Published: 20 Mar 2002
Smart cards may look like any other plastic card with a magnetic stripe on the back, but they're a radically different technology. While consumer advertising has tried to downplay the differences between smart cards and normal credit cards -- other than to tout them as "safer" -- the differences are what make smart cards worth considering.
1. Persistent, protected storage. Persistent storage is an obvious piece of the smart card, and one that makes it similar to an ordinary mag-stripe card. Smart cards have memory; how much memory depends on the application, but 4K to 32K is typical. While this is dramatically more than what can be stored on a mag-stripe card, the key to the storage is protection: You can't just wipe the card against a reader and expect to pull everything off it. While experts have determined that a scanning electron microscope can circumvent the protection built into a smart card, this is not the kind of tool you can pick up at Radio Shack.
2. Processing power. Most smart cards have a small CPU, which means that they can do things other than parrot data stored in the card. The CPU can protect the information, for example, by requiring the user to enter a PIN code. Here's where smart cards have a huge advantage over mag-stripe cards: the CPU can count. Get the PIN code wrong seven times, and the CPU may refuse to let you try again for an hour or a day. Or, with some applications, the CPU may simply wipe the information if you get it wrong too many times, or force you to call a customer support number to retrieve a special unlock code.
In fact, the smart card may never have to actually give up the data at all. For example, when smart cards are used with X.509 digital certificates for applications such as VPN or Windows 2000 authentication, the private key part of the public/private key pair linked to the certificate never leaves the card. The private key is generated by a random number generator on the card, and when data needs to be signed with the private key, the card does the signing.
3. Packaging. While they're not as cheap as credit cards to manufacture, in moderate quantities of 100 or so, smart cards will cost less than $10 each, making them dramatically less expensive than other authentication technologies, such as digital tokens.
The smart card can come in different form factors to work with a wide range of devices. Smart cards were originally modeled on credit cards and were built the same size. American Express' Blue is an example of a combination smart/credit card. But smart cards are used around the world in GSM cellphones (ubiquitous in Europe and available in the U.S.). Those smart cards are cut down to a size little larger than the familiar multipad connector to fit the small handsets. Some wireless LAN adapters, such as Nokia's C110 (www.nokia.com), have small smart card readers to carry configuration data or authentication information.
Inexpensive (less than $50) smart card readers are now available for PCMCIA, serial and USB connectors on personal computers. The packaging doesn't even have to be in the shape of a card. For example, Rainbow Technologies has combined a smart card with its own USB reader in its iKey product, a single token smaller than your thumb.