documentation of smart card
TRANSCRIPT
Study of Smart Card Technology
Abstract:
Right now, in most of the countries, inside the people’s wallet, they
probably have a couple of credit cards, an identification card, automatic
machine teller cards (ATM card), and maybe a few other plastic cards.
Without realizing it, these plastic cards have become a very important part
of their life. Although smart card technology improves security and
convenient but it is not used in a wide range in Middle East countries.
User acceptance is vital for further development of any fresh
technology and smart card technology as well. One of the factors that can
effect on the acceptance of smart card technology is users’ awareness.
The goal of this study is to present a general overview of smart card
technology and identify the smart card’s benefits, features and
characteristics and moreover, the level of users’ knowledge and awareness
about smart card technology will be evaluated. In order to achieve this goal,
a survey was conducted among the international students of University
Technology Malaysia to measure their awareness of smart card technology.
Keywords: Smart card; technology; awareness; security; advantage;
application
I. INTRODUCTIONA smart card is a plastic card with an embedded microprocessor chip (usually small gold-
colored metal module), capable of storing, processing, calculating, managing and performing
cryptography algorithm on a significant amount of data which can be either value or information
or both. Most smart cards resemble the size of a standard credit card [14].
Smart cards provide maximum security and convenience, and also data portability [1]. It
makes possible sophisticated and portable data processing applications, and has proven to be
more reliable than magnetic strip cards.
Assume a student at a university may use the university identification card (ID card) as a
basic form of identification to gain access to the university’s facilities, using university library,
purchase meals or decrease value from a meal plan, purchase materials and supplies from the
university store, or use university’s vending machines. Additionally, some cards may also be
used to access the university’s computer systems, network and intranet or internet. In this
situation, likelihood the contactless reader cannot detect the smart card.
The use of multiple technologies or multi applications on a single ID card can reduce card
issuance, administrative costs and provide users with the convenience of a single access ID
credential. One example of a multi application card is the student campus ID card, however the
point is that, the students should accept the new technology otherwise developing new
technology will not be successful.
It is important to note that consumer acceptance and confidence are vital for the further
development of smart card technology. According to [16] one of the factors that have a direct
effect on technology acceptance is awareness so it is understood that for successfully
implementation of smart card technology, awareness should be addressed. In other words, in
order to increase the level of smart card usage and user adoption, the emphasis on factors that
can influence on user acceptance should be raised and based on the [16], awareness can effect on
user satisfaction and consequently on user acceptance of smart card technology, as a result, to be
able to increase the user awareness of smart card technology, first, the user awareness should be
examined. This paper is going to study and investigate the students’ awareness of smart card
technology and identify the features, characteristics, and advantages of smart card technology.
II. IMPORTANCE OF STUDY
Take a look in Middle Eastern’s wallet and what will be found? Notes, coins, driving
license, a library card, paper identity card and other cards will be found and maybe some credit
cards. All these documents could be replaced by just two or three smart cards. Smart cards are
being used in a number of ways around the world, replacing a wallet's content bit by bit [7]. As a
result of adopting smart card technology, one card can be used for all.
Smart cards protect against a full range of security threats, from careless storage of user
passwords to sophisticated system hacks. There are a lot of advantages to use of smart cards in
wide variety applications in daily life, for example government, financial services,
transportation, telecommunication, healthcare, network security, education, retail, and many
other industries.
In order to reduce the number of vehicles stuck in congestion, especially for stop and go
traffic at toll plazas, the establishment of smart card systems has been a hot issue and dominant
trend in many countries. Faced with annually increasing demand for travel and transport of
goods, transportation systems are reaching the limits of their existing capacity. Heavy highway
congestion has become one of most serious urban problems.
Furthermore, by using the smart cards banks have been able to replace their current cards
(ATM, debit, credit account, and travel and entertainment cheque) with one card. Beside that
smart cards are also being used in quite a few countries as electronic purses (such as Singapore).
On the other hand, many retailers have started using smart cards as loyalty cards [10].
Nowadays the main trend is the use of multiple application cards. A multiple application
card is a smart card that can support different types of applications on the card itself thereby
reducing the number of cards in the wallet. The big scale use for this card is a national e-ID for
the citizens [1]. A quickly growing application is in digital identification cards. In this
application, the cards are used for authentication of identity. National identity schemes are used
in over 100 nations, and may combine the functions of social security cards, driver's licenses,
immigration documents, and other identification documents such as Malaysian identity card.
