Get smart

Smart cards pass the global test

By David Marsh, Contributing Technical Editor

Skeptics typically regarded smart-card technology as an essentially French phenomenon that somehow grew into a global business. But, more than two decades later, with smart-card uses now ranging from e-commerce to the fight against terrorism, today's applications are continually driving this maturing technology to address new vistas.

Although the origins of smart cards rival those of radio and television for obscurity, as long ago as 1967, US engineer Jules K Ellingboe of TRW filed for a patent that describes an IC in a credit card. Although visionaries, such as Japan's Kunitake Arimura, deserve credit for early work on IC cards, French inventor Roland Moreno finally convinced CII-Honeywell Bull to fabricate such a card for commercial availability. As a result, Bull, working with Motorola, in 1979 introduced the first card containing a microprocessor, and the smart-card industry was born. (Today, Moreno's company, Innovatron, licenses its patents to more than 200 organizations around the world.) In a parallel and groundbreaking development, France Telecom championed the use of prepaid phone cards that contain a secure memory element. The enthusiastic public acceptance of these convenient disposable cards highlighted the technology's commercial potential to an international audience, as today's continuing growth in secure-memory-card shipments testifies.

The IC-card industry is flourishing from its inception in France to become a global enterprise, and its scale is truly massive. For example, STMicroelectronics shipped in only its first 10 years more than 2 billion IC cards-mostly as memory cards for e-token prepayment applications. More recently, 2001 data from consulting company Frost and Sullivan estimates global IC-card revenue at $1.2 billion and some 2.2 billion pieces ( www.frost.com). Illustrating growth trends, the data shows that the world market for secure memories and security controllers grew from approximately $28 million in 1988 to approximately $355 million in 2000 at an average annual compound growth rate of 39%. This data also shows that, although secure memories, such as prepaid phone cards, dominated the early market, security controllers that contain embedded microprocessors now account for more than 80% of global smart-card revenue. It's therefore important to differentiate between simple IC cards, such as memory cards, and cards that embed intelligence-that is, smart cards. However, in overall volume shipments, Infineon is the world's largest IC-card maker, with some 51% of the market. STMicroelectronics and Philips follow with 27% and 9%, respectively, and the remainder is split among suppliers including Atmel, Fujitsu, Hitachi, NEC, Samsung, Sony, and Xicor (see sidebar "For more information").

Standards promote deployment

Tomorrow's smart-card applications, like their predecessors, rely on a balance among security, interoperability, and implementation cost. Most often, standards help to provide the framework for widespread technology adoption, and the IC-card industry is no exception. The foundation standard for contact IC cards is the ISO-7816 series, which has been in continuous development since 1987 ( Reference 1 ). Rather than defining application-level implementation, ISO-7816 describes essentials, such as the shape, position, and contact arrangement of the pads that mate with card readers ( Figure 1 ). Notice that the design contains only six mandatory contacts, which allows vendors to use the two optional pads for alternative I/O schemes, such as USB. This facility permits the construction of very-low-cost card readers for secure PC-based online-payment systems. ISO-7816 also limits chip area to 25 mm ² to avoid breakages due to flexing and requires that the chip withstand 6-kV ESD strikes. Other basics include data-transmission protocols that you use with various commands and data elements to enable data exchanges. The series also includes a section to describe security-related commands and even a standard smart-card query language to support embedded relational databases.

Philips' P16WA032 demonstrates the basic structure of a typical contact-based smart card ( Figure 2 ). This 16-bit design is upwardly compatible with 80C51 architectures but operates 10 to 100 times faster. One key to its performance is the inclusion of a dedicated coprocessor to handle public-key cryptography; another is a hardware random-number generator for challenge-and-response exchanges. It also employs separate MMUs (memory-management units) to partition code from data and sensors to protect the chip from signal scanning. Notice the mixture of memory types: ROM to support fixed applications, EEPROM for upgradable applications and changing data, and RAM to hold intermediate computations. Another basic feature that you should always consider during device selection is development support. For example, Ashling Microsystems and Raisonance support the P16WA032 with an emulator and development boards, and Philips offers the device in a 28-pin SOIC that's suitable for prototyping.

