Smart cards in wireless

Guided By Submitted By

For Download & More Visit: http://www.nectarkunj.byet host14.com

1
 Smart cards in wireless

INDEX

TOPIC PAGE NO.

1. introduction 3

2. overview 3

3. introduction to Smart Cards in wireless communications 5

4. easing logistical issues 6

5. Providing Value-Added services 6

6. Factors driving Smart Card acceptance 7

7. Smart Card ? 8

8. Classification of Smart Cards 9

9. Operating systems 12

10. Programming 12

11. Applications on Linux 14

12. Smart Card uses 15

13. Technology and players 16

14. Smart Card advantages 18

15. Marketing Opportunities 22

16. Drive toward cashless society 24

For Download & More Visit: http://www.nectarkunj.byet host14.com

2
 Smart cards in wireless

17. Smart card as a payment system 26

18. Smart Networking 27

19. Integrated and customized services 28

20. Agreeing upon standards : The last hurdle 32

21. Will Smart Card take off ? 34

22. Looking Ahead 35

23. The relation of Smart Cards with PKI 37

24. Further Information 39

25. To Do 40

26. Summary 40

For Download & More Visit: http://www.nectarkunj.byet host14.com

3
 Smart cards in wireless

1. Introduction
Internet technologies, through intranet and extranet applications, have proven themselves
to be efficient and effective in streamlining existing processes from supply chain
management to manufacturing logistics, from marketing to customer asset management,
and by creating new value chains and businesses. Nevertheless, these changes and
benefits signal only an evolutionary shift in the way we do business. The Internet-enabled
economy resembles the conventional physical market in many aspects. Some of the new
technologies and applications may even be unnecessary. American consumers, for
example, regard smart cards as a redundant payment mechanism when checks, credit
cards and ATM cards do an adequate job for current needs. What is the use of smart
cards? Do we really need them? Will they ever take off?

2. Overview
Today, the SIM card’s basic functionality in wireless communications is subscriber
authentication and roaming. Although such features may be achieved via a centralized
intelligent network (IN) solution or a smarter handset, there are several key benefits that
could not be realized without the use of a SIM card, which is external to a mobile
handset. These benefits—enhanced security, improved logistics, and new marketing
opportunities—are key factors for effectively differentiating wireless service offerings.
This tutorial assumes a basic knowledge of the wireless communications industry and
will discuss the security benefits, logistical issues, marketing opportunities, and customer
benefits associated with smart cards.

2.1. Smart Card Overview

The smart card is one of the latest additions to the world of information technology (IT).
The size of a credit card, it has an embedded silicon chip that enables it to store data and
communicate via a reader with a workstation or network. The chip also contains
advanced security features that protect the card’s data.

Smart cards come in two varieties: microprocessor and memory. Memory cards simply
store data and can be viewed as small floppy disks with optional security. Memory cards
depend on the security of a card reader for their processing. A microprocessor card can
add, delete, and manipulate information in its memory on the card. It is like a miniature
computer with an input and output port, operating system, and hard disk with built- in
security features.

Smart cards have two different types of interfaces. Contact smart cards must be inserted
into a smart-card reader. The reader makes contact with the card module’s electrical
connectors that transfer data to and from the chip. Contactless smart cards are passed near
a reader with an antenna to carry out a transaction. They have a n electronic microchip
and an antenna embedded inside the card, which allow it to communicate without a

For Download & More Visit: http://www.nectarkunj.byet host14.com

4
 Smart cards in wireless

physical contact. Contactless cards are an ideal solution when transactions must be
processed quickly, as in mass transit or toll collection.

A third category now emerging is a dual interface card. It features a single chip that
enables a contact and contactless interface with a high level of security.

Two characteristics make smart cards especially well suited for applications in which
security-sensitive or personal data is involved. First, because a smart card contains both
the data and the means to process it, information can be processed to and from a network
without divulging the card’s data. Secondly, because smart cards are portable, users can
carry data with them on the smart card rather than entrusting that information on network
storage or a backend server where the information could be sold or accessed by unknown
persons (see Figure).

Figure. Information and Personalization

A smart card can restrict the use of information to an authorized person with a password.
However, if this information is to be transmitted by radio frequency or telephone lines,
additional protection is necessary. One form of protection is ciphering (scrambling data).
Some smart cards are capable of ciphering and deciphering, so the stored information can
be transmitted without compromising confidentiality. Smart cards can cipher into billions
of foreign languages and choose a different language at random every time they
communicate. This process ensures that only authenticated cards and computers are used
and makes hacking or eavesdropping virtually impossible.

The top five applications for smart cards throughout the world currently are as follows:

1. public telephony—prepaid phone memory cards using contact technology

2. mobile telephony—mobile phone terminals featuring subscriber identification
and directory services
3. banking—debit/credit payment cards and electronic purse

For Download & More Visit: http://www.nectarkunj.byet host14.com

5
 Smart cards in wireless

4. loyalty—storage of loyalty points in retail and gas industries

5. pay-TV—access key to TV broadcast services through a digital set-top box

The benefits of using smart cards depend on the application. In general, applications
supported by smart cards benefit consumers where their lifestyles intersect with
information access and payment-related processing technologies. These benefits include
the ability to manage or control expenditures more effectively, reduce fraud and
paperwork, and eliminate the need to complete redundant, time-consuming forms. The
smart card also provides the convenience of having one card with the ability to access
multiple services, networks, and the Internet.

3. Introduction to Smart Cards in Wireless Communications

Smart cards provide secure user authentication, secure roaming, and a platform for value-
added services in wireless communications. Presently, smart cards are used mainly in the
Global System for Mobile Communications (GSM) standard in the form of a SIM card.
GSM is an established standard first developed in Europe. In 1998, the GSM Association
announced that there are now more than 100 million GSM subscribers. In the last few
years, GSM has made significant inroads into the wireless markets of the Americas.

Initially, the SIM was specified as a part of the GSM standard to secure access to the
mobile network and store basic network information. As the years have passed, the role
of the SIM card has become increasingly important in the wireless service chain. Today,
SIM cards can be used to customize mobile phones regardless of the standard (GSM,
personal communications service [PCS], satellite, digital cellular system [DCS], etc.).

Today, the SIM is the major component of the wireless market, paving the way to value-
added services. SIM cards now offer new menus, prerecorded numbers for speed dialing,
and the ability to send presorted short messages to query a database or secure
transactions. The cards also enable greeting messages and company logotypes to be
displayed.

Other wireless communications technologies rely on smart cards for their operations.
Satellite communications networks (Iridium and Globalstar) are chief examples.
Eventually, new networks will have a common smart object and a universal identification
module (UIM), performing functions similar to SIM cards.

4. Easing Logistical Issues

All subscribers may easily personalize and depersonalize their mobile phone by simply
inserting or removing their smart cards. The card’s functions are automatically enabled
by the electronic data interchange (EDI) links already set between carriers and secure
personalization centers. No sophisticated programming of the handset is necessary.

For Download & More Visit: http://www.nectarkunj.byet host14.com

6
 Smart cards in wireless

By placing subscription information on a SIM card, as opposed to a mobile handset, it

becomes easier to create a global market and a distribution network of phones. These
noncarrier-specific phones can increase the diversity, number, and competition in the
distribution channel, which can ultimately help lower the cost of customer acquisition.

Smart cards make it easier for households and companies to increase the number of
subscriptions, thereby increasing usage. They also help to create a market for ready-to-
use preowned handsets that require no programming before use.

Additionally, managing fraud is also eased by smart cards. In a handset-centric system, if

a phone is cloned, the customer must go to a service center to have the handset
reprogrammed, or a new phone must be issued to the customer. In a smart card–based
system, the situation can be handled by merely issuing a new card; customers can
continue using their current phones. The savings in terms of cost and convenience to both
carrier and customer can be substantial.

