Regarding applications there are two kinds of smart cards namely contact-based and contactless cards that can be used for a variety of applications such as personal or object identification, financial transactions, entertainment, communication and computing. In aspects of networking and ubiquitous computing, smart cards are used to improve network security through user authentication, storage of secure keys and data as well as for recording network service events. Besides authentication, smart cards are also used to provide confidentiality, integrity and non-repudiation.

Smart cards greatly improve the convenience and security of any transaction. They provide tamperproof storage of user and account identities. Smart cards also provide vital components of system security for the exchange of data through virtually any kind of network. They protect against a full range of security threats, from careless storage of user passwords to sophisticated system hacks. Multifunction cards can also facilitate network system access and store value and other data.

Smart cards are being used across the world for a wide variety of daily tasks. In India, some typical examples are Government Identification applications such as electronic passports, national ID, health cards, driving licenses, social security cards, and financial card applications such as credit/debit cards, various prepaid cards and electronic passes or tokens for mass transportation.

Benefits

Smart cards offer various benefits such as quick transactions, inbuilt security, portability, etc. and can be used for identification, validation, and data storage. The major factor driving the adoption of smart card technology is the convenience that it provides to the consumer. A single card can potentially be used for multiple applications including transportation, banking and loyalty and reward programs.

“With contactless smart cards, a card can be scanned by a reader without the consumer having to physically take the card out from a wallet or purse, which can be done in the fraction of a second. This is an important factor for scenarios requiring rapid turnaround and processing, such as ticketing for mass transportation systems,” said Mahendran Kathiresan, Business Development Manager (Chip Card and Security), Infineon Technologies.

In India, contactless smartcards are the better option, given the harsh environmental conditions. Contactless smartcards have a longer life (around 10-15 years) and the reliability is very good. Contact-based smartcards are less resistant and easily susceptible to various climatic factors like dust, humidity, oil, wear and tear and lack sturdiness. Therefore contactless smart cards and readers are much more durable in harsh, outdoor conditions and hence better suited to the Indian environment.

Ashok Chandak, Senior Director, Global Sales and Marketing, NXP Semiconductors, added, “NXP has been a pioneer in the field of contactless technology and applications in the field of transportation, e-governance and banking, and follows the global standard i.e. ISO/IEC 14443 for contactless smartcards. We provide chips for token and e-passport systems with a share of over 80% of the global pie for e-passport chipsets.”

What is Unique Identification (UID) Project?

The Government of India launched the Unique Identification (UID) program in summer 2008. This project intends to develop and implement the necessary institutional, technical and legal infrastructure to issue unique identity numbers to Indian residents. India’s population is approximately 1.1 billion. The first priority of the government is to build a national database containing the data of all citizens. Verification of individuals will be based on biometrics (most likely multiple fingerprints). Once enrolled in the UID-database each person will be given a Universal Identification Number (UIN). Deployment of the UIN will start by 2010 and the goal is to have the entire population registered by 2013-2014. The UID program does not have the scope to roll-out smart cards. It is an initiative to have a database containing the entire population’s UINs.

Once a UID database is in place, the issued UIN can be used as a ‘unique’ identifier in various smart card based programs such as: Driver’s License, Financial Inclusion, Employment Cards, Health Cards, Micro Finance, etc. Card issuance can then be done by various ‘registrars’ or government departments.

“NXP is keen to participate in the UID program as it was the sole supplier of all 2.3 million chips for the initial pilot projects launched by the Ministry of Home in 2007. The chips which are mostly deployed in coastal and border areas, as checked by the government, are working perfectly as they comply with the highest level of security and reliability conditions as defined by Common Criteria EAL5+,” said Ashok Chandak, Senior Director, Global Sales and Marketing, NXP Semiconductors.

Due to the escalating security consciousness all over the world and the needs of security-related projects, smart cards have found greater application in e-government projects, banking services, access control (physical and logical) large-scale National ID projects, telecom, automotive, transport, etc. The use of smart cards in the financial services sector has also been on the rise buoyed by their increasing use for transactions, online payments, money transfer, etc. The popularity of smart cards is primarily driven by the need for greater security to prevent fraud on cards which need secure operations, for example credit cards, transportation cards and identification cards, etc.

Another widespread application is mobile communications, with ICs beings used in SIM cards. This is true of India also as mobile communications are the most widespread application.

Varun Bansal, Head of Smart Card Division, STMicroelectronics, said, “The use of smart cards is limited only by our imagination. The technology is mature and readily available. Smart cards can be used in various applications such as Transit, Network Security, GSM, Banking, PDS, PAN, e-Passport etc. The government is the largest vertical driving growth when it comes to smart cards apart from telecom, banking etc. The challenge is that the major market for smart cards is the government and that there is no fixed tenure for deploying these solutions. Unless there is a guarantee of tenure, it becomes difficult to deploy. The government should give a minimum assurance of tenure of at least four to five years. Standardization as well as checks and balances need to be there. There is an urgent need for some kind of infrastructure to ensure compliance.”

