   Scientific American, August, 1996, pp. 40-45


   Smart Cards. As potential applications grow, computers in
   the wallet are making unobtrusive inroads

   By Carol H. Fancher


   The semiconductor revolution has advanced to the point
   where the computing power that once took up an entire room
   can now be lost among the spare change, house keys or candy
   wrappers in the average pocket. For more than 10 years,
   "smart" credit cards incorporating tiny chips have been in
   use in France and other parts of Europe. A set of
   standardized contacts on the front of each card supplants
   or supplements the familiar coded magnetic stripe on the
   back. Although the U.S. has been lagging in the use of this
   technology, a series of ongoing pilot programs may soon
   change that situation. Some pundits have criticized smart
   cards as a technology endlessly in search of meaningful
   applications, but the divergent experiences of different
   countries show that the issues are more complicated.

   Curiously, telecommunications policy has been one of the
   major influences on the deployment of smart cards. In the
   U.S., where telephone calls are cheap and it is a simple
   matter to attach a magnetic-stripe reader to a phone line,
   the fraud-reduction aspects of smart cards are not
   necessarily worth the extra expense. Instead merchants can
   dial up a central database to make sure a card is valid
   before completing a transaction. In Europe, where calls are
   generally more expensive and connecting modem-equipped
   devices to phone lines is more difficult, security was a
   significant driving force behind smart-card introduction.

   The French, for example, made the switch during the
   mid-1980s because fraud rates were unacceptably high and
   rising. With smart cards, merchants do not have to go
   on-line to centralized databases. They can rely on personal
   identification numbers (PINs) to verify the ownership of a
   card simply by checking the PIN typed in by a customer
   against the record on the card itself. Furthermore, the
   chips are more resistant to tampering than magnetic
   stripes, which can be read and written on with readily
   available equipment. Over 20 million smart cards are now in
   use in France.

   One motivation for smart-card introduction in the U.S.
   today is the possibility of multiple uses for the same
   card. In theory, the same silicon-imbued piece of plastic
   could serve as personal identification, credit card,
   automated teller machine (ATM) card, telephone credit card,
   transit pass, carrier of crucial medical information and
   cash substitute for small transactions in person or over
   the Internet. Additional uses are limited mostly by
   issuers' imaginations and consumer acceptance. As a single
   card becomes able to hold more parts of a person's life,
   security and privacy concerns will have to be met; cards of
   the future will probably be highly personalized.

   Standardizing Intelligent Transactions

   Smart cards are becoming more attractive as the price of
   microcomputing power and storage continues to drop. They
   have two main advantages over magnetic-stripe cards. First,
   they can carry 10 or even 100 times as much information --
   and hold it much more robustly. Second, they can execute
   complex tasks in conjunction with a terminal. For example,
   a smart card can engage in a sequence of questions and
   answers that verifies the validity of information stored on
   the card and the identity of the cardreading terminal. A
   card using such an algorithm might be able to convince a
   local terminal that its owner had enough money to pay for
   a transaction without revealing the actual balance or the
   account number. Depending on the importance of the
   information involved, security might rely on a personal
   identification number such as those used with automated
   teller machines, a midrange encipherment system, such as
   the Data Encryption Standard (DES), or a highly secure
   public-key scheme.

   Smart cards are not a new phenomenon. They have been in
   development since the late 1970s and have found major
   applications in Europe, with more than a quarter of a
   billion cards made so far. The vast majority of chips have
   gone into prepaid, disposable telephone cards, but even so
   the experience gained has reduced manufacturing costs,
   improved reliability and proved the viability of smart
   cards. International and national standards for smart cards
   are well under development to ensure that cards, readers
   and the software for the many different applications that
   may reside on them can work together seamlessly and
   securely. Standards set by the International Organization
   for Standardization (ISO), for example, govern the
   placement of contacts on the face of a smart card so that
   any card and reader will be able to connect.

   Industry-specific standards are being developed for cards
   to be used in applications as diverse as digital cellular
   phones, satellite and cable television and, of course,
   finance. Recently Visa, MasterCard and Europay agreed on a
   common specification for smart cards that defines the basic
   protocols for communication between cards and readers
   (analogous to the RS-232 standards that govern
   communication between personal computers and modems). The
   specification is general enough so that virtually any kind
   of information can be exchanged by hardware and software
   that conform to it. As a result, this agreement could bring
   the convenience of a single card for purchases, ATM
   withdrawals, frequent flier miles and even Internet access.

