Contactless 2.0: Latest generation chips are bigger, faster
Biometrics, new apps require more memory and faster data transfer
02 February, 2016
category: Contactless, Corporate, Financial, Government, NFC, Smart Cards
Advances: speed, size and new memories
Larger storage is becoming a necessity as biometrics are used for multi-factor authentication, says Neville Pattinson, vice president for Government Affairs, Standards and Business Development at Gemalto. “We’re starting to see pilots for contactless use of biometrics,” he explains. The Department of Defense is piloting systems that store a biometric template on the card but do the matching on the server.
Another change on the horizon for contactless is the use of flash memory instead of EEPROM, Pattinson says. Once flash memory chips are widely available, the chips will have larger memory capacity and enable easier formatting.
Instead of requiring the operating system and applications to be burned into the chip at the point of manufacture, flash memory can be formatted in the field by the issuer. With EEPROM the operating system and applications had to be “masked” separately from personalized data, a process that could add months to the production time for EEPROM chips. These newer flash chips ease this burden, and should be widely available in the next 18 to 24 months, Pattinson says.
Contactless flavors
While the differences between these contactless flavors – or specifications – are often minor, there are some proprietary or custom variations of contactless smart card technology. Here’s a sample:
Open standards
When it comes to the largest of issuances, such as open system payment cards and electronic passports, banks and countries have gone with purely standard 14443 technologies. An open architecture was a necessity for these projects because of the millions of documents that would be produced and the variety of places the information on the credential would have to be read.
LEGIC Prime and LEGIC advant
LEGIC’s original 13.56 MHz contactless technology, LEGIC Prime, predates the development of the ISO standards for contactless. While Prime has been widely used since its launch in 1992, a newer line, advant, is now available. The LEGIC advant system is a set of products that includes cards, readers and applications. LEGIC ensures its card readers are compliant with both the ISO 14443 and ISO 15693 standards as well as its own proprietary technology.
NXP Mifare DESFire
NXP’s DESFire is the next generation after MIFARE. The ISO 14443A-standarized chips are Common Criteria EAL4+ certified and can hold up to 28 different applications. DESFire chips are capable of using 2KTDES, 3KTDES and AES128 cryptographic methods. Unlike the proprietary contactless flavors, it is fully compliant with both ISO 14443 and the ISO 7816-4 file system specifications.
HID iCLASS
HID’s iCLASS platform operates at the 13.56 MHz frequency like its fellow contactless providers, but it uses the less common ISO 15693 standard. The different standard enables a longer read range and longer keys for enhanced security.
NXP Mifare
NXP’s family of MIFARE card and reader ICs is the precursor of the ISO 14443 Type A standard. MIFARE cards support multiple applications, each capable of operating independently of the others through user definable key sets and access conditions.
Sony FeliCa
Sony’s FeliCa could be the most varied of the contactless flavors, complying with a different ISO standard. It was introduced to the Japanese market in 2001. FeliCa is based on the ISO 18902 standard that defines near field communication.
It is with these new flash chips that higher data rates may really benefit issuers. Higher speeds can be beneficial for some of the new applications, but in many cases it is more crucial during the document’s creation than during future use in the field. When flash memory is used for passports, for example, manufacturers need to load large amounts of data including operating system code to every card during the document production process.
In such cases, the high-speed capabilities – referred to as Very High Bit Rates or VHBR – can save time and money. At the point of reading the passport in the field, however, the standard communication speed of 848kbps – defined in the ISO 14443 contactless industry standard – remains the norm. Insiders say it takes just 3 seconds to read a passport chip in the field, a small fraction of the time it takes to progress through gates, present documents and biometrics for comparison and talk to officers.
Another change has come as application programmers have become more efficient when it comes coding for contactless, says Philip Andreae, vice president for Field Marketing North America at Oberthur Technologies.
And there is a switch to a different type of processor. “Silicon manufacturers are moving toward RISC-based processors, shrinking the execution time of a command,” he adds.
Another major leap in terms of security is the introduction of chips that do not store the critical information, such as secret keys, but rather generate it at every transaction based on the “chip DNA,” known as Physical Unclonable Function.
While the introduction of these and other emerging technologies opens new doors for contactless, it also creates new challenges for the industry in terms of security and standardization. Current security evaluation schemes such as Common Criteria have been validated over the past 20 years on traditional contactless chips and approaches. The introduction of new memory technologies and communication protocols will bring new attack scenarios, and thus new protection profiles and safeguards are needed. The industry is already working to define these new security standards, in order to enable mass adoption with a similar level of security as the previous generation of products.
Stable Standards
Contactless smart cards use the International Organization for Standards’ ISO 14443 standard to communicate. This standard has parts A and B that denote slight differences in the spec, but these aren’t as much of an issue as they were a few years ago. “It’s been put to rest,” Borchert explains. “The readers are supporting both types at the same time and it’s no longer a topic of contention.”
Another change has been how the cards are constructed. A contactless smart card has an embedded integrated circuit chip that contains the applications, data and memory that make the card functional. The chip and the antenna are embedded in the layers of different substrates that make up the identity card or document.
In the early days, there were issues from time to time with the antenna and IC connection breaking. Today, however, new manufacturing techniques encapsulate the chip and antenna leading to greater durability and a 10-year lifespan, Borchert explains.
Other contactless form factors
Another change is that contactless technology is being ported to form factors beyond cards and documents. Wearables are embedding the technology and then there’s the ever-present mobile device.
Contactless smart card technology and the ISO 14443 standard is the same technology that’s used in near field communication. With Apple Pay and Samsung Pay taking advantage of NFC, the same technology is being used in an entirely different form factor, says Andreae.
It’s only a matter of time before this technology is enabled to do even more than make payments, Andreae explains. Transit agencies around the globe are moving to open-loop systems so these technologies can be used for access. Hotels and other consumer service industries are also increasingly using the technology.
EEPROM vs. Flash memory
While flash memory is common to most people using USB drives and even some computer hard drives, the smart card industry hasn’t been as quick to use the technology. Instead, smart cards have relied on electrically erasable programmable read-only memory (EEPROM). A change, however, has long been on the horizon.
One of the main reasons is speed. EEPROM memory can only be written and erased one byte at a time so formatting these chips can take a bit of time. The time it takes to initially load information to cards has been a drawback.
Flash memory erases slower but writes much faster than traditional EEPROMs. This makes it possible to fully setup and personalize flash chips in the field, rather than “masking” the operating system code and applications at the point of manufacture.
It won’t be too long before NFC is included in laptops, PCs and tablets, Andreae says. In this way consumers can use their phone or a card as an additional factor of authentication when accessing secure sites or making purchases.
Another important aspect of the NFC adoption is the ubiquity of reader infrastructure. Governments and businesses no longer need to rely on heavy hardware infrastructure investments for rolling out nationwide contactless card schemes, because the new use cases rely more on developing apps on these consumer devices, explains NXP’s Barbu.
Even with different form factors emerging, contactless cards continue to grow in both numbers and capabilities. Next generation chips are capitalizing on the stable foundation constructed during the previous two decades, while amping up speed and capacity. This opens new doors and is paving the way for an even brighter contactless future.
