Smart card

From Clinfowiki
(Redirected from Smart token)
Jump to: navigation, search

A smart card is a device with a tamper (attack)-resistant, integrated circuit chip (ICC) functioning as a secure microcontroller with internal memory or a secure memory chip alone.

DEFINITION

Smart card devices are small personal items that take the form of a plastic card, a subscriber identity module (SIM) card, a universal serial bus (USB) drive, or an electronic fob (named for the medallion on a watch or key chain). (10) They are always part of a system and they tend to be the simplest part of that system. They can participate in automated electronic transactions, store data securely, and host/run a range of security algorithms and functions. They are not easily forged or copied, unlike cards with a magnetic strip. They are primarily used to add security to the system. (11)

There are two general categories of smart cards: contact and contactless. A contact smart card requires a smart card reader. The smart card usually has a gold-plated surface or conductive contact plate that transmits commands, data, and card status to the reader upon physical contact. A contactless smart card also requires a smart card reader but does not require contact with the reader. Instead, both the reader and card have antennae and communicate over a short distance (inches or centimeters) using radio frequencies (RF). The card’s power for the transmission of the RF is derived from the electromagnetic signal. Additionally, there are two smaller categories related to these: hybrid and dual-interface. The hybrid card has two chips, one for contact and one for contactless connection. The dual-interface card has a single chip that can be accessed by contact or contactless interface. (10)

SMART CARD CHARACTERISTICS

Features

CPU (>32bit), RAM (>8kb), ROM (>200kb), EEROM (>64kb), operating system, development tools, and secure. Attributes: small size, low power, crypto-processor option, low cost, standardized, consistent, controllable, no internal power supply, no user interface, no clock, and maybe inflexible. (12)

Tamper Resistance

The first barrier to an attacker is a physical barrier of silicon that hides the chip components and prevents probing the circuits. The second barrier is an active current-carrying layer. A break in the layer makes the chip useless to the attacker. The third barrier is scrambling of the circuitry upon a breach of the second barrier. Scrambling confuses the attack target. If the bus or memory is found, it is encrypted. (13)


SMART CARD STANDARDS

A summary of standards bodies used for various smart cards and some specific smart card standards:

  • ISO/IEC Standards,
  • Federal Information Processing Standards (FIPS),
  • American National Standards Institute (ANSI) Standards,
  • Global Platform (GP),
  • Common Criteria (CC),
  • International Civil Aviation Organization (ICAO),
  • International Airline and Transportation Association (IATA),
  • G-8 Health Standards,
  • Health Insurance Portability and Accountability Act (HIPAA),
  • Global System for Mobil Communication (GSM) Standards,
  • EMV 2000 Specifications,
  • Personal Computer/Smart Card (PC/SC) Workgroup Open Specifications,
  • OpenCard (TM) Framework,
  • American Public Transportation Association,
  • Biometric Standards (14)

SMART CARD APPLICATIONS

Smart cards are used worldwide to facilitate or contribute to access, identity, and payment. This is a list of smart card application categories.

  • Enterprise ID,
  • Financial,
  • Government,
  • Healthcare,
  • Identity,
  • Telecommunication,
  • Transportation (15)

Healthcare Application

In the U.S. healthcare industry, aspects of the Health Insurance Portability and Accountability Act (HIPAA) are driving implementation of smart card systems to improve security and privacy. The following are three early program implementers: New York’s Mount Sinai Hospital, Texas’ Lake Pointe Medical Center, and Inland Northwest Health Services. The current programs focus on patient identification and authentication, correlating patients to their data, synchronizing data from disparate sources, and security and access control. (16)

HISTORY

The smart card was first introduced in the 1983 as way to reduce theft with pay phones in Europe.[1] This technology’s ability to securely store information drastically expanded its use to be used as a credit card, customer loyalty programs, store finance and personal health care information as well as many other uses.[2]

National Smart Card Projects

Since the late 1990’s countries have successfully distributed millions of smart cards to its citizens to improve their health care systems. The smart cards contain a variety of patient health, insurance, as well as other social service related information. A few of the smart card projects are:

Algeria

In 2007, Algeria launched the card type CNAS, number of cards deployed 7 million.[17]

Austria

In 2005, Austria completed it’s roll out of the ‘e-card’ which replaced there paper health insurance card.[3] Eleven million patient & 24,000 professional cards.[17]

Belgium

In 1998 the Social Information System (SIS) card was rolled out to every citizen over 12 years of age. This smart card contained information related to different social security sectors, such as income and health care. In 2004, the country began rolling out a newer version called the Belgian citizen eID. [4] Now 11 million cards deployed.[17]

France

The Vitale card was first issued to all of it’s citizens in 1998. In 2006, France released the next generation of the Vitale card which contained electronic signatures. [5] Now 60 million deployed (combination patient & professional).[17]

Germany

The electronische Gesundheitskarte (eGK), containing prescription information, was rolled out to all of Germany’s 71 million health insurance customers in 2006. At the time, the project was considered the world’s largest IT project costing 1.6 Billion Euros.[6] Now, 80 million patient & 375,000 professional cards deployed.[17]

Mexico

The Seguro Popular health insurance cards launched in 2006. Now 3.7 million deployed.[17]

Puerto Rico

In 2005, Puerto Rico issued 2 million smart cards to Medicaid recipients under the Tarjeta Inteligente De Salud program.[7,8]

Slovenia

The Health insurance card was launched in 1999. Now, 2 million patient & 70,000 professional cards deployed.[17]

Spain

The Carte Sante type card was launched in 1995. Now, 5.5 million deployed.[17]

Taiwan

In 2004, Taiwan replaced the National Health Insurance (NHI) paper card with a smart card containing the patient’s medical history and preventive health management information.[9]

United Kingdom

The NHS Connection for Health (health professional cards) is the type of card. Now, 1.2 million deployed.[17]

References

  1. Smart Card [1]
  2. What is a Smart Card? [2]
  3. AT: Austria launches electronic health insurance card pilot [3]
  4. Belgium Strategic perspective [4]
  5. National profile for eGovernment IDM initiatives in France [5]
  6. German Health Card[6]
  7. Axalto wins largest NA healthcare deal[7]
  8. Puerto Rico Launches Health Smart Card [8]
  9. A story of the NHI card: Its growth and change [9]
  10. www.smartcardalliance.org/pages/smart-cards-intro-primer.
  11. Mayes, Keith & Markantonakis, Konstantinos, Eds. Smart Cards, Tokens, Security and Applications. Chapter 1: An Introduction to Smart Cards. Springer Science+Business Media, LLC. 2008, p.1-25.
  12. Mayes, Keith & Markantonakis, Konstantinos, Eds. Smart Cards, Tokens, Security and Applications. Chapter 1: An Introduction to Smart Cards. Springer Science+Business Media, LLC. 2008, p.12.
  13. Mayes, Keith & Markantonakis, Konstantinos, Eds. Smart Cards, Tokens, Security and Applications. Chapter 1: An Introduction to Smart Cards. Springer Science+Business Media, LLC. 2008, p.11.
  14. www.smartcardalliance.org/pages/smart-cards-intro-standards.
  15. www.smartcardalliance.org/pages/smart-cards-intro-applications.
  16. Smart Card Alliance: A Healthcare CFO's Guide to Smart Card Technology and Applications. Publication Number: HCC-09001. Feb. 2009, p.7.
  17. Smart Card Alliance: A Healthcare CFO's Guide to Smart Card Technology and Applications. Publication Number: HCC-09001. Feb. 2009, p.6.



Submitted by Mary Ellen Mattson

Submitted by Elaine Williams