Although the technology used to implement a smart card program is important, educating
and awareness of the end users is also significant. Technology should be clearly introduced to
people and they have to be aware of its characteristics, features, and benefits. On other hand, user
awareness is a key to act against fraud and identity theft. The users need to understand functions
of card because sometimes they do not know how they should use their cards and even what the
advantages of using them are, and how they can benefit users. As we know, different
applications involve different user behavior so they should be aware of the usage and application
of smart cards. In all applications, educating the user is a key element to integrate in any kind of
smart card deployment. An application features play an important role in determining whether
individuals involved in an activity will use it or not [17]. The users need to know how they
should protect the card and why they need to protect the card.
Users awareness about smart card can assist them to understand the technology, for
example, contactless card adopters must be aware of the probability of slow transactions or
business logic problems when more than one card enters the radio frequency field (i.e., if a card
holder has two in a wallet), or where the reader must deal with more than one modulation
scheme. Card holder education is needed to deal with the first problem, and in the second case, it
is highly preferable to choose a single modulation scheme.
Assume person X who is working in a large company. Then each of the employees has
access permission to different facilities and different physical places. And also he or she needs to
access the servers inside the company for various purposes like sending mail and accessing
databases of the company. If there is one lock for each door and just one password for each
server and some money in his or her pocket to buy things from the local restaurant, so he or she
needs to carry a lot of things and memorizes many passwords, but actually he or she could use
only one smart card for all these. Smart card technology is not well defined in Middle Eastern
countries and therefore it is not used in a large scale.
The purpose of this study is to present a general overview of smart card technology and
identify the smart card’s benefits, features and characteristics. The level of users’ knowledge and
awareness about smart card technology is also described.
III. AN OVERVIEW OF SMART CARD TECHNOLOGY
Smart card technology makes possible sophisticated and portable data processing
applications, and has proven to be more reliable than magnetic strip cards. The interest in smart
card technologies worldwide is driven by several factors, including security against identity theft
and web fraud, efficiency of service delivery and user convenience.
Smart cards are secure devices that enable positive user identification. They are multi-
functional and cost effective
devices that can be easily adapted for both physical and logical access. Logical access control
concerns familiar principles such as password checking or the more sophisticated cryptographic
mechanisms for authentication such as windows logon, virtual private network (VPN) access,
network authentication, biometric storage and others. Physical access control relates to
identification (ID) badges and building access control.
Smart cards are called ‘smart’ because they contain a computer chip. Indeed, smart cards
are often referred to as ‘chip cards’ or ‘integrated circuit cards’. A great deal turns on the
sophistication of this chip [9].
A. Smart card advantages
Smart cards contain unique features that bring many benefits. Compared to conventional
data transmission devices such as magnetic stripe cards, smart cards offer enhanced security,
convenience and economic benefits. In addition, smart cards are highly configurable to suit
individual needs. Finally, smart cards have many advantages, among others, are briefly listed as
below:
• Smart cards are capable of performing encryption that can implement issuer's and user's
requirements for the highest degree of security. If an attacker obtains a smart card and the related
personal identification number (PIN), they will not be able to clone the card or use it to spawn
counterfeits.
• Biometric authentication methods which rely on personal physical attributes, smart cards
are used in distributing government welfare payments in order to reduce frauds and abuse.
• Each smart card has unique serial number, for all practical purposes, it is impossible to
copy or counterfeit a smart card. Smart cards can be configured to reveal their data only to
especially qualified and authenticated terminal equipment [15].
• Chip is tamper resistant memory; it makes smart cards capable of true mutual
authentication in online transactions. It allows the client side of a transaction to actively verify
the identity of the server before the server identifies the client. This property assists in countering
man-in-the-middle attack. And help protect against website fraud and phishing [2].
• Smart cards reduce transaction costs by eliminating paper and paper handling costs and
reduce document processing costs by allowing immediate access to information stored in smart
cards [2]. In other words, they can contain more detailed data and enable many services to be
integrated.
• A smart card contains all the data needed to personalize networking, Web connection,
payments and other applications. Web servers will verify the user's identity and present a
customized Web page, an e-mail connection and other authorized services based on the data read
from a smart card. Personal settings for electronic appliances, including computers will be stored
in smart cards rather than in the appliances themselves.
• A single smartcard can perform multiple independent tasks [5][12], for example the
college identification card.
• Durability and long expected life span (guaranteed by vendor for up to 10,000 read or
writes before failure).
• Smart cards can communicate with computing devices through a smart card reader.
• Information and applications on a card can be updated without having to issue new cards.
• Smart cards can proceed independently from a back end system or offline.
• In support of authentication process it needs two or sometimes three factors of something
users know (PIN)”, “something users have (card)” or “something users are (biometrics)”.
B. Types of smart card
Smart cards have different types according to their chip and interface to communicate
with the reader. There are two different types of chip:
• Memory chips which are similar to magnetic stripe cards, they are not programmable
after manufacture and only capable to store data. They are suitable for the system that performs a
fixed operation and use as pre-paid cards or identification card, in systems where low cost is the
main consideration [13]. The advantages of this type of card lies in simple technology, and
therefore incur low cost, and also it is easy to support, while the disadvantage is that thecard
cannot be reused once it is empty.
