Smart Cards

A smart card is a credit card-sized plastic card with an embedded integrated circuit chip. It serves as a secure medium for storing important personal identification information such as picture identifications, voiceprints, fingerprints, signatures, and account information.

Below is an illustration of a smart card chip.

Figure 7 smart card chip

Smart card chips can be embedded on phone cards, banking cards or health cards. Using the phone card as an example, the smart card chip is embedded on the phone card, which contains your phone account number and other related information. To use the card, you would slide the card into the card reader usually embedded as part of the public phone. The card reader would prompt for a PIN number, and then it would read off the information from the smart card to authenticate you. Once you are authenticated, you are permitted to make the phone call if you have enough minutes left on the card. Similarly, a smart card that stores login and password information can be used to log onto computer systems. To access a computer system, you would insert the smart card into a card reader connected to the computer system. After providing your PIN number, the system will authenticate you based on the information on the smart card and the PIN number you provided.

The embedded chip consists of a microprocessor, ROM, RAM, and electrically erasable programmable read only memory (EEPROM). Recall from section 2.1.2 Types of Memory, EEPROM enables the chip to retain its state even when power is removed. The chip provides memory capacity, as well as computational capability. The self-containment of a smart card allows it to be resistant to network or Internet attacks. Information on a smart card can be scanned by a custom-programmed reader to authenticate the cardholder in order to permit or deny access to the system's services. Modern smart cards contain security features such as data encryption.

Biometrics

Biometrics refers to the automatic identification of a person based on his/her physiological or behavioral characteristics. Among the features measured are face, fingerprints, handwriting, iris, and voice. Biometric technologies are being developed to enhance identity verification solutions. This method of identification is more secure compared to traditional methods involving passwords and PIN numbers because the person to be identified is required to be physically present at the point-of-identification. Also, it is more convenient because it eliminates the need to remember passwords or PINs, or carry identification cards.

With the increased use of computers, it is necessary to restrict access to sensitive data. By replacing PINs, biometric techniques can potentially prevent unauthorized access to or fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. PINs and passwords may be forgotten, and identification like passports and driver's licenses may be forged, stolen, or lost. Institutions currently using biometric-based authentication solutions include governments, military divisions, electronic banking, law enforcement, and social services.