Currently arousing much interest outside their origins in mass-transit systems are contactless RFID (radio-frequency-identification) cards. These cards benefit from the ISO-14443 series, which describes attributes including physical characteristics, operating range, and frequency allocations. Physically similar to contact types, 14443-compliant contactless cards use a 13.56-MHz carrier frequency that permits a 106- to 848-kbps data-transfer rate. Detection ranges vary from 10 to 20 cm, which is sufficient to enable you to leave your card within a wallet or purse. This convenience, together with the increased reading speed and maintenance reduction that noncontact readers provide, makes contactless cards highly attractive for large-scale deployments. Internally, the structure is similar to that of a contact card but with added RF-interface circuitry. In Philips' 14443-compliant Mifare system, all that's necessary for an antenna is a four-turn wire coil around the card's periphery. Following power-on reset and request activation, Mifare runs a card-identity-based anticollision loop that prevents wireless network conflicts for only some 1-msec additional transaction time per collision ( Figure 3 ).

Another basic requirement for any smart card is certification that guarantees for the service provider various levels of security. Issues that impact smart-card-security strength include choices between symmetrical and asymmetrical cryptographic algorithms and between public and private keys that unlock encrypted data (see sidebar "Public keys simplify infrastructure" on the Web version of this article). Today's industry-standard smart-card certification specification is ISO-15408-also known as the Common Criteria specification-which embodies formal design-and-test methods ( www.commoncriteria.org).

Banks drive transaction methods

Surprisingly perhaps, considerable regional differences exist in smart-card adoption that you can attribute to factors including application focus, cost justification, political considerations, and cultural differences. As recently as five years ago, Europe and the Asia-Pacific regions were the major consumers, and the United States expressed little to no interest. Despite the lead taken by major US credit-card issuers, such as American Express and some Visa partners, this situation is still true-and especially so within the financial-services sector, which currently accounts for approximately 25% of global smart-card volumes.

Like his peers elsewhere, Ken Warren, business-development manager for Hitachi's smart-card group, currently considers US banks a difficult market. Warren points out that for other institutions to follow American Express' lead, they will have to see clear cost benefits. Although it's easy to copy or defraud a credit card that uses magnetic-stripe technology, such cards cost less than 50 cents to produce; an average smart card costs approximately $3.50. Therefore, financial institutions must balance the cost of smart-card deployment against the cost of fraudulent misuse. Warren says, "Back in the '90s, it was difficult for the institutions to cost-justify smart-card adoption. But now in the United Kingdom, where credit-card fraud accounts for the rest of Europe's losses combined, the benefits of smart cards are very clear." He also notes that, by adopting smart cards some five years ago, French banks eliminated credit-card fraud overnight.

Interestingly, estimates reveal that some 70% of today's credit-card fraud takes place online. The high cost of these and other losses has led three major card issuers-Europay International, MasterCard, and Visa International-to form the EMV consortium to promote smart card adoption ( www.emvco.com). An EMV interoperability specification requires all smart cards bearing any consortium members' logo to comply as of the third quarter of 2001 ( Reference 2 ). The specification also addresses infrastructure needs, such as compatible point-of-sale terminals. Crucially, the consortium is driving participants' commitment to migrate from magnetic-stripe to smart cards; the migration period varies with region. The United Kingdom and Europe will complete the migration by Jan 1, 2005; Japan and the Pacific Rim (except for China) will follow within the next year. The first cards will be single-use, but later issues are likely to be multiapplication cards, which will support multiple services from, potentially, more than one service provider. In France, Crédit Mutuel offers a card that combines a credit card with an electronic purse that facilitates cashless transactions.

