Integrated Circuit Card
Generated by GPT-5-miniExpansion Funnel Raw 84 → Dedup 0 → NER 0 → Enqueued 0
| Integrated Circuit Card | |
|---|---|
| Name | Integrated Circuit Card |
| Type | Smart card |
| Inventor | Roland Moreno; contributions: Gérard Lambert; Hugh Conway |
| Introduced | 1970s |
| Used by | Visa Inc., Mastercard, American Express, Europay International |
| Technologies | ISO/IEC 7816, EMV |
Integrated Circuit Card An integrated circuit card is a portable plastic card embedding an integrated circuit to provide data storage, processing, and secure authentication for transactions and identification. Cards combine semiconductor microcontroller or memory card chips with contact or contactless interfaces to support applications in banking, telecommunications, identity, and access control. Industry adoption involved standards organizations, financial consortia, and telecommunications operators coordinating specifications, certification, and deployment.
Introduction
Integrated circuit cards emerged as an evolution of magnetic stripe card and memory card technologies to offer programmable computation, secure key storage, and tamper resistance. Early development involved patent activity by inventors and commercial prototypes from Gemplus International, Schlumberger Limited, and Philips N.V. before large-scale issuance by payment networks like Visa Inc. and Europay International. The technology underpins national identity schemes such as ePassport programs and mobile subscriber identity modules standardized by 3GPP and operators like Vodafone Group.
History and Development
Origins trace to integrated circuit research at firms including Texas Instruments, Intel Corporation, and semiconductor foundry advances at TSMC that enabled embedding chips in polyvinyl chloride substrates. Early smart card advocacy and patents involved Roland Moreno and companies such as Gemplus International (later Gemalto), Schlumberger Limited, and Bull; governments and banks like Deutsche Bundesbank and Banque de France funded pilots. Transition points included adoption of ISO/IEC 7816 contact standards, the launch of the EMV specification by Europay International, Mastercard, and Visa Inc., and migration from magnetic stripe deployments after large-scale fraud events illuminated security benefits. National projects—such as Estonia’s e-ID, Belgium’s eID card, and India’s Aadhaar infrastructure—drove integration with civil registries and public key infrastructures managed by agencies like NIST and ENISA.
Design and Components
A card typically contains a microcontroller or secure element fabricated using CMOS processes at fabs like GlobalFoundries; packages include contact pads or an embedded antenna coil for near-field communication compliant with ISO/IEC 14443 or ISO/IEC 15693. Core components include non-volatile memory types (EEPROM, NAND flash), volatile RAM, crypto co-processors implementing algorithms from standards bodies such as NIST and IETF (e.g., AES, RSA, ECC), and tamper-evident features derived from hardware security modules used by Thales Group and Gemalto. Physical form factors follow ID-1 and slot designs defined in ISO/IEC 7816; packaging, embossing, and personalization often involve vendors like Entrust and Morpho.
Standards and Technologies
Interoperability depends on multilayered standards: ISO/IEC 7816 for contact interface, ISO/IEC 14443 for proximity coupling, EMV for payment application frameworks, and GlobalPlatform for lifecycle and application management. Telecommunications SIMs adhere to 3GPP specifications and integrate with ecosystems managed by GSMA; government identity schemes reference ICAO Machine Readable Travel Document standards for ePassport chips. Cryptographic algorithm guidance stems from NIST publications and regional directives from ENISA; testing and certification involve laboratories certified to Common Criteria and payment brand certification programs run by Visa Inc. and Mastercard.
Applications
Integrated circuit cards serve banking and payment systems (issued by Bank of America, HSBC, Barclays), telecommunications as SIM card for operators like AT&T Inc. and T-Mobile US, government identity and travel credentials used by ministries in France, Germany, and Japan, healthcare authentication in programs overseen by Centers for Medicare & Medicaid Services and national health agencies, transit fare media deployed by authorities such as Transport for London and MTR Corporation, and enterprise access control in corporations like IBM and Siemens AG. Specialized uses include digital signatures in European Commission eIDAS implementations and loyalty programs by retailers including Walmart and Tesco.
Security and Authentication
Security relies on secure key storage, tamper resistance, and cryptographic protocols implemented by vendors such as Infineon Technologies and NXP Semiconductors. Authentication mechanisms include symmetric challenge–response, asymmetric digital signatures using RSA and ECC (e.g., curves specified by SECG), mutual authentication per ISO/IEC 7816-4, and application-layer protections from payment schemes like EMVCo. Threat mitigation covers side-channel resistance against attacks studied by researchers at MIT, RSA Security, and EURECOM; certification frameworks include Common Criteria Evaluation Assurance Levels and payment brand compliance testing administered by EMVCo and PCI SSC.
Manufacturing and Lifecycle Management
Manufacturing spans semiconductor fabrication at fabs (e.g., TSMC, GlobalFoundries), card assembly by suppliers such as Thales Group and Giesecke+Devrient, personalization centers run by firms like IDEMIA and Sm@rtTrust, and distribution channels coordinated with issuers including Deutsche Bank and JPMorgan Chase. Lifecycle management uses GlobalPlatform specifications for application installation, secure update, and termination; revocation and credential management integrate with public key infrastructures maintained by certification authorities like DigiCert and Let’s Encrypt. Environmental and disposal concerns reference directives such as the WEEE Directive and recycling practices adopted by manufacturers and agencies in European Union member states.
Category:Smart cards