Chip card

Chip card for secure user authentication on a computer

Chip card , often also referred to as key card , smart card or integrated circuit card ( ICC ), is a special plastic card with a built-in integrated circuit (chip) that contains hardware logic , non-volatile EPROM or EEPROM memory or a microprocessor . Chip cards are controlled by special card readers .

history

Prototype of the chip card from Roland Moreno from 1975

First Giesecke & Devrient chip card from 1979

In the history of the chip card, three inventors shaped the development of the chip card in its current form with their patents . On February 6, 1967, the German engineer Helmut Gröttrup registered DE1574074, a "counterfeit-proof identification switch" as a control circuit based on a monolithically integrated semiconductor, which is very compact and has no lines to the outside. According to this invention, the information “cannot be imitated by discrete components” due to the dimensions that have also been tested. The identification data can be varied dynamically by means of integrated counters so that the key on which it is based cannot be copied by simply reading it out and therefore remains hidden in the chip.

On September 13, 1968 Jürgen Dethloff and Helmut Gröttrup applied for the patent "identification switch" based on this in Austria and in a subsequent application of the same name DE1945777A on September 10, 1969 in Germany and other countries. The patent was granted in Austria on May 15, 1970 as AT287366B. It was granted in the USA on February 8, 1972 as patent US3641316A and on July 18, 1972 as patent US3678250A. Germany granted the patent DE1945777C3 on April 1, 1982. The patent protection was largely reduced to the content of the patent application DE1574074 of February 2, 1967 by Helmut Gröttrup, who can thus be considered the inventor of the chip card. In 1977 Vernon Schatz received a patent in the USA for chip cards as a storage medium, not dissimilar to the function of today's USB sticks .

Another inventor is the Frenchman Roland Moreno , who applied for his patent in 1975. It is registered as a late filing on the US Patent and Trademark Office website on May 30, 1978. In it he describes an "independent, electronic object, developed for the storage of confidential data", which enables access after entering a "secret code" ( PIN ). Moreno had a breakthrough in France when France Télécom introduced the chip card for telephoning in 1984. In 1996, Moreno and Dethloff received the Eduard Rhein Foundation's technology prize for the invention of the chip card.

In 1979 Giesecke + Devrient manufactured the world's first chip card in the laboratory with the dimensions in credit card format ID-1 in accordance with ISO / IEC 7810 , which was later specified for chip cards with ISO 7816-2. The semiconductor chip for this memory chip card based on EEPROM technology was supplied by Siemens . Initially, the area with the contacts was arranged in the upper left area in order to minimize the bending moment and thus the stress on the chip. This position was later changed to ensure the function of the magnetic track, which had to be retained in many applications for reasons of compatibility, e.g. B. for the Eurocheque card .

On the occasion of the 50th anniversary of the DE1945777A post-registration, a stamp was issued in Germany that alludes to the global triumph of chip card technology and shows the date of the German late registration on September 10, 1969 and the date of issue of the stamp on September 5, 2019.

classification

Chip cards can be differentiated according to different criteria. The most obvious is the distinction between memory chip cards with simple logic and processor chip cards with their own card operating system and cryptographic capabilities.

For a long time, this division was in line with the division into synchronous cards (memory chip cards; protocols: 2wire, 3wire, ...) and asynchronous cards (processor chip cards ; protocols: T = 0, T = 1). In the meantime there are also Secure Memory Cards with extended security features ( DES or AES encryption) and memory chip cards that work via asynchronous protocols (GemClub Memo), the latter can therefore be easily integrated into your own applications via the PC / SC system.

Chip cards are also differentiated from the outside through the interface. The contact chip cards are the contactless RFID smart cards , or transponder cards , such as the Mifare - or Legic cards , opposite. Chip cards with several (different) chips are called hybrid cards , but there are also chips on the market that can be addressed via both interfaces ( dual interface cards ). Together with PC / SC2, this results in innovative uses.

construction

Various contacts of chip card modules

The most important component of the chip card is the integrated circuit , which determines the capabilities and thus the field of application of the chip card.

The chip is protected by the chip card module so that the chip is normally not visible from the outside. The module also represents the connection to the outside world, the typical gold contacts of the chip card module are often incorrectly referred to as a chip. Although a common smart card chip only needs five contacts for communication, smart card modules always have six or eight contacts, depending on the size of the built-in chip, but only to comply with ISO standards.

Ultimately, the module including the chip is built into a card. To do this, a cavity is milled into an already printed card and the module is glued in.

Many chip cards, especially for mobile communications, have a unique ICC-ID or ICCID, which is 19 to 20 digits long, including a check digit.

Formats

The card dimensions are standardized according to ISO 7816 and are available in three different sizes according to this standard:

ID-1 : The largest and most widespread format (85.60 mm × 53.98 mm) is used for debit cards , phone cards , the EU driver's license or the health insurance card . One also speaks of the credit card format.

ID-00 : The medium format (66 mm × 33 mm) has not yet found any major application.

ID-000 : The smallest of the formats (25 mm × 15 mm) was mainly used in mobile phones as a mini SIM card . Modern devices use smaller formats these days.

