These are smart cards that employ a radio frequency (RFID) between card and reader without physical insertion of the card. Instead, the card is passed along the exterior of the reader and read. Types include proximity cards which are implemented as a read-only technology for building access. These cards function with a very limited memory and communicate at 125 MHz. Another type of limited card is the Gen 2 UHF Card that operates at 860 MHz to 960 MHz.
True read and write contactless cards were first used in transportation applications for quick decrementing and reloading of fare values where their lower security was not an issue. They communicate at 13.56 MHz and conform to the ISO 14443 standard. These cards are often protected memory types. They are also gaining popularity in retail stored value since they can speed up transactions without lowering transaction processing revenues (i.e. Visa and MasterCard), unlike traditional smart cards.
Variations of the ISO14443 specification include A, B, and C, which specify chips from either specific or various manufacturers. A=NXP-(Philips) B=Everybody else and C=Sony only chips. Contactless card drawbacks include the limits of cryptographic functions and user memory, versus microprocessor cards and the limited distance between card and reader required for operation.
Multi-mode Communication Cards
These cards have multiple methods of communications, including ISO7816, ISO14443 and UHF gen 2. How the card is made determines if it is a Hybrid or dual interface card. The term can also include cards that have a magnetic-stripe and or bar-code as well.
Hybrid cards have multiple chips in the same card. These are typically attached to each interface separately, such as a MIFARE chip and antenna with a contact 7816 chip in the same card.
Dual Interface Card
These cards have one chip controlling the communication interfaces. The chip may be attached to the embedded antenna through a hard connection, inductive method or with a flexible bump mechanism.
These types of cards are for a specific market solution. For example, there are cards where the fingerprint sensor is built on the card. Or one company has built a card that generates a one-time password and displays the data for use with an online banking application. Vault cards have rewriteable magnetic stripes. Each of these technologies is specific to a particular vendor and is typically patented.
Smart Card Form Factors
The expected shape for cards is often referred to as CR80. Banking and ID cards are governed by the ISO 7810 specification. But this shape is not the only form factor that cards are deployed in. Specialty shaped cutouts of cards with modules and/or antennas are being used around the world. The most common shapes are SIM. SD and MicroSD cards can now be deployed with the strength of smart card chips. USB flash drive tokens are also available that leverage the same technology of a card in a different form factor.
Integrated Circuits and Card Operating Systems
The two primary types of smart card operating systems are (1) fixed file structure and (2) dynamic application system. As with all smartcard types, the selection of a card operating system depends on the application that the card is intended for. The other defining difference lies in the encryption capabilities of the operating system and the chip. The types of encryption are Symmetric Key and Asymmetric Key (Public Key).
The chip selection for these functions is vast and supported by many semiconductor manufacturers. What separates a smart card chip from other microcontrollers is often referred to as trusted silicon. The device itself is designed to securely store data withstanding outside electrical tampering or hacking. These additional security features include a long list of mechanisms such as no test points, special protection metal masks and irregular layouts of the silicon gate structures. The trusted silicon semiconductor vendor list below is current for 2010:
Many of the features that users have come to expect, such as specific encryption algorithms, have been incorporated into the hardware and software libraries of the chip architectures. This can often result in a card manufacturer not future-proofing their design by having their card operating systems only ported to a specific device. Care should be taken in choosing the card vendor that can support your project over time as card operating system-only vendors come in and out of the market. The tools and middleware that support card operating systems are as important as the chip itself. The tools to implement your project should be easy to use and give you the power to deploy your project rapidly.
Please see the security section on this website for more information regarding PKI.
Fixed File Structure Card Operating System
This type treats the card as a secure computing and storage device. Files and permissions are set in advance by the issuer. These specific parameters are ideal and economical for a fixed type of card structure and functions that will not change in the near future. Many secure stored value and healthcare applications are utilizing this type of card. An example of this kind of card is a low-cost employee multi-function badge or credential. Contrary to some biased articles, these style cards can be used very effectively with a stored biometric component and reader. Globally, these types of microprocessor cards are the most common.
Dynamic Application Card Operating System
This type of operating system, which includes the JavaCard® and proprietary MULTOS card varieties, enables developers to build, test, and deploy different on card applications securely. Because the card operating systems and applications are more separate, updates can be made. An example card is a SIM card for mobile GSM where updates and security are downloaded to the phone and dynamically changed. This type of card deployment assumes that the applications in the field will change in a very short time frame, thus necessitating the need for dynamic expansion of the card as a computing platform. The costs to change applications in the field are high, due to the ecosystem requirements of security for key exchange with each credential. This is a variable that should be scrutinized carefully in the card system design phase.