Reference -
Articles
Technologies/Disciplines
|
| |
| Plastic
with Brain: Smartcard |
This article was
the front page story for the May 1994 issue of CMA. CMA
a national magazine to address the
needs and interests of the management accounting
profession and to foster the development of
Certified Management Accountants in management.
Prepared By Dr.
Mir F. Ali
The plastic card has
entered a new era. With a powerful combination of
on-board intelligence and increased memory capacity,
the Smartcard has arrived. Its potential is
unbounded. It can help businesses generate more
revenue, including financial institutions that can
market it as a sophisticated payment instrument.
Better equipped than plastic cards to control data
integrity, the Smartcard can improve control through
fewer losses and greater security. And because it
can handle multi-applications without jeopardizing
data integrity, it can improve productivity and
functionality.
The Smartcard looks like a common credit card, but
the resemblance ends there. Hidden in the thickness
of the plastic, a powerful brain controls the card's
functions and opens access to networks and
computers. It allows the card to capture, verify,
store and transmit information (transactions) in a
way that can be directed to mainframe computers for
further processing. It can also validate the
identity of the cardholder through network access.
In effect, the Smartcard is a portable data storage
device. It can process information to authenticate
the card, identify the cardholder, encrypt and
decrypt messages, and generate electronic
signatures. Thus, it provides an automated form of
user accountability, as it maintains a log that
keeps track of such things as who used the card,
when the transaction took place, and what
merchandise was bought. The magnetic strip card
lacks this capability.
The contemporary contact or passive Smartcard have
undergone a number of changes resulting in better
performance at lower cost. These cards all lacked
the benefit of a self-authenticating feature: The
ability to independently accept a PIN (personal
identification number) plus associated data. Cards
now incorporating this feature are called active or
Contactless”Smartcard. Unlike a passive card, which
required a card-reader as an interface between the
card and the merchant's terminal, the Contactless
Smartcard works without an independent, physically
separate card-reader.
Cards of all kinds:
The Smartcard is also known as an integrated circuit
(IC) card. It can be categorized into three groups
by interface type:
Contactless: The interfaces for this type communicate through
radio frequency, inductive or infrared methods. They
are particularly useful in rapid transit systems and
for goods distribution when a physical contact
device might be too slow or cumbersome. “Some
Smartcard” can be included within this group. Rather
than use an external device, a super Smartcard has a
display embedded into it. Super Smartcard are used
for high-security applications or for applications
in which the card reader does not or cannot support
a keypad and display;
Non-ISO Contact: Interfaces include cards
developed either for a specific purpose or before
the ISO (International Standards Organization) 7816
standards were established. These standards redefine
the Identification Physical Characteristics, and
define a number of physical, mechanical, electrical
and other properties of the contact and chip; and
ISO Contact: The interface is defined in
the ISO 7816 standard, which describes the position,
dimension and function of the contacts embedded on
the card's face. (There are eight such contacts on
the card, six of which are presently utilized.) ISO
contact is the most common interface method for
smart financial transaction cards. These cards
include both memory-only and microprocessor cards.
Memory-only cards store programs or data. They
replace transaction vouchers, magnetic media or
currency. As they contain no processing capabilities
or significant security, they are often used as a
stored-value card or “electronic purse” for
relatively inexpensive transactions like telephone
tolls, rapid-transit fares, and road tolls.
Microprocessor cards, by contrast, can process data.
They often replace magnetic-stripe cards,
transaction vouchers, identity cards and currency.
This card processes data based on procedures stored
within it, including cryptographic procedures for
security purposes.
Microprocessor cards themselves come in two kinds,
distinguished by their memory. Information in EPROM
(erasable programmable read only memory) can be
erased, and the memory can be reused, without
complex processes. Once EEPROM (electrically
erasable programmable read only memory) has been
used, it cannot be reused without going through a
process to erase the information utilizing an
electronic tool. Choosing between the two kinds for
use in a Smartcard comes down to economics. The
EPROM card is more expensive. But the EEPROM card
must reissue once its memory has been used up.
