7.3.2 Physical Characteristics

Card types

Within the family of smart cards, there are two general categories: cards with contacts and cards without contacts. Contact cards contain physical contact points on the surface of the card that allow transmission of commands, data, and status information between the card and a card reader. Contactless cards also require physical contact with a reader, but get their power via induction rather than through one of the contacts. This difference affects only the very lowest level (physical level) of the protocols used with smart cards.

Physical specifications

Focusing now on contact smart cards, potential uses depend on card specifications. Microprocessor and memory technology have steep technology curves, but the following specifications of typical available contact smart cards can serve as a current baseline (March 1994):

Clock rate

3.5-8 MHZ.

Non-volatile memory

8-16 Kbytes (for data storage).

ROM

8-16 Kbytes (for the card operating system).

RAM

Around 256-500 bytes of RAM (for operating systemcomputation).

EEPROM

2-8 Kbytes (externally-accessible, non-volatile).

Write cycles

Approximately 104-105.

Processing time

Average of about 60 milliseconds (including transmission time) to retrieve a 56-bit number from a protected elementary file on the card. Depends primarily on transmission time between the host system and the card reader, so varies depending on capacity of that line.

Cost

On the order of $7-$12/card in quantities of 1000-5000; card reader cost is on the order of $150-200 each in quantities of 100-500.

In the next few years, 16-32 bit RISC processors running at 20 MHz are likely to become available on smart cards. This will define a new generation of smart cards, as the power requirements and frequency radiation of these processors can not be handled within the current ISO 7816-1,2 standard format. By 1995, it is expected that FRAM technology will be available, supporting more write cycles (108). This technology may also be incorporated into the new generation, although currently it is too expensive.

Physical security characteristics

Smart cards incorporate physical tamper-resistance circuitry that responds to tampering by inhibiting the output function. There is a dielectric ``passivation layer'' covering the chip. The passivation layer protects the chip from impurities and dust, and prevents passage of radiation associated with probes, including electron-beam microscopy. The circuitry is capable of reacting to light (indicating the passivation layer has been broken); temperature, voltage, and frequency fluctuations outside the specified operating range. There are physical memory protection mechanisms, including memory scrambling, which make reverse engineering more difficult and hinders an attack trying to erase a selected data item in memory. Fuses are used during the manufacturing cycle to permanently disable ``test'' mode(s) once tests have been passed and the card is ready for distribution to issuers.

Smart cards can be manufactured with varying levels of physical security features, with higher costs associated with higher levels of security. Purchasers must evaluate with the vendor the level of physical security appropriate to their application.