The smart card, which can be seen as an intelligent token, is a standard-sized plastic card with an embedded integrated circuit chip. It provides not only memory capacity, but computational capability as well.
The physical structure of a smart card is specified by the International Standards Organisation (ISO) standards 7810, 7816/1 and 7816/2.
The card consists in three parts; the plastic card, a printed circuit and an integrated circuit embedded on the card.
Figure 1. Physical structure of a smart card
The printed circuit provides five connection points, being two for power (VCC, GND) and three for data (CLK, RST, I/O).
Figure 2. A smart card, combining credit card and debit card properties
The capability of the card is defined by the integrated circuit, which can be only memory based or micro-controller (MCU) based. When a high level of security is required usually is used the MCU based circuit which consists of a microprocessor, read only memory (ROM), a random access memory (RAM) and an electrically erasable programmable read only memory (EEPROM) which retain its state when power is removed.
A card operating system (COS) is a piece of firmware to be stored in the ROM of the micro-controller integrated circuit embedded inside the smart card.
The COS has four main functions:
- Establish and control the communication link between the smart card and the card accepting device;
- Manage the EEPROM memory allocation in the smart card;
- Control the access to the allocated memory areas according to defined access conditions;
Perform security algorithms (encryption/decryption, password verification) for the authentication of usage, and secure communication between the smart card and the card-accepting device.