A smart card is a kind of Interconnect Card (IC) card that has memory and/or microprocessor etc. embedded in a plastic card for implementing features such as identity authentication, data signature, access control etc. Because it is easy to carry and use, it has been widely used in daily life, for example, as an identity badge in a company, a subscriber identity module (SIM) card in a GSM communication system, an e-ID card, an EMV (Eurocard-Mastercard-Visa) card or a so-called e-purse etc.
According to its processing power, a smart card can be classified into a memory card type if it includes only a memory feature or a microprocessor card type if it includes both a memory feature and a microprocessor feature. A memory card can store data but cannot manipulate the data, and thus can be considered similar to a disk. Generally a memory card can include a security authentication feature and is then capable of authenticating access to the data stored therein to protect against unauthorized access. A microprocessor card not only can store data like a memory card, but also can manipulate the data stored therein. A microprocessor card can have an operating system (referred to as namely card operating system (COS)) so computer and various applications can be installed and executed therein to implement various features. For example, installed and executable features can be data encryption/decryption, the implementation of PKI, modifying and maintaining data based on business rules etc.
In addition, according to its communication mode, a smart card can be classified into a contact card type or a contactless card type. A contact card must be inserted into a card reader for operation. When a contact card is being used, the interface of a card reader makes contact with the contacts on the card, and supplies power to the contact card via these contacts and communicates with the contact card. A contactless card communicates with other devices (card reader) via a radio frequency interface. When a contactless card enters the effective range of a card reader's antenna, it will be activated and make wireless communications with the card reader via a built-in antenna.
A contactless card, due to it interacting with other devices via wireless communications, has many advantages. For example, there is no need to take out the contactless card from a wallet or a bag and insert it into a card reader. It is convenient for a user to carry and use, which enhances the operation speed, reduces the risk of being lost and ensures it will not be worn out by the card reader. It also extends the lifetime of the contactless card. However, a contactless card also has many technical limitations. For example, since each time period a reader is activated to establish a session with a contactless card is very short, it is difficult for a contactless card to achieve a powerful processing capability and accomplish sophisticated processing tasks. The cost will therefore be high. Therefore, what are widely used at present are the low cost memory card type contactless cards (namely, memory contactless cards).
One main security threat of a memory card type contactless card comes from the host computer and the card reader. Since a memory card does not have its own operating system and processing capabilities of applications, its data manipulation and encryption depends on the card reader and the host computer. However, the firmware and software in a card reader and a host computer are susceptible to be cracked and tampered by reverse engineering, particularly, the danger is greater that the host computer could be intruded into, cracked and tampered.
At the same time, a contact type microprocessor card is generally considered to have high security, since data, applications and the operating system are completely encapsulated in the card, and like a black box, it is difficult to be cracked and intruded.
Therefore, it is desirable to be able to make up for the deficiency in security of an easy to use, low cost memory type contactless card by utilizing the advantages of a contact type microprocessor card.