Smart Card Readers are also known as card programmers (because they can write to a card), card terminals, card acceptance device (CAD) or an interface device (IFD). There is a slight difference between the card reader and the terminal. The term 'reader' is generally used to describe a unit that interfaces with a PC for the majority of its processing requirements. In contrast, a 'terminal' is a self-contained processing device.
Smart cards are portable data cards that must communicate with another device to gain access to a display device or a network. Cards can be plugged into a reader, commonly referred to as a card terminal, or they can operate using radio frequencies (RF).
When the smart card and the card reader come into contact, each identifies itself to the other by sending and receiving information. If the messages exchanged do not match, no further processing takes place. So, unlike ordinary bank cards, smart cards can defend themselves against unauthorized users and uses in innovative security measures.
Communicating with a Smart Card Reader
The reader provides a path for your application to send and receive commands from the card. There are many types of readers available, such as serial, PCCard, and standard keyboard models. Unfortunately, the ISO group was unable to provide a standard for communicating with the readers so there is no one-size-fits-all approach to smart card communication.
Each manufacturer provides a different protocol for communication with the reader.
• First you have to communicate with the reader.
• Second, the reader communicates with the card, acting as the intermediary before sending the data to the card.
• Third, communication with a smart card is based on the APDU format. The card will process the data and return it to the reader, which will then return the data to its originating source.
The following classes are used for communicating with the reader:
• ISO command classes for communicating with 7816 protocol
• Classes for communicating with the reader
• Classes for converting data to a manufacturer-specific format
• An application for testing and using the cards for an intended and specific purpose
Readers come in many forms, factors and capabilities. The easiest way to describe a reader is by the method of its interface to a PC. Smart card readers are available that interface to RS232 serial ports, USB ports, PCMCIA slots, floppy disk slots, parallel ports, infrared IRDA ports and keyboards and keyboard wedge readers. Card readers are used to read data from – and write data to – the smart card. Readers can easily be integrated into a PC utilizing Windows 98/Me, 2000, or XP platforms. However, some computer systems already come equipped with a built-in smart card reader. Some card readers come with advanced security features such as secure PIN entry, secure display and an integrated fingerprint scanners for the next-generation of multi-layer security and three-factor authentication.
Another difference in reader types is on-board intelligence and capabilities. An extensive price and performance difference exists between an industrial strength reader that supports a wide variety of card protocols and the less expensive win-card reader that only works with microprocessor cards and performs all processing of the data in the PC.
The options in terminal choices are just as varied. Most units have their own operating systems and development tools. They typically support other functions such as magnetic-stripe reading, modem functions and transaction printing.
To process a smart card the computer has to be equipped with a smart card reader possessing the following mandatory features:
• Smart Card Interface Standard – ISO 7816 is an international standard that describes the interface requirements for contact-type smart cards. These standards have multiple parts. For instance, part 1, 2 and 3 are applicable to card eaders. Part 1 defines the physical characteristics of the card. Part 2 defines dimension and location of smart card chip contacts. Part 3 defines the electronic signals and transmission protocols of the card. Card readers may be referred to as conforming to ISO 7816 1/2/3, or in its simplified term, ISO 7816.
• Driver – This refers to the software used by the operating system (OS) of a PC for managing a smart card and applicable card reader. To read a smart ID card, the driver of the card reader must be PC/SC compliant which is supported by most card reader products currently available. It should be noted that different OS would require different drivers. In acquiring card readers, the compatibility between the driver and the OS has to be determined and ensured.
Desirable Features in a Smart Card Reader
Card Contact Types refers to how the contact between a card reader and a smart card is physically made. There are two primary types of contact: landing contact and friction contact (also known as sliding or wiping). For card readers featuring friction contact, the contact part is fixed. The contact wipes on the card surface and the chip when a card is inserted. For card readers featuring the landing type, the contact part is movable. The contact "lands" on the chip after a card is wholly inserted. In general, card readers of the landing type provide better protection to the card than that of the friction type.
Smart card readers are also used as smart card programmers to configure and personalize integrated circuit cards. These programmers not only read data, but also put data into the card memory. This means that not only CPU based smart cards, but also simple memory cards can be programmed using a smart card reader. Of course the card reader must support the appropriate protocol such as the asynchronous T=0, T=1 or synchronous I2C protocols.
It won't take long before smart card readers become an integral part of every computer – and, subsequently, the lives of computer users. Computer systems with keyboards that have smart card reader/writer integration are also available.
Smart card readers are also accessible in the form of USB dongle. USB dongles are frequently used with GSM phones, which contain a SIM smart card. Additionally, phone numbers can be edited on a PC using the USB smart card dongle.
Key features and characteristics of smart cards
Cost: Typical costs range from $2.00 to $10.00. Per card cost increases with chips providing higher capacity and more complex capabilities; per card cost decreases as higher volume of cards are ordered.
Reliability: Vendors guarantee 10,000 read/write cycles. Cards claiming to meet International Standards Organization (ISO) specifications must achieve set test results covering drop, flexing, abrasion, concentrated load, temperature, humidity, static electricity, chemical attack, ultra-violet, X-ray, and magnetic field tests.