• Microprocessor chips contain a computer on a chip, with operating system, and read or
write memory that can be updated many times. Microprocessor cards contain and execute logic
and calculations, and store data in accordance with their operating [4]. Microprocessor cards are
able to store private keys and execute modern cryptographic algorithms.
• Possible application areas for microprocessor cards include identification, access control
systems for restricted areas and computers, secure data storage, electronic signatures and
electronic purses [14]. Microprocessor cards are useful for multiple applications because of their
storage capacity, level of security, general flexibility, and the ability to execute cryptographic
algorithm. Smart cards interfaces are described by which electrical power is supplied to the
integrated circuit card and data is transferred from the card to an interface device (i.e., smart
card reader). Due to the communication with the reader and functionality of smart cards, they are
classified to the following:
• Contact smart cards require physically communicate with the reader so the reader can
establish a direct electrical contact with the chip. Contact cards are generally used for a wide
variety of applications, including financial transactions and logical access control.
• Contactless smart cards do not require physical contact with the reader but enable
communication with the reader through radio frequency and has an embedded transmitted [1].
Therefore they are particularly suitable for applications in which persons or objects should be
quickly identified [8] such as access control, local public transportation, ski passes, airline
tickets, and baggage identification.
• Hybrid smart cards which contain two chips that are not connected to each other, one of
them support contact interface and another one support contactless interface.
• Dual-interface smart cards that contain a single chip that supports both contact and
contactless interfaces.
The contact card will always be more reliable except for unusual wear of the connector
plate because for an equivalent card there are fewer components and fewer connections. The
main advantage of the contactless card is that the communication channel will operate in some
hostile environments where contacts would be inappropriate. For example, in dirt or chemical
environments, contactless are more appropriate except environments where there is electrical
noise makes the contactless card inappropriate. Contactless card is faster than a contact card and
more expensive to manufacture [6].
C. Smart card applications
The applications of smart cards include their uses as credit or ATM cards, in a fuel card,
SIMs for mobile phones, authorization cards for pay television, high-security identification and
access-control cards, and public transport and public phone payment cards [11].
Smart cards may also be used as electronic wallets. The smart card chip can be loaded
with funds which can be spent in parking meters and vending machines or at various merchants.
Cryptographic protocols protect the exchange of money between the smart card and the
accepting machine [10].
A list of applications for smart card technologies includes:
• Health cards
• Banking (such as ATM cards)
• Network authentication
• Telephony (including card’s for parking lots, gas stations, vending machines, calling)
• Identification (including government identity (ID) cards, employee ID badges and
membership cards)
• Telecommunication (including mobile phone subscriber identification and
administration)
• Transportation (including ticketing and tolling)
• Electronic passports
• Physical access control
• Campus cards
• Financial applications (such as electronic purse, and secure payment through internet)
• Government system (such as electronic benefits transfer, official documents, business
licenses, and voting system)
• Information security (such as access card with secure passwords, and digitally sign
electronic messages)
• Retail and loyalty (such as customer reward)
• Satellite TV
IV. RESEARCHMETHODOLOGY
In this study, to evaluate the user awareness of smart card technology a survey was
conducted. The questionnaire consists of 36 measurement items in six sections. It was distributed
among the forty-six international students of Centre for Advanced Software Engineering (CASE)
at University Technology Malaysia (UTM) in the field of computer science. Students were from
Saudi Arabia, Sudan, Iraq, Yemen, Turkey, Malaysia and Iran. The first section of the instrument
assessed demographic characteristics such as age, gender, and smart card experience. In the
second section, the respondents were asked about their general knowledge and awareness about
smart card.
V. RESULTS
Table 1 summarizes the demographic profile and descriptive statistics of the respondents,
their experience and their frequently use of smart card.
Table 1 shows that 87% of respondents only have less than three smart cards, so it is
recognized that smart card is not used in a large scale.
Table 1: Demographic Profile of the Respondents
In order to access the facilities of CASE buildings all students have been equipped with a
physical access card (which is a contactless smart card), therefore students should use smart card
regularly but as it is shown in Table 1, only 56% of respondents mentioned it, and although
students come to university at least once a week, 22% of them said “I use smart card monthly”.
Fig. 1 below illustrates the smart card applications. In terms of applications, it can be
seen that banking sector with 60% has the highest position. Meanwhile, internet authentication
and credit card with only 4% are at the lowest ranking.
