Security’s Role in the Smart-card Game

  • By Paul Kocher, Pankaj Rohatgi, Ken Warren
  • Aug 01, 2010

Smart cards are the first truly successful mass-market semiconductor segment with the primary objective of providing security. Unlike holograms, magnetic-stripe cards and most RFID chips, smart cards can perform cryptographic computations using on-chip keys. As a result, a smart card can authenticate itself to other devices without revealing its secrets.

This capability has proved valuable for a wide range of applications. For example, smart cards for banking are ubiquitous outside the United States and have played a major role in managing fraud by securely authenticating account holders. In fact, securely binding a user’s identity to a card is a common feature across many smart-card applications, including transport, healthcare, passport and identification, and the largest smart-card segment, SIMs for mobile phones. The importance of smart cards is reflected in their ubiquity; about 5 billion smart cards are produced annually.

Smart cards have played a major role in the development of semiconductor security technologies over the past decades. The evolution of sophisticated tamper-resistance mechanisms and secure design methodologies, including countermeasures to side channel attacks, has largely been driven by the smart-card industry’s need to protect on-chip secrets.

We are now seeing similar tools and techniques being adopted in a wide range of other technology products.

For example, the development of new payment platforms is creating requirements for tamper-resistant cryptographic implementations for mobile phones and other devices. Similar needs also are appearing in the entertainment, embedded systems, network access and power metering fields.

Smart cards also have played an important role in making strong security cost effective. The average smart-card chip sells for less than $1. Even low-end chips support standard cryptographic algorithms, such as AES, which are mathematically extremely secure. But chips do vary in their protection against attackers who have physical possession of the chip and are seeking to extract secret keys. While no physical device can be perfectly secure against such attacks, smart-card chips that cost a few dollars can often provide similar protection to hardware security modules selling for thousands of dollars.

As we face the challenges of integrating security into an ever-increasing range of products, the security technologies developed to secure smart cards will provide a very useful toolbox.

About the Authors

Paul Kocher is the founder, president and chief scientist at Cryptography Research.

Pankaj Rohatji is the technical director of hardware solutions.

Ken Warren is the smart-card business manager at Cryptography Research.

Featured

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.