AMAG - Access Control and Integrated Security
Symmetry - Security Beyond Integration
Skip Navigation Links
Skip Navigation Links

Smart Cards Explained

This document will explain the variations between the options of smart card technology in the access control market place today. I will be categorizing them into two main types of technology contact and contactless and then with in the contactless I will further categorize into the two variations of ISO standards 14443 and 15693 along with the interoperability of the two.

Starting off with the contact smart card technology we have a standard called ISO 7816 that describes the communications method of talking to the chip. At that point in time you have essentially a chip that looks like a formatted hard drive on a computer. Many ways of writing an operating system to that hard drive can be accomplished at this point. To continue on that analogy if I write a Microsoft OS, Linux or even an Apple OS to it many other third parties can create applications that can read/write and operate within that OS. However if a proprietary form of OS is used where no data is published to third parties then only the originating programmers can have anything to do with applications on the OS, this is done in some instances today with contact technology.

In contrast just the opposite can be done where the originator of the smart card OS has allowed and created documented for third parties to read and write data so as to create applications on the same chip. Also much like an application can be protected with various forms of security on a PC the same is true on a smart chip. This can be done with the use of passwords and file locations with challenge/authentication methods.

When choosing a contact technology it isn´t so much the card manufacture that you choose as it is the operating system that goes on it. If the desire is to have an interoperable card then care must be taken when choosing the company that will be initializing the card so that other manufactures will have the ability to create ancillary applications that will all coexist on the same chip.

Contactless in some ways has been fragmented slightly more. There are two major ISO standards that are used today ISO 14443 and 15693. Within each of those standards are variations as well such as ISO14443A or ISO14443B including various layers and all will play a part in interoperability within that arena. For just a moment we will take a look at three different companies that have all manufactured hardware that in some way shape or form utilizes these standards. Phillips, HID and Texas Instruments have all manufactured chip technology for both readers and cards that operate on the 13.56MHz frequency that operate within the above mentioned standards.

It is important to note that unlike the contact technology these cards will always have encoded on them from the manufacture of the card a serial number that can always be read using the ISO standard regardless of OS later gets installed on the card. There in lies one of the best features of this technology and maybe one of the most confusing. I say confusing because the manufactures will make statements that their reader is compatible with all the standards and that is true, but that might only be to read that serial number and nothing that has been encoded within the OS.

Unlike the contact technologies where they card and reader manufactures have simply been creating blank cards that are later initialized for a purpose, whether that be security, pay phone or IT it doesn´t really make a difference to the card manufacture it really gets varied by the programmer. On the contact-less technology the card and reader manufactures have become a little more involved with the initialization process. HID has their iCLASS technology, Phillips has its Mifare and TI has use its TAG-IT. While each of them utilize the exact same frequency and all can read each others serial numbers even between the two standards none of them can read or write to each others proprietary functions. Now this doesn? have to be a problem because each of them have published their data so that ancillary applications can cohabitate on the card it just must be noted so that it is understood that across platforms they can not be interoperable, other than the serial number.

What does that mean interoperable, I can read the serial number right? Yes the serial number can be used and in many ways that is more than enough, if you think about it that is all that has been being read with security systems using anything from Prox to barium ferrite to Wiegand was a manufacture encoded serial number for years now. What it does mean is if I encode a biometric template or even a SSN to that card for use in the security system it cannot be read by another manufactures system.

What does the future hold? I guess that can be summed up with that? anyone? guess but we surely can make some assumptions. It took years for the contact cards to get where they are today and contactless will continue to evolve too. Currently we have available to us 2k and 4k cards in contactless where we can buy cards that have as much as 64k on contact. These numbers will continue to grow in size and decrease in cost as the technology proliferates the market place. This will happen because the demand for such technology is so pressing especially in the wake of 9/11 where it was easily created credentials that made it possible for terrorist to pose as pilots and move within the airport security structure. Because the demand is there secured interoperability is a must as well.

If I am a pilot who is issued a card from London Heathrow with my biometric it must be able to be used and authenticated in LAX even if the manufacture of the card and reader are different as long as I am working on the same ISO standard. This is technically possible today within the standards for instance Texas instruments has a section of there card that can be programmed with non-proprietary data and Phillips has used a subset of the ISO standard called 14443A-4 that is open and can even incorporate high levels of DES3 encryption that is not proprietary and can be read by others who have the encryption keys.

Currently the stage is set by the standards and technologies to have interoperability, the demand is already there. It will just be a matter of the manufactures stepping up and putting the process in motion.

John Cassise
Director or Sales and Technical Support, National Accounts
AMAG Technology, Inc.
© AMAG 2008 SiteMap | Home : Company Overview : Products : Industry Solutions : Support : Library : Contact Us
Visit our other G4Tec websites:
G4Tec Corporate | G4Tec Integrated Systems (UK)
HI SEC | G2IS | Guard Control Systems