Axel Deininger, senior director for chip-card marketing at Infineon Technologies, believes that the US banks will adopt smart cards based on EMV or a similar scheme by 2007. Incentives that the EMV-consortium practices include discontinuing compensation for fraud perpetrated using magnetic-stripe cards after its migration deadlines pass. Thus, issuers of Europay, MasterCard, or Visa cards will have to switch from magnetic-stripe cards or risk isolation from the EMV network. Expect that the EMV specifications will soon include support for lower voltage cards, together with a definition of a contactless interface to EMV-compliant chip cards. There's also a parallel but far broader activity in the Open Smart Card Infrastructure for Europe project that the eESC (e-Europe Smart Cards) Secretariat oversees ( Reference 3 ). This project brings together all smart-card applications with the intention of harmonizing the technology's deployment throughout Europe. With some 250 participants that form 12 main working groups, the intention is to foster internationally accepted standards via the network of European standardization organizations.

With an estimated total of 750 million devices in circulation, today's single largest smart-card application supports mobile telephony. According to Christophe Duverne, global identification-segment manager at Philips, SIMs (subscriber-identification-modules) for GSM (Global System for Mobile communications) and other telephony account for about 50% of his business. This percentage represents a huge change of emphasis in the last five years that has recently caused the smart-card vendors a significant amount of pain. Duverne describes 2001 as a transitional year for SIMs that followed the rapidly changing fortunes of the telecom business. "Many suppliers were left with excess inventories," he states, "but this situation is now more stable." One result of the telecommunications recession has been the search for new applications, such as streaming video, to tempt subscribers-especially within the context of the 2.5 and 3G networks that service providers are struggling to introduce. Such new applications virtually mandate multiapplication smart cards, but, surprisingly, the service providers now demand unprecedented security levels. Duverne cites business-related reasons for this situation that concern retaining ownership of source material, noting, "While the case for 32-bit processing capability may be unclear in some other applications, the consensus view is that streaming video demands 32 bits." This observation extends to services accessible from set-top boxes-a lucrative market that's especially attractive to hackers.

Even before the specter of terrorist attacks became a reality, the US government was pursuing various schemes to tighten national security. Identity-conscious applications extend to authorizing access to buildings and computer networks, and are just as relevant to corporate enterprise as to government and military agencies. One government-sponsored effort is the US NIST's (National Institute of Standards and Technology's) smart-card interoperability specification, which the agency published in July 2002 ( Reference 4 ). The US Department of Defense is issuing some 4.3 million cards to active-duty military personnel and contractors, and the US government would happily extend a similar scheme to replace the driver's license that Americans currently accept as a de facto identity card. But the key to consumer acceptance is persuading consumers that lifestyle enhancements, such as the ability for smart-card holders to circumvent long security lines at airports, are possible. Further, consumers must be content that their personal information is safe, and that a state-run system doesn't compromise individual liberty.

Hitachi's Warren points out that the identity-card concept is a prime example of political and cultural divides. Australia rejected the idea outright, but Japan's department of trade and industry actively sponsors a voluntary "citizen-card" scheme. By laying in the infrastructure and using multiapplication cards, the Japanese authorities hope not only to persuade individuals to carry a national identity card, but also to extend the concept for commercial use by leasing system capacity to service providers. Thus, a card that contains personal details and critical health-care information can also serve as a credit/debit card, and you can upgrade it to access additional services as they develop. Closer to home, Italy, Spain, and the Netherlands seem likely to be early adopters of smart-card-based identity cards. Portuguese authorities already require foreign nationals owning land in their country to carry such cards. Meanwhile, Germany's 79 million citizens routinely use smart cards to access healthcare services.

Big memories power chip OSs

Following Microsoft's abandonment of its WinCE-derived Windows for Smart card OS, two COSs (chip operating systems)-Multos from Maosco and Sun Microsystems' Java Card-began competing for smart-card applications. Multos, which Mondex International (now part of MasterCard) developed, has its roots deep in the financial-services industry. Mondex established Maosco as the vehicle to promote its secure, multiapplication smart-card operating system as an open standard. This development effort continues, and today's consortium members include Fujitsu, Hitachi, and Infineon; heavyweight card issuers, such as Discover, Europay, Keycorp, and MasterCard; and infrastructure-equipment supplier SchlumbergerSema. According to Hitachi's Warren, Multos is technically superior to Java Card and boasts better security: "Because it's based on mainstream Java, there's always been a security question with Java Card," he says.

