Smart Card Reader Features

We can now take a closer look at some of the features mentioned in the previous section. All of the features may not appear in any one card terminal and we have made up a generic reader for our purpose.

Figure 19. Smart Card Reader Features

5.2.1 Hardware Features

5.2.1.1 User Interface

• Smart Card Accepting Unit

When a card is inserted into a reader, power must be applied to the chip contacts and a timing signal (clock) established for the card to be

operational. Although most smart cards today conform to the location of the contact area according to the ISO standard, the cards from the earlier French trials conform to the French national standard (AFNOR) and have a slightly different position. As a result, some card readers have two contact modules in the slot.

Contact Methods

The accepting unit can have one of two methods to establish contact with the chip:

Sliding Contact The cheaper readers have simple sliding contacts that tend to leave scratch marks on the gold contact area. This affects the contact area after some use and the card may need several insertions and removals in order to get a good connection.

Landing Contact The landing method makes a more gentler contact by means of pins that land on the surface when the card is inserted.

When the card is removed, the pins release the pressure so that there is very little wear and tear on the chip contacts.

These landing contact readers are more expensive than the simple devices that use the push-pull method. More advanced high-performance readers used in ATMs for example have motorized electro-mechanical units with card locking, ejection and retaining features.

• Display

Smaller readers may have an LCD panel capable of displaying characters on a few lines. Larger displays may be equipped to display graphics.

• Keyboard (PIN pad)

The reader may have a very simple numeric keypad or a secure keypad to enter the PIN. A PIN pad is usually sealed together with a security module to encrypt the key strokes and verify the PIN directly with the smart card.

This avoids a breach in security by not exposing the PIN to the outside world. The security module is also able to detect any attacks. Additional programmable function keys may be provided depending on the reader.

5.2.1.2 Communication

• Host Attachment

For PC-connected readers, communication is provided using the standard serial port operating at 9600 baud. Higher and lower speeds may be possible depending on the reader configuration settings and technical capability.

• Printer Attachment

Stand-alone readers (for example a reader used at a health clinic) may have a printer port with the capability to print forms with details read from the card already filled in.

• Host Dial-up Facility

Card terminals used in the payment environment, for example where electronic cash is used, may use a modem to dial-up the host and transfer the electronic funds to the retailer′s account by means of secure protocols.

5.2.1.3 Compliance

• Certification by Banks and Other Organizations

An example of this is a smart card hotel application that uses a kiosk in the lobby. When a new component such as the smart card reader is installed, approval from a Fire Regulation Authority may be a requirement to certify that the kiosk meets the standards for fire safety. Where a smart card is used for payment, the reader devices would require certification by the bank concerned.

• PC/SC Compatibility

If the reader is interfaced to the PC platform, the reader may have PC/SC compliance. The reader manufacturer has to supply the appropriate device drivers to make this feature available.

5.2.1.4 Security

• Card Retaining Feature

In a similar method used with magnetic stripe cards, the readers (for example those used in ATM machines that are motorized) have a feature to retain a smart card.

• Physical Security Methods

Very secure card terminals would have a shutter to lock the card in during a transaction or clip any wires being used to read signals from the chip contacts while in use.

5.2.2 Terminal Microcode

• Terminal Operating System

All the terminals have a small operating system inside written in the terminal microcode to handle different tasks such as polling, processing commands and interrupts, and controlling the keyboard, communication and display.

• I/O Modules

Servicing the terminal′s display, electro-mechanical attachments, serial and modem communication is done by dedicated I/O modules under the control of the operating system.

• Secure Application Module (SAM)

The terminals must also be able to handle the many different retailers′ and card issuers′ cryptographic keys, as well as to encrypt and log the

communications with the outside. This is accomplished by a SAM module securely located inside the card terminal. The secure keys required for transactions may be stored in the SAM module or the keys may be stored in a smart card chip in the ID-000 card format (see Figure 7 on page 31) and is slid into contact with the SAM module. A terminal can have more than one SAM module (up to 6 in some readers), in order to service different

card-issuing authorities. In some instances several of these authorities may jointly issue a smart card, which is then located inside the SAM.

• Applications

The terminal can have applications loaded, for example to take the payment from a smart card and log it for later sending to a bank account. The

terminal application code is usually downloaded using a secure host connection.

5.2.3 Software Maintenance

• Facility for Software Upgrade/Download

Software maintenance/upgrade for readers may be provided using a dial-up host link.

• Terminal error log

The terminal (for example, a kiosk) may have a log of transactions and any errors, which is uploaded to the host for analysis and diagnostics.

5.2.4 Platform Software

• Device Driver

The card readers are usually provided with the drivers in the form of DLLs (dynamic link libraries). These work on a specific workstation platform.

• Application programming Interface

As each reader requires its own drivers, the problem of handling these drivers is delegated to a software layer and the application uses a standard set of APIs as defined by PC/SC (for Windows 95/NT) or OCF (for Java, NC, UNIX and Windows 95/NT).

5.2.5 Other Features

• Capacity to Hot List Cards

The host dial-up link can provide a downloading facility for updating a card hot list at the reader. These are primarily used at ATMs.

• Capability to handle other card types

Readers can handle both magnetic stripe cards and smart cards or even cater for both the French (AFNOR) standard and ISO standard chip contact positioning.

• Power Supply

PC attached smart card readers draw their power from various sources: a built-in battery, the RS-232 serial cable or even from the keyboard/mouse connection. In the case of battery-powered readers, the battery capacity and replacement would need to be considered as part of the overall maintenance plan. Sometimes a reader may work well with a desktop PC, but fail to work with some cards on a laptop. The reason for this is likely to be the current consumption of the card which the laptop is unable to meet. Smart cards with a coprocessor may also make additional demands on the current supply and this will affect the choice of reader.