5. Providing Value-Added Services

One of the most compelling benefits of smart cards is the potential for packaging and
bundling various complementary services around basic mobile telephony services. These
services can greatly reduce churn and increase usage and brand recognition (see Figure).

Figure Service Bundling with Smart Cards

The SIM card’s chip can be programmed to carry multiple applications. The activation of
new applications can be downloaded to the card over the air, in real time, thereby
reducing the time (and cost) to market.

Providing value-added services such as mobile banking, Web browsing, or travel services
creates a high cost of exit for the customer. Long-distance companies have successfully

For Download & More Visit: http://www.nectarkunj.byet host14.com

7
 Smart cards in wireless

used joint programs with airline companies to ensure the long-term loyalty of their
customers. The more services a customer receives, the more difficult it is for the
customer to leave the service provider. Smart cards provide an excellent vehicle for
surrounding the core wireless service with these other valuable services, and packaging-
and service-bundling opportunities are numerous. Examples of such opportunities are as
follows:

 GSM Cellnet and Barclaycard, Europe’s largest credit-card issuer, developed a

wireless, financial-services smart card. The SIM card activates the user’s Cellnet
GSM phone and also provides a Barclays services menu. The services available
via this alliance include the following:
o access to Barclays credit-card information
o access to Barclays checking-account information
o access to Barclays customer care
 Initially, the Barclaycard services will be provided via live c ustomer service
representatives who will answer calls from customers. Future enhancements will
enable users to pay household bills, shop, and access financial information
services while on the move.
 Swedish bank PostGirot implemented a utility bill–payment application in the
Telia Mobitel SIM card. Mobile phone users accessed the service by simple menu
navigation and keying information such as origin and destination bank-account
numbers, date of payment, and amount, which enables them to pay their utility
bills away from home.

6. Factors Driving Smart-Card Acceptance

6.1 Other Industries and Institutions
Certain industries, in particular information technology (IT), government, and financial
services, will lead the way to mass- market acceptance of smart cards.

Large IT players are deploying public key infrastructure (PKI) to provide secure logical
access to information. PKI is becoming the way to secure messaging and browsing of
private information, leading the way to secure electronic commerce. Smart cards are the
ideal vehicle to transport the digital certificate associated with the trusted third parties of
PKI infrastructures. They provide secure certificate portability and can combine other
security applications such as disk file encryption and secure computer log-on. The
inclusion of smart-card readers in the equipment listed in the PC99 recommendation has
already driven large computer manufacturers to integrate smart-card readers into their
product offer (for example, Hewlett Packard and Compaq).

Government agencies around the world are relying on smart-card technology to secure
off- line portable information, including identification documents and electronic benefit
transfer systems. A Brazilian province has issued its drivers licenses on smart cards to
allow the police to view securely stored ticket information immediately. The U.S.
government is a major early adopter of smart cards. It has instituted numerous smart card

For Download & More Visit: http://www.nectarkunj.byet host14.com

8
 Smart cards in wireless

identification programs for its defense department and recently announced that it will
further explore the nationwide use of smart cards for electronic benefit transfers as a
fraud reduction tool.

In the financial industry, large players such as Barclays and Citibank currently use SIM
cards to provide banking information to mobile users via their GSM phones. Electronic
purse systems based on VisaCash, Mondex, Proton, and other schemes are deployed
around the world and account for tens of millions of cards in Asia, Europe, and Latin
America. Major U.S. banks are considering or conducting trials of smart card-based
systems. The push by these major financial services firms will serve to accelerate
consumer acceptance.

6.2 Consumers Primed to Use Smart Cards

Research conducted by the Smart Card Forum, an interindustry association dedicated to

advancing multiapplication smart cards, has generated the following statistics:

 45 percent of consumers are favorably disposed to using smart cards

 25 percent of households would actually obtain these smart cards
 44 percent of consumers are likely to use identification-type smart cards
(telephone cards, gas cards, automated teller machine [ATM] cards, etc.)

7 Smart Card?
A smart card is a credit-card sized
plastic card embedded with an
integrated circuit chip that makes it
"smart". This marriage between a
convenient plastic card and a
microprocessor allows an immense
amount of information to be stored,
accessed and processed either online or
offline. Smart cards can store several
hundred times more data than a
conventional card with a magnetic

stripe. The information or application stored in the IC chip is transferred through an

electronic module that interconnects with a terminal or a card reader. A contactless smart

For Download & More Visit: http://www.nectarkunj.byet host14.com

9
 Smart cards in wireless

card has an antenna coil which communicates with a receiving antenna to transfer
information. Depending on the type of the embedded chip, smart cards can be either
memory cards or processor cards.

8. Classification of Smart Cards

Due to the communication with the reader and functionality of smart cards, they are
classified differently.

8.1. Contact vs Contactless

As smart cards have embedded microprocessors, they need energy to function and some
mechanism to communicate, receiving and sending the data. Some smart cards have
golden plates, contact pads, at one corner of the card. This type of smart cards are called
Contact Smart Cards. The plates are used to supply the necessary energy and to
communicate via direct electrical contact with the reader. When you insert the card into
the reader, the contacts in the reader sit on the plates. According to ISO7816 standards
the PIN connections are below:

,----, ,----,
| C1 | | C5 | C1 : Vcc = 5V C5 : Gnd
'----' '----' C2 : Reset C6 : Vpp
,----, ,----, C3 : Clock C7 : I/O
| C2 | | C6 | C4 : RFU C8 : RFU
'----' '----'
,----, ,----,
| C3 | | C7 |
'----' '----'
,----, ,----,
| C4 | | C8 |
'----' '----'

 I/O : Input or Output for serial data to the integrated circuit inside the card.
 Vpp : Programing voltage input (optional use by the card).
 Gnd : Ground (reference voltage).
 CLK : Clocking or timing signal (optional use by the card).
 RST: Either used itself (reset signal supplied from the interface device) or in
combination with an internal reset control circuit (optional use by the card). If
internal reset is implemented, the voltage supply on Vcc is mandatory.
 Vcc : Power supply input (optional use by the card).

The readers for contact smart cards are generally a separate device plugged into serial or
USB port. There are keyboards, PCs or PDAs which have built- in readers like GSM cell
phones. They also have embedded readers for GSM style mini smart cards.

For Download & More Visit: http://www.nectarkunj.byet host14.com

10
 Smart cards in wireless

Some smart cards do not have a contact pad on their surface.The connection between the
reader and the card is done via radio frequency (RF). But they have small wire loop
embedded inside the card. This wire loop is used as an inductor to supply the energy to
the card and communicate with the reader. When you insert the card into the readers RF
field, an induced current is created in the wire loop and used as an energy source. With
the modulation of the RF field, the current in the inductor, the communication takes
place.

The readers of smart cards usually connected to the computer via USB or serial port. As
the contactless cards are not needed to be inserted into the reader, usually they are only
composed of a serial interface for the computer and an antenna to connect to the card.
The readers for contactless smart cards may or may not have a slot. The reason is some
smart cards can be read upto 1.5 meters away from the reader but some needs to be
positioned a few millimeters from the reader to be read accurately.

There is one another type of smart card, combo card. A combo card has a contact pad for
the transaction of large data, like PKI credentials, and a wire loop for mutual
authentication. Contact smart cards are mainly used in electronic security whereas
contactless cards are used in transportation and/or door locks.

