Smart cards and Subscriber Identity Module (SIM) cards incorporate an embedded Integrated Circuit (IC) chip that is often utilized to enforce access control to the data on the card. Microprocessor cards can store information, carry out local processing on the data stored, and perform complex calculations. These cards are of credit card dimensions and take the form of either “contact” cards which require a card reader or “contactless” cards which use radio frequency signals to operate. In terms of processing power older version cards use an 8-bit micro-controller clockable up to 16 MHz with or without co-processor for high-speed encryption. The current trend is toward customized controllers with a 32-bit RISC processor running at 25 to 32 MHz. The memory capacity of such cards is dependent on data compression techniques and is constantly on the rise.
The most common smart card and SIM card applications are: cellular phones, credit cards, electronic cash, computer security systems, wireless communication, loyalty systems (like frequent flyer points), banking, satellite TV, government identification. Smart cards can be used with a smart-card reader attachment to a personal computer to authenticate a user. Web browsers also can use smart card technology to supplement Secure Sockets Layer (SSL) for improved security of Internet transactions.
The growing memory capacity on smart cards and SIM cards, as well as the ability to control access to the media stored on them has prompted their use for the purchase or temporary rental of media and software. U.S. Pat. No. 7,016,496 discloses a system and method for securing the copyright of purchased material by providing an encryption key to the smart card thereby restricting access to verified purchasers of the content, with the content either being stored on an online server or locally on the card. Moreover, the card may double as both an access restriction solution and as payment identity verification as described in U.S. Pat. No. 7,024,226.
Although the current art uses encryption methods in order to deter unauthorized access to the data stored on the card. Security on such cards could still be improved.
Additionally, as the cards become more popular for transactions and content access/storage, their lack of provisions to counter card theft and deal with the demands of subscription services emerges.