There are also other typical sizes:

Mini-UICC (12 mm × 15 mm): hardly larger than the contact areas. Also known as a micro SIM card
Visa-Mini (65.6 mm × 40.0 mm): Visa- own format

The thickness of cards of all sizes is uniform and is 0.762 mm (0.03 inch exactly ).

Memory chip cards

Block diagram of a memory chip card

The simple chip cards consist only of a memory that can be read or written to, e.g. B. the health insurance card or the phone card. It is possible to access the individual memory cells sequentially via the interface. Memory cards are used where the only thing that matters is the storage of the data, but not the handling of complex processes.

More complex chip cards combine several storage technologies in one card and are called hybrid cards. Hybrid cards can have a contact and a contactless chip, but also a magnetic strip with an RFID chip.

Depending on the chip used, the data can be protected by PINs or passwords against being read or changed by third parties.

Processor chip cards

Block diagram of a processor chip card

Processor chip cards have a microprocessor that can be used to access the stored data. There is often no way to access the data area directly. The detour via the microprocessor allows the data on the card to be protected from unauthorized access using cryptographic processes. The ability to run application-specific programs on these microprocessors has many advantages over memory cards, e.g. B. with chip cards that are used as a means of payment ( money card ) or contain important data (z. B. SIM cards for cell phones). The card often also contains a signed key and serves as a decoder card (e.g. for pay TV or other access systems). When the chips are manufactured, parts of the card operating system (COS) and the intended applications are copied into the chips' memory.

Smart cards can serve as secure information or key storage, but they also offer various security services such as authentication , encryption , digital signatures , etc. that can be used in a trustworthy environment. Since the private keys are stored on the chip card and do not leave it, it is not possible to spy on the key, which is why generating a signature on the chip card is very secure.

A separate operating system runs on processor chip cards. This can be, for example, BasicCard , CombOS , CardOS , JCOP , MTCOS , MultOS , SECCOS , Sicrypt , STARCOS or TCOS .

The processor chip cards can in turn be divided into two categories. These are cards with a fixed command set that can only be adapted by the manufacturer of the operating system, and freely programmable cards that can be expanded with your own commands or commands via a development environment. Cards with a fixed command set usually implement commands according to the ISO7816 standard (ISO7816-4 and following). Examples of cards with a fixed command set are CardOS, STARCOS, SECCOS and TCOS. Freely programmable cards partly also follow this standard, but can also be expanded to include other proprietary commands. To do this, they usually implement a virtual machine . Examples are the Java cards (for example JCOP), MULTOS and the BasicCard.

Chip card application

Close-up of the chip module from the back. The microprocessor is the brown rectangle in the center of the picture

The applications on the processor chip cards themselves are highly dependent on the chip card operating system , despite standardization by ISO 7816 . PKCS # 15 standardizes the application on the chip card itself, while PKCS # 11 is the standardized interface for use by computer applications . There are also proprietary interfaces such as CSP (Cryptographic Service Provider) from Microsoft.

Java map

Java cards are microprocessor cards with a reduced Java virtual machine as the operating system. With these cards, after the card has been completed, a programmer can load new programs, so-called applets, onto the card using a card reader and special loading software. In this way, cards with very special functionalities can be produced cost-effectively in small series. JavaCard operating systems are e.g. B. JCOP ( IBM / NXP ) or SmartCafe ( Giesecke & Devrient ). Details are specified by the GlobalPlatform industry association so that a certain degree of interoperability is guaranteed.

BasicCard

The BasicCard is a microprocessor card that can be programmed in BASIC and , like the Java Card, works with a virtual machine. The applications created in BASIC can be transferred to the card after compilation with a card reader. The development environment is available free of charge. Cards are also available to everyone in small numbers. The card is therefore also suitable for smaller and private projects.

Host / software API

The interaction between computer systems and chip card readers or chip card applications is standardized in the PC / SC standard. Version 2 of the PC / SC specification deals with not only higher-class card readers but also the integration of asynchronous memory chip cards and contactless chip cards into the PC / SC system, for example how an ATR (Answer to Reset) is formed for these cards. Some drivers from card reader manufacturers are now PC / SC2-compliant. The older CT-API ("CardTerminal Application Programming Interface") was defined within the framework of the MKT specification (MKT stands for "Multifunctional Card Terminal ") issued by Teletrust Germany . This specification is mainly used in German-speaking countries. CT-API is used primarily because the use of elements of higher-class smart card readers (pin pad, display) is standardized here. Access via PC / SC was proprietary up to PC / SC2.

Manufacturer and market volume

In Germany, G + D Mobile Security (Munich), Morpho Cards (Flintbek, formerly Sagem Orga and since 2017 merged with the French Oberthur Technologies ) and Bundesdruckerei (Berlin) are among the market leaders . Worldwide, the Dutch Gemalto nv ( taken over by the French Thales Group in 2017 ) with a market share of 50% worldwide and 30% in Europe, and Oberthur Technologies are leaders. The global market volume in 2007 comprised an estimated 2.9 billion cards, of which 70% were for mobile phones (SIM cards), 16% were debit cards and credit cards, and the rest was for IDs (e.g. passports, ski passes, tickets). 2017 was a worldwide turnover of 16.8 billion US dollar appreciated, and 2025 revenue is 29.3 billion US dollars at a quantity of 32.7 billion cards predicts .

