Security ICs – Intelligence of a Smart Card

A smart card or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits. Smart cards in which the chip is embedded are comparatively more flexible. The larger the chip, the higher the probability that normal use could damage it. In the story following we will present some advances & trends in Security ICs & Smart cards.

Making Smart Cards Secure

Smart card-enabled applications are becoming more prevalent in many of today’s businesses. The financial payments industry has moved to smart cards. There has been rapid acceptance of contactless smart card technology for fast, convenient, and secure credit and debit payment. The United States Federal government has adopted smart card technology for its major credentialing initiatives. The Department of Defense Common Access Card uses smart card technology for the credentialing of all military and civilian personnel. The Department of State uses contactless smart card technology for the electronic passport. Smart card-based identity credentials are now being issued to all Federal government employees to meet Homeland Security Presidential Directive 12. Enterprises are issuing smart ID badges to employees to secure physical and logical access. In addition, many government identity programs around the world are issuing smart card-based identity credentials to citizens. All of these deployments see the use of smart card technology as an essential element for the integrity of their credentialing schemes. Smart cards are portable, personal security devices that can securely carry sensitive information, enable secure transactions, validate an individual’s identity within a secure system, and verify that an information requestor is authorized to access the information carried on the card. Smart cards not only maintain the integrity of the information stored on the card, but also make it available for secure interactions with the overall system.

A smart card includes an embedded secure IC that can be either a secure microcontroller with internal memory or a secure memory IC alone. The card connects to a reader with direct physical contact or with a remote contactless RF interface. With an embedded microcontroller, smart cards have built-in tamper resistance and have the unique ability to securely store large amounts of data, carry out their own on-card functions (e.g., encryption and digital signatures), and interact intelligently with a smart card reader. Security mechanisms are typically implemented in the card and at the operating system, software, and system levels, providing layers of security to protect the system and information within the system from unauthorized access. In any smart card system implementation, the issuer needs to determine the risks that the system will be exposed to and implement the security measures necessary throughout the system to address those risks.

The Demand for Smart Card IC Technology is increasing as Technology Evolves at a Rapid Pace, with Ever-increasing Complexity and Sophistication.

The increasing trend & usage of Smart cards can be determined with a survey Eurosmart conducted on global smart card shipments and reported that 7.14 billion smart cards shipped globally in 2013 and forecast that over 7.71 billion smart cards will ship in 2014 – 8% growth over 2013.

IC based Smart cards

Smart cards were initially designed are Contact smart cards, have a contact area of approximately 1 Sq cm comprising several gold-plated contact pads. These pads provide electrical connectivity when inserted into a reader. Nevertheless, nowadays-contactless cards are getting popular. A contactless smart card includes an embedded smart card secure microcontroller or equivalent intelligence, internal memory and a small antenna and communicates with a reader through a contactless radio frequency (RF) interface. Contactless smart card technology is used in applications that need to protect personal information and deliver fast, secure transactions, government and corporate identification cards, documents etc.

Contactless smart cards have the ability to securely manage, store and provide access to data on the card, perform on-card functions, and interact intelligently with a contactless smart card reader. Contactless smart card technology and applications conform to international standards (ISO/IEC 14443 and ISO/IEC 7816).

ISO/IEC 14443 and ISO/IEC 7816 standards

ISO/IEC 14443 is the international standard for contactless smart chips and cards that operate (i.e., can be read from or written to) at a distance of less than 10 centimeters (4 inches). This standard operates at 13.56 MHz and includes specifications for the physical characteristics, radio frequency power and signal interface, initialization and anti-collision protocols and transmission protocol. ISO/IEC 7816 is the international standard for contact smart cards. ISO/IEC 7816 Parts 4 and above are used by both contact and contactless smart card applications for security operations and commands for interchange. There are various certifications ensure the protection for all possible threats; these certifications are Security Accreditation scheme (SAS) certification defined by GSMA to ensure security for production of SIM / USIM or any other telecom product. SAS certification takes care of the following possible security.

Advantages of IC based Smart Cards

• Authentication: Security ICs in smart cards provide mechanisms for authenticating others who want to gain access to the card.