8.2. Memory vs Microprocessor

The most common and least expensive smart cards are memory cards. This type of smart
cards, contains EEPROM(Electrically Erasable Programmable Read-Only Memory),
non-volatile memory. Because it is non-volatile when you remove the card from the
reader, power is cut off, card stores the data. You can think of EEPROM, inside, just like
a normal data storage device which has a file system and managed via a microcontroller
(mostly 8 bit). This microcontroller is responsible for accessing the files and accepting
the communication. The data can be locked with a PIN (Personal Identification Number),
your password. PIN's are normally 3 to 8 digit numbers those are written to a special file
on the card. Because this type is not capable of cryptography, memory cards are used in
storing telephone credits, transportation tickets or electronic cash.

Microprocessor cards, are more like the computers we use on our desktops. They have
RAM, ROM and EEPROM with a 8 or 16 bit microprocessor. In ROM there is an
operating system to manage the file system in EEPROM and run desired functions in
RAM.

For Download & More Visit: http://www.nectarkunj.byet host14.com

11
 Smart cards in wireless

----------------
| 8 or 16 bit |
Reader <===| microprocessor |-----+
---------------- |
|
|---> RAM
NON-CRYPTOGRAPHIC |
CARD |---> ROM
|
+---> EEPROM

As seen in the diagram above all communication is done over the microprocessor, There
is no direct connection between the memory and the contacts. The operating system is
responsible for the security of the data in memory because the access conditions are
controlled by the OS.

---------------- --------
| 8 or 16 bit | | Crypto |
Reader <===| microprocessor |-----------| Module |
---------------- | --------
|
|---> RAM
CRYPTOGRAPHIC |
CARD |---> ROM
|
+---> EEPROM

With the addition of a crypto module our smart card can now handle complex
mathematical computations regarding to PKI. Because the internal clock rate of
microcontrollers are 3 to 5 MHz, there is a need to add a component, accelerator for the
cryptographic functions. The crypto-cards are more expensive than non-crypto smart
cards and so do microprocessor card than memory cards.

Depending on your application you should choose right card.

8.3. PC cards
While any IC-embedded card may be called a smart card, its distinguishing feature is its
use for personal activities. For example, PC cards (also known as PCMCIA cards) have
the same characteristics as a smart card but they are used as peripheral devices such as
modems or game cartridges. These PC cards are seldom called smart cards since they are
extension devices without personalization. In this sense, a smart card is a processor card

For Download & More Visit: http://www.nectarkunj.byet host14.com

12
 Smart cards in wireless

that allows persons to interact with others digitally to conduct transactions and other
personal activities.

9. Operating Systems

New trend in smart card operating systems is JavaCard Operating System. JavaCard OS
was developed by Sun Microsystems and than promoted to JavaCard Forum. Java Card
OS is popular because it gives independence to the programmers over architecture. And
Java OS based applications could be used on any vendor of smart card that support
JavaCard OS.

Most of the smart cards today use their own OS for underlying communication and
functions. But to give true support for the applications smart cards operating systems go
beyond the simple functions supplied by ISO7816 standards. As a result porting your
application, developed on one vendor, to another vendor of smart card becomes very hard
work.Another advantage of JavaCard OS is, it allows the concept of post- issuance
application loading. This allows you to upgrade the applications on smart card after
delivering the card to the end-user. The importance is, when someone needs a smart card
he/she is in need of a specific application to run. But later the demand can change and
more applications could be necessary.

Another operating system for smart cards is MULTOS (Multi-application Operating

System). As the name suggests MULTOS also supports multi-applications. But
MULTOS was specifically designed for high-security needs. And in many countries
MULTOS has achieved "ITSec E6 High" in many countries.

And also Microsoft is on the smart card highway with Smart Card for Windows.

In a point of view the above Operating Systems are Card-Side API's to develop cardlets
or small programs that run on the card. Also there is Reader-Side API's like OpenCard
Framework and GlobalPlatform.

10. Programming
10.1. CT-API
This API depends on the card terminal used, but supplies generic functions that allow
communication with memory cards and processor cards. This API is a low level interface
to the reader. But still used because it complies with the ISO7816 standards and have a

For Download & More Visit: http://www.nectarkunj.byet host14.com

13
 Smart cards in wireless

simple programming logic resembling assembly. You just send code byes along with the
data packets and receive the response.

10.2. PC/SC

PC/SC Workgroup is responsible for the development of the PC/SC Specifications.

Under Windows, MacOS and Linux corresponding APIs could be found. Under Linux,
pcsc-lite suit could be downloaded from http://www.linuxnet.com/.

10.3. OpenCard

OpenCard Framework, OCF, is an object-oriented framework for smart card

communications. OCF uses Java's inter-operability between environments to deploy
architecture and APIs for application developers and service providers.

10.4. GlobalPlatform

GlobalPlatform was formed in 1999 by organizations those were interested in issuing

multiple application smart cards. The major goal of GlobalPlatform is to define the
specifications and infrastructure for multi-application smart cards.

10.5. To Sum Up

As you could understand from above, the standardization period of smart cards is not
finished. The demand on smart cards is growing on the basis of end-user and developer.
In my opinion, if you are a developer or in a decision making position, you should
carefully analyse all the standards as well as the companies manufacturing smart cards.
As a developer’s point of view, in the near future I think, Java will evaluate itself as the
standard because of portability and cross-platform uses in spite of its slowness and fast
evolution.

11. Applications on Linux

For Download & More Visit: http://www.nectarkunj.byet host14.com

14
 Smart cards in wireless

In this section there will be applications that uses smart cards for some reason on Linux
environment. If you are a developer of a software and your development environment is
Linux please let me know. I will add you in the list.

11.1. scas

SCAS is a simple program that checks the code inside the card with the code inside the
computer. As an example of showing a way of authentication with memory cards scas is
very good.

11.2. smartcard

smartcard is a general smart card utility in Linux which uses CT-API. With smartcard
utility you can read/write data from/into smart cards. As long as your reader can be
accessed via CT-API, smartcard can be used to control the reader. Currently smartcard
could only be used with memory cards using I2C or 3W protocols. There is also a
GTK+/Gnome graphical front end which support all functions of smartcard utility.

11.3. ssh-smart

ssh-smart is a basic proof-of-concept of ssh identity on smart card, as the author says.
ssh-smart uses smartcard utility to communicate with the smart card. Basically, ssh-
smart-add tool (perl script) call ssh-keygen to generate RSA public and private keys.
Than puts the private key on the memory card. Later the ssh-smart-addagent tool can be
used to extract the private key from the card to use with ssh-agent.

11.4. smarttools-rsa
This is another PAM Module for Unix systems but supports RSA authentication through
your private key on the smart card. You must have a Schlumberger Cyberflex Access
card or Schlumberger Cryptoflex for Windows Card and a working reader to use this
tool.

For Download & More Visit: http://www.nectarkunj.byet host14.com

15
 Smart cards in wireless

11.5. smartsign
This utility is some-complete PKI integration with the smart cards. To use you must
establish a working OpenCA and have Schlumberger's "Cyberflex Access 16K" smart
cards. During the certification process of OpenCA, private key and public certificate can
be stored on the smart card and private key, later, could be used with Netscape to sign
outgoing mails and news. Also smartsign supports authentication of local users via a
PAM Module through a public key authentication. Smartsign comes with gpkcs11, a
PKCS#11 implementation, smastsh, a command line shell that allows browsing smart
card contents, sign_sc/verify_sc to sign and verify any file with smart card.