But any negative security perceptions have failed to dent Java Card's uptake even among various banks. Now at version 2.2_01, Java Card adds support for AES (Advanced Encryption Standard) and elliptic-curve cryptograms to its tool-set library. Crucially for wireless applications, the latest revision also supports as many as four "logical channels" that allow multiple applications to execute concurrently on the card. This design allows an ISO-7816-4-compliant terminal to simultaneously handle different tasks. In this way, one applet could tackle security on one channel, while another accesses a user's personal information on another channel using security information from the first. Jean-Paul Thomasson, marketing director for STMicroelectronics' smart-card division, comments that Java Card is attractive to developers because they're free to use Sun's reference model: "As a specification, Java Card leaves room for flexibility and competition. It also allows for an easy division between the on-card environment and the outside world." He argues that in comparison, Multos embeds the COS along with the virtual machine and effectively locks its customer base.

Regardless of the COS a smart card uses, the desire for multiapplication cards demands ever-larger memories. Although a simple application, such as a Visa card for the emerging Brazilian market, requires only around 2 kbytes of memory, high-end applications with tight security needs demand as much as 128 kbytes. Philips' Duverne believes that the smart-card platforms will inevitably move from current-generation 8- and 16-bit processors to 32-bit devices in tandem with the growing memory requirement. He notes that the migration from earlier 0.8-micron process technology to today's 0.18-micron and tomorrow's 90-nm features make moving to 32 bits along with 32, 64, or 128 kbytes of EEPROM much less of an issue. STMicroelectronics' Thomasson agrees: "16-bit processors haven't really taken off in embedded applications, as most of them are simply 8-bit machines with various hardware extensions." One example is the 16-bit Java-specific acceleration features that you see in some smart cards. By contrast, 32-bit machines possess architectures that include addressing mechanisms for multiple virtual machines, helping to secure the partition between concurrent applications and application-specific data.

Thomasson notes that one challenge facing semiconductor manufacturers is how to fabricate large nonvolatile memories to replace relatively slow EEPROM, which requires high programming voltages: "One of Java Card's limitations is memory-access time. You could add some standard RAM because, although bulk is important, applications can often tolerate a less flexible memory type." Smart-card chips often use EEPROM because it offers program/erase speeds of a few milliseconds per page, together with the ability to modify a single byte without affecting any other data. But EEPROM requires a programming voltage of as much as 18V, which is difficult for 0.18-micron and smaller process technologies to withstand. Options that STMicroelectronics is investigating include a derivative of standard flash memory called page flash, which combines the programming speed and durability of conventional flash with the ability to change individual data words. To validate this concept, the company announced a trial 32-bit device, the ST22FJ1M. It offers 768 kbytes of user flash memory for program code, plus 256 kbytes of page-flash memory to replace the traditional EEPROM. Other options under consideration include ferroelectric memories, which the company intends to test-market this year in cooperation with ferroelectric specialist Fujitsu. In the longer term, Thomasson believes phase-change memories may be the way forward.

Also watch out for the SLE88CX720P, the first member of a new line of 32-bit smart-card cores from Infineon. The company built these devices using a 0.22-micron CMOS process. The chip has a 4-Gbyte address range that its memory-management-and-protection unit manipulates. The MMU augments normal smart-card security features with a set of traps that inform the CPU of any operating exceptions, such as memory-access violations. Program and data modules are organized as "packages," each with a 16-Mbyte addressing range and its own set of access rights to memory and I/O resources. Memory capacity includes 240 kbytes of ROM, 80 kbytes of EEPROM, and 8 kbytes of RAM. As usual for such devices, the EEPROM system supervises its own programming sequence and generates programming voltages on-chip; endurance guarantees 500,000 write/erase cycles with 10-year data retention at 85C. Unusually, the clock generator automatically adjusts itself to operate at 5 to 55 MHz to suit power availability. The chip's 1100-bit cryptographic engine has 700 bytes of local RAM and handles symmetric and public key-algorithm operations, such as verifying a 2048-bit RSA (Rivest, Shamir, and Adleman) signature in as little as 25.2 msec.