• Secure data storage: Security IC has means of securely storing data on the card. Those with proper access rights can only access this data through the smart card operating system.

• Encryption: Smart card ICs provide a robust set of encryption capabilities including key generation, secure key storage, hashing, and digital signing. These capabilities can be used by a system to protect privacy in a number of ways.

• Strong device security: Security ICs are almost impossible to duplicate or forge and has built-in tamper-resistance. Smart card chips include a variety of hardware and software capabilities that detect and react to tampering attempts and help counter possible attacks.

• Secure communications: ICs in smart cards provide a means of secure communications between the card and card readers.

• Biometrics: Smart cards provide mechanisms to securely store biometric templates and perform biometric matching functions.

Security applications, met by Smart cards

Mutual Authentication. For applications requiring secure card access, the contactless smart card-based device can verify that the reader is authentic and can prove its own authenticity to the reader before starting a secure transaction.

Strong Information Security. For applications requiring complete data protection, information stored on cards or documents using contactless smart card technology can be encrypted and communication between the contactless smart card-based device and the reader can be encrypted to prevent eavesdropping.

Strong Contactless Device Security. IC based smart card technology is extremely difficult to duplicate or forge and has built-in tamper-resistance. Smart card chips include a variety of hardware and software capabilities that detect and react to tampering attempts and help counter possible attacks.

Authenticated And Authorized Information Access. Chip based smart card’s ability to process information and react to its environment allows it to uniquely provide authenticated information access and protect the privacy of personal information.

Some of the Industry Leaders in Security & Smart Card ICs are:

Infineon Technologies India Pvt Ltd

Mr. Vinay Shenoy – Vice President & India Managing Director

Infineon Technologies is a leading provider of security solutions for smart cards and embedded applications. Infeneon provide the industry’s most comprehensive portfolio of Security ICs and Smart Card ICs for the connected world. Our hardware-based security products and solutions create security our customers can rely on. Recent Innovations with unique customer advantages are,

• Secure Certified Flash offers the required reliability and security (CC EEL+ high, EMCOR Certified) plus significant flexibility giving card manufacturers a competitive edge in deployment speed.
• Infineon’s award-winning digital security technology Integrity Guard, with continuous self-checking of all CPU operations and a comprehensive encryption over the whole data path.
• Coil on Module, a package technology that simplifies contactless card design and manufacturing and improves mechanical robustness lifetime of smart cards.

Taking about significance of Security ICs, Mr. Shenoy said that, “a security chip provides a trustable environment for storage, reading, writing, and use of sensitive data through its built-in hardware security features and encryption algorithms. Attackers usually face major difficulties to copy chip-based cards, as the chip contains cryptographic information secured by hardware features.”

Security ICs from Infineon are helping to preserve integrity, authenticity, and security of data and information in today’s increasingly mobile and connected society. Consistent deployment of security chips has the potential to act as both a pacesetter and critical success factor for innovative applications and business models in identification, payment, communication, and IT infrastructure. Infineon provides security ICs for payment applications like debit and credit cards, mobile communication (SIM cards) as well as secure elements for NFC-based mobile payment solutions in many form factors. Government identification documents represent the second major market addressed by Infineon. To improve mobility in Megacities, Infineon provides the transportation industry with security ICs for installing reliable, efficient, and interoperable electronic ticketing solutions. New opportunities are arising for embedded security ICs. Embedded security controllers are integrated into devices and help to protect the authenticity and integrity of connected systems. The Internet of Things as an ongoing and long-term trend will also affect many existing as well as new applications and require special security functions.

Samsung Semiconductor Ltd

Mr. Abhishyek Gupta

Samsung Electronics has operations in 80 countries including India. Samsung has referred in India ID market. For government related smart card ID projects, we have to meet certain standards under SCOSTA (Smart Card OS for Transport Application). The standards are applied to many areas besides transportation, including identity applications. SCOSTA has also been recommended by the Technical Committee for MNIC Card, under Ministry of home Affairs to be used as standard operating system for MNIC Card, in pilot project.

