True or false: Smart cards are the same as RFID cards. The correct answer is false, although many people use the terms synonymously. Headquartered in Princeton Junction, N.J., the Smart Card Alliance (SCA) is a not-for-profit association working to promote understanding and widespread application of the technology. Randy Vanderhoof, executive director, acknowledged the tendency to categorize contactless smart card technology as RFID causes confusion and complicates efforts to educate the marketplace. “It has become a large market with diverse products and capabilities. There is no singular definition that satisfies all the different technical variations, form factors and uses,” he observed.
What’s What
RFID uses radio waves to transmit information wirelessly by way of a data-containing device with a silicon chip and an antenna, and a reader with an antenna that captures the data when the device is within its range. Smart card technology involves an embedded integrated circuit that can be either a secure microcontroller, an equivalent intelligence with internal memory or a memory chip alone. Contact smart cards connect to readers with direct physical contact, while contactless smart cards communicate with readers through remote radio frequency interfaces. There are also versions containing both, called dual interface cards. Contactless cards require only close proximity to readers, and are ideal for applications demanding a very fast card interface—for instance, building entry, transit passes and low-value payment purposes. Smart cards with embedded microcontrollers can store large amounts of data and interact intelligently with smart card readers for high-security applications. Smart cards with memory chips are ideal for low and medium security applications.
“SCA [defines] smart cards ... [as] integrated circuit-enabled devices which contain a microprocessor chip capable of performing calculations and communicating data to other devices, such as readers. RFID technology generally does not contain microprocessors, and more closely operates like barcodes,” said Vanderhoof. He went on to explain RFID tags store static data and communicate at a variety of speeds and radio frequency ranges. For example, the RFID technologies used in manufacturing, shipping and object-related tracking can operate over long ranges up to 25 feet. They also have minimal built-in support for security and privacy. On the other hand, RF-enabled contactless smart cards only communicate over a specific RF frequency (13.56 MHz) and range (10 cm/ 4 inches), and are designed with security features, including encryption, to increase security of the RF communications.
Besides contact and contactless smart cards, there are two additional categories:
• Dual-interface card—Contains a single chip with both contact and contactless interfaces, making it possible to access the same chip using either a contact or contactless interface with a very high level of security.
• Hybrid card—Contains two chips (one with a contact interface and one with a contactless interface) which are not interconnected.
The chips used in the cards fall into two categories, as well:
• Microcontroller chips—Similar to a miniature computer with an input/output port, operating system and hard disk, they offer the ability to add, delete and otherwise manipulate information in the memory. Smart cards with embedded microcontrollers have the unique ability to store large amounts of data, carry out their own on-card functions—such as encryption and digital signatures—and interact intelligently with a smart card reader.
• Memory chips—Like a small floppy disk with optional security, they are less expensive than microcontrollers, but offer decreased data management security. They depend on the security of the card reader for processing, and are ideal for situations requiring low or medium security.
Vanderhoof pointed out that other than low-end transportation fare cards used in many countries, the United States has the biggest install base of RF-enabled access badges (HID Prox technology is the biggest), the most electronic passports issued (more than 20 million), the most government-issued federal ID badges (more than 400,000) and the most contactless payment cards (more than 35 million). “All of these have RF technology. There are more contact smart cards issued in Europe. They’re used in most credit cards and healthcare cards there. But, Europe has also had a 20-year head start on the United States,” he continued.
The Homeland Security Presidential Directive #12 [HSPD-12], is a policy regarding a common identification standard for federal employees and contractors. Issued on Aug. 27, 2004, HSPD-12 continues to drive smart card usage for secure identification and access. “The HSPD-12 directive is having a huge impact on the security industry. HSPD-12 started a national standardization effort (NIST FIPS 201) for defining what a secure identity credential is, and how it will work in an interoperable way that has now become an international standard effort (ISO24727),” said Vanderhoof. “As a result, it has changed the way physical access systems verify ID cards and how ID card issuers can break the silos of having [their] ID cards trusted by other organizations.
“Further standardization efforts have also defined the secure process for issuing an ID card and managing those cards in use so that the chain of trust between the issuer, the cardholder and the accepting organization is maintained at all times.”
During the Smart Card Alliance annual conference at CTST The Americas 2008 held in Orlando last May, the focus was on card technologies and applications in government identity, payment cards, transportation fare collection, healthcare ID cards, mobile commerce and NFC, as well as access control for commercial and government users. “Latin America is another region besides the United States that is changing rapidly in applying secure smart card technology,” offered
Vanderhoof. “The common denominator for all of these markets and applications is the microprocessor chip technology of the smart card.”
SCA’s 7th Annual Smart Cards in Government conference takes place this month in Washington, DC, and a major focus will be applications resulting from HSPD-12 directives. Attendees will also be examining the growing role of smart card technology to enable ePassports, transportation worker identification credentials, cyber security, airport security and first-responder credentials.
Vanderhoof’s advice for distributors interested in offering the value of a technology-enabled card solution is simple. “Get educated. Take the time to research the products and technologies that are out there and learn what they do and how they differ,” he stressed. “Choose the appropriate technology for the task, not the cheapest and easiest to install. If you start using an RF technology that doesn’t meet today’s higher security industry demands and can’t grow to support biometrics or logical access control for multi-application security, then you are not investing in the future and you are sacrificing security for convenience and lower cost—a bad investment in the long run.”
Related story: Pick a Card, Any Card
- People:
- Randy Vanderhoof
- Places:
- Princeton Junction