Technological trends

From a technological standpoint the trend is that chips are becoming smaller, with more memory and stronger cryptographic functions. Chip sizes are now 0.22um or smaller for cost effectiveness. Bigger memory sizes are required in situations whereby multiple applications are required or for multimedia applications such as High Density SIM cards. Likewise, cryptographic operations are becoming stronger and faster, with a likelihood of Elliptic Curve Cryptography replacing the RSA algorithm.

There are several upcoming innovative deployments for smart cards including Near Field Communications (NFC), high density SIM (HD-SIM) and machine-to-machine (M2M). Although NFC is not a new technology, it has the potential to reach mass deployment if workable business models can be agreed upon by industry participants. This includes using a mobile phone for making payments, ticketing or access control. HD-SIM opens up the possibility of having applications, including multimedia data, mobile TV and multi-application download capabilities. In a M2M environment, devices communicate with other devices through a secure SIM controller. In such environments, numerous operations can be performed and monitored at the same time. An example is telematics whereby M2M technology is used to transmit real time data between the vehicle and a remote location.

Security as a challenge

There are multiple perceptions which pose challenges, such as the desirability of putting multiple kinds of valuable information on a single device as well as perceived security and privacy issues in combining information from various sources such as a government ID and personal financial information. An even larger factor is the requirement for a unified backend which can support disparate databases administered by different organizations.

While it is technically possible to combine multiple smartcard applications on a single card, and this is already being used in certain scenarios such as mass transportation wherein a single card stores transaction data as well as functions as access control for entry/exit from the terminals; a major challenge here lies in combating the perceived and actual threats to the confidential data that is stored on smart cards.

As there is increased interest in smart card applications today and with smart cards being used for a host of applications, another key challenge is the development and adaptation of international standards as well as financial industry specifications to ensure national and global interoperability in the use of smart cards, with an emphasis on security and interoperability.

Other common challenges involved are addressing issues of privacy and convenience especially with respect to financial and banking applications. The use of basic solutions such as insecure contact cards, bar coded cards in such applications can lead to hacking or cloning of not only such cards but financial transactions leading to quite embarrassing situations for banks and the people behind such solutions.

The diversity and effectiveness of attacks on smart card applications have increased. Attacks are now targeting individual areas on the chip or even individual transistors, so that conventional protection mechanisms may fail.

A hardware-based integral security concept provides protection against such increasingly sophisticated security attacks. Rugged chip designs are called for which overcome the disadvantages of analog protection functions (such as calibration), which allow for the complete encryption of all chip functions from memory, to buses, to the processor core and of all stored, processed or transmitted data, and provide error correction across the entire chip architecture. Error correction means that the errors introduced by attackers are detected and countermeasures are initiated at a chip level before the chip can disclose its confidential data.

Ganesh Ramamoorthy, Principal Research Analyst, Gartner, said, “With the setting up of UID, the Indian government is going to use smart card based technology. Administrators will be able to track initiatives that are announced by the government. Users will not need to carry so many documents around. In 2008, Smart card production was around 51 million units. By 2013, it is expected that it will grow to around 108 million units, at a CAGR of over 20%.”

An Immense need of Smart Cards in todays Business

A smart card resembles a credit card in size and shape, but inside it is completely different. The innards of a smart card usually contain an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card.

The microprocessor on the smart card is there for security purposes. The host computer and card reader ‘talk’ to the microprocessor, which enforces access to data on the card. If the host computer read and wrote directly to the smart card's random access memory (RAM), then a smart card would be no different from a diskette which is why it has to communicate with the card’s microprocessor to do so.

Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.

How does Smart Card work

Contact-based cards have to be in physical contact with other devices to enable transactions and the transfer of information. Contactless technology refers to a scenario wherein the user does not need to physically swipe a card through a reader to initiate a particular action, typically access control, monetary transactions or reading of certain data. This entails activation of the card and reading/interaction with the reader in a split second, while ensuring accuracy and confidentiality of the transaction as well as avoiding unintentional activation.

For the greater part smart card standards use ISO 7816, which governs the physical properties, communication characteristics, and application identifiers of the smart chip and the embedded data as a base reference. The ‘smartness’ of a card is defined by how fast the processor is and its ability to perform cryptographic security operations. There are internationally approved security evaluation frameworks such as Common Criteria (CC) that provide an independent, clear and reliable evaluation of the security capabilities of smart card operating systems.

Hence, As far my opinion is considered- With the setting up of UID, the Indian government is going to use smart card based technology. Administrators will be able to track initiatives that are announced by the government. Users will not need to carry so many documents around. In 2008, Smart card production was around 51 million units. By 2013, it is expected that it will grow to around 108 million units, at a CAGR of over 20%. With contactless smart cards, a card can be scanned by a reader without the consumer having to physically take the card out from a wallet or purse, which can be done in the fraction of a second. This is an important factor for scenarios
requiring rapid turnaround and
processing, such as ticketing for mass transportation systems"