Since the initial stage of SCOSTA’s first launch and deployment in 2004, Samsung has developed smart card ICs for driver’s license, health card and coastal IDs thanks to its broad product lineup aligned with SCOSTA’s short term and long-term requirements and its strong support for Indian customers. Samsung’s smart card IC products were certified by SCOSTA and were provided to 16 card manufactures. Among the total list of certified smart card ICs, Samsung’s smart card ICs takes up approximately 40 percent.

• Samsung Achieves Industry’s First Common Criteria EAL7 Security Assurance for its Smart Card Controller IC
• Samsung Announces Industry-First 45-nanometer Embedded Flash Logic Process Development

Samsung offers a full lineup of EEPROM and Flash embedded smartcard chips with various NVM sizes and specifications that cater to high-end market needs by providing high memory densities and strong security features for multi-application support and secure transactions. For smart card ICs for banking and ID market, we have S3CT9Kx (EEP), S3FT9Mx (Flash) product lineups which features dual interface, and S3CT9Px(EEP), S3FT9Px(Flash) product lineups for contact solution. For telecommunications and mobile security (SIM), we have conventional SIM IC product called S3FS9Fx and NFC-SIM IC called S3FV9Qx product lineups.

Samsung’s smart card IC solutions consist of three elements: Smart Shield, Smart Sensor, and Smart Core. Smart Shield is to protect from reverse engineering, Smart Sensor is to detect fault injection, and Smart Core with Secure CPU and encryption algorithm provides high speed and secure crypto services. Additionally, based upon the industry’s latest fabrication process, with proven excellent design expertise and security technology, Samsung has continuously introduced industry-leading, next-generation smart card IC products. In the cases of electronic transactions, security of financial and personal information is critical, particularly for identification purposes. Consequently, many security and identification related applications have already adopted smart card IC technology.

As the leading manufacturer of advanced smart card IC solutions, Samsung’s advanced state-of-the-art technology provides a full lineup of high performance smart card solutions for mobile phones, Java cards, electronic passports, banking cards, transportation cards, and e- commerce applications. Based upon the industry’s latest fabrication process, Samsung has continuously led the market for the next-generation smart card IC products. Samsung’s smart card IC solutions provide enhanced security solutions meeting standards across the globe and across a range of industries. Samsung’s next generation smart card ICs enables value-added customer services, while providing advanced features and superb technical capabilities across all application types. Samsung Electronics is a market leader in advanced security solutions supporting following applications:

• Telecommunications and Mobile Security (SIM)
• FSID (Financial Security and Identification) – including payment applications
• IT Security (NFC/eSE, TPM, and brand protection solutions)

Companies in manufacturing of Smart Cards

Smart Chip Ltd, (A Morpho Company)

Mr. Vikas Phogat DGM, – Product Management, Syscom Corporation Limited

Established in 1996 Syscom Corporation and Smart Chip Limited today occupy the leadership position in both their respective sectors. Smart Chip has been delivering successful smart card enabled solutions in India since 1995. Sustaining at the pinnacle of the smart card revolution in India, it has been their constant endeavor to help extend the citizen-centric benefits of the state to its populace by conceptualizing and building various innovative solutions, using smart cards as the prime delivery mechanism.

We talked with Mr. Vikas about the significant role of Smart cards in our lives & its security and as per his views; “Smart Card is playing a role in today’s era of digitization. A diversified usage of any device for secure data storage qualifies it to be the target for several attacks for the hacking and stealing the user credentials. Smart card, being a secure data carrier, is equally at risks for such attacks, so it is essential to analyze various aspects of security risk and their countermeasures.”

There are several security risks in Smart Card manufacturing, Smart Card applications and Smart Card OS (Operating System) including its development. Therefore, security measures and the process to manage such risks at Smart card supplier is of utmost importance. Various methodologies and certifications ensure various security levels.

Hardware Security feature; various security features are implemented in the modern silicon as mandatory counter-measures such as;

1. High / Low Voltage Sensor:
2. Temperature Sensor:
3. Glitch Sensor:
4. Low Frequency Sensor:
5. High Frequency Filter:
6. Light Sensor:
7. Internal Voltage Sensor:

Software countermeasures are adopted on top of the hardware security in order to protect various authentication PINs, Keys and secrecy of algorithms.

