ISO uses the term, Integrated Circuit Card (ICC) to encompass all
those devices where an integrated circuit is contained within an ISO 1 identification card piece of plastic.
Integrated Circuit cards (smart cards): these are the newest and most clever additions to the ID-1 family, and they also follow the details laid down in the ISO 78164 series. These types of cards allow far greater orders of magnitude in terms of data storage â€œ cards with over 20 Kbytes of memory are currently available. The data stored can be made tamper proof by hardware and software methods.They are more reliable and have longer expected lifetimes. Integrated circuit processor cards (Smart cards)
Maximum memory capacity:8 Kbytes 8-bit CPU (16 o 32 bit in the near future)
Card cost: $7-$15
Connector, software cost: $500
A typical smartcard consists of an 8-bit microprocessor running at approximately 5 MHz with ROM, EEPROM and RAM, together with serial input and output, all in a single chip that is mounted on a plastic carrier. The operating system is typically stored in ROM, the CPU uses RAM as its working memory, and most of the data is stored in EEPROM.The most common chipsets mount 32 kbytes of ROM, and either 32 kbytes of EEPROM with 1 Kbyte RAM or 16 Kbytes of EEPROM with 2 Kbytes of RAM. In addition, most smart cards embed a cryptographic coprocessor
for integer math calculations for performing cryptographic algorithms such as RSA.
Reading smart cards
CAD (Card Acceptance Device), and come in many kind of shapes: readers integrated into a vending machine, handheld battery-operated readers with a small LCD screen, readers integrated into a GSM mobile phone, or attached to a personal computer by a variety of interfaces.
Physical properties described by ISO 78101
Electrical properties given by ISO/IEC 7816 parts 2 and 3, and GSM
Smart card operating systems
They are severely limited in size and are generally 3 to 24 k bytes.They usually handle the following operations:
-Data transmission over the bi-directional, serial terminal interface
- Loading, operating, and management of applications
- Execution control and Instruction processing
- Protected access to data
- Memory Management
- File Management
- Management and Execution of cryptographic algorithms
Current state of the art smartcards have sufficient cryptographic capabilities to support popular security applications and protocols. In spite of the increased cost, the benefits to computer and network security of including the cryptographic coprocessor are great, for it allows the private key never to leave the smartcard.
The manufacturers introduce security measures such as:
-A one-time, irreversible fuse typically disables any test code built into the EEPROM. -In order to avoid card cloning an unalterable serial number is often burned into the memory.
-The cards aredesigned to reset themselves to a power-on state if they detect fluctuations in voltage, temperature,or clock frequency.
-Reading or Writing of the ROM is usually disabled.
Since data stored on a smart card cannot be retrieved directly via the CAD, smart cards have been proposed as portable and secure data storage devices. Also, they are used as private key storage devices for asymmetric algorithms, since in this way private keys can be generated and stored on board the card, and never leave it. They find application in:
-Web Browsers (SSL, TLS)
-Secure Email (S/MIME, OpenPGP)
-Kiosk / Portable Preferences
For more information and seminars report download:
advanced information and a smartcard tutorial: