Category: Contactless, Corporate, Financial, Government, NFC, Smart Cards
The underlying technology behind contactless smart cards hasn’t changed much in recent years. The international specification that enables different cards from different manufacturers to communicate with different readers from different vendors is stable and extremely well established.
But that does not mean manufacturers or their offerings have stagnated.
Two of the biggest changes in contactless smart card technology are the speed of the chips and the memory capacity, says Joerg Borchert, head of chip card business at Infineon. “The major topic over the last five years has been the interface speed, which has increased with higher and higher bit rates,” he says.
“The chips also are evolving to keep pace with new applications, and additional security is being built into the hardware,” Borchert explains. Additionally, he adds that contactless cards are now more durable thanks to new manufacturing techniques.
“Modern day applications require multiple applications – such as ID documents, payment and transportation – to run in parallel on the same chip,” says Stefan Barbu, head of NXP’s Secure Identity Business for the Americas. “Combining the government documents’ security requirements with the speed of transit applications and strict process regulations surrounding the financial applications has been a tough challenge, but this is now becoming the market reference.”
Electronic passports and many national electronic identity projects rely on contactless technology. Countries are starting to deploy systems that can read the chips and make sure the photo stored in the chip matches the individual at the border crossing or other service delivery point.
These and other applications that store biometrics on the chip are appearing in greater numbers, and present a new challenge compared to the tried and true payment and transit applications that have been around for years.
These chips require large memory for biometric and image storage as well as faster data transfer for presentment and comparison. And it is the demands of these newer applications that have driven the industry to produce chips that are faster and have larger memory, Borchert says.
Chip memory is split between two functions: one is for applications and operating systems while the other is for storage. Newer card applications require more memory for both of these areas, says Borchert.
Today, contactless smart cards used for identity applications have between 500 and 800-kilobytes of memory, split between the two functions. Just a few years ago, typical chips maxed out at 128-kilobytes of user memory and up to 400-kilobytes of read-only memory for applications and operating system code.
The speed of these chips has improved tremendously in the past few years. Borchert says that some chips are four times faster than they were a few years ago, and are able to transfer 180-kilobits per second.
Advances: speed, size and new memories
Larger storage is becoming a necessity as biometrics are used for multi-factor authentication, says Neville Pattinson, vice president for Government Affairs, Standards and Business Development at Gemalto. “We’re starting to see pilots for contactless use of biometrics,” he explains. The Department of Defense is piloting systems that store a biometric template on the card but do the matching on the server.
Another change on the horizon for contactless is the use of flash memory instead of EEPROM, Pattinson says. Once flash memory chips are widely available, the chips will have larger memory capacity and enable easier formatting.
Instead of requiring the operating system and applications to be burned into the chip at the point of manufacture, flash memory can be formatted in the field by the issuer. With EEPROM the operating system and applications had to be “masked” separately from personalized data, a process that could add months to the production time for EEPROM chips. These newer flash chips ease this burden, and should be widely available in the next 18 to 24 months, Pattinson says.
It is with these new flash chips that higher data rates may really benefit issuers. Higher speeds can be beneficial for some of the new applications, but in many cases it is more crucial during the document’s creation than during future use in the field. When flash memory is used for passports, for example, manufacturers need to load large amounts of data including operating system code to every card during the document production process.
In such cases, the high-speed capabilities – referred to as Very High Bit Rates or VHBR – can save time and money. At the point of reading the passport in the field, however, the standard communication speed of 848kbps – defined in the ISO 14443 contactless industry standard – remains the norm. Insiders say it takes just 3 seconds to read a passport chip in the field, a small fraction of the time it takes to progress through gates, present documents and biometrics for comparison and talk to officers.
Another change has come as application programmers have become more efficient when it comes coding for contactless, says Philip Andreae, vice president for Field Marketing North America at Oberthur Technologies.
And there is a switch to a different type of processor. “Silicon manufacturers are moving toward RISC-based processors, shrinking the execution time of a command,” he adds.
Another major leap in terms of security is the introduction of chips that do not store the critical information, such as secret keys, but rather generate it at every transaction based on the “chip DNA,” known as Physical Unclonable Function.
While the introduction of these and other emerging technologies opens new doors for contactless, it also creates new challenges for the industry in terms of security and standardization. Current security evaluation schemes such as Common Criteria have been validated over the past 20 years on traditional contactless chips and approaches. The introduction of new memory technologies and communication protocols will bring new attack scenarios, and thus new protection profiles and safeguards are needed. The industry is already working to define these new security standards, in order to enable mass adoption with a similar level of security as the previous generation of products.
Contactless smart cards use the International Organization for Standards’ ISO 14443 standard to communicate. This standard has parts A and B that denote slight differences in the spec, but these aren’t as much of an issue as they were a few years ago. “It’s been put to rest,” Borchert explains. “The readers are supporting both types at the same time and it’s no longer a topic of contention.”
Another change has been how the cards are constructed. A contactless smart card has an embedded integrated circuit chip that contains the applications, data and memory that make the card functional. The chip and the antenna are embedded in the layers of different substrates that make up the identity card or document.
In the early days, there were issues from time to time with the antenna and IC connection breaking. Today, however, new manufacturing techniques encapsulate the chip and antenna leading to greater durability and a 10-year lifespan, Borchert explains.
Other contactless form factors
Another change is that contactless technology is being ported to form factors beyond cards and documents. Wearables are embedding the technology and then there’s the ever-present mobile device.
Contactless smart card technology and the ISO 14443 standard is the same technology that’s used in near field communication. With Apple Pay and Samsung Pay taking advantage of NFC, the same technology is being used in an entirely different form factor, says Andreae.
It’s only a matter of time before this technology is enabled to do even more than make payments, Andreae explains. Transit agencies around the globe are moving to open-loop systems so these technologies can be used for access. Hotels and other consumer service industries are also increasingly using the technology.
It won’t be too long before NFC is included in laptops, PCs and tablets, Andreae says. In this way consumers can use their phone or a card as an additional factor of authentication when accessing secure sites or making purchases.
Another important aspect of the NFC adoption is the ubiquity of reader infrastructure. Governments and businesses no longer need to rely on heavy hardware infrastructure investments for rolling out nationwide contactless card schemes, because the new use cases rely more on developing apps on these consumer devices, explains NXP’s Barbu.
Even with different form factors emerging, contactless cards continue to grow in both numbers and capabilities. Next generation chips are capitalizing on the stable foundation constructed during the previous two decades, while amping up speed and capacity. This opens new doors and is paving the way for an even brighter contactless future.