How do smart cards work

[chushpan]

What is a smart card?​

A smart card is a plastic card with a built-in microchip that can store and process data. Smart cards are widely used in various fields: bank cards, SIM cards for mobile phones, electronic passports, passes, loyalty cards and other authentication and identification systems.

How does a smart card work?​

The smart card consists of the following main components:

1. Plastic case:
   • Protects internal elements from damage.
   • Typically the size of a standard bank card (ISO/IEC 7810).
2. Microchip:
   • It is the "brain" of the map.
   • There can be two types:
     • Contact Chip: Requires physical connection to the terminal via metal contacts.
     • Contactless chip: Uses NFC (Near Field Communication) technology to communicate with the terminal.
3. Antenna (for contactless cards):
   • Allows data to be transmitted over a distance without physical contact.
4. Memory:
   • Includes ROM (read-only memory), RAM (random access memory) and EEPROM (non-volatile memory for storing data).
5. Processor (for smart cards with a microprocessor):
   • Performs calculations, encryption, and data management.

How does a smart card work?​

The operation of a smart card depends on its type and purpose. Let's consider the main stages of interaction between a smart card and a terminal.

1. Initialization​

• When a card is inserted into the terminal (or touched to a contactless reader), the terminal sends a RESET command.
• The card responds with ATR (Answer To Reset), which contains information about supported protocols and communication parameters.

2. Authentication​

• The terminal checks the authenticity of the card.
• Various methods can be used for this:
  • Static authentication: Verify the digital signature or certificate of the card.
  • Dynamic authentication: Generation of a cryptogram (e.g. ARQC in EMV cards).
  • PIN code: The cardholder enters a PIN to access the data.

3. Data exchange​

• After successful authentication, the terminal can send commands to the card.
• Commands may include:
  • Reading data (e.g. card number, expiration date).
  • Writing data (eg updating a transaction counter).
  • Performing cryptographic operations (such as encryption or key generation).

4. Completion of work​

• After the operation is completed, the terminal sends a DEACTIVATE or RELEASE command.
• The card goes into standby mode.

Types of Smart Cards​

1. Contact cards:
   • Require physical connection to the terminal via metal contacts.
   • Examples: bank cards with chips, SIM cards.
2. Contactless cards:
   • Use NFC technology to communicate with the terminal.
   • Examples: public transport cards, contactless payment cards.
3. Hybrid cards:
   • Combines contact and contactless interfaces.
   • They are used in complex systems, such as electronic passports.
4. Memory cards:
   • Contain only memory (ROM, EEPROM) and do not have a processor.
   • Used for simple data storage (eg loyalty cards).
5. Microprocessor cards:
   • Contains a processor and an operating system.
   • Can perform complex operations such as encryption and authentication.
   • Examples: bank cards, Java Card.

Advantages of Smart Cards​

1. Safety:
   • Data is stored in secure memory.
   • Encryption and authentication are supported.
2. Convenience:
   • Easy to use and carry.
   • Contactless cards allow you to make transactions quickly.
3. Reliability:
   • Resistant to mechanical damage (compared to magnetic strips).
4. Flexibility:
   • Can be used in various systems (payments, identification, transport).

Example of using smart cards​

Scenario: Payment in a store​

1. The customer inserts the card into the terminal (or applies a contactless card).
2. The terminal sends a RESET command and receives ATR.
3. The terminal selects an application (for example, Visa or MasterCard) on the chip.
4. The chip generates ARQC (authorization cryptogram) and sends it to the bank.
5. The bank checks the ARQC and sends an ARPC (response cryptogram).
6. The terminal completes the transaction and issues a receipt.

Conclusion​

Smart cards are versatile devices that provide secure storage and processing of data. They are used in various fields due to their reliability, security and convenience. Understanding how smart cards work is important for developers, security specialists and users.

If you have additional questions about how smart cards work or their application, ask them!

 

[Man]

A smart card is a plastic card with a built-in microprocessor (chip) capable of performing calculations, storing data and interacting with external devices (terminals, readers).

1. Main components of a smart card​

Component	Description
Microprocessor (CPU)	8/16-bit, 1–30 MHz frequency (e.g. ARM SecurCore, Infineon SLE).
Memory	ROM (ROM, OS code), EEPROM/Flash (data), RAM (random access).
Cryptographic coprocessor	Accelerates AES, RSA, ECC (not available in all cards).
Interfaces	Contact (ISO 7816), contactless (NFC, ISO 14443).
operating system	For example, Java Card, MultOS, proprietary OS.

2. Types of smart cards​

2.1. By interface​

• Contact (EMV bank cards, SIM) - require insertion into a reader.
• Contactless (PayPass, transport cards) - work via NFC.
• Hybrid (both options, for example, MIR cards).

2.2. By functionality​

• Payment (Visa, Mastercard with chip).
• Identification (passes, electronic passports).
• SIM/eSIM (mobile operators).
• Special (crypto wallets, such as Ledger).

3. How does the interaction take place?​

3.1. Contact cards (ISO 7816)​

1. Physical connection:
   • The card is inserted into the reader, the contacts are closed.
   • The reader supplies power (3.3V/5V) and a clock signal.
2. Data exchange:
   • Via APDU commands (see the section on Java Card).
   • Example:
     

     00 A4 04 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00

     (Selecting a payment application).

3.2. Contactless cards (ISO 14443)​

1. Power induction:
   • The reader creates an electromagnetic field (~13.56 MHz).
   • The card's antenna picks up the energy and activates the chip.
2. Protocols:
   • Type A/B (Mifare, Visa PayWave).
   • Exchange via RF signal (similar to APDU, but with additional protection).

4. Smart card security​

4.1. Defense mechanisms​

• Dynamic authentication: One-time codes (like in EMV).
• Encryption: AES-256, RSA-2048, ECC-P256.
• Secure Element: An isolated environment for keys.
• Anti-attacks: Protection against DPA/SPA (power analysis), fault injection.

4.2. Vulnerabilities​

• Cloning Mifare Classic (Crack since 2008).
• Attacks on old Java Cards (via APDU non-validation).
• Side-channel attacks (e.g. RSA execution time).

5. Example: EMV transaction​

1. The terminal selects an application on the map (SELECT PPSE).
2. The card sends a list of supported programs (AID).
3. The terminal transmits the amount and transaction parameters.
4. The cardgenerates a cryptogram (ARQC) based on:
   • Card numbers,
   • Random number from the terminal,
   • Bank key.
5. The bank checks the ARQC and approves/rejects the payment.

6. Analysis tools​

• Readers: ACR122u, Omnikey.
• Software:
  • OpenSC (working with APDU),
  • JCardSim (Java Card emulator),
  • Proxmark3 (for contactless cards).

Conclusion​

Smart cards are mini-computers with cryptographic protection. Their key features are:
✔ Secure key storage,
✔ Dynamic code generation,
✔ Support for complex protocols (EMV, PKI).

Important : Most modern cards cannot be copied without access to master keys. For testing, use emulators (for example, GlobalPlatform).

Want to learn more about APDU or Mifare hacking? Ask!