Cover Story: November 23, 1995

Smart cards are finally establishing a beachhead in the United States. Since their debut in the early ’80s, they’ve found fairly widespread use in Europe but almost none in North America. Now, applications such as prepaid phone cards, ID cards with stored health records, and special-feature bank cards are making smart cards’ appeal harder to resist. With important backing by Visa, the world’s largest credit-card company, smart cards are starting to gain credibility with US banks and merchandisers. (See “Smart cards and money: convenience and security.”)

Enhanced security is key to smart cards’ acceptance. Magnetic-stripe credit cards and bank cards are relatively easy for counterfeiters to clone, although smart cards are not. In addition, the latest smart-card ICs’ encryption capabilities permit on-line transactions that are virtually untappable by electronic snoops.

In some smart-card applications—prepaid telephone cards, for example—relatively simple security mechanisms are usually acceptable. These mechanisms aim mainly at preventing card counterfeiting or fraudulent use. In applications that require communication, such as bank and health cards, the required level of security is achievable only by the use of cryptography, the science of encoding and decoding messages. (See “Smart cards and encryption: snoop-proof communications.”)

Smart cards can also store and process large amounts of data while remaining secure. Each smart card contains an IC that incorporates a µC and varying amounts of memory, most of it nonvolatile. (Some so-called smart cards, used mainly as “digital money,” contain only memory, however.) The IC is laminated in a card that is exactly the size and thickness of a plastic credit card. The interface to the IC is via electrical contacts on the face of the card.

Smart cards come in two basic types. Throwaway, “dumb,” memory-only cards incorporate NMOS one-time-programmable (OTP) PROM or CMOS EEPROM and some security logic. True smart cards have an onboard µC, often an 8051 derivative, plus RAM, ROM, and EEPROM combined in a single chip. Some smart-card ICs also include a cryptographic coprocessor.

The smart-card standard (ISO 7816) specifies a maximum chip size of 25 mm2 to prevent chip fracture when a smart card gets flexed. An ultra-secure crypto-card IC may use the entire allotted area, although a memory chip for a dumb card may occupy only 1 mm2. Siemens’s 1-mm2 SLE4406, for example, designed for use in phone cards, has 16 bits of ROM, 48 bits of PROM, and 40 bits of EEPROM. The chip is essentially an adjustable counter that stores value units and that can no longer be used once a given number of units has been used up.

Chips such as the SLE4406 must guard against theft and misuse in a number of ways. Security precautions begin with an agreed-upon secret transport code, stored in EEPROM, that provides protection while the chip is in transit from Siemens to a smart-card manufacturer. Before the chip will work, the card manufacturer must enter the transport code to activate it. Entry of five incorrect codes blocks the chip from further use. Insertion of the correct transport code, on the other hand, allows the manufacturer to load the chip’s EEPROM with the desired number of value units.

Additional security for smart cards stems from the way smart-card ICs’ µCs allocate memory. Each type of memory performs a different function. Volatile RAM serves only as a scratchpad to perform calculations. The ROM stores programs and runs a card’s operating system. EEPROM, containing user data, account numbers, and keys, has two sections—a secure section and a section that a card terminal can access to download application data. Once the secure EEPROM area has its appropriate data loaded, the smart-card manufacturer can blow on-chip fuses to make that section inaccessible. In effect, the secure EEPROM area becomes OTP ROM.

One of Siemens’ large smart-card ICs is the SLE44C200, an 8-bit crypto-controller. This chip contains an 8-bit 8051-based µC, a 540-bit arithmetic crypto-coprocessor, 10 kbytes of ROM, 32 bytes of PROM, and 2.5 kbytes of EEPROM. It also contains 606 bytes of RAM—256 for the 8051 µC and 350 for the coprocessor. The IC’s coprocessor, when running with a 5-MHz clock, can decode a 512-bit encryption word in less than 220 msec.

With the CardOS operating system, the SLE44C200 chip can host several different applications—something a magnetic-stripe card can’t do. Thus, a single smart card could store all of a person’s banking information and medical records, for example, plus electronic money for use in parking meters and other machines. CardOS allows multiple directories on a card, each of which contains a personal identification number (PIN) for a particular application.

Another crypto-card IC designed around the popular 80C51 core is the P83C852 from Philips. The chip contains 256 bytes of RAM, 6 kbytes of ROM, and 2 kbytes of EEPROM for data and program storage. A special calculation unit, which performs fast multiplication and addition with long operands, accomplishes public-key encryption in 450 msec.

The P83C852 has other security features, as well. For example, it contains low-power and -frequency detectors to prevent operation below a minimum specified voltage and a minimum 1-MHz frequency, respectively. In addition, the card’s last EEPROM row contains a 16-byte “fab key,” which holds a transport code. Philips programs the fab key after successful wafer testing, according to data delivered by the customer.