Figure 1. Smart Card Applications
Then, the respondents were asked about how they rank their knowledge about the
technology of smart card. The answers are shown in Fig. 2. 20% of respondents answered they
do not have any knowledge and information about smart card technology. Furthermore, 26%
ranked their level of knowledge more than enough but in previous question (i.e., which of the
smart card applications do you use?) 58% of them did not mention the telecommunication
application of smart card. It explains that they are not aware and they do not know that SIMs is a
kind of smart card.
Figure 2. Respondents’ knowledge ranking
Also from this separation of respondents (26%), 66% are Malaysian who has their own
national identity card but out of this, 62% did not state about government application in the smart
card applications which they use. Moreover, for this segment (government application), there is
another question in the survey that we can refer to. Respondents were asked “Does your smart
card have your photo” and 70% of the respondents answered “no” but we know Malaysian
identity card includes an owner’s photo on it. Additionally, although we know that all the smart
cards do not include the photo 23% answered “yes”!
These results show that users are not sufficiently aware of smart card technology and it
can affect their acceptance of this technology [16].
VI. DISCUSION AND CONCLUSION
According to [16] awareness is defined as “the degree to which an individual are aware
about the technology”. Awareness about technology cause users to look forward to try
technology and at the same time enjoys the various benefits that the system provides [1].
As a real time scenario, suppose person X has received physical access card in order to
use for interior building facilities. Prior to using the access card, a friend of person X who is
person Y (consider as an unauthorized person), needs to use the access card too, so person X
shares his or her smart card. This behavior is an invasion to intellectual property rule and
regulation where the only responsible person is person X to hold security of entire building so if
anything wrong happen in the building person X would be in charge.
In other words, awareness also refers to the effort in providing knowledge and improving
understanding of the smart card. Being aware of the technology will improve users’ judgment
and their ability in using the system in a secured manner [3].
Smart cards contain unique features that bring many benefits. They offer enhanced
security, convenience and economic benefits. However smart card makes possible sophisticated
and portable data processing applications, and is a reliable card but in Middle East countries it is
not well introduced and developed.
Awareness about smart card can assist people to understand the technology and it can
have a positive influence on successful applying smart card technology in society. Findings of
this study show that users are not well aware about the smart card technology. Therefore, further
investigation need to be carried out in the future to identify factors that will enhance their smart
card awareness.
REFERENCES
[1] Al-Alawi, A. I. and Al-Amer, M. A. Young generation attitudes and awareness towards the implementation of smart card in Bahrain: an exploratory study, Journal of Computer Science, 2006.2 (5), 441-446.
[2] Australian Government Technical Interoperability Framework V2, 2005. http://www.agimo.gov.au/publications/2005/04/agtifv2
[3] Bandura, A. Self-efficacy mechanism in human agency, American Psychologist, Vol. 37, No. 2, 1982, pp. 122-147.
[4] Consultation on Australian Government Smartcard Framework; Smartcard Implementation Guide. 2007: Australian government office of the privacy commissioner.
[5] Domingo-Ferrer, J. and Posegga. J. Advances in smart cards. Computer Networks. 2007. 51(9): 2219-2222.
[6] Everett. D, Smart Card Tutorial, Part 11 The Development Environment. First Published in July 1993.
[7] Fancher. C. H. In Your Pocket: Smart Cards, IEEE Spectrum. 1997.
[8] Finkenzeller, K. RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, John Wiley and Sons. 2003.
[9] Government Smartcard Handbook, US General Services Administration, February 2004.
[10] Haddad, A. A New Way To Pay: Creating Competitive Advantage Through The Emv Smart Card Standard, Gower Publishing, Ltd. 2005.
[11] Haneberg, D. and Grandy. H. Verifying Smart Card Applications: An ASM Approach. IFM45, 91: 313-332. 2007.
[12] Liu, X. and Q. Yang, Design of Campus Smart Card System and Its Application in Educational Administration. Zhongbi daxue xuebao zirankexue ban. 2007. 28(2): 134.
[13] Mayes, K. E. and K. Markantonakis. On the potential of high density smart cards. Information Security Technical Report. 2006. 11(3):147-153.
[14] Rankl, W. and Effing, W. Smart Card Handbook, John Wiley. 2003.
[15] Shen, J. J. and C. W. Lin. A modified remote user authentication scheme using smart cards. Consumer Electronics, IEEE Transactions. 2003. 49(2): 414-416.
[16] Taherdoost. H, Masrom. M, and Ismail. Z. Evaluation of Smart CardAcceptance: Security, Technology and Usage. Conference Proceedings of 3th International Conference on e-
Commerce, e-Administration, e-Society, and e-Education (e-CASE). The Grand Copthorne Waterfront Hotel, Singapore, January 8-10, 2009.
[17] Venkatesh, V., Morris, M. G., Davis, G. B. and Davis, F. D. User acceptance of information technology: toward a unified view, MIS Quarterly, 2003. 27 (3), 425-478.