How does a smart card work?

A smart card is a device that includes an embedded integrated circuit, which can be a secure microcontroller or an equivalent intelligence with internal memory or a separate memory chip.

This passage is going to talk about the followings of smart cards:

1) Introduction of a smart card

2) How can smart card technology help protect privacy?

3) Conclusions

1) Introduction of a smart card

What is a smart card? The card is connected to a reader either through direct physical contact or through a remote contactless RF interface. The smart card has an embedded microcontroller with the unique ability to store large amounts of data, perform its own on-card functions (e.g., encryption and mutual authentication) and interact intelligently with the smart card reader. Smart card technology is compliant with international standards (ISO/IEC 7816 and ISO/IEC 14443) and comes in a variety of forms, including plastic cards, smart keys, watches, user identification modules used in GSM phones, and USB-based tokens. For the purposes of this FAQ, "card" is used as a generic term to describe any device that uses smart card technology.

2) How can smart card technology help protect privacy?

Smart card technology provides many features that can be used to provide or enhance privacy protection in a system. Below is a brief description of some of these features and how they can be used to protect privacy.

Authentication. Smart card technology provides mechanisms to authenticate others who wish to access the card or device. These mechanisms can be used to authenticate the user, device, or application that wishes to use the data on the chip of the card or device. Systems can use these features to protect privacy, for example, by ensuring that a banking application has been authenticated as having appropriate access rights before accessing financial data or functions on the card.

Secure data storage. Smart card technology provides a way to securely store data on a card or device. Only persons with the appropriate access rights can access this data through the smart card operating system. Systems can use this feature to enhance privacy, for example, by storing individual user data on the card or device rather than in a central database. In this example, users can better understand and control when and by whom their personal data is accessed.

Encryption. Smart card technology can provide a powerful set of encryption features, including key generation, secure key storage, hashing and digital signatures. Systems can use these features to protect privacy in a variety of ways. For example, systems based on smart card technology can generate digital signatures for the content in an e-mail message, thus providing a way to verify the authenticity of the e-mail message. This protects the e-mail message from subsequent tampering and provides the e-mail recipient with assurance of its origin. The fact that the signature key originates from a smart card or device adds credibility to the signer's origin and intent.

Strong device security. Smart card technology is extremely difficult to copy or forge and has built-in tamper resistance. Smart card chips include a variety of hardware and software features that can detect and react to tampering attempts and help counter possible attacks. For example, chips are manufactured with features such as additional metal layers, sensors to detect thermal and UV attacks, and additional software and hardware circuitry to block differential power analysis.

Secure communication. Smart card technology can provide a way to communicate securely between the card/device and the reader. Similar in concept to the security protocols used in many networks, this feature allows smart cards and devices to send and receive data in a secure and private manner. Systems can use this feature to ensure that data sent is not intercepted or eavesdropped, thereby enhancing privacy.

Biometrics. Smart card technology can provide mechanisms to securely store biometric templates and perform biometric matching functions. These features can be used to enhance the privacy of systems that utilize biometrics. For example, in single sign-on systems that use fingerprint biometrics as single sign-on credentials, storing fingerprint templates on the smart card or device rather than in a central database may be an effective way to increase privacy.

Personal devices. Smart cards are, of course, personal and portable devices associated with a specific cardholder. Smart card plastics are often personalized, thus providing a stronger bond with the cardholder. These features, while somewhat obvious, can be leveraged by systems to improve privacy. For example, healthcare applications may choose to store drug prescription information on the card rather than in paper form to improve the accuracy and privacy of patient prescriptions. Smart card technology is also built into other portable personal devices, such as cell phones and USB devices.

Authentication. Many of today's smart cards and devices are certified to meet industry and government security standards. They can only obtain these certifications after an independent certification body has completed rigorous testing and evaluation criteria. These certifications help systems protect privacy by ensuring that the security and privacy features and functions of smart card hardware and software function as specified and expected.

3) Conclusions

If you are interested in our smart card technology, please contact us for more detailed information. We are always happy to help.