11.6. CITI Projects

At CITI, Center for Information Technology Integration of Michigan University, there
are some new projects. For example, Webcard is a web server running on a Schlumberger
Cyberflex Access Java Card. Features a stripped TCP/IP stack that supports HTTP only.
The system is designed to have a router which frames IP packets in ISO7816 and a Java
Virtual Machine in the card. Detailed technical report can be found at
http://www.citi.umich.edu/projects/smartcard/webcard/citi- tr-99-3.html

12. Smart Card Uses

Literally, billions of smart cards are already in use. Worldwide smart card sales could
reach 1.6 billion units in 1998, up 23% from 1.3 billion units in 1997. Western Europe
accounts for about 70% of the current smart card uses, followed by South America and
Asia with about 10% each, while North America languishes at less than 5%. However,
most smart cards issued today are memory cards (see Table) with limited processing
capabilities. Still, hundreds of millions of processor cards are already in use today.

Smart Cards Issued in 1996 (in million units)

____________________________________
Phone cards 605
Health cards 70
Banking 40
ID/access cards 20
Pay TV cards 20
GSM cards (mobile phone) 20
Transportation 15
Metering/vending 10
Others 10

For Download & More Visit: http://www.nectarkunj.byet host14.com

16
 Smart cards in wireless

------------------------------------
Total 810
____________________________________
Source: Smart Card Industry Association

Phone cards have become ubiquitous in Western Europe and Asia where coin-operated
public phones are becoming nearly obsolete. These pre-paid cards increase payphone
operator revenues, allow more sophisticated transactions via public phones, and have
become advertising devices as well as collector's items. Although the popularity of phone
cards contributed to a widening acceptance of smart cards by consumers, however,
processor cards are projected to be the fastest growing smart card uses by the year 2000.

Projected Growth of Smart Cards

Source: The Smart Card Cyber Show

13. Technology and Players

For smart cards to carry out applications, several components must come together. The
technology of smart cards include four critical segments.

13.1. Card Manufacturers

For Download & More Visit: http://www.nectarkunj.byet host14.com

17
 Smart cards in wireless

A smart card begins with a micro-controller produced by semiconductor manufacturers

such as Siemens, Motorola and Thomson. This integrated circuit chip is attached to an
electronic module by inserting into a cavity on the module. Then, terminals between the
chip and the electronic module are interconnected. Finally, the chip-embedded electronic
module is glued to a plastic card. The global leader in card manufacturing is
Schlumberger who sold about half of all smart cards in use in 1997. A close second is
Gemplus followed by Bull and De La Rue of France.

13.2. Card Terminals and Readesr

Smart cards may be read by conventional card reader or by wireless terminals. New
devices similar to a floppy disk allow smart cards to be read by PC disk drive. Suppliers
of POS and ATM card readers have expanded into smart card readers for their product
lines, where some worldwide consolidation is occurring. For example, a market leader
Grupe Ingenico is buying another player De La Rue of France.

13.3. Interface between Card and Terminal (API)

Electronic modules embedded in smart cards have contacts by which messages are
exchanged between the card's IC chip and the card reader. International standards such as
ISO 7816 have specified which contact handles what type of data but applications must
be programmed to manage message exchanges that can be used by networked processors.
An interoperable and multi-platform application programming interface (API) is critical
for smart cards to carry out diverse functions. Open standards such as Java smart card
API provides one of several proposed interfaces. Java Card API in particular offers a
development tool for flexible, multi-platform applications–"Write Once, Run
Anywhere"–for devices ranging from Network Computers, Web TV, smart phones and
other consumer appliances. The industry leader Schlumberger, for example, has
introduced EasyFlex and FastOS based on Java API.

13.4. Applications
The ultimate utility of smart cards is in the functions they carry out–for example,
payment process, identification, network computing, health care management, benefits
distribution and so on. Application programs hand le data read by smart card readers and
forward them to central computers located at the other end of the smart card
infrastructure such as payment servers in banks, traffic control centers or mobile phone
centers, credit card companies, transit authorities, governments, Microsoft and other
service providers. Market players and stake holders in this end game for smart cards
include a wide variety of firms and institutions including card issuers, content providers,
Visa and MasterCard, banks, government agencies, security implementers such as Lucent

For Download & More Visit: http://www.nectarkunj.byet host14.com

18
 Smart cards in wireless

Technologies, electronics manufacturers such as NEC, and service providers who want to
exploit advantages of smart card technologies.

14. Smart Card Advantages

Compared to conventional data transmission devices such as magnetic-stripe cards, smart
cards offer enhanced security, convenience and economic benefits. In addition, smart
card-based systems are highly configurable to suit individual needs. Finally, the
multifunctionality as payment, application and networking devices renders a smart card
as a perfect user interface in a mobile, networked economy.

14.1. Customer Benefits

14.1.1 Full Portability of Services

The smart card effectively breaks the link between the subscriber and the terminal,
allowing the use of any properly equipped terminal and helping to realize the wireless
promise of any-time, anywhere communications. In fact, subscribers need not be
constrained to using voice terminals only. A variety of other mobile communications
devices such as personal digital assistants (PDAs) and personal intelligent communicators
(PICs) are available that may have voice communicatio ns added as an integral part of
their capabilities. If these other devices are equipped for smart cards, the potential for

For Download & More Visit: http://www.nectarkunj.byet host14.com

19
 Smart cards in wireless

communications is increased. Similarly, data communications applications could benefit

from the security features inherent in smart cards.

14.1.2 Inte rnational Roaming

Wireless customers often require the ability to place and receive calls when traveling
abroad. For these customers, international roaming enabled by smart cards is quite
valuable. For example, Ameritech, AT&T, and GTE ha ve all instituted international
roaming programs using GSM phones and smart cards. The program uses co-branded
smart cards, which corporate customers bring with them when they travel abroad.
Customers are given a telephone number from a GSM carrier, which allows them to be
contacted in any of the countries that have international roaming agreements.

14.1.3 Inte rsystem Roaming

The incompatibility of different communications radio interfaces and authentication

protocols (time division multiple access [TDMA], code division multiple access
[CDMA], GSM, personal digital cellular [PDC], mobile satellite systems, etc.) requires
subscribers to make choices that constrain them to use only one particular type of handset
that works with only one radio interface. With a smart card, it becomes possible for
subscribers to use one handset for different interfaces and protocols. This feature is
already implemented among the three frequencies used by the GSM platform (900, 1800,
and 1900 MHz). American National Standards Institute (ANSI) telephone industry price
index (T1P1).3 has recommended standards for a user identity module, a smart card that
can be used with the major radio access methods. Thus, it becomes conceivable to have
current GSM smart cards modified so that they can work with a CDMA handset. For
example, North American GSM operators have designed a process to which the SIM
holds both the GSM and advanced mobile phone service (AMPS) authentication
algorithm and data to provide authentication on both networks in interroaming situations.

14.1.4 Multiple Services on a Single Card

As mentioned earlier, maximum value is realized by the subscriber when multiple

applications are stored on a single card (see Figure). A multiapplication smart card could
provide access to airline reservation and ticketing systems and information networks, as
well as a mobile telephone service. Considering the many cards that the average person
carries these days (i.e., numerous credit cards, debit cards, employee ID cards),
integrating more applications into a single card (or at least fewer cards) has obvious
appeal and benefits. It is important to note that there is clear interest on the part other
industries to package their services with mobile telephony. For example, research by
Citibank indicates clearly that a substantial percentage of the company's customers would
like to be able to conduct its banking on a variety of platforms, including wireless. Such
services are already available using a standardized toolbox for smart-card application
creation.

For Download & More Visit: http://www.nectarkunj.byet host14.com

20
 Smart cards in wireless

14.1.5 Separation of Business and Pe rsonal Calls

The smart card allows customers to be billed separately for personal and business calls
made on a single phone. For example, Airtel, a Spanish GSM operator, uses a SIM card
with two sets of subscription information—one for corporate and the other for personal
use. Airtel’s dual SIM cards have been well received in the corporate market.