With more than 10,000 systems installed worldwide, Mühlbauer AG from Roding is one of the leading manufacturers of hardware and software solutions for the production and personalization of chip and plastic cards.

Application examples

Contact-based and contactless RFID chip cards are increasingly being used for more and more applications. The suitability of a chip card for a specific application depends on many factors, usually on the need for data transmission via radio transponders, the memory size and the security and encryption mechanisms.

A selection of smart card application areas:

ID cards of all kinds
Time tracking
Access control for rooms (e.g. security area, hotel room )
Two-factor authentication (2FA) for the secure authentication of a user in IT systems
Signature card for generating legally valid signatures for electronic documents
Payment transactions with prepaid card , debit card and credit card
electronic health card
automatic emergency call systems for motor vehicles (mandatory for all new models in the European Union since April 2018 )
Identification of participants in automated toll systems

Testing of chip cards

With the ever increasing spread of chip cards, it is also becoming more and more important to guarantee or verify the performance of these cards. The tests range from tests of the plastic body to application tests of the chip card application. An open source tool with which these application tests can be carried out conveniently is GlobalTester , based on Global Platform, a standard for open and interoperable infrastructures for chip cards and terminals.

Philatelic

On the first day of issue on September 5, 2019, Deutsche Post AG issued a special postage stamp with a face value of 80 euro cents for the 50th anniversary of the chip card . The design comes from the graphic artist Thomas Steinacker from Bonn.

literature

Klaus Finkenzeller: RFID manual. Basics and practical applications of transponders, contactless chip cards and NFC . With contributions by Michael Gebhart, Josef Preishuber-Pflügl, Erich Reisenhofer, Michael E. Wernle and Florian Peters. 7th edition. Carl Hanser Verlag, Munich 2015, ISBN 978-3-446-43943-6 (779 pages).
Wolfgang Rankl, Wolfgang Effing: Handbook of the chip cards. Structure - Functionality - Use of smart cards . 5th edition. Carl Hanser Verlag, Munich 2008, ISBN 978-3-446-40402-1 (1168 pages).
Wolfgang Rankl: Chip card applications. Design pattern for the use and programming of chip cards . Carl Hanser Verlag, Munich 2006, ISBN 978-3-446-40403-8 (228 pages).

Web links

Commons : Smart cards - collection of pictures, videos and audio files

Wiktionary: Chip card - explanations of meanings, word origins, synonyms, translations

Klaus Finkenzeller: contactless chip cards

Individual evidence

↑ Definition of chip card . Retrieved February 16, 2015.

↑ Patent DE1574074 : Counterfeit-proof identification switch . Registered on February 6, 1967 , published on November 25, 1971 , applicant: Intelectron Patentverwaltung GmbH, inventor: Helmut Gröttrup. ‌

↑ Helmut Gröttrup. Missiles and semiconductors. In: Heinz Nixdorf Forum (HNF). September 14, 2018, accessed August 12, 2019 .

↑ Jürgen Dethloff , Inventor Gallery of the German Patent and Trademark Office

↑ Norbert Pötzl, Everything on one card , Spiegel Online, September 13, 2018

↑ Patent DE1945777A : Identification switch . Registered on September 10, 1969 , published on July 2, 1970 , applicant: Intelectron Patentverwaltung GmbH, Munich, inventor: Jürgen Dethloff, Helmut Gröttrup. ‌

↑ Patent US3641316A : Identification System. Registered on August 17, 1970 , published February 8, 1972 , inventors: Jürgen Dethloff, Helmut Gröttrup. ‌

↑ Patent US3678250A : Identification Switch. Registered on September 15, 1969 , published on July 18, 1972 , inventors: Jürgen Dethloff, Helmut Gröttrup. ‌

↑ Patent DE1945777C3 : Identification switch . Registered on September 10, 1969 , published on April 1, 1982 , applicant: Jürgen Dethloff, inventor: Jürgen Dethloff, Helmut Gröttrup. ‌

↑ Poster gallery DPMA 2014_No. 33: Chip card from Jürgen Dethloff and Helmut Gröttrup [1]

^ Computer Pioneer Award for Vernon Schatz

^ Phil Davison, Roland Moreno: Inventor who missed out on global recognition for his computer chip smart card , The Independent, May 4, 2012

↑ Systems for storing and transferring data in the USPTO Patent Full-Text and Image Database

↑ Horst Böttge, Tobias Mahl, Michael Kamp: From the ec card to Mobile Security . Ed .: Giesecke & Devrient. Battenberg Gietl Verlag, 2013, ISBN 978-3-86646-549-7 (248 pages).

↑ 50 years of the chip card. In: Federal Ministry of Finance. Retrieved on August 12, 2019 (stamp design by Thomas Steinacker).

↑ Global Smart Card Market Size And Forecast, 2015-2025 , Adroit Market Research press release, November 2018

[1] Definition of chip card . Retrieved February 16, 2015.