The type of information held, and the way this information is controlled, gives rise to the infinite variety of smart card uses. The plastic card has words and pictures printed on it which can be understood by the card holder and people he meets. The integrated circuit holds information in electronic form that can be easily, securely and accurately accessed by all sorts of electronic data processing equipment. This unique combination means that the smart card is a bridge between man and machine.
There are several types of plastic used for smart cards. The main types are PVC and ABS. PVC can be embossed but is not recyclable. ABS cannot be embossed but is recyclable. Within 5 years there are likely to be 1 billion smart cards used per year. So recycling cards will be important.
The basic mechanisms of access control are described below, and
illustrated using the examples mentioned in the first part of this
document.
There are two types of access control:
Who can access
the information?
Everybody, the card holder or a specific third party?
How information
can be accessed?
Can it be read, added to or even modified or erased?
Who can access
the information?
Examples:
Some smart cards will only allow access to information if they are
given the correct password. If you possess the password you can have
access to the information. A password may be a number that the card
holder has to remember, it may be hidden in another smart card that
only authorized people possess, or it may just be inside the specific
telephone or sales terminal used with the smart card. Most
sophisticated smart cards have the ability to recognize several
passwords.
This means that in the case of a health card, the patient, the doctor,
the hospital administration, and the health insurance organization
could each have their own password giving them different access rights
to sections of information held in a patient's health card.
Everybody
In some cases no password is used. So everybody can access the
information. For example, in the health card, emergency medical
information such as blood group and the patient's name are not
protected by a password.
Card Holder Only
The most common form of password for card holders is a PIN (Personal
Identification Number), a 4 or 5 digit number to be typed in at a key
pad. The meaning of typing in a PIN is ``This card is mine, I give my
permission to debit my account or access my medical file.'' In theory,
if a smart card is lost or stolen and it is protected by a PIN, it
cannot be used. If somebody tries to guess the PIN, most smart cards
will just lock-up after 3 wrong attempts. PINs have two disadvantages,
people can forget them, and it is possible to `steal ` a PIN by
watching carefully when a card holder uses it. In the next few years
better passwords for card holders which do not have these disadvantages
are likely to appear.
Third Party Only
For example, when a doctor needs to consult a patient's health card, he
needs a password, this password is hidden in his doctor's card. As only
correctly trained doctors are issued with these cards, only they are
able to consult patients' cards.
How can the
information be accessed?
Read only
Some information in the smart card can only be read. The information is
fixed like a book, where information cannot be added, modified or
erased. Some of the information in a prepaid telephone card is like
this. This information contains a unique number for each card, the
number of units in the new card, and an indication of who manufactured
it. This information can be easily read, but cannot be modified in any
way.
Add only
Some information in the smart card can only be added to but no erased,
like engraving information in a stone. Information cannot be modified
or erased, and information can only be added while there is room. If
information can be added it can also be read. Units are used in a
telephone card by adding information, like ticking off boxes. When all
the boxes are ticked, no more units are left. Ticks can only be added
and never erased, so nobody can refill the card.
Modify or erase
Information in the smart cards can be modified or erased like writing
on a blackboard. This also implies that information can be added while
there is room.
No access
Some information in a smart card can never be accessed. While this
might appear rather useless, it is necessary for smart cards to be able
to carry secrets the can never be revealed. The use of these secrets
will be explained in ``When passwords are not enough.'' With a careful
use of passwords, it is possible to avoid incorrect use of information,
either by error or by intent. It is possible to summarize the
information in a smart card, and the access control of this information
(who and how) in a table. Take the example of a medical card in the
table above. Information can be freely distributed in a smart card, and
yet only accessed by the people who are authorized.
When passwords are
not enough
A smart card can restrict the use of information to an authorized
person with a password. However if this information is then transmitted
by radio or telephone additional protection is necessary.
One form of protection is ciphering, which is like translating the
information into some unknown foreign language. Imagine two Martians
talking loudly in a London bar, everyone can hear, but only the
Martians can understand and use the information.
Some smart cards are capable of ciphering and deciphering (translating
back to a form that can be easily understood), so that the information
stored in them can be transmitted without compromising confidentiality.
The ciphering scheme usually used is actually far more complex than the
situation of our two Martian friends in London. Smart cards can cipher
into billions and billions of ``foreign languages'', and choose a
different language at random every time they start a conversation. This
makes eaves-dropping virtually impossible.
When a smart card and a computer system need to exchange confidential
information over the telephone, they start by playing a complicated
number game. The rules for this game are only known to genuine cards
and genuine computers. It is impossible to play the game if the rules
are not known, so any attempts to break into the system are easily
detected and eliminated.
If the game is correctly played, the genuine card knows that it is
talking to a genuine computer and visa versa. This is known as
authentication and some serious information exchange can now take place.
During a successful authentication game one of the billions of possible
``foreign languages'' is selected, and only the players can know what
it is. Information can then be transmitted in a language which is
unknown to anyone else, even if they listened to the whole game.
The ability of smart cards to enable totally secure communication is
used in the GSM radio phone network. Even when the network covers the
whole of Europe, only radio phones with a valid subscription card will
be able to use it.
How smart is a smart
card?
Some smart cards are smarter than others. The simplest cards, like the
payphone cards, are smart enough to be virtually impossible to copy or
falsify, but offer no protection in case of loss. If you lose your
payphone card, anyone can use it. Other smart cards have one password
to restrict its use to one person or machine, and the most
sophisticated cards manage several passwords and can use authentication
and ciphering techniques to combine total freedom with total security.
The simplest smart cards can cost less than $1 in large quantities, whereas the most sophisticated can cost in the range of $6-10 according to how much information they can hold.