Smart cards (SC) are plastic cards having an embedded Integrated Circuit (IC). That IC may be a logic circuit with its associated memories or a microcontroller with its associated memories and software, or a microcontroller with its associated memories and software coupled to a custom block.
To use the computing power given by the IC, a SC makes use of a full set of packaging technologies. The die size varies from 1 mm2 to 30 mm2. The die size is limited for mechanical aspects going with the plastic nature of the SC. The IC is attached to a lead frame and wire-bonding techniques are used to connect the IC pads to the lead frame contacts. Potting and other strengthening methods protect the IC against chemical and mechanical stresses. Contacts are located on one side of the card and their number is limited to eight. Ultimately SC performs transactions with a SC reader using a serial protocol. All the mechanical and electrical specifications of SC are published by the International Standard Organization (ISO). The ISO7816-X standards have allowed the simple and massively produced magnetic stripe cards to evolve toward the SC. SC, depending of the IC complexity, may perform pre-paid accounting, cryptographic scheme, personal authentication using PIN code or biometrics and run java scripts to name few.
ISO documents ISO 7816-1 Physical Characteristics, ISO 7816-2 Dimensions and Locations of the contacts, ISO 7816-3 Electronic signals and transmission protocols and, ISO 7816-10 Electronic signals and answer to reset for synchronous cards are incorporated herein by reference.
Today all the SC readers have to be recognized by the infrastructure prior to perform any transaction involving a SC. The infrastructure is running an application in which the SC is involved. The SC reader expects a SC. The half duplex protocol between the SC and the SC reader, in which, either the SC sends information to the SC reader or vice versa, cannot start until a SC is detected in place into the SC reader. The infrastructure manages authentication or transactions for pre-paid cards in public telephony, for Bank cards in Point Of Sale (POS) terminals and Automatic Teller Machines (ATM), for Pay TV providers in set top boxes and for wireless telecom operators in Subscriber Identification Modules (SIM) in Global System for Mobile (GSM) terminals. Except for SIM cards, all others applications use a physical sensor to detect the SC. This sensor tells the SC reader when a SC is in place that is when the SC lead frame contacts are able to mate with the SC reader contacts. Two sorts of SC reader contacts can be used, contacts that remain in place and because of their elasticity can slide over the SC when inserted in the SC reader or mobile contacts which descend to touch the lead frame contacts once the card has been detected in place. When the SC reader has established that a SC is in place the power up sequence can start at the SC reader convenience. After the power up sequence, the SC reader will provide first a clock to the SC and then will release its reset signal. The SC is then able to execute the stored Operating System (OS). The SIM card is particular since it is put in place only once with the power off and used constantly subsequently to its positioning.
The first application ever to have deployed the SC technology more than 20 years ago is the public telephone system. The die size used in this application is less than 1 mm2. Just memories and logic circuits are integrated in the IC. In 1999, Pre-paid SC accounted for more than ⅔ of the 1.3 billion SCs produced worldwide. The SC reader utilizes all eight contacts to interface properly with the different SC generations. When a SC is inserted in the payphone, the telephone infrastructure authenticates the SC and the telephone remove units out of the SC. It is worth noting that the SC developed for Banking applications can be utilized in a payphone. The payphone does not remove units out of a Bank card but bills the SC carrier.
The second largest application using the SC has been deployed by the Banking industry. The ATM and POS infrastructures have been installed in most countries other than the USA. The die size used in this application is about 10 mm2. A microcontroller and its associated memories and software are integrated in the IC. The SC reader utilizes up to six contacts to interface properly with the different SC generations. When a SC is inserted in the ATM or the POS, the SC carrier is asked to authenticate himself with a PIN code. The SC can store anything like the balance of cash the owner got out of an ATM on a per week basis, the details of purchases he has done since the last closing date, etc. Based on this information, the authorization can be issued on the spot once the PIN has authenticated the debtor without any telephone calls to the bank. Ultimately Banks and Businesses perform the equalization using the telephone, private communication networks and some day the Internet. While performing the equalization, a black list of fraudulent SC may be stored in the POS or ATM. This scheme has been able to reduce the fraud level down to 0.02% of all the transactions equivalent money done with the SC from 0.2% when no IC was embedded in the card. The level of fraud using SC has been reduced by ten fold compared to the regular credit cards.
