some of the algorithm's internal state.

The plastic card in which the chip is embedded is fairly flexible, and the larger the chip, the higher the probability of breaking. Smart cards are often carried in wallets or pockets — a fairly harsh environment for a chip. However, for large banking systems, the failure-management cost can be more than offset by the fraud reduction. A card enclosure might be a good idea.

Source: Wikipedia > Smart Card