1. Anti-cloning is one of the most powerful security mechanisms used to protect the hacking of PINs and Keys used for authentication and encryption/decryption
2. Re-Try Counters:  Re-try counters are limiting PIN, and Keys authentication keys to a certain values, This is one on of the traditional mechanism used to protect PINs and keys
3. Secure Development Environment: Unauthorized modification in the Smart card software such as malware can be a big threat. This can be mitigated to have secure development environing

In order to ensure, the secure management of applications and the data loading during personalization or on the cards in the field, Smart cards must compliant to Global platform specifications. There are various certifications ensure the protection for all possible threats; these certifications are Security Accreditation scheme (SAS) certification defined by GSMA to ensure security for production of SIM / USIM or any other telecom product.

Manipal Technologies Limited

Mr Abhay Gupte – CEO, Manipal Technologies Limited

MCT with focus on improving the security of electronic payments has pioneered EMV card technology in India and helped in rolling out of payment cards with EMV contact and contactless specifications for more than 30 banks until now. These smart cards adhere to ISO 7810 and 7816 standards. MCT is currently working on projects that shall leverage on the capability of these cards to handle huge volumes of information and multiple applications for uses beyond banking. Besides banking, EMV enabled cards can be upgraded to dual interface cards and can be used as multipurpose cards with software modification. The immense flexibility and security associated with these cards open huge avenues for banks and financial institutions to use these cards for multiple applications beyond payments.

Coresonant System Pvt Ltd

Mr. B. Srikanth Reddy – Business Development Manager, Marketing Dept

Coresonant Systems Pvt Limited is a leading Technology & Solution Company with expertise in providing end–to–end turnkey solutions in the domains spanning Radio Frequency Identification (RFID), Smart Cards, Biometrics, RTLS, GPS and NFC based technologies. The products cater in to all the segments of the market like manufacturing, Education, IT, Transportation, Retail, Telecom, Government etc. Coresonant PVID system product serves the solar module manufacturers in India to comply with the mandate of Govt of India (MNRE). With the help of Smart Ics, customers can track the solar module throughout their life of the project. Talking about Security ICs, Mr. Reddy said that security ICs/Smart Cards are very different in their capability store the data and read from the distance in any direction compared the plastic cards and barcodes

Shreenath Smart Technologies Pvt. Ltd.

Mr. Utpal Yagnik – Joint Country Head –Sales & Marketing

SSTPL is supplying various smart card technologies through its business partners like NBS Technologies Ltd., UK, Zebra Technologies, USA and STMicro Electronics, Switzerland. SSTPL has developed core competency in GSM SIM chip modules sectors and today one of the leading supplier of GSM SIM Modules in India. We offer a comprehensive range of Solutions to various Citizen ID card and driving licenses projects. SSTPL, are the largest supplier of chip modules for telecom projects, GSM SIM cards, USIM/3G, SCOSTA chip modules, 32K contact chip modules, 64k contact chip modules. Shreenath Smart Technologies Pvt Ltd offers wide range of SIM Modules with customized SIM cards in Indian Market.

Trends and Future Outlook

A modern society that increasingly relies on online services requires technology that can provide a “personal secure identity.” It is a fundamental prerequisite for an open and secure ICT-connected society where commercial and public businesses and services can prosper. Smart card technology has proven over time to be an adequate platform to host such a personal identity. In developed countries, almost everybody carries secure microcontroller-based smart cards or security tokens in their pockets. They provide real user value and a high level of convenience. Banks or citizen card companies in a regional context have mainly deployed this kind of smart card solution. Further features are expected to be added to those schemes in the future, also covering electronic identity features. Latest secure microcontroller developments are simplifying the development and deployment of these multi-application solutions, providing hardware platforms optimized for the secure operation of several applications on one device. As there is a clear trend toward contactless smart card solutions, there is also a clear trend towards multi-application.