The convenience of a contactless card drives the technology's adoption into areas beyond ticketing and positions it for global smart-card dominance. In particular, the Far Eastern countries have been quick to exploit the advantages that RFID brings to multipurpose, large-scale smart-card deployments. Unsurprisingly, mass-transit systems remain a strong growth area for Philips, which pioneered large-scale deployments using the Mifare technology that it acquired from its former Austrian subsidiary Mikron in 1995. The company recently announced the shipment of its 200 millionth Mifare card, upon which some 10 Korean and 30 Chinese cities rely for everyday transportation ticketing. Closer to home, the latest high-profile adopter is London Transport, which intends to deploy Mifare systems on its Underground network with a project that's code-named Oyster.

Although the Japanese deploy more than 1 million cards to support their national citizen-card scheme, a parallel scheme uses contactless cards to collect motorway tolls. Clearly, to amortize implementation cost and increase consumer acceptance, long-term planning requires synergy between such applications. Immediate candidates include the Chinese, who are considering extending their transport-ticketing scheme to embrace personal-identity cards for population control. The Koreans and Taiwanese are also developing combination cards for applications such as personal identity, banking, and access to transport services. Such schemes stimulate the need for universal smart cards that are literally every bit as secure as their contact-based cousins. As a result-and during what some see as the transitional period to a global contactless smart-card environment-dual-interface cards that include contacts and RFID circuits look ready for huge growth. Fujitsu's development road map for its Hiferron series of ferroelectric-memory-based cards reveals a Far Eastern view, predicting the migration from 32-bit, dual-interface cards to contactless equivalents will be complete by 2005.

Elsewhere, smart card's potential uses enable novel applications that belie the technology's current deployments. In a joint venture with Sony, Philips is developing NFC (near-field-communication) architecture, which is compatible with both Mifare and Sony's own FeliCa contactless smart-card technologies. The target is peer-to-peer communications among devices such as mobile phones, PDAs, and PCs. The technology sounds similar to Bluetooth, but several differences exist, the first of which is that NFC is much less costly. Also, at 15 to 20 cm, NFC's range is short but suitable for triggering a Bluetooth connection for wider personal-area-network connectivity. As for consumer-friendly convenience, you need only place NFC-compatible devices next to one another; the technology resolves device-identification issues and establishes communications. Also, if you have an NFC-enabled mobile, you can seamlessly charge services to a credit/debit-card account. The technology will be in place by the fourth quarter, and rollouts are planned for next year.

For more information...

For more information on products such as those discussed in this article, go to www.edn.com/info and enter the reader service number. When you contact any of the following manufacturers directly, please let them know you read about their products in  EDN  .

• Ashling Microsystems

  www.ashling.com

• Atmel

  www.atmel.com

• Fujitsu

  www.fujitsu.com

• Hitachi Semiconductor

  www.hitachisemiconductor.com

• Infineon Technologies

  www.infineon.com

• Innovatron

  www.innovatron.com

• Microsoft

  www.microsoft.com

• Motorola

  www.mot-sps.com

• Multos

  www.multos.com

• NEC

  www.nec.com

• Philips Semiconductors

  www.semiconductors.philips.com

• Raisonance

  www.raisonance.com

• Samsung Electronics

  www.samsungelectronics.com

• Sony

  www.sony.com

• STMicroelectronics

  www.st.com

• Sun Microsystems

  www.sun.com

• Xicor

  www.xicor.com

You can reach Contributing Editor David Marsh at forncett@btinternet.com.

References

ISO/IEC 7816-1 through 7816-10, International Organization for Standardization, www.iso.ch. (See also ISO/IEC 14443-1 through 14443-4 for contactless cards.)

EMVCo LLC, "EMV integrated circuit card specifications for payment systems," EMV 2000 Version 4.0, December 2000; www.emvco.com.

eESC Secretariat, "Open smart card infrastructure for Europe," Version 2, www.eeurope-smartcards.org.

Dray, J, A Goldfine, M Iorga, T Schwarzhoff, and J Wack, "Government smart card interoperability specification," Version 2, July 2002. NIST Interagency Report 6887, http://smartcard.nist.gov.