A smart card system involves two subsystems, the card itself and the terminal in which it is inserted. In most cases the terminal is connected on-line to a central computer such as a financial transaction system. Thus there is a lot of software elements involved which must work together. This is not trivial because each subsystem is very different and will require significantly different skills, particularly in defining standards
The lower cost memory cards do not need any software on the card itself, everything is done by the program in the terminal itself, although standards for physical interfacing and accessing the on-card memory are critical from the beginning and are now established. There is still a lot of discussion over the merits of connection versus connectionless cards though. Sadly the standards for programmable cards are not so well established!
The lower cost programmable cards use an 8-bit processor based on the old 8051 with limited amounts of memory. Thus the software on the card must be very efficient and is limited in functionality. The more expensive cards feature 16 and now 32-bit processors with a lot of memory. They can only be cost justified at present for the more sophisticated applications such as security or medical records. It follows then that in practice these systems will need some sophisticated logic and some complex programs on card.
The 8-bit cards will normally feature a simple application developed as a single image loaded onto the card. The 16 and 32-bit cards will normally support an operating system, either a dedicated one designed for real-time applications such as Multos, or a ROM-based version of Linux. Microsoft appears to have backed down at the moment on delivering an NT alternative similar to Windows CE. They are obviously waiting for the volume markets. It is also quite common to run a Java Virtual Machine with the operating system, enabling standard Java development tools to be used.
The programs which run on the cards are specific to the application. They will be loaded onto the card by the card supplier. With the more powerful OS controlled cards it is possible that the terminals will be able to update the on-card programs. This is actually a very important requirement in the future because it enables new applications to be added to an existing card. We can envisage an era when cards are issued by, say, a financial institution to provide the basic service and then various retailers can add to the card loyalty schemes, etc. This however is a long way off yet because it requires a huge investment in terminals and it needs standards!
The most important standard to date is a European one conceived by the financial institutions Europay, MasterCard and Visa. The EMV Spec was introduced in 1996 and the latest version is EMV2000. Most terminals out in the field in Europe will conform to EMV96. Other countries and banks have no obligation to EMV and do their own thing. America’s "not invented here" syndrome probably prevents them from joining in EMV, especially as France is major smart card player! The M&V from EMV is MasterCard International and Visa International, rather than the USA parents! It is believed that the major USA terminal manufactures are shipping most of the smart card terminals into Europe/Asia markets rather than their own. It is going to be international as well as business politics that affect the speed and take up of any truly international standard for smart card use in financial transactions, and the ability to use a financial transaction card to load on other applications such as loyalty, health, security etc.
One of the obvious objections to using a standard such as EMV is the potential tie in to Visa, etc. services. Thus there are a growing number of examples of organisations, banks in third world countries for instance, who are implementing their own systems. The same is true for other specific applications such as transport and security systems. This means that the whole system, card programming, terminal programming and central applications, as well as the network are being introduced independent of any standards. Eventually they will have to inter-work with other systems, but it seems that there will be a lot of emphasis on private networks with gateways into other services. This unfortunately means that it will be difficult to make cards adapt to a variety of applications.
Martin Healey, pioneer development Intel-based computers en c/s-architecture. Director of a number of IT specialist companies and an Emeritus Professor of the University of Wales.