14.2 Enhanced Security Benefits

SIM cards have several features that enhance security for wireless communications
networks. Smart-card supporters point to the potential of limiting or eliminating fraud as
one of their strongest selling points.

SIM cards provide a secure authentication key transport container from the carrier’s
authentication center to the end-user’s terminal. Their superior fraud protection is enabled
by hosting the cryptographic authentication algorithm and data on the card’s
microprocessor chip. SIM cards can be personal identification number (PIN) protected
and include additional protection against logical attacks. With added PIN code security,
SIM cards offer the same level of security used by banks for sec uring off- line payments.

Because the home network–authentication algorithm also resides in the card, SIM cards
make secure roaming possible. They can also include various authentication mechanisms
for internetwork roaming of different types.

Complete fraud protection (with the exclusion of subscription fraud) can only be
provided in the context of a complete security framework that includes terminal
authentication, an authentication center, and authentication key management. Smart cards
are an essential piece of this environment, but only the complete architecture can allow
fraud reduction and secure roaming.

Finally, it should be noted that biometric smart-card applications such as voice or

fingerprint recognition could be added to provide maximum fraud prevention. Smart

For Download & More Visit: http://www.nectarkunj.byet host14.com

21
 Smart cards in wireless

cards could then combine the three basic security blocks of possession, knowledge, and
characteristics (see Figure ).

14.3 Convenience
One use of the old fashioned memory cards is to replace various identification cards.
Smart cards will combine paper, plastic and magnetic cards used for identification,
automatic teller machines, copiers, toll collection, pay phones, health care and welfare
administration. Universities, firms and governments rely on smart identification cards
since they can contain more detailed data and enable many services to be integrated.
Health care cards, for example, reduce document processing costs by allowing immediate
access to personalized patient information stored in smart cards. Most other smart card
uses combine identification function with specialized purposes as in military PX cards,
government's Electronic Benefit Transfer cards, and university ID cards that are also used
to pay for food and photocopies.

14.4 Economic Benefits

Smart cards reduce transaction costs by eliminating paper and paper handling costs in
hospitals and government benefit payment programs. Contact and contactless toll
payment cards streamline toll collection procedures, reducing labor costs as well as
delays caused by manual systems. Maintenance costs for vending machines, petroleum
dispensers, parking meters and public phones are lowered while reve nues could increase,
about 30% in some estimates, due to the convenience of the smart card payment systems
in these machines.

14.5 Customization

For Download & More Visit: http://www.nectarkunj.byet host14.com

22
 Smart cards in wireless

A smart card contains all the data needed to personalize networking, Web connection,
payments and other applications. Using a smart card, one can establish a personalized
network connection anywhere in the world using a phone center or an information kiosk.
Web servers will verify the user's identity and present a customized Web page, an e- mail
connection and other authorized services based on the data read from a smart card.
Personal settings for electronic appliances, including computers, will be stored in smart
cards rather than in the appliances themselves. Phone numbers are stored in smart cards
instead of phones. While appliances become generic tools, users only carry a smart card
as the ultimate networking and personal computing device.

14.6 Multifunctionality
The processing power of a smart card makes it ideal to mix multiple functions. For
example, government benefit cards will also allow users access to other benefit programs
such as health care clinics and job training programs. A college identification card can be
used to pay for food, phone calls and photocopies, to access campus networks and to
register classes. By integrating many functions, governments and colleges can manage
and improve their operations at lower costs and offer innovative services.

15 Marketing Opportunities

In addition to the value-added services they can provide, smart cards pro vide many
marketing opportunities to network operators.

15.1 Brand Recognition

Smart cards provide a means for greater brand exposure and reinforcement. The cards can
be considered mini-billboards, providing frequent opportunities for the customer to be
exposed to a brand name. Compared to other advertising media, they provide a cost-
effective vehicle for achieving a high number of brand exposures to a targeted audience.
Network operators with limited brand recognition can co-brand their cards with
companies with greater brand equity to strengthen their market positions.

15.2 Customer Loyalty Programs

Smart cards can play an extremely valuable role in a carrier’s customer retention efforts.
The data on a smart card is a digital representation of the customer’s habits; i.e., number
of calls, services accessed, merchandise purchases, etc. This rich database of customer
information makes it possible for network operators to develop highly targeted or one-to-
one marketing. Carriers are then able to provide services and offerings particularly suited
to their customers, increasing customer loyalty to the carrier.

For Download & More Visit: http://www.nectarkunj.byet host14.com

23
 Smart cards in wireless

15.3 Direct Marketing

With their convenient form factor, smart cards can be used in direct- mail campaigns to
sell wireless subscriptions, both for prospecting and subscription renewal. Using
temporary or prepaid smart cards, network operators have a low-cost channel for selling
their services. In addition, subscription changes, renewals, and upgrades are easily
handled by sending new cards in the mail (see Figure 4).

Figure 4. A Direct Marketing Scenario

15.4 Advertising
Two services, used in conjunction with smart cards, provide network operators with
possibilities for highly targeted advertising. Short message service (SMS) and cell
broadcast leverage smart cards to send advertising or informational messages that appear
on the handset display to wireless users.

15.5 Trial Subscriptions

Smart cards are an ideal vehicle for trial subscriptions. Programmed as prepaid cards,
they can attract new customers to try wireless services with limited, defined financial risk
for both the network operator and the consumer.

For Download & More Visit: http://www.nectarkunj.byet host14.com

24
 Smart cards in wireless

15.5 Incidental Revenues

Network operators issuing smart cards can generate additional revenue by selling
memory space on the card to other companies. For example, available space can be sold
to gas stations so that the smart card can also be used as a debit card for gas purchases.
The card’s surface can also be used for imprinting the participating company’s brand, for
which the carrier can receive fees for space advertising.

16. Drive Toward Cashless Society

Smart cards were first developed as a payment method to simplify small value
transactions. Commonly called as a stored- value card, the data contained in a smart card
represents a monetary value that can be added or reduced as transactions are carried out.
This has proven to be useful in Western Europe and Asia where public transportation and
public phones are widely used.

In North American, the popularity of checks, credit cards and debit cards makes smart
cards a less attractive alternative. But in countries where the public phone system is less
than optimal, a smart card-based payment system offers convenience without increasing
investment in phone infrastructure. In some countries, the increasing use of smart cards is
also leading to advancements in banking services and the acceptance of credit and deb it
cards by consumers.

16.1 Benefits
A cost effective, secure and convenient alternative to cash transactions is needed as cash
is still the most important payment method in terms of number of transaction. Over 80%
of transactions are made in cash. Smart cards offer several advantages over checks and
credit cards:

 Reduced handling costs

 Improved ease of use
 Lowered costs in infrastructural supports such as banking system and phone
networks
 Versatility of combining credit, debit and stored value cards in one convenient
platform
 Lower transaction costs

For Download & More Visit: http://www.nectarkunj.byet host14.com

25
 Smart cards in wireless

 Ability to carry out offline, online and peer-to-peer transactions

16.2 Mondex International and Mondex Cards

The world leader in smart card payment system is Mondex International which is the
international franchising organization that licenses its right to a local Mondex originator
in each country. A Mondex originator then creates electronic cash units serving as a
given nation's currency. In each country, several Mondex issuers actually issue, distribute
and resell cards to consumers. The Mondex card functions as an electronic purse that
downloads and stores cash values. Mondex cards are read at time of transaction verified
either through telephone line, on site through Mondex wallets which allow transfe rs
between cards, or via the Internet by inserting the card into a standard smart card reader
connected to a PC.

