Within the family of smart cards, there are two general categories: cards with contacts and cards without contacts. Contact cards contain physical contact points on the surface of the card that allow transmission of commands, data, and status information between the card and a card reader. Contactless cards also require physical contact with a reader, but get their power via induction rather than through one of the contacts. This difference affects only the very lowest level (physical level) of the protocols used with smart cards.
Focusing now on contact smart cards, potential uses depend on card specifications. Microprocessor and memory technology have steep technology curves, but the following specifications of typical available contact smart cards can serve as a current baseline (March 1994):
In the next few years, 16-32 bit RISC processors running at 20 MHz are likely to become available on smart cards. This will define a new generation of smart cards, as the power requirements and frequency radiation of these processors can not be handled within the current ISO 7816-1,2 standard format. By 1995, it is expected that FRAM technology will be available, supporting more write cycles (108). This technology may also be incorporated into the new generation, although currently it is too expensive.
Smart cards incorporate physical tamper-resistance circuitry that
responds to tampering by inhibiting the output function. There is a
dielectric ``passivation layer'' covering the chip. The passivation layer
protects the chip from impurities and dust, and prevents passage of
radiation associated with probes, including electron-beam microscopy. The
circuitry is capable of reacting to light (indicating the passivation
layer has been broken); temperature, voltage, and frequency fluctuations
outside the specified operating range. There are physical memory
protection mechanisms, including memory scrambling, which make reverse
engineering more difficult and hinders an attack trying to erase a
selected data item in memory. Fuses are used during the manufacturing
cycle to permanently disable ``test'' mode(s) once tests have been passed
and the card is ready for distribution to issuers.
Smart cards can be manufactured with varying levels of physical security features, with higher costs associated with higher levels of security. Purchasers must evaluate with the vendor the level of physical security appropriate to their application.