Motorola, which manufactured the first single-chip smart-card IC in 1979, also takes elaborate steps to provide security. For example, the company tries to keep the operation of the IC completely controlled by code in unalterable ROM, working closely with smart-card manufacturers to put PINs or even information such as your mother’s maiden name in ROM. The Motorola M68HC05SC family also monitors voltage and frequency to determine if they are within a specified range. If not, the chips assume an attempt at fraudulent access and prevent the chip from operating. Also, a watchdog timer detects program runaway and forces resumption of correct program flow.

A recently added Motorola security feature involves an additional step at the end of wafer test. Traditionally, a smart-card IC has included test pads, in addition to the ISO electrical-contact pads, around the periphery of the chip. Between these test pads and the chip are fuses. After chip testing, the fuses get blown to prevent illegal electrical access to the chip. According to Motorola, however, new technology developments permit “regrowth” of these fuses, allowing fraudulent access. Motorola’s precautionary response is to physically remove all the test pads after successful wafer test. The scribing step, in which the chip dice get cut from the wafer, physically obliterates the pads.

Motorola does not yet have a smart-card IC with a crypto-coprocessor, although one is due in the second quarter of 1996. Currently, cryptography can occur only in software for the HC05 µC, taking seconds to accomplish. However, Motorola’s upcoming M68HC05SC29, with an N modulo M exponent coprocessor, will execute decryption using 512-bit keys in less than 500 msec. The chip will have 512 bytes of RAM, 12,800 bytes of ROM, and 4096 bytes of EEPROM, plus an on-chip charge pump for EEPROM programming.

From SGS-Thomson, a smart-card IC supplier since 1982, the top-of-the-line security chip is the ST16CF54. The chip has an 8-bit µC, 16 kbytes of ROM, 480 bytes of RAM, and 4 kbytes of EEPROM. A modular arithmetic processor (MAP) speeds crytographic calculations with public-key algorithms. The MAP processes modular multiplications and squaring on 256- or 512-bit operands, or on a double operand of 1024 bits, in software. To guard against fraudulent access, both ROM and EEPROM are configurable into two sectors. A customer-specified memory-access-control matrix establishes access rules for transferring data from any memory section to any other.

Hitachi, another player in smart-card chips, has a special version of its H8/310 µP, the H8/3102, in use in electronic-cash cards in the United Kingdom, the United States, and Canada. The chip has 8 kbytes of EEPROM, 10 kbytes of ROM, and 512 bytes of RAM. It performs secret-key encryption in software and can store monetary values for as many as five countries.

For collections of road tolls and transit fares, contactless smart cards are gaining notice. These cards contain special circuitry that allows them to work without electrical contacts and even without directly applied power. A coil antenna in a card receives RF energy transmitted by a card reader unit via the clock signal. The card then converts the energy for storage in a capacitor and uses the stored energy to power short RF data exchanges.

An examination of the Siemens SLE44R35/MIFARE smart-card controller illustrates a typical application for contactless smart cards. This chip, intended for use in automatic fare-collection systems, contains its own contactless interface, including an antenna. Unlike most chips for contactless smart cards, which operate between 1 and 5 MHz, its operating frequency is 13.56 MHz. The chip allows communication between card and reader over distances as great as 100 mm.

A typical contactless fare-collection transaction consists of card identification, reading six blocks of data and writing and verifying two blocks of data. The SLE44R35/MIFARE, transferring data at a maximum rate of 100 kbaud, performs the necessary transfers in less than 100 msec. A 16-bit cyclic-redundancy-check code, attached at the end of each communication, guarantees data integrity.

Racom Systems, which is partly owned by Ramtron International, takes contactless memory cards an additional step by incorporating Ramtron’s nonvolatile ferroelectric RAM (FRAM). Because FRAM has a much faster write time than EEPROM, it speeds both card-based transactions and initial card programming. In high volumes (greater than 10,000), Racom’s complete contactless cards cost $4.26 to $8.46 with 1024 and 4096 bits of FRAM, respectively.

1. Diffie, W and ME Hellman, “Privacy and Authentication: An Introduction to Cryptography,” Proceedings of the IEEE, Volume 67, No. 3, March 1979, pg 397-427.

2. Rivest, RL; A Shamir and L Adelman, “On digital signatures and public key cryptosystems,” Communications of the Association for Computing Machinery, Volume 21, No. 2, February 1978, pg 120-126.

3. Watts, Anthony, “Cryptography is key to securing proprietary information,” EDN, July 6, 1995, pg 99.