   Under the Hood

   Standards dictate a card's shape and electrical
   connections, but the technology inside has gone through
   significant evolution. The simplest "memory" cards contain
   only nonvolatile memory and a limited amount of logic
   circuitry for control and security. They typically serve as
   prepaid telephone cards -- a terminal inside the pay phone
   writes a declining balance into the card's memory as the
   call progresses; the card is discarded when its balance
   runs out.

   Smart cards are more sophisticated and contain a chip with
   a central processing unit and various kinds of short- and
   long-term memory cells. Some versions may also incorporate
   a special coprocessing circuit for cryptographic operations
   to speed the job of encoding and decoding messages or
   generating digital signatures to validate the information
   transferred. [For more information on the kinds of
   cryptographic protocols that could be employed in smart
   cards, see "Confidential Communication on the Internet," by
   Thomas Beth; SCIENTIFIC AMERICAN, December 1995, and
   "Achieving Electronic Privacy," by David Chaum; SCIENTIFIC
   AMERICAN, August 1992.] Smart-card standards place no
   limitation on the amount of processing power in the card as
   long as the chip in question can fit the space allotted for
   it under the contact pad.

   Current smart cards, made by firms such as Giesecke &
   Devrient, Gemplus, Schlumberger and Solaic, range in price
   from less than $1 to about $20. (The silicon inside the
   cards is made by companies such as Motorola, Siemens and
   SGS-Thompson.) A magnetic-stripe card, in contrast, may
   cost between 10 and 50 cents, depending on whether the card
   is bare or incorporates a photograph or a holographic patch
   and on how many cards are made at once.

   Because the cards are dependent on an outside power source
   provided by the reader interface, any information held in
   conventional random-access memory (RAM) will be lost every
   time it is removed from a reader. Hence, smart-card
   microprocessors use only a few hundred bytes of RAM as a
   scratchpad for working on transactions in progress. The
   software that controls a card's operations must survive
   from one use to the next, and so it occupies between three
   and 20 kilobytes of permanent nonvolatile read-only memory
   (ROM). The contents of the ROM are fixed in the chip when
   it is made. The personal, financial or medical data that
   give each card value to its owner reside in an alterable
   nonvolatile memory (EEPROM, for electrically erasable
   programmable read-only memory) of between one and 16
   kilobytes.

   The need for security influences the design and handling of
   the card, its embedded circuitry and its software.
   Microprocessors used in smart cards are specifically
   designed to restrict access to stored information and to
   prevent the card from use by unauthorized parties.
   Typically a card will work only in a well-characterized
   operating environment.

   For example, criminals may attempt to force the card to
   operate outside certain voltage or clock frequency ranges
   in the hope that it will display weaknesses that can be
   exploited; a properly designed device will automatically
   fail to respond under such conditions. In some cases,
   circuit links may be designed to become inoperable once a
   card has been programmed, so that vital data cannot be
   altered. Manufacturers also employ special tamper-resistant
   techniques that would prevent a thief from getting to the
   microscopic circuitry directly.

   Most smart cards require physical contact between the card
   and pins in the reader, but a growing set of applications
   depends on so-called contactless cards. Short-range cards
   operate by electrical inductive or capacitive coupling with
   the reader and card a millimeter or so apart; longer-range
   ones communicate by radio signals. (The radio-frequency
   energy emitted by the reader also powers the cards, which
   must therefore be extremely sparing of current.)
   Contactless smart cards are often used in situations where
   transactions must be processed very fast, as in mass-
   transit turnstiles. Transit system operators in Hong Kong,
   Washington, D.C., Manchester, England, and about a dozen
   other cities have tested contactless cards; Hong Kong will
   issue three million cards by 1997.

   Developers and users are working together to develop firm
   standards for long-range contactless cards. Efforts are
   also under way to standardize hybrid cards that can
   communicate either directly or by radio links. Lufthansa,
   the German national airline, has already begun issuing a
   hybrid card to frequent fliers; the contactless part serves
   as an ID card for the firm's paperless ticketing system,
   and the contacts make for a European-standard smart credit
   card. Roughly 350,000 will be in circulation by year's end.

