A smart card is a device the size of a credit card containing an integrated central processor that is capable of storing information such as the card-holder's personal information (birth date, bank account information, medical records, etc.). Security is maintained through a combination of measures such as PIN numbers, public and private keys, and passwords. Smart cards are known by different terms such as "chip card," "integrated circuit card," "PC in your wallet," and "DB on a card." These cards provide a great deal of security for the data stored inside them. Some models of smart cards can hold over 100 times the amount of information that is contained in a standard magnetic-stripe card. The security and mobility of smart cards have made them increasingly popular, mainly for financial applications. Uses of smart cards include establishing identification when logging on to ISPs or on-line banks; providing health information that can be used by hospitals or doctors; and making on-line purchases without the use of traditional credit cards. Companies such as Cylink, Motorola, and IBM are continually improving the technology and security features of their smart card solutions. Cylink, for example, has designed a smart card called "MiniKey" that contains several advanced security and authentication features. MiniKey connects to the USB port directly, without additional hardware requirements. In addition, MiniKey has 1024-bit RSA capabilities, which are provided by an internal cryptographic smart card. There are hundreds of smart card operations in use worldwide, with over a billion in use. Currently, they are most widely used in Europe, but their use is expected to increase, as Ovum, a research firm, predicts that 2.7 billion smart cards will be shipped annually by 2003. Some cards can be programmed to support multiple applications and application updates. Smart cards can be designed to be inserted into a slot and read by a special reader or to be read at a distance, such as at a tollbooth. The cards can be disposable or reloadable. Smart cards are covered under the International Organization for Standardization (ISO) 7816 standard. The standard entitled "ISO 7816 Identification Cards Integrated Circuit(s) Cards with Contacts" consists of eight documents that describe all physical aspects of the cards.
The business enterprise looking to incorporate smart cards into its security systems may consider them for many applications, including the following:
To replace traditional employee ID badges (Smart cards provide picture identification; access to company facilities, including secure areas; and an electronic wallet for company cafeteria and vending machines.)
Storage of employees' digital signatures, including certificate authority and private keys
Network access identification, including single sign-on
Employee medical and health information
Employee business travel profile, including the company's preferred airlines, hotels, and car rental agencies
Due consideration should be made for the system and infrastructure requirements that would support the implementation of the smart cards.
In making the card selection process, the following issues should be considered:
Compliance with standards, including ISO 7816
Compatibility with operating systems
Ability to implement digital signature applications
Storage size of the EEPROM (electrically eraseable programmable read-only memory) required to support designated applications
Material of the card (Can it accept printing for applications such as employee photos?)
Does the card vendor have an established support presence?