What is a Smart Card?

A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside -- a normal credit card is a simple piece of plastic. The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card. 

Smart cards are much more popular in Europe than in the United States. In Europe, the health insurance and banking industries use smart cards extensively. Every German citizen has a smart card for health insurance. Even though smart cards have been around in their modern form for at least a decade, they are just starting to take off in the United States.

Magnetic stripe technology remains in wide use in the United States. However, the data on the stripe can easily be read, written, deleted or changed with off-the-shelf equipment. Therefore, the stripe is really not the best place to store sensitive information. To protect the consumer, businesses in the U.S. have invested in extensive online mainframe-based computer networks for verification and processing. In Europe, such an infrastructure did not develop -- instead, the card carries the intelligence. 

The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory (RAM), it would be no different than a diskette.

 Smarts cards may have up to 8 kilobytes of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography.

The most common smart card applications are:

• Banking
• Computer Security Systems
• Credit Cards
• Electronic Cash
• Government Identification
• Loyalty Systems (e.g., Frequent Flyer Miles)
• Satellite TV
• Wireless Systems

Smart cards can be used with a smart-card reader attachment to a personal computer to authenticate a user. Web browsers also can use smart card technology to supplement Secure Sockets Layer (SSL) for improved security of Internet transactions. Visa's Smart Card FAQ shows how online purchases work using a smart card and a PC equipped with a smart-card reader. Smart-card readers can also be found in mobile phones and vending machines.

References

• Homeland Security Presidential Directives
• EPA Smartcards (EPA Intranet Site - EPA Employees Only) 

Securing EPA

• Securing EPA Volume 9 (Fall_2009)

• Securing EPA Volume 8 (Fall 2008)

• Securing EPA Volume 7 (Spring 2008)   

• Securing EPA Volume 6 (Fall 2007)

• Securing EPA Volume 5 (Fall 2006)

• Securing EPA Volume 4 (Spring 2006)

• Securing EPA Volume 3 (Fall 2005) 

• Securing EPA Volume 2 (Spring 2005)

• Securing EPA Volume 1 (Winter 2005)

MOA Between EPA and AFGE on SmartCards

• Memorandum of Agreement on SmartCards (November 14, 2007)
• EPA Security Management Division (EPA Intranet Site - EPA Employees Only)
• EPA 19 (EPA Identification Card Record)
• EPA 41 (Office of Administrative Services Information System) 
• EPA Personal Identity Verification (PIV) Handbook, February 2007
• Amendment to Privacy Act System of records (August 31, 2006)
• Creation of a New System of Records (August 31, 2006) 
• Credit Release Authorization (EPA Form 1480-90, May 2006)
• Personal Identity Verification of Federal Employees and Contractors (NIST March 2006)

• EPA OARM SmartCard FAQs February 16, 2006

• Questionnaire for Non-Sensitive Positions (SF Form 85, September 1995)

• Questionnaire for Public Trust Positions (SF Form 85P, September 1995)

• Optional Application for Federal Employment (OP 612)

• Declaration of Federal Employment (OP 306 Revised January 2001)

• August 5, 2005, Memorandum to Heads of all Departments and Agencies from Joshua B. Bolten, Director, Office of Management and Budget

• EPA December 2004 Personal Security Handbook

• The EPA SmartCard Program - Frequently Asked Questions (EPA Intranet Site - EPA Employees Only)
• EPA SmartCard Fact Sheets (EPA Intranet Site - EPA Employees Only)
• EPA SmartCard Privacy Information (EPA Intranet Site - EPA Employees Only)
• EPA SmartCard Training (EPA Intranet Site - EPA Employees Only)
• EPA SmartCard Badge Replacement (EPA Intranet Site - EPA Employees Only)
• EPA Order 3200 (April 13, 2007)
• EPA Order 3110.2 (JUne 28, 1972)