Mondex is one of several electronic cash payment systems. Other systems such as
DigiCash are purely a form of electronic cash developed for online transactions.
However, differences between pure electronic cash and smart card (stored value) based
payment system are increasingly less obvious since electronic cash can be stored in a
smart card and exchanged offline and a Mondex card reader can be connected to a
personal computer allowing online transactions.

For Download & More Visit: http://www.nectarkunj.byet host14.com

26
 Smart cards in wireless

17. Smart Cards As a Payment System

A payment function is an integral part of most smart card applications because most
services accessible by smart cards must be paid one way or the other. But before smart
cards are widely used as a preferred payment method in electronic commerce, two
outstanding issues must be resolved:

 legal protection for loss and fraud

 demand and supply for microtransactions

17.1 Legal Protection and Liability

Currently, a cash balance stored in Mondex is not insured or protected against loss or
theft. In comparison, a credit card user is liable only to a minimum determined by
legislation such as Regulation E. Being a cash equivalent, however, a stored value on a
Mondex card is not recoverable if the card is lost or stolen. Several electronic cash
payment systems guard against such losses by an elaborate encryption mechanism or a
required authentication in each transaction. They, however, add significant transaction
costs minimizing their advantages over cash or checks. A cost effective guarantee or
assurance on stored values must be established to protect consumers. But legal opinions
regarding the liability and rights of issuers and users of electronic cash vary widely. In
general, online stored value systems which do not rely on smart cards may be protected
by existing Federal Reserve regulations as long as the funds are considered to be in
consumer deposit accounts. Offline systems are left to voluntary arrangements between
card issuers or financial institutions and consumers.

17.2 Microtransactions and Micropayments

A more convenient, low-cost payment method is necessary for low-value transactions.
There are many examples of micropayments already in use: toll and bus fare collections,
copy machine payments, parking meters and vending machines. Coins and tokens used in
all of these examples can be substituted by smart cards. However, will there be
substantial demand for microtransactions and micropayment methods in electronic
commerce? The answer will depend on how information and other digital products are
sold online. Bundling and subscription plans are based on aggregating small charges into
a periodic bill that is large enough to utilize conventional credit card payments. If sellers
and consumers prefer to aggregate products and services, there will be little need for a
flexible payment system. On the other hand, unbundling and customizing products
require a payment system which can facilitate small charges, for example one or two
cents for a Web page. Before smart cards and electronic cash are used widely, the
demand for, and supply of, microproducts and microtransactions must precede.

For Download & More Visit: http://www.nectarkunj.byet host14.com

27
 Smart cards in wireless

Even when these issues are resolved and smart cards become a preferred payment method
for electronic commerce, the excitement over smart card technologies and the ready
embrace by many developers of these technologies are due more to the explosion of
applications than to being a convenient form of payment. The smart card platform has
already expanded into the mainstream computing and commercial arena as a versatile
technology to implement innovative services in a mobile network.

18. Smart Networking

A smart card as an interoperable computing device has become the ultimate utility of
processor cards. Today's networked societies revolve around accessing the worldwide
information superhighways. As more people log- in to the network and more and more
activities take place through networks, online security is of utmost importance. Smart
card technologies provide strong security through encryption as well as access control
based on identification technologies such as biometrics. Information kiosks and phone
booths equipped with smart card readers will become network centers. Smart cards are
the world’s smallest mobile computers.

Mobile Communications By the year 2000, global mobile networks will enable a real
time connection to anywhere, anytime. Global networks based on low earth orbiting
satellites such as Teledesic and Iridium are in the works or already in operation. Mobile
phones are gearing up to be a truly global communications network via Global Services
for Mobiles (GSM) system. Phones come equipped with a smart card slot to enable
integrated services. For example, Schlumberger's SIM (Subscriber Identification Module)
card can take care of call personalization, payment, security and other services such as
linking your phone with your PC using a GSM phone. A smart network can also operate
through a reader terminal installed at home or in offices, at a convenient store or a gas
station, at an information kiosk in libraries or a phone center at airports or eve n on a
remote hiking trail.

19. Integrated and Customized Services

For Download & More Visit: http://www.nectarkunj.byet host14.com

28
 Smart cards in wireless

Smart cards go beyond replacing existing cards. Smart cards are interface devices that
allow users to digitally interact with firms, consumers and products in the networked
world. Smart cards are closer to a personal mobile computer.

Electronic Ticketing Traffic management and fare collection systems often impose heavy
operating costs in public transit systems and toll highways. Prepaid cards have proven to
be very effective and popular in saving time and resources in managing traffic and
passenger flows and improving services. Contactless smart cards send data via radio
frequency waves eliminating long lines. The amount of information on smart cards also
allow new type of services which are customized for specific groups of users, and the
user data can be collected and analyzed by a central server further improving services.
Such ticketing systems can also be used in sports arenas, concert halls, amusement parks
and other venues processing admissions.

For Download & More Visit: http://www.nectarkunj.byet host14.com

29
 Smart cards in wireless

Smart Vending Smart card vending systems are used for petroleum dispensors, various
vending machines and parking meters. Smart card-based vending systems not only
simplify payment processes but also enable customized services. For example, a smart
parking meter can charge a fraction of a minute or levy different amounts depending on
the customer profile, time of day or zones. Smart vendors also provide marketing
incentives such as discounts and coupons to reward loyal customers based on purchasing
behaviors. Smart vending thus allows a total integration of payment, marketing and
services in a networked enterprise.

Example: "The Smart Village"

The Smart Village envisioned by Schlumberger, the largest smart card seller, illustrates
the vision of a networked world where smart card-based services and products inhabit our
every day lives. This smart marketplace includes: GSM payphones and mobile
telecommunication, private site smart pay phones, smart ticket vending machines at
transit terminals, smart pay and display units at parking lots, smart fuel dispenser at gas
stations, contactless, remote and prepaid card terminals in retail locations, smart health
care management and network access based on secured, personalized smart cards.

For Download & More Visit: http://www.nectarkunj.byet host14.com

30
 Smart cards in wireless

Example: Resort and Park Management

Smart resort cards issued and managed by Leapfrog Smart Products Inc. are smart cards
that allow cashless transactions in RV parks for in-park transactions that include
admission and usage fees as well as vending and laundry services. Cards are also used to
record annual membership payments, to grant physical access to the park, and to store
information such as medical records for emergency usage. Several loyalty programs such
as coupons and reward vouchers are also stored and managed on the cards.

The infrastructure required for such an integrated service is relatively simple: doors and
gates, POS terminals in each RV park, vending machines and washers are retrofitted to
accept 8K Gemplus cards which cost about $10.75 each. Operational benefits, as
elaborated by Leapfrog, include:

 increased gross revenues

 decreased pilfering and fraud
 decreased administrative cost
 increased security
 streamlined accounting procedures
 increased overall profit

Example: Performance Art Revue

When customer profiles, product information and payment data are combined, a simple
smart card becomes a versatile operating, marketing and management tool. One Yellow

Rabbit Performance Theatre of Calgary, Canada, has introduced smart card-based season
tickets. Using StarGenix smart cards, the season pass is a convenient and cost-saving
ticketing and stored- value system. The card contains ticket, performance, reservation and
cardholder information as well as a stored- value component redeemable for bar service
and the theatre's products sold at its stores.

20. Agreeing upon Standards: The Last Hurdle

The key ingredient for smart cards to succeed is interoperability and standardization in
hardware and applications. Without such standards, potential card issuers and users take a

For Download & More Visit: http://www.nectarkunj.byet host14.com

31
 Smart cards in wireless

severe risk in investing in new technologies that may not be compatible with future
generation technologies. Hardware standards have been an integral part of smart card
development in the last few years while application specific standards have only begun to
emerge.

