Show your support by donating any amount. (Note: We are still technically a for-profit company, so your
contribution is not tax-deductible.)
PayPal Acct: 
Feedback: 
Donate to VoyForums (PayPal):
| [ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, 3, [4], 5, 6, 7, 8, 9, 10 ] |
| Subject: Venus transit payents high speed Mass Proton contactless everyday use instead of six weeks ceps | |
|
Author: anonymous |
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: 00:38:21 01/02/03 Thu ABOUT SMART CARDS "Smart cards represent the most significant change in consumer token technology in nearly 50 years, and we are only now beginning to recognise their fundamental importance to the new world of remote communication and trading. This is a technology for everyone, and for every aspect of commercial and public sector activity." Richard Poynder, Chairman, The Smart Card Club, March 2001 -------------------------------------------------------------------------------- INDEX Smart card functions Smart card standards and platforms The advent of the cashless society Alternatives to smart cards The shifting sands of technology Fundamentals of card operation Contact, contactless and combi interfaces The challenge of interoperability Authenticating the cardholder Introduction Although originally conceived in the 1970s, smart cards - as with many technologies - suffer from the use of terminology that is often imprecise and confusing. Our definitions used in the contents of this Internet site are set out in this introduction. A smart card is a standard credit card-sized plastic token within which a microchip has been embedded. This chip is the engine room of the smart card, and indeed is what makes it 'smart'. Smart card chips come in two broad varieties: memory-only chips, with storage space for data, and with a reasonable level of built-in security; and microprocessor chips which, in addition to memory, embody a processor controlled by a card operating system, with the ability to process data onboard, as well as carrying small programs capable of local execution. The main storage area in such cards is normally EEPROM (Electrically Erasable Programmable Read-Only Memory), which - subject to defined security constraints - can have its content updated, and which retains current contents when external power is removed. Newer smart card chips may also have maths co-processors integrated into the microprocessor chip, able to perform quite complex encryption routines relatively quickly. A smart card is therefore characterised uniquely by its chip, with its ability to store much more data (currently up to about 32,000 bytes) than is held on a magnetic stripe, all within an extremely secure environment. These security features built into smart card chips are amongst the most sophisticated of their type available in the commercial world. Data residing in the chip can be protected against external inspection or alteration, so effectively that the vital secret keys of the cryptographic systems used to protect the integrity and privacy of card-related communications can be held safely against all but the most sophisticated forms of attack. The ingenuity of the cryptographers further supplements the physical security of the chip, ensuring that penetrating one card's security does not compromise an entire card scheme. It is because of these security and data storage features that smart cards are rapidly being embraced as the consumer token of choice in many areas of the public sector and commercial worlds. The Internet, in particular, is focussing the need for online identification and authentication between parties who cannot otherwise know or trust each other, and smart cards - coupled with effective cardholder verification techniques - are believed to be the most efficient and portable way of enabling the new world of e-trade. Interoperability (see below) is the key requirement to facilitate universal consumer acceptability: the ability of a card function developed by one organisation to be used without difficulty in schemes owned and operated by many organisations. So it is that the current world population of smart cards of some 1.7 billion is set to increase to 4 billion or more cards within the next 3-4 years. -------------------------------------------------------------------------------- Smart card functions Smart cards are being deployed in most sectors of the public and private marketplaces. Single-function cards are being used for payphone telephony, digital mobile telephony (these 'cards' do not in one aspect conform to the basic definition of a smart card, i.e. credit card-sized), the credit and debit functions of financial institutions, retail loyalty schemes, corporate staff systems, subscription TV operations, mass transit ticketing schemes and many more. With the advent of multi-application cards capable of carrying data relating to several functions, more complex schemes are being developed, particularly by cities for their citizens and by central Governments for their residents. In most of these schemes, simple data structures are held and updated within cards, normally comprising personal information about the cardholder and his or her accounting relationship with the card and application issuer, together with transactional data relating to the particular function. Central processing systems often mirror this data, having collected it through a polling mechanism from the terminals that accept the particular cards and enable them to participate in the related transactions. Most smart card schemes utilise one or more generic functions, this being one of several advantages offered by smart technology. Another advantage of smart cards is that these functions are frequently associated with offline operations, i.e. functions performed without immediate access to the central system. The generic functions of cards include general transaction-based storage, storage of kernel personal data and account reference information, and - increasingly - the storage of monetary value (electronic purse) able to be loaded and spent repeatedly during the life of the card. If, by contrast, a completely online scheme (where the user terminal can always make immediate contact with the central