Smart Cards

What is a Smart Card?

A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside — a normal credit card is a simple piece of plastic. The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card.

Smart cards are much more popular in Europe than in the United States. In Europe, the health insurance and banking industries use smart cards extensively. Every German citizen has a smart card for health insurance. Even though smart cards have been around in their modern form for at least a decade, they are just starting to take off in the United States.

Magnetic stripe technology remains in wide use in the United States. However, the data on the stripe can easily be read, written, deleted or changed with off-the-shelf equipment. Therefore, the stripe is really not the best place to store sensitive information. To protect the consumer, businesses in the U.S. have invested in extensive online mainframe-based computer networks for verification and processing. In Europe, such an infrastructure did not develop — instead, the card carries the intelligence.

The microprocessor on the smart card is there for security. The host computer and card reader actually “talk” to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card’s random access memory (RAM), it would be no different than a diskette.

Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.

The most common smart card applications are:

• Banking
• Computer Security Systems
• Credit Cards
• Electronic Cash
• Government Identification
• Loyalty Systems (e.g., Frequent Flyer Miles)
• Satellite TV
• Wireless Systems

Smart cards can be used with a smart-card reader attachment to a personal computer to authenticate a user. Web browsers also can use smart card technology to supplement Secure Sockets Layer (SSL) for improved security of Internet transactions. Visa’s Smart Card FAQ shows how online purchases work using a smart card and a PC equipped with a smart-card reader. Smart-card readers can also be found in mobile phones and vending machines.

References

• Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors

• EPA Smartcards (EPA Intranet Site – EPA Employees Only)

MOA Between EPA and AFGE on SmartCards

• Memorandum of Agreement on SmartCards (November 14, 2007)

• EPA 19 (EPA Identification Card Record)

• EPA 41 (Office of Administrative Services Information System)

• EPA Personal Identity Verification (PIV) Handbook, February 2007

• Amendment to Privacy Act System of records (August 31, 2006)

• Questionnaire for Non-Sensitive Positions (SF Form 85, September 1995)

• Questionnaire for Public Trust Positions (SF Form 85P, September 1995)

• EPA December 2004 Personal Security Handbook

• EPA Order 3200 (April 13, 2007)

• EPA Order 3110.2 (JUne 28, 1972)