The third largest application using SCs has been deployed by GSM manufacturer. The die size used in a SIM is about 30 mm2. A microcontroller and its associated memories and software are integrated in the IC. The SIM reader utilizes five contacts to interface properly with the SC. The most sophisticated SC applications are performed in GSM using Java applets.
A whole new market for the SC is now emerging with the Internet accessed from a Personnel Computer. Secure message, Public Key Infrastructure, Authentication and Electronic Payment are the new SC hot areas. The SC can be an e-commerce facilitator. The differentiation of the smartcard compared to other solutions is to have the PIN in the memory that is never communicated in any transaction.
Up to now, the SC is used in a SC reader connected to the computer. Two protocols are involved in supporting transactions between the SC and the application run by the computer. The first protocol complies with the ISO-7816-3. This standard provides detailed requirements for the serial interface between SC and SC reader. The reader is connected to the computer by via a Serial Port, a Parallel Port or even the Universal Serial Bus [USB] using a second protocol. The SC reader contains electronic circuits and embedded software that enable communication between the SC using the first protocol and the computer using the second protocol. The computer is loaded with the appropriate driver to support the SC reader. Many countries have started to use the SC in the PC environment. The die size used in this application will be anywhere from 5 mm2 to 30 mm2. A microcontroller and its associated memories and software are integrated in the IC with a cryptocontroller. Sometimes, a bio-sensor will be also integrated. The SC reader utilizes at least five contacts to interface properly with the SC.
Closed infrastructures enabling all kinds of transactions like Healthcare, Public phone, parking, Loyalty programs, Cash payments, Credit payments are using millions of ISO compliant SC readers around the world. Europe has lead the development of these technologies back in the late 1970's. In these proprietary infrastructures, every single SC reader is designed to carry many transactions each hour. The many users share the cost of the SC reader.
The extreme growths of the e-commerce and Internet transactions have highlighted the huge needs to secure transactions. Fraud is booming. False credit card numbers are used, credit card numbers are stolen and eavesdropping on the Internet is well established. Dotcom companies search for the device having the best cost/performance ratio. The SC is an excellent contender if the SC reader price can be reduced.
The USB has recently become firmly established and has gained wide acceptance in the Personal Computer (PC) marketplace. The USB has been developed in response to a need for a standard interface that extends the concept of “plug and play” to devices external to a PC. It has enabled users to install and remove external peripheral devices without having to open the PC case or to remove power from the PC. The USB provides a low-cost, high performances, half-duplex serial interface that is easy to use and readily expandable. The USB can be seen as a set of four wires carrying the power supply with two wires and data with the two other wires. The USB is currently defined by the Universal Serial Bus Specification written and controlled by USB Implementers Forum, Inc., a non-profit corporation founded by the group of companies that developed the USB Specification.
In particular, Chapter 5 USB Data Flow Model, Chapter 7 Electrical, Chapter 8 Protocol Layer and Chapter 9 USB Device Framework of Universal Serial Bus Specification are incorporated herein by reference. The increasingly widespread-use of the USB in computers has led SC reader manufacturers to develop USB interfaces for connection of their products to computers to complement the existing serial and parallel interfaces.
We are now in a situation where the brick and mortar companies and the Banks have been using the SC technology for more than 15 years. On the other hand, the Internet, a formidable arena to enhance commerce and Banking activities, does not use the SC technology. Most of the Internet transactions are done from a PC and despite PC manufacturer efforts, the PC industry has failed to install on each PC a cost effective SC reader meeting the specific needs of web related applications. A comprehensive solution, servicing the needs of both the one already engaged in the SC technologies and those wishing to benefit from it, is to be found. These two fields should share a common authentication platform in the best interests of the customers and the service providers.
An example of a conventional approach may be found in published PCT application WO 99/49415 and entitled “Versatile Interface Smart Card.” The system discloses a smart card system which can be used with different protocols. Specifically, the system provides a mode signal at one of the non-ISO standard contacts to indicate the protocol of the device that the card is communicating with. However, the mode signal is not checked until after the smart card is powered up and the reset signal has been applied. In other words, the smart card is already operating in the ISO 7816 protocol, and upon detection of the mode signal, may have to switch to a non-ISO protocol.