Error Correction: Current Chip Operating Systems (COS) perform their own error checking. The terminal operating system must check the two-byte status codes returned by the COS (as defined by both ISO 7816 Part 4 and the proprietary commands) after the command issued by the terminal to the card. The terminal then takes any necessary corrective action.
Storage Capacity: EEPROM: 8K - 128K bit. (Note that in smart card terminology, 1K means one thousand bits, not one thousand 8-bit characters. One thousand bits will normally store 128 characters - the rough equivalent of one sentence of text. However, with modern data compression techniques, the amount of data stored on the smart card can be significantly expanded beyond this base data translation.)
Ease of Use: Smart cards are user-friendly for easy interface with the intended application. They are handled like the familiar magnetic stripe bank card, but are a lot more versatile.
Susceptibility: Smart cards are susceptible to chip damage from physical abuse, but more difficult to disrupt or damage than the magnetic stripe card.
Security: Smart cards are highly secure. Information stored on the chip is difficult to duplicate or disrupt, unlike the outside storage used on magnetic stripe cards that can be easily copied. Chip microprocessor and Co-processor supports DES, 3-DES, RSA or ECC standards for encryption, authentication, and digital signature for non-repudiation.
First Time Read Rate: ISO 7816 limits contact cards to 9600 baud transmission rate; some Chip Operating Systems do allow a change in the baud rate after chip power up; a well designed application can often complete a card transaction in one or two seconds. Speed of Recognition Smart cards are fast. Speed is only limited by the current ISO Input/Output speed standards.
Proprietary Features: These include Chip Operating System (COS) and System Development Kits.
Processing Power: Older version cards use an 8-bit micro-controller clockable up to 16 MHz with or without co-processor for high-speed encryption. The current trend is toward customized controllers with a 32-bit RISC processor running at 25 to 32 MHz.
Power Source: 1.8, 3, and 5 volt DC power sources.
Support Equipment Required for Most Host-based Operations: Only a simple Card Acceptance Device (that is, a card reader/writer terminal) with an asynchronous clock, a serial interface, and a 5-volt power source is required. For low volume orders, the per unit cost of such terminals runs about $150. The cost decreases significantly with higher volumes. The more costly Card Acceptance Devices are the hand-held, battery-operated terminals and EFT/POS desktop terminals.
Why consider smart cards?
IF a portable record of one or more applications is necessary or desirable, AND
Records are likely to require updating over time, Records will interface with more than one automated system, Security and confidentiality of records is important
THEN, smart cards are a feasible solution for making data processing and transfer more efficient and secure.
Advantages of Smart Cards:
• The capacity provided by the on-board microprocessor and data capacity for highly secure, off-line processing
• Adherence to international standards, ensuring multiple vendor sources and competitive prices
• Established track record in real world applications
• Durability and long expected life span (guaranteed by vendor for up to 10,000 read/writes before failure)
• Chip Operating Systems that support multiple applications
• Secure independent data storage on one single card
Barriers to Acceptance of Smart Cards:
• Relatively higher cost of smart cards as compared to magnetic stripe cards. (The difference in initial costs between the two technologies, however, decreases significantly when the differences in expected life span and capabilities- particularly in terms of supporting multiple applications and thus affording cost sharing among application providers- are taken into account).
• Present lack of infrastructure to support the smart card, particularly in the U.S., necessitating retrofitting of equipment such as vending machines, ATMs, and telephones.
• Proprietary nature of the Chip Operating System. The consumer must be technically knowledgeable to select the most appropriate card for the target application.
• Lack of standards to ensure interoperability among varying smart card programs.
• Unresolved legal and policy issues related to privacy and confidentiality or consumer protection laws.
Smart Card Applications
Financial Applications
• Electronic Purse to replace coins for small purchases in vending machines and over-the-counter transactions.
• Credit and/or Debit Accounts, replicating what is currently on the magnetic stripe bank card, but in a more secure environment.
• Securing payment across the Internet as part of Electronic Commerce.
Communications Applications
• The secure initiation of calls and identification of caller (for billing purposes) on any Global System for Mobile Communications (GSM) phone.
• Subscriber activation of programming on Pay-TV.
Government Programs
• Electronic Benefits Transfer using smart cards to carry Food Stamp and WIC food benefits in lieu of paper coupons and vouchers.
• Agricultural producer smart marketing card to track quotas.
Information Security
• Employee access cards with secured passwords and the potential to employ biometrics to protect access to computer systems.
Physical Access Control
• Employee access cards with secured ID and the potential to employ biometrics to protect physical access to facilities.
Transportation
• Drivers Licenses.
• Mass Transit Fare Collection Systems.
• Electronic Toll Collection Systems.
Retail and Loyalty
• Consumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set.
Health Care
• Consumer health card containing insurance eligibility and emergency medical data.
Student Identification
• All-purpose student ID card (a/k/a campus card), containing a variety of applications such as electronic purse (for vending machines, laundry machines, library card, and meal card).