There are two types of smart cards: contact and contactless. Both have an embedded microprocessor and memory. The smart card differs from the card typically called a proximity card in that the microchip in the proximity card has only one function: to provide the reader with the card’s identification number. The processor on the smart card has an operating system and can handle multiple applications such as a cash card, a pre-paid membership card, and even an access control card. The difference between the two types of smart cards is found in the manner with which the microprocessor on the card communicates with the outside world. A contact smart card has eight contacts, which must physically touch contacts on the reader to convey information between them. Since contact cards must be inserted into readers carefully and the orientation has be observed the speed and convenience of such transaction is not acceptable for most access control applications. The use of contact smart cards is physical access control is limited mostly to parking applications when payment data is stored in card memory and when the speed of transactions is not important. A contactless smart card uses the same radio-based technology as the proximity card with the exception of the frequency band used: higher frequency (13.56Mhz instead of 125 kHz) allows to transferring more data and communicating with several cards at the same time. A contactless card does not have to touch the reader or even be taken out from a wallet or purse. Most access control systems only read serial numbers of contactless smart cards and do not utilize the available memory. Card memory may be used for storing biometric data (i.e. fingerprint template) of a user. In such case a biometric reader first reads the template on the card and then compares it to the finger (hand, eye, etc.) presented by the user. This way biometric data of users does not have to be distributed and stored in the memory of controllers or readers, which simplifies the system and reduces memory requirements.
Smartcard readers have been targeted successfully by criminals in what is termed a supply chain attack, in which the readers are tampered with during manufacture or in the supply chain before delivery. The rogue devices capture customers' card details before transmitting them to criminals.
No comments:
Post a Comment