   The smart card is a technical achievement in its own right;
   it is, however, merely the most identifiable part of a
   vastly larger transaction system that surrounds it. The
   traits of this infrastructure may have much more influence
   on the evolution of the card's role in society than do the
   characteristics of the card itself. It is therefore
   important to see how the card would function as part of the
   larger system to understand why it might be appealing.

   The Big Picture

   Consider, for example, the stored-value card, at present
   the most common application of chip-card technology. The
   attractions of such a card hinge on the relatively high
   overhead costs of alternatives such as credit cards or
   cash. Even in the U.S., verification costs are too high to
   allow a profit on conventional card transactions smaller
   than a few dollars. The stored-value card minimizes
   transaction costs by carrying monetary value directly,
   instead of merely acting as a pointer to an account. It
   transfers the digital equivalent of bills or coins to a
   merchant's digital "cash register," whereupon they can be
   deposited in a bank. Children, tourists and others who do
   not have a local bank account can use these cards, which
   can even be sold from vending machines.

   Such cards are particularly attractive for pay phones,
   parking meters, photocopiers and vending machines. By
   eliminating the coin box, they remove a tempting target for
   thieves and vandals. Although digital tills must be secured
   against both unauthorized emptying and stuffing with
   counterfeit electronic cash, these problems appear easier
   to handle than their physical counterparts.

   Bypassing the handling of money in paper or metallic form
   could generate significant savings. Economists estimate
   that counting, moving, storing and safeguarding cash cost
   about 4 percent of the value of all transactions. The
   interest lost by holding cash instead of keeping money on
   deposit is also substantial. The Royal Bank of Canada,
   which is participating in digital-cash trials in Ontario,
   keeps about a billion dollars on hand at all times.

   The costs per transaction of stored-value cards tend to be
   lower than those for credit cards and cash, but initial
   capital costs tend to be higher. The cards themselves cost
   more, and whoever pioneers their use must bear the expense
   of installing an infrastructure of card readers. In
   addition, software designed to process transactions by
   credit and debit card must be modified to deal with the new
   form, which more closely resembles a digital traveler's
   check. A typical smart-card reader costs over $100, roughly
   comparable to the price of the box that reads a
   magnetic-stripe card and calls a credit-card company to
   verify a transaction. There are over 13,000 smart-card
   readers in the U.S. versus more than five million devices
   capable of dealing with conventional credit cards.

   More than two dozen companies are working on smart-card
   readers, and prices will no doubt drop with volume
   production. Nevertheless, the amount of equipment that must
   be installed is substantial. Outside the U.S., the number
   of stored-value cards is steadily growing, with major
   national programs implemented or planned in Australia,
   Canada, Chile, Colombia, Denmark, Italy, Portugal,
   Singapore, Spain, Taiwan, the U.K. and elsewhere. Levels of
   consumer acceptance vary; the cards provide clear potential
   savings for banks and merchants, but transforming those
   benefits into incentives for users can be difficult.
   National banking authorities are also understandably
   cautious about what is in effect a new method of printing
   money, with no fixed rules about whose authority guarantees
   its value.

   Most stored-value cards now in use are disposable.
   Reloadable devices would work the same way for making
   purchases but would have extra software that would enable
   a consumer to transfer money to a depleted card.
   (Encryption or other security techniques would help ensure
   that a card could be recharged only in a legitimate
   transaction.) Citibank, Chase Manhattan, Visa and
   MasterCard are assembling a pilot program for stored-value
   cards in New York City. The companies will issue reloadable
   smart cards to approximately 50,000 customers; the cards
   will also have magnetic stripes for conventional
   transactions. About 500 stores, restaurants and other
   merchants will have readers capable of accepting
   electronic-cash transactions. More than one million stored-
   value cards are also being issued for the 1996 Olympic
   Games in Atlanta; they can be used in Olympic venues and at
   several thousand nearby shops.