processing system) is implemented, the use of smart cards within such a scheme is threatened, because the data storage ability of the card might become redundant if recourse may always be made to the same data held centrally. Such permanently online schemes may be commercially viable within a single organisation, but consumer- and citizen-oriented scheme owners are increasingly recognising the benefits of issuing to the user a powerful, multi-function smart card. The current proliferation of consumer plastic, giving rise to serious purse and wallet bulge, is focussing card issuers on the challenge of providing multi-application platforms within smart cards, able to carry functions relating not only to the card issuer's business, but also carrying functions issued by third party application providers who may wish to rent space within such cards. This requirement has given rise to the need for suitable platforms able to carry segmented data sets in a discrete way to ensure that one application provider's data cannot be compromised by a third party. Accordingly, a number of multi-application platform products have been developed, not only by the more traditional smart card suppliers but, more unusually, by card scheme operators with an interest in issuing cards and then defraying costs by renting space within them. Such multi-application platforms allow the addition and deletion of application data areas in-flight, without the need for replacing cards. This ability in turn leads to major branding, ownership and control issues, many of which have yet to be addressed and resolved. -------------------------------------------------------------------------------- Smart card standards and platforms A number of international standards bodies have concerned themselves with developing basic standards governing the physical and logical attributes of smart cards. Most of these, however, have lagged far behind the realities of technical progress, and have not addressed application level and interoperability issues sufficiently to allow the development of software to proceed with confidence. This has left space for international card players to develop products according to specifications which they severally wish to have recognised as de facto standards. Particular market sectors, which have developed such specifications, include GSM (Global System for Mobile communications) and the main credit institutions in the EMV (Europay, MasterCard, Visa) consortium. Several countries with strong central Governments are also establishing effective standards for national schemes, although Great Britain has largely stood back and allowed the fragmented development of proprietary systems to proliferate. The effect of such fragmentation will be to impose major barriers to the interoperability of cards across national and scheme boundaries (see below). In the longer term, major players with global reach - such as Microsoft - are likely to deploy cards and software in an effort to saturate the international market with a particular topography or architecture. Other possible routes to the acceptance of common standards are via a private sector consortium (Global Platform), and via the e-Europe public sector Initiative. -------------------------------------------------------------------------------- The advent of the cashless society In the modern world, the widespread use of cash in the form of notes and coins is increasingly being seen to hamper the effective deployment of new forms of trading. These transaction processes, as with face to face transactions, require immediate and anonymous payments. In the long-term evolution from cowry shells and tally sticks to paper and metal coinage and beyond, it is abundantly clear that the electronic storage and transfer of money value is an imperative, particularly where low-value payments require to be made internationally over telecommunications networks. The virtual elimination of cash tokens is therefore a holy grail of national Governments, of Internet merchants and of financial institutions with a real interest in controlling and profiting from that 80% of high street expenditure currently made with notes and coins. Such electronic money can take many forms, and has been endowed with a wide and misleading vocabulary including stored value and e-purse. This has led to the development by a number of financial institutions of smart card-based products performing stored value functions, ranging from simple throw-away, burn-off cards such as payphone cards, to reloadable e-purse cards designed for low-value payments in a variety of outlets and even remotely over networks. To date, single-function, generic e-purse cards, issued by financial institutions in various projects in a number of countries, have resulted in technical success but commercial failure in terms of usage rate. The consumer imperative and retailer benefits necessary for success have been almost completely lacking. The only truly successful examples of stored value, apart from payphone cards, have been mass transit tokens based on contactless technology (see below), which have provided real convenience to consumers in cities such as Hong Kong. The race for purse is, however, just beginning, and new players are emerging to challenge the more traditional financial institutions as purse providers. The value of the pre-paid float is attractive to telcos, transport operators and retailers, and the banks are now fighting to support legislation with the aim of preventing upstarts from engaging in open purse activity. A product to watch is Sony's Edy: an accounted purse in a contactless card - already gaining ground in Hong Kong, where it has been introduced by the Octopus mass transit card scheme (and, as a pre-requisite, the Octopus management company had to obtain a limited banking licence). Even within the banking community, incompatible and competing purse architectures proliferate, with anonymous and non-accounted products such as Mondex (owned by MasterCard) up against fully accounted systems in the Visa camp. European initiatives, where purse schemes proliferate, are being consolidated under the Common Electronic Purse Specification (CEPS). To date, the 80+ million purse cards in