Published in the April 2005 issue of Today’s Facility Manager
Last year, I provided an overview of smart cards ["Facility Technologist," February 2004, page 14 and online at www.TodaysFacilityManager.com]. Technology in this arena has matured dramatically in the last 12 months and is poised for explosive growth. Smart cards will change many aspects of our lives, and they will provide facility managers with some new solutions to issues they face. These cards offer high security, functionality, and flexibility that far surpass that of magnetic stripe cards.
First, a quick refresher on smart cards. A smart card has either a tiny computer chip or memory chip inside. The first generation of cards had memory chips that could only store and read back data. The latest generation of smart cards features tiny computer chips which actually make the card a miniature computer. The cards are capable of storing data, deleting and changing that data, and performing calculations just like your desktop computer does but with less speed and capacity; they really are computers on cards.
The latest generation of smart cards has a much larger storage capacity than previous iterations. The first smart cards were not so smart; they started with an eight-kilobit capacity (that’s bits, not bytes). The capacity of the early cards was about the same as one long sentence of text (a byte is a string of eight digits, each one either a 1 or 0; a bit is only a single 1 or 0). That’s not much space to work with, and the earliest cards were restricted to storing only very basic data. In this scenario, there was little advantage over a conventional magnetic stripe card, which was far less expensive.
However, with the dramatic progress in flash memory and manufacturing techniques, smart cards today have far greater capacities. For example, Samsung’s new S3CC9EF smart card chip, introduced last fall, has a 256KB EEPROM, 384KB ROM, and 8KB static RAM (those are bytes, not bits). The capacity of the 256KB chip is 256 times more than the first eight kilobit smart cards. This means the chip can not only store data, but it can also retain additional data such as the user’s ID numbers for multiple locations or even multiple e-wallets-individual caches of funds that can only be used for the user’s individual accounts. In the future, this memory capacity will allow users to have multiple credit or debit cards, access control, and other functions on a single card.
Another significant development for smart cards is the Java Card Platform, which was introduced in November 2003. Sun Microsystems created the Java Card Platform to allow its Java programming language to run in a limited fashion on smart cards. This means smart cards can now execute simple programs.
As mentioned earlier, the Java Card Platform has contributed to three areas of significant development for smart cards: security, functionality, and wide open potential due to the non-proprietary nature of the platform. The following is an overview of what these developments mean for smart card users.
This “card computer” can run fairly complex security algorithms that make it highly secure. The fact that Java Cards can run these encryption programs makes them far more secure than a magnetic stripe card. For example, without the ability to run programs, smart cards were only able to store data that could easily be read and copied. When running Java Card programs, however, facility managers can use encryption programs that make it impossible to read the contents of the card without a corresponding authentication key. While it is possible to hack the card and decipher the key, it is very difficult. The Java Card program can be updated, so the encryption key can be changed randomly, or even after every authorized use, making it impossible to hack the security of the card.
This encryption capability is a major advantage over magnetic stripe cards, which cannot encrypt their data and are easily copied or counterfeited. For a few hundred dollars, one can purchase magnetic stripe readers, software, and all the information needed to clone a magnetic card.
If this seems like a far fetched scenario, consider this example: recently, a number of thieves were apprehended for cloning ATM cards by installing their own card readers on the face of ATMs and capturing card information and PIN numbers from unsuspecting users. The equipment they used was commercially available and easily adapted to their scheme. Because of the encryption ability of smart cards, even if a thief does read the card, he or she will only get a meaningless string of numbers that reveals nothing.
This security is so reliable that it is quickly becoming the accepted norm for secure identity verification. The banking industry has fully endorsed it and has created a worldwide standard for smart cards that will soon allow a single card to store multiple accounts. The U.S. departments of Defense and Homeland Security, as well as the military are all rolling out smart card systems. In addition, the U.S. government is considering incorporating smart card technology into all American passports.
A good example of smart cards used to address ID verification problems is the Boeing Corporation, which is instituting smart card technology for all of its facilities. Boeing has adopted a standardized ID badge that is also a smart card. This card is used for access control at all Boeing facilities and is also required in order to use any computer in the facility.
Increasingly, organizations are finding that passwords are not a good method for verifying computer user identities. Many passwords are easy to figure out; also, users with multiple passwords often write them down, making them an easy target for unauthorized use. Some large organizations also expend considerable resources responding to users who forget their passwords. The smart cards can verify identity while eliminating password management issues.
Another way smart cards can solve facility managers’ problems is the ability to combine multiple functions. The Java Card Platform has introduced a new universe of functionality. For example, while smart cards featured microprocessors several years ago, there were very few programs that could run on such a limited processor, and those that did exist were rather crude. The Java Card Platform extends the capabilities of the Java programming language to the tiny processor in a smart card.
Java does not require the processor to store the program, but instead downloads it to the card when it is used and then deletes it afterward. This means the card can run an infinite number of programs without requiring huge processing or storage capabilities. This allows the card to be used for access control, ATMs, health insurance IDs, and other functions.
The National University of Singapore has one of the most comprehensive smart card systems in the world. A single smart ID card provides students and faculty access to secured areas, allows purchases at stores, vending machines, and copiers, grants access to information kiosks, and is a health care ID card.
Wide Open Potential
The non-proprietary nature of the Java Card platform is also a key advantage. Its open nature encourages an enormous pool of developers to create programs that can run on the same card. In other words, developers can create new functionalities and innovations at a pace that is impossible with proprietary systems.
This same strategy sparked the incredible growth of the Java programming language and is responsible for the equally amazing growth of Java Cards. Over 750 million Java Cards were deployed at the end of 2004, and 2005 deployments are expected to be significantly larger.
While the potential of smart cards is increasing at an impressive rate, these cards and related readers are significantly more expensive than magnetic stripe cards. Some facility managers may not be able to justify the expense for access control alone, but smart card technology has a great deal of potential beyond the access control capabilities. Facility managers who are interested in this technology will have to engage multiple departments in a Needs Analysis. By engaging the finance, human resources, and IT departments, many facility managers will be able to craft a strategy for smart card deployment that will provide acceptable ROI to the organization despite the higher initial cost.
With all of the current capabilities of smart cards and new ones on the horizon there is no way of knowing how smart cards will evolve in the near future. Computer processors and memory chips keep getting smaller, and visionaries in so many industries are constantly coming up with new uses for smart cards. The computer on a card is destined to change facility management in ways we cannot yet imagine.
Condon, a Facility Technologist and former facility manager, is a contributing author for BOMI Institute’s revised Technologies in Facility Management textbook. He works for System Development Integration, a Chicago, IL-based firm committed to improving the performance, quality, and reliability of client business through technology.