   A number of groups are backing competing smart-card schemes
   for stored-value. All use essentially the same hardware,
   but their software differs. Manufacturers of card readers
   are therefore developing equipment capable of handling
   multiple protocols. It is not yet clear which system
   consumers will favor, and each has its own strengths and
   weaknesses. The stored-value protocols of the New York and
   Atlanta pilot programs, for example, are relatively simple
   but limited -- for example, there is no provision for
   rescinding or replacing the value of a card that is lost or
   stolen. The DigiCash system, which relies on complex
   cryptographic protocols, is both secure and untraceable but
   requires more processing power and hence more expensive
   cards. The British Mondex system, meanwhile, is intended as
   a full-scale secure cash replacement: electronic money can
   pass from one user to another indefinitely without being
   redeposited in a bank. A trial is under way in Swindon in
   the southwest of England, and another one is beginning in
   Guelph, Ontario, where even parking meters will accept
   digital currency.

   Protecting Health

   In a mark of the technology's versatility, smart cards can
   also carry vital medical information. Instead of just
   indicating that a person has medical insurance, for
   example, a card can store details of the coverage. It can
   also provide basic medical information, such as lists of
   drug sensitivities, current conditions being treated, the
   name and phone number of a patient's doctor and other
   information vital in an emergency. An intelligent card that
   carries only the information most relevant to current
   treatment can streamline care significantly even as it
   bypasses the potentially intractable privacy and ownership
   concerns that would arise if health care administrators
   attempted to place every patient's complete medical history
   on a chip for easy portability.

   Indeed, simply automating the process of entering a
   person's name and account number into medical forms can
   make insurance processing much more efficient. Germany has
   recently begun to issue to all its citizens chip cards that
   will carry their basic health insurance information, and
   France is investigating a similar program. Both countries
   have thus far decided against storing more sensitive data
   on chips until legal, ethical and security issues can be
   ironed out.

   In France and Japan, kidney patients can carry cards that
   hold their dialysis records and treatment prescriptions.
   Dialysis patients often need their blood cleansed two or
   three times a week. Each session involves a particular set
   of machine parameters and a personalized combination of
   drugs as well as the use of a kidney dialysis machine.
   Before the introduction of the smart cards, patients could
   go only to the local dialysis center where their records
   were kept, but now they have the geographic mobility most
   of us take for granted. Security checks built into the
   cards help to ensure that no one except doctors and other
   authorized persons can read or update treatment
   information.              

   Personal Communication

   Because the telecommunications costs involved in verifying
   credit-card transactions have played a crucial role in the
   history of smart cards, it is perhaps appropriate that one
   of the device's most innovative applications is at the
   heart of a new generation of mobile communications. The
   Global System of Mobile Communications (GSM) is a technical
   specification for digital cellular telephones; about 10
   million people have GSM phones, and service is available or
   under development in more than 85 countries. Every GSM
   handset is designed to accept a smart card that carries
   information about the telephone number of the card's owner
   and the suite of services it can access. A Swiss executive
   traveling to Belgium can just remove the smart card from
   her GSM unit at home and plug it into a rented or borrowed
   unit at her destination. When callers dial her number, the
   switching system will automatically locate the handset with
   her smart card anywhere in the world and deliver the call
   to it. In addition, the smart card can encrypt the
   transmission, preventing the casual eavesdropping possible
   with other forms of cellular phones.

   As with other smart-card applications, the U.S. lags behind
   many nations in GSM services. There are a few pilot
   programs in place, but widespread deployment is not
   expected until 1997. The GSM systems being built in the
   U.S. operate at a frequency of 1.9 gigahertz instead of the
   1.8 gigahertz used elsewhere and employ two competing,
   incompatible technologies. As a result, handsets may be
   useless outside their home range. The smart cards that
   animate them, however, should work anywhere.