Europe are still only used on average once every six weeks - a reflection on the current commercial failings of such initiatives. -------------------------------------------------------------------------------- Alternatives to smart cards Smart card chips are the essential operational components of smart cards, and these also appear in cladding other than credit card-sized plastic tokens. SIMs (Subscriber Identity Modules, initially implemented with simple, single application smart card chips) in a smaller physical format are already incorporated in all GSM handsets, and new developments incorporate smart chips within a variety of other devices such as PDAs and wrist watches. There are also commercial developments seeking to place e-purse and other similar facilities within software environments in PCs and servers, obviating the need for the deployment of smart cards. It remains to be seen which of these software initiatives will flourish, particularly as it is difficult to ensure their security. -------------------------------------------------------------------------------- The shifting sands of technology We live in a world of fast-moving technical change. This is perhaps particularly relevant and challenging when related to smart cards, where hundreds of thousands of card-reading terminals need to be available, and tens of millions of smart cards need to be deployed, all with a potential life of several years. Forwards compatibility, and cross border and cross scheme interoperability is increasingly difficult to maintain against the background of rapid chip technology development. EEPROM may give way to faster and longer-lived Flash memory. Voltages for powering smart cards are reducing almost annually. Security technologies demand ever-faster processing power. This environment makes it extremely difficult for the confident development, acquisition and deployment of smart cards which, to support any reasonable business case, must be seen as long-term tokens. -------------------------------------------------------------------------------- Fundamentals of card operation Today's smart cards need electrical power from outside, plus a way for data to be transmitted to, and read from, the chip (and in a few cases during use of the card, data is only read out, and nothing is transmitted to the chip). The cards need a timing signal (the clock) to synchronise data transmission (so that the data transmitter and receiver run at the same speed), and many microprocessor-based cards also use that timing signal to drive the microprocessor. Also, many cards (particularly contact cards - see below) have a reset line (just like the Reset button on a PC: only to be used under certain controlled circumstances if trouble is to be avoided). -------------------------------------------------------------------------------- Contact, contactless and combi interfaces Perhaps unfortunately, but as a result of the historical development path of this technology, there are two types of electrical interface between smart cards and their associated card readers, as follows: Traditionally, for use at the retail point of sale or in the banking environment, or as the GSM SIM card in the mobile 'phone, the card has a set of gold- plated electrical contacts embedded in the surface of the plastic on one side. This contact card technology is operated by inserting the card (in the correct orientation) into a slot in a card reader, which has electrical contacts that connect to the contacts on the card face. For use in a mass transit environment, or wherever the cardholder is in motion at the moment of the transaction, radio frequency technology is used to transmit power from the reader to the card, and data is similarly transmitted over an air-gap of up to 10cms. This contactless card technology utilises an aerial coil laminated into the card, and allows communication even whilst the card is retained within a wallet or handbag. The same activation method applies to watches, pendants, baggage tags and buttons. No electrical contacts, and therefore "contactless". Furthermore, in more recent developments, there are now cards with both a contact and a contactless interface (dual-interface or combi-cards). These may incorporate two non-communicating chips - one for each interface - but preferably have a single, dual-interface chip providing the many advantages of a single e-purse, single operating architecture, etc. Contactless and combi-card architectures have many advantages, but it will be several years before the main and traditional contact card-based schemes start to migrate to these technologies. -------------------------------------------------------------------------------- The challenge of interoperability In practice, and perhaps unfortunately for the card scheme owners and managers, different cards are usually not interchangeable. Memory cards usually have different interface characteristics from microprocessor cards: different data formats and/or electrical signals across the interface between card and terminal. Even amongst cards that appear similar, interchangeability is rare. The UK EMV bank debit/credit card scheme demands interchangeability from its various suppliers - and gets it at the level at which the cards are used by the cardholder - but this is a rare example of an attempt at interoperability. It is still uncertain whether this will extend to international emanations of EMV. The challenge is to provide the different mixes of applications that various types of cardholder will want, while at the same time satisfying scheme and application owners. At the moment in the western hemisphere, bankers will not accept the use of a contactless interface for cash withdrawal and debit/credit payment functions. Public transport will not accept contact cards for reliability reasons, and thus the card designers have allied high data transmission speed, for high volume and cost-effective cards, only with a contactless interface. Public transport thus gets only a low security electronic purse (e-purse), suitable for closed schemes (schemes where most of the spending is directly related to the major business of the scheme owners). [ Next Thread | Previous Thread | Next Message | Previous Message ] |