20.1 Hardware Standards

Hardware standards specify physical and communications dimensions of smart cards.

International Standard Organization (ISO) 7816 is a global standards which lay out
physical characteristics of cards and contacts, transmission protocols, interindustry
commands for interchange and rules for applications and data elements. ISO 10536
specifies similar characteristics for contactless cards. Several other ISO standards have
been developed or under review which control local and global interchange message
specifications, card accepting devices and security architecture.

20.2 Application Standards

Application-centered standards are developed to resolve communications and data
exchange conflicts between the cards and the institutions which process these data. By
limiting to specific solutions, these standards often include both hardware and application
standards. For example, electronic purse standards (CEN, Mondex or EMV) describe
card's physical characteristics, data and application interfaces and transaction procedures
that involve financial institutions. Payment standards such as Secure Electronic
Transaction (SET) or Chip-Secure Electronic Transaction (C-SET) are protocols which
facilitate exchanging and validating transaction data. For mobile communications based
on smart cards, European ETSI standards provide a basic framework under Global
Services for Mobiles (GSM) based on Subscriber Identification Module (SIM).

20.3 Local Standards

As more industry-specific applications appear, local standards are evolving to manage
integrated transactions between end users' smart cards and processing institutions. Such
standards eliminate the need for expensive and inflexible custom interfaces and allow
industry-wide integration. For example, health care card standards intend to create a
common computing framework to identify patients, query their medical data, process
payments and allow health care management in a distributed environment. The health
care industry is also developing Electronic Medical Record standards to facilitate
technological developments and applications. Smart card technologies are only a
harbinger of things to come. To maximize their usefulness and promote wider acceptance
by users, standards across industry users must be available whether it is for traffic
management, electronic benefit transfers, health care or travel services.

For Download & More Visit: http://www.nectarkunj.byet host14.com

32
 Smart cards in wireless

20.4 Network Computing Standards

With the exponential growth in computing power and a drive toward miniaturization,
smart cards will ultimately function as a mobile networking interface for personal use. A
group of technology companies under the OpenCard Framework is now working to
extend industry standards for network computer into smart cards. A smart card in this
capacity is inserted to Network Computers, public phone booths, networked information

kiosks and LAN terminals to become your personal computer. A key element in allowing
smart cards as a computing platform is an interoperable operating system or an
application programming interface which can be incorporated into smart cards'
processors. A leading candidate is Sun Microsystems' Java smart card API which allows
developers to create multi-platform applications. The much-hyped Network Computers
could become terminals that accept Java-enabled smart cards.

21 Will Smart Cards Take Off?

Unlike European and Asian consumers, Americans seem to be reluctant to swap their
credit cards and ATM cards with smart cards. An average consumer in the U.S. uses his
or her ATM cards 15 times per month according to a Star Systems, Inc., survey, and the
increased use of cards at POS terminals is the single most important factor in this trend.
Compared to this growing trend toward using plastic cards, the reluctance in using sma rt
cards stems primarily from the public's perception of smart cards as an electronic
payment system. Although ATM card holders report "some interest" in using smart cards,
security is the primary concern in storing money on their cards. Several pilot programs,
however, are introducing the versatility of smart cards to consumers.

21.1 Smart Card Pilots

Several large scale pilot projects are aimed at testing the future acceptance of smart cards.
The most publicized try-out during the 1996 Atlanta Summer Olympics had a mixed
result. Regardless, transit authorities in San Francisco, Washington, D.C., and Finland are
rolling out smart card systems for transit management. 120,000 members of Quebec
Soccer Federation of Canada will soon be using smart cards for registration at
tournaments, at McDonald's restaurants, and for several promotional and reward
programs. States of Ohio and Wyoming are testing smart card technologies to deliver
government benefit payments.

21.2 Long-Term Benefits of Smart Cards

For Download & More Visit: http://www.nectarkunj.byet host14.com

33
 Smart cards in wireless

Despite growing interests, smart card-based systems are not entirely cost effective
compared to many alternatives when one considers only the immediate costs and
benefits. For example, a welfare benefit distribution program using magnetic-stripe cards
cost less than smart card-based systems due to initial capital investment and the cost of
cards. Nevertheless, long-term benefits are substantial. Ohio expects to reduce its
monthly cost of benefit distribution from $3.84 to $2.89 per household by using smart
cards. In addition, transaction data associated with smart cards allow the state to cut down
benefit frauds and abuses substantially.

Larger and more important benefits are less obvious at this stage of smart card
technologies. Most smart card applications available today seem only to duplicate
functions carried out successfully and effectively by existing methods. The advanced
banking and financial systems and efficient communications networks in the U.S. work
against adopting smart cards. Like cellular phones which may be useful in less developed
countries with limited phone lines and high communications costs, smart cards are
readily accepted in countries where consumers and businesses do not trust checks and
other debt instruments, or there is a high incidence of inflation, fraud, crime and other
factors favoring cash. For smart cards to gain a wider acceptance, interoperable hardware,
simple user interface and more applications must appear to satisfy consumers who expect
to use the same card in different retail outlets and for different purposes. Considering that
Java smart card API was introduced in 1996, smart card technologies do have enormous
potential to become the next killer application for the digital economy.

22. Looking Ahead

The future prospect for smart cards critically depends on introducing multifunctional
cards and overcoming the simplistic view of smart cards as a payment medium. The
Internet as a distributed and interoperable computing network provides a perfect setting
for smart cards to become the ultimate network computing platform. Further
developments in mobile networks and digitally- interfaced consumer appliances all point
to smart cards playing the role of the ultimate personal computing and communications
devices. In the networked economy where smart cards provide a smart infrastructure,
physical products become smart products.

Opportunities largely depend on the developments in applications and a standardized user

interface that allow users to interact with smart products over a network.

For Download & More Visit: http://www.nectarkunj.byet host14.com

34
 Smart cards in wireless

22.1 Smart Products

Smart products, like smart cards, are made smart by marrying physical products with
computing power. However, the nature of smart products is changing from a product with
a lot of computing power embedded within the product itself to a product with a smart
interface. For example, a smart highway is equipped with sensors that interact with smart
automobiles which come with their own on-board computers and sensors. Nevertheless,
this involves a significant cost to upgrade millions of miles of highways. The marriage
between information superinfrastructure and physical highways seems impractical.

The solution is not to equip highways and automobiles with powerful computers but to
engineer them to interact with smart devices. With an accurate global positioning system,

sensors need not be embedded in highways. The location of a vehicle can be determined
by interfacing an automobile's computer with a satellite. Much of the automobile's
computing is done through smart cards and remotely connected servers. Similarly,
consumer appliances can be equipped with smart card readers instead of installing
product-specific computers. For example, cellular phones interact with smart cards to
access personal information instead of storing it in each phone. In essence, smart network
computers and smart products can be less powerful and more standardized when
interfaced with smart cards.

22.2 Portfolio Products

The future of production and consumption is based on customization which often
involves unbundling and re-bundling different products, changing contents and pricing
individually. Unlike the economy where mass produced goods help reduce production
costs, the economy of customization is concerned with increasing choices for consumers.
Managing such an economy is challenging as the number of products explodes and
transactions become extremely complex.

A smart card-enabled system offers a versatile management tool in such an economy. For
example, smart credit cards issued by American Express can be loaded up with airline
tickets and hotel reservations. A travel plan may also include rental cars, admissions to
concerts and amusement parks, long distance phone bills, food and drinks. Arrangements
may change in real time necessitating coordination and adjustments among different
vendors. Such an integrated product or service has to be managed by computers and
requires spontaneous interactions with all parties involved. Instead of carrying a personal
computer to do the job, all transactions within such an integra ted (‘portfolio’) service
plan can be managed through a single smart card by inserting it into a public or mobile
phone or a network terminal at business locations.

