About
Subscribe

Smart cards: The future has arrived

Rodney Weidemann
By Rodney Weidemann, ITWeb Contributor
Johannesburg, 07 Mar 2003

While smart cards have been in existence for some time and there are examples of the successful implementation of cards with microprocessors in many different industries, the next step is to make multiple applications available on a single card.

This is where GlobalPlatform comes in, according to Stuart Brocklehurst, senior VP of Visa CEMEA (Central and Eastern Europe, Middle East and Africa), presenting a paper at the Smart Card Society of Southern Africa`s conference in Cape Town.

Brocklehurst says GlobalPlatform, which is an open standards organisation and was formed in 1999 by companies interested in issuing multiple application smart cards, focuses on developing common specifications and infrastructure for these cards.

"The main reason smart cards did not take off earlier was due to the different standards employed, but since the development of the Europay/Mastercard/Visa [EMV] payment chips, which operate to a common standard, the use of these chip cards has taken off."

He says that in SA, the country has gone from having no EMV payment terminals to approximately 30 000 in the past year, and Visa expects there to be some 70 000 by September this year.

"Smart cards are far more secure than the magnetic stripe cards, as a magnetic stripe can only hold 79-bits of , while a microprocessor card can hold 32 000-bits of information," says Brocklehurst.

"Many cards today have both a magnetic stripe and a chip, and the reason for this is that Visa is accepted everywhere - there are around 29 million terminals worldwide - so it is obvious that not all of them can read the chips yet. These will be upgraded in time, but it is a long-term process.

"Because chip cards can store so much data, the ultimate aim is to move from a world where you have to carry different cards for different applications, to one where a single card can be used for anything from financial applications to corporate authentication. It could even eventually replace your passport, as it can carry all the relevant information."

He says there are a number of levels of security that can be contained on a card, and that it could even be used to contain biometric information - fingerprint or retinal comparisons - which can be scanned and compared.

Biometrics ID cards in action

Biometric identity cards are already in use with the US Department of Defence, which also had representatives at the conference who presented a paper on this subject.

"The department chose GlobalPlatform for its security cards because there is already a high level of tried and tested security here, due to the financial applications that these cards are already used for," says Kenneth Scheflen, director of the Defence Manpower Data Centre.

"It allows us to apply different levels of security for different levels of access and can include fingerprint identification, whereby the card carrier`s print is scanned and compared to the print stored in the chip`s memory, to make certain that the card belongs to the carrier."

He says the department played around with the idea of smart cards for several years, but the return was judged to not be worth the initial outlay, until the development of Public Key Infrastructure (PKI).

"In order to implement the PKI, we had to find a token on which to store the relevant information and smart cards were deemed to be the most viable token to use," says Scheflen.

According to Bill Boggess, head of the department`s Authentication and Access Technology Division, security is one of the biggest concerns with card usage, and a distinction needs to be made between smart cards and what he calls "dumb" cards.

"Dumb cards only store information which is then taken off the card to be read. Smart cards run applications, so the information remains secure in the card`s microprocessor."

He says the beauty of using smart cards in the department lies in the fact that a single card can be used for multiple applications.

"The card serves as your key to access your PC, but it also, for example, serves as your ID card, so whenever you want to move around the building, you must take the card out of your PC, leaving it secure from unauthorised access.

"Another advantage comes when two people are connected through a secure socket layer connection. The cryptographic processes on the card mean that both users can verify who is on the other end of the connection," says Boggess.

He says that while certain cards already use biometric information, the department will pilot true biometrics within a year, which will provide for fingerprint, iris, retinal and voice scanning options.

Smart card moves locally

Locally, the idea of using smart cards as a means of payment for commuters who use the minibus taxi industry has long been mooted, and now that multiple application cards are on their way, this may be a viable option.

Figures show that some 3 000 chip transactions have already taken place in SA, although these have been from foreign-held cards, but it is expected that will begin issuing smart cards locally by the end of this year.

It seems that the future has arrived. As Brocklehurst says: "This could well prove to be the biggest technological change that the world has seen in the past 50 or so years."

Related articles:
SA financial institutions gear up for mass smart card adoption

Share