Integrated circuit cards (ICCs), more widely known as smartcards, are small credit card size carriers containing electronics. The smartcard concept began in Europe prior to 1985, and is today being used in telephone systems, toll roads, game parlors, and personal computers, just to mention some applications.
In the following, the term integrated circuit card will be used, because ISO uses the term to encompass all those devices where an integrated circuit is contained within a card-size piece of plastic, or the like.
So far, ICCs have only been used in one of two ways. Either, the ICCs provide simple, more or less tamper-proof storage for small amounts of data, or they execute simple security-related operations like data signature, or encryption-based authentication, e.g., employing a challenge-response protocol. Some applications like pre-paid telephone or cinema cards, as well as health care cards storing personal data make use of the first property. ICCs in the second domain are used as secure tokens executing authentication procedures for example during computer system logon, or when opening appropriately equipped doors for access to a restricted area.
Typical ICCs supporting the above two modes of operation comprise a microprocessor (central processing unit, CPU), a read-only memory (ROM), a random-access memory (RAM), and some type of non-volatile, programmable memory, such as an EEPROM (electrically erasable programmable read only memory). In addition, an ICC usually comprises some kind of a bus (such as a serial bus) and I/O ports for interconnection to a card terminal and for communication with the outside world. Such a card terminal provides the necessary power, electric signaling at the hardware level, as well as the basic communication protocols at the software level to interact with the ICC. Two types of card terminals are available. The more expensive model physically locks the ICC as a whole. Alternatively, and in order to reduce cost of card terminals, it is also very common to only provide a slot into which the user can insert and from which he can retract the ICC at will.
Most ICCs comprise components in the form of integrated circuits which are molded together on a flexible card (e.g., PVC or ABS). The dimension of these integrated circuits (ICs) is at most 25 mm.sup.2 (silicon die size). A typical ICC has a size of 85.6 mm.times.53.98 mm.times.0.76 mm. It is to be expected that the ICCs' integrated circuits shrink in size and that these ICCs become more and more powerful, taking advantage of advanced semiconductor technology.
The contents of the ROM type of memory is fixed and may not be intended to be changed once manufactured. This is a low cost memory, in that it occupies minimum space on the substrate. A ROM is disadvantageous in that it cannot be changed and it takes several months to be produced. As opposed to this, an EEPROM is erasable by the user and can be rewritten many times. ROMs and EEPROMs are non-volatile. In other words, when the power is removed they still retain their contents. A RAM is a volatile memory and as soon as the power is removed, the data content is lost. A RAM, however, has the advantage that it is much faster than ROMs and EEPROMs. On the other hand, a RAM is more expensive in terms of die size.
ICCs come in two forms: contact and contactless. The former is easy to identify because of its gold connector I/O ports. Although the ISO Standard (7816-2) defined eight contacts, only six are actually used to communicate with the outside world. The contactless card may contain its own battery, particularly in the case of a "Super Smart Card" which has an integrated keyboard and LCD display. In general, however, the operating power is supplied to the contactless card electronics by an inductive loop using low frequency electronic magnetic radiation. The communications signals may be transmitted in a similar way or can use capacitive coupling or even an optical connection.
Recent advances in chip design enabled the introduction of FlashRAM for non-volatile memory and 32-bit microprocessors on the same silicon estate. Thus, ICCs are getting powerful enough to host simple, but nonetheless fully functional applications, by far exceeding the simple read/write, respectively encrypt/decrypt routines as outlined above. For example, complex security-related operations like full-blown cryptographic or electronic commerce protocols could be run on the card itself and need no longer reside on a more insecure personal computer.
It is a well known problem that information contained in an ICC cannot be adequately protected. Currently, an unauthorized person can fairly easily get access to information contained in an ICC by opening the card such that certain circuitry becomes accessible. This opens up possibilities to tamper with information contained in the respective ICC, or to read out confidential or proprietary information.