Besides EPROM and EEPROM, a basic Smartcard contains
RAM (random access memory) and ROM (read only
memory). RAM stores data temporarily during
Smartcard operation; ROM contains the procedures and
data required for the Smartcard to work.
What a Smartcard can do:
The Smartcard generic functions include the
following:
- Data protection: Data protected against
unauthorized access code;
- Identification of the cardholder or device:
Capable of validating the PIN and storing the
card-reader identification in the log file;
- Mutual authentication: Both parties -
merchant and buyer- will attest to the
transaction;
- Secure writing: a log keeps track of
background information on each transaction;
- Certification or signature: PIN will
serve as proof of certification or signature; and
- Encryption: Will allow validation of
PIN and identification for card-reader.
Smartcards can be used in a number of services,
including financial services; medical profile and
services; government licensees; travel services;
employment access and reporting; military skills and
training; electronic diagnosis; automobile routing;
workstation personalization; and software loading
and protection.
Among the applications for the Smartcard, the three
most common kinds are the following:
- Data carrier: The card is a convenient,
portable and secure way to store data;
- Conditional access for security: The
card ensures that only authorized people enter or
use a site, computer, software package or service:
and
- Financial: The card replaces credit
cards, cheque books or money.
A card is not restricted to one application, and
might accommodate several functions across all three
kinds of applications. Smartcard systems are either
private or public. A closed user group, such as an
organization's employees, uses private systems. The
public uses public systems like banks or pay phones.
A single Smartcard can support multiple functions
and multiple issuers. For example, the card might be
issued by a financial institution for use as a
credit card, a debit card, and a means to enter an
account through a home banking terminal. The
financial institution might also sell the use of the
card to various groups, including:
- A retailer to support private label and
frequent buyer services;
- A rapid transit authority as a stored-value
card to pay for transit fares;
- A telecommunications supplier for phone access
and charging purposes; and
- An employer to permit employee access to
secure areas.
Using a personal identification number (PIN)
along with the Smartcard means that other people
might gain access through guesswork or theft. One
way to prevent such unauthorized access is by using
“biometrics” techniques. Here, a measurement is made
of a personal trait of the authorized cardholder,
and then compared with an authenticated card-stored
reference. It's like making and eyeball comparison
of a customer's signature and the master signature
on a conventional credit card. A number of physical
characteristics are being investigated for automatic
personal identification (API), including: Facial
features; full face and profile; fingerprints; palm
prints; footprints; hand geometry (shape); ear (pinna)
shape; retinal blood vessels; striation of the iris;
surface blood vessels (in the wrist); and
Electrocardiac waveforms. Looking to the future:
Japanese corporations are developing company cards
to serve as identification badges and
time-and-attendance records. Employees use the cards
to withdraw cash, reconcile travel expenses, pay for
purchases in the company cafeteria and stores, and
manage resources like power, light, heat and air
conditioning. NTT, Japan's national telephone
company, and Nissan Motors are placing Smartcards in
automobiles in order to maintain a birth-to-death
record of component part types and serial numbers,
warranty conditions and maintenance.
Canada and the United States have been slower to
adopt Smartcards. Canada attempted to use the cards
to pay unemployment insurance benefits. Instead of
completing weekly reports and receiving cheques in
the mail, UI recipients might have used a Smartcard
in an automated teller machine that would have
dispensed amounts onto the card for use in stores.
Authorities also considered using Smartcards to
allow consumers to pay for entry, camping and use of
other facilities in Canada's national parks. Both of
these potential applications failed. But one
successful implementation was a pilot project in
northwestern Ontario, in which the provincial health
ministry tested the Smartcard for storing medical
history, diagnosis and prescription information. In
the United States, Smartcard applications will
likely develop slowly; more education and a major
corporate advocate for Smartcards are the primary
requirements there.
How will Smartcards evolve in the future? What
Smartcards will not do is improve ill-conceived
business procedures or fix poorly designed systems.
Organizations need to fix these problems before
implementing the cards. At the same time, managers
must recognize that Smartcards hold the promise of
raising productivity and proficiency. |
|
|
|
|
|
| Copyright 2003 - Automated
Information Management Corporation |
|
Contact
Us