For Download & More Visit: http://www.nectarkunj.byet host14.com

35
 Smart cards in wireless

23. The Relation of Smart Cards with PKI

As we already know smart cards are secure place to hold sensitive data, such as money
and identity. And if the identity is the subject we should talk about PKI, Public Key
Infrastructure, and smart cards.

Think that, you are working in a company with many branch offices and many facilities.
In such large companies often employers have access permissions to different physical
places. Also you access the servers inside the company for various purposes like sending
mail, uploading the web pages and accessing the databases of the company. Just think,
one password for each server and one key for each door and some money in your wallet
to buy food or drink from the local restaurant.

Actually you could just use a smart card. If you use a microprocessor card and a the cards
operating software or Java cardlets permit, you could use only one card for all these. For
this scenario to work, the company must establish a local CA, Certificate Authority.
Below there is a diagram showing the structure of a PKI simply, as described in RFC
2459.

+---+
| C | +------------+
| e | <-------------------->| End entity |
| r | Operational +------------+
| t | transactions ^
| | and management | Management
| / | transactions | transactions
| | | PKI users
| C | v
| R | -------------------+--+-----------+----------------
| L | ^ ^
| | | | PKI management
| | v | entities
| R | +------+ |
| e | <---------------------| RA | <---+ |
| p | Publish certificate +------+ | |
| o | | |
| s | | |
| I | v v
| t | +------------+
| o | <------------------------------| CA |
| r | Publish certificate +------------+
| y | Publish CRL ^
| | |
+---+ Management |
transactions |
v
+------+
| CA |
+------+

For Download & More Visit: http://www.nectarkunj.byet host14.com

36
 Smart cards in wireless

 end entity: user of PKI certificates and/or end user system that is the subject of a
certificate;
 RA: registration authority, i.e., an optional system to which a CA delegates
certain management functions; (in some implementations, where you register your
self to the system)
 CA: certification authority; (Your public key, can be issue when you register
yourself or can be self- issued, is signed and your certificate is issued to you at
CA)
 repository: a system or collection of distributed systems that store certificates and
CRLs, Certificate Revocation Lists, and serves as a means of distributing these
certificates and CRLs to end entities.

In fact, this is just a simplified view of the entities PKI. The employer or the end entity
just applies to the CA or RA to get a certificate A certificate is just a public key digitally
signed with the issuer's, CA, private key. By signed with the CA's private key, all which
trust the CA, can also trust the end entity. Your digital ID is ready. Just write your digital
ID and private key to your smart card. Or a better way, new smart cards are deployed
with embedded functions that generate public and private keys inside the card which
means your private key is not exported to anywhere.

New deployed cards are capable of PKI functions which you do not need to export the
private key to the application you use. For example when you want to send a signed mail,
your mail applications first generates a hash of the document you just wrote and starts the
communication with the card. Your application sends the hash value to the card which is
than signed with your private key inside the card. By this way your private key is never
exported to the public, your computer.

Also, while accessing your remote shell account you could use ssh, secure shell, client. In
man page of OpenSSH, an authentication method for ssh protocol 2 is described. Main
purpose of the method is true identification of the person trying to access the account and
secure connection between the host, if the user is accepted. Theoretically, only you can
know your private key. Although your private key is only readable by yourself, this could
be a security risk. But if your private key is inside a smart c ard, this is an increased
security. Of course, a smart card can get lost. But at this point another security subject is
on the line, your PIN. Generally speaking, smart card's security comes from two things,
one you know and one you own.

SSH is not the only application that smart cards can be used. Other applications like,
money transactions on the net, identification of yourself to the website you connect can
be done with smart cards. The system is more or less the same. Your identification is
checked via your private key and secure session is started with your keys. Than
application specific part comes which is designed and deployed by the service provider of
the application. Some money transactions are just done inside the smart card but some
applications just ask the card for your banking account number. There could be more
methods.

For Download & More Visit: http://www.nectarkunj.byet host14.com

37
 Smart cards in wireless

Electronic locks that can communicate with a smart card can be found on the market. PKI
can support, in addition to the mutual authentication between the card and the reader,
access accounting in the building. Just mutual authentication can be used or the lock ask
to a local server that keeps the user data and checks if the user is permitted to go behind
the door. And whether the permission is granted or not the server keeps the tracks of the
access trials.

With integration of smart cards into PKI world, many more applications could be built.
These application are mostly security specific or to ease the life of the customers.

24. Further Information

In this section there are places to visit for more in-depth information.

24.1. News groups

Some news groups are:

 alt.technology.smartcards
 sci.crypt.research
 sci.crypt.random- numbers

24.2. Mailing Lists

From the MUSCLE Project, <[email protected]>, Smart Card Developers mailing
list. The subject of the list is smart card development under Unix and Mac OS. Just send
<[email protected]> with subscribe linux in the body of your mail. Also you
can reach the archives at The Mail Archive. See linuxnet.com mailing list page for more
information.

24.3. Web Sites

There are a huge number of informative web sites available. They could change and get
outdated.

For Download & More Visit: http://www.nectarkunj.byet host14.com

38
 Smart cards in wireless

A good starting point is Movement for the Use of Smart Cards in a Linux Environment
home page, an information central for documentation, project pages and much more.

Also, USENIX Workshop on Smartcard Technology can take your interest.

Please let me know if you have any other leads that can be of interest.

25. TODO
As all HOWTOs should be, this document will retain in "Under Development" phase as
long as smart card technology is not obsolete.

 The part about the physical characteristics of smart cards should be re-organized.
 In the "Programming" section there must be more information about the standards
of programming smart cards.
 A new section of examples must be added.
 Scenario section (e.g. Building a Corporate PKI) should be added with in-depth
information. (I will add some time in a few weeks :))
 There could be a section about the tamper resistance of smart cards. How tamper
resistance is supplied and how secure is smart cards against new high-tech
gamers. (I have found some references and information but they must be
organized before adding.)

Wow, it seems like I have many things to add :))

26 Summary
By the year 2000, an estimated 2.8 billion smart cards will be issued annually in the
world. But 70% of these cards will be in use in Western Europe and Asia while North
America will account for only about 12% of the business. Nevertheless, even in North
America, the prospect for processor cards is not as gloomy as phone cards. If the current
trend will persist, there will be over 100 million processor cards in use in North America.
These smart cards allow merchants to integrate products, payment and customer service
and customize pricing and marketing efforts based on real user behaviors in real time.
Smart cards as a secure payment system has garnered the keenest attention in the
marketplace. However, smart cards are an indispensable commercial infrastructure in a
networked marketplace which combine the functions of purses, credit cards, ID cards,
tickets, coupons and tokens with data for personalized settings. The electronic persona in
the digital world will be indeed in the form of a smart card and no enterprise solutions
should ignore its potential impacts on business.

For Download & More Visit: http://www.nectarkunj.byet host14.com

39
 Smart cards in wireless

Bibliography
1. Books

Smart Card handbook

by Wolfgang Rankl

Smart Cards : A guide to building and managing Smart Card applications

by J. Thomas Monk

Java Card technology for Smart Cards : Architecture and Programmer’s

by Zhiqun Chen

2. Websites
www.iec.org

www.bitpipe.com

www.MoTechno.com

www.iosoftware.com

www.cryptocard.com

www.Globalcard2000.com

www.digitcrypto.com

www.dta.co.uk

For Download & More Visit: http://www.nectarkunj.byet host14.com

40