   Cards That Know You

   If smart cards can give identity to an electronic device,
   will they eventually serve as foolproof credentials for
   humans as well? Smart cards can carry much more information
   than the paper or plastic rectangles that are used to
   constitute drivers' licenses, insurance cards or other
   kinds of identification. And they can probably carry it
   more securely. ID cards often have a picture and signature
   so that authorities can make sure the bearer matches the
   card. Smart cards can store a PIN to improve security, but
   they can also add a catalogue of other biometric
   identifiers: voiceprints, fingerprints, retina scans, iris
   scans or dynamic signature patterns. Presented with a card
   holding a reference pattern of some kind, computers can
   determine with a remarkable degree of accuracy how well its
   bearer matches that pattern. Customs authorities in the
   Netherlands have already tested a system to speed passport
   checking at the airport for frequent fliers: the person
   puts a finger on a glass plate, and a video camera captures
   the fingerprint; a computer then compares the video image
   with a reference print stored on the smart card. With the
   template on a smart card, there is no need to connect to a
   centralized database to confirm a person's identity. Such
   matching techniques are as yet imperfect -- the smart cards
   function well, but the algorithms for deriving and
   comparing the biometric patterns are still imperfect.
   Furthermore, designers must decide whether they are more
   interested in rejecting impostors or making sure that
   legitimate cardholders are always accepted. A card that
   subjects its owner to the embarrassment of an ID mismatch
   even once a year is unlikely to find wide acceptance.

   This consideration and others suggest that smart cards have
   reached a first plateau of technological maturity: their
   capacity is no longer the limiting factor in systems that
   employ them. Instead their future depends on software
   design, economics, liability and privacy concerns, consumer
   acceptance and a host of other political and personal
   issues.

   _________________________________________________________

   [Five photos of card usage] Atlanta, Georgia is the site of
   the largest trial thus far of smart cards in the U.S. More
   than one million cards will be sold in conjunction with the
   1996 Olympic Games. Cards can be used at Olympic event
   sites and at restaurants and shops throughout the city.
   Turnstiles in the subway system also accept the cards.

   [Photo] Smart card contains memory and a microprocessor
   underneath gold contact pads. The position of the pads is
   governed by standards so that cards and readers from many
   sources can work together.

   [Graphic] Stored-value cards are electronic analogues of
   the traveler's check. They can be used to purchase items
   ranging from fast food to parking. Consumers buy cards
   already loaded with monetary value from a dispenser and use
   the cards for small transactions. Card readers transfer
   information to banks periodically for credit to the
   merchant's account, either directly or through a
   clearinghouse. Sophisticated stored-value cards may be
   reloaded; simple ones are discarded when their cash is used
   up.

   [Photo] Swindon, England, is the site of an ongoing trial
   of Mondex, an "electronic purse" system in which smart
   cards exchange digital funds. Unlike most other
   stored-value systems, Mondex allows electronic currency to
   pass from hand to hand indefinitely without being
   redeposited. About a quarter of the people in Swindon use
   the cards at shops, restaurants, laundries and newsstands.
   Another trial starts this fall in Guelph, Ontario, where
   even parking meters will accept cards.

   [Table not included here] Some Smart-Card Applications 

   [Graphic] Cellular telephones based on the GSM standard are
   lifeless without a smart card to animate them. The card
   holds the subscriber's phone number and other account
   information. It can also perform digital signal processing
   to encrypt the conversation and foil the eavesdroppers who
   bedevil users of conventional cellular phones.

   _________________________________________________________

   The Author

   Carol H. Fancher has been working at Motorola for the past
   four years to define and develop the U.S. smart-card
   market. Before joining Motorola, she held engineering
   positions at Tracor, Ford Microelectronics and the
   Fraunhofer Institute for Integrated Circuits in Erlangen.
   In 1979 Fancher received a B.Sc. in electrical engineering
   from the University of Texas ar Austin.

   Further Reading

   GET SET! SMARTCARDS ARE COMING TO AMERICA. Patrick Gauthier
   in Portable Design, Vol. 1, No. 6, pages 31-34; May 1996.

   A CHIP OFF THE OLD SECURITY BLOCK. Andrea McKenna Findlay
   in Card Technology (Faulkner & Gray), Vol. 1, No. 2, pages
   52-60, May/June 1996.

   CRYPTOGRAPHIC SMART CARDS. David Naccache and David M'Raihi
   in IEEE Micro, Vol. 16, No. 3, pages 14-24;June 1996.

   PUBLIC-KEY SECURITY SYSTEMS. Mahdi Abdelguerfi, Burton S.
   Kaliski, Jr, and Wayne Patterson in IEEE Micro, Vol. 16,
   No. 3, pages 10-13; June 1996.


   [End]







