Biometrics, new apps require more memory and faster data transfer
Advances: speed, size and new memories
Larger storage is becoming a necessity as biometrics are used for multi-factor authentication, says Neville Pattinson, vice president for Government Affairs, Standards and Business Development at Gemalto. “We’re starting to see pilots for contactless use of biometrics,” he explains. The Department of Defense is piloting systems that store a biometric template on the card but do the matching on the server.
Another change on the horizon for contactless is the use of flash memory instead of EEPROM, Pattinson says. Once flash memory chips are widely available, the chips will have larger memory capacity and enable easier formatting.
Instead of requiring the operating system and applications to be burned into the chip at the point of manufacture, flash memory can be formatted in the field by the issuer. With EEPROM the operating system and applications had to be “masked” separately from personalized data, a process that could add months to the production time for EEPROM chips. These newer flash chips ease this burden, and should be widely available in the next 18 to 24 months, Pattinson says.
It is with these new flash chips that higher data rates may really benefit issuers. Higher speeds can be beneficial for some of the new applications, but in many cases it is more crucial during the document’s creation than during future use in the field. When flash memory is used for passports, for example, manufacturers need to load large amounts of data including operating system code to every card during the document production process.
In such cases, the high-speed capabilities – referred to as Very High Bit Rates or VHBR – can save time and money. At the point of reading the passport in the field, however, the standard communication speed of 848kbps – defined in the ISO 14443 contactless industry standard – remains the norm. Insiders say it takes just 3 seconds to read a passport chip in the field, a small fraction of the time it takes to progress through gates, present documents and biometrics for comparison and talk to officers.
Another change has come as application programmers have become more efficient when it comes coding for contactless, says Philip Andreae, vice president for Field Marketing North America at Oberthur Technologies.
And there is a switch to a different type of processor. “Silicon manufacturers are moving toward RISC-based processors, shrinking the execution time of a command,” he adds.
Another major leap in terms of security is the introduction of chips that do not store the critical information, such as secret keys, but rather generate it at every transaction based on the “chip DNA,” known as Physical Unclonable Function.
While the introduction of these and other emerging technologies opens new doors for contactless, it also creates new challenges for the industry in terms of security and standardization. Current security evaluation schemes such as Common Criteria have been validated over the past 20 years on traditional contactless chips and approaches. The introduction of new memory technologies and communication protocols will bring new attack scenarios, and thus new protection profiles and safeguards are needed. The industry is already working to define these new security standards, in order to enable mass adoption with a similar level of security as the previous generation of products.
Contactless smart cards use the International Organization for Standards’ ISO 14443 standard to communicate. This standard has parts A and B that denote slight differences in the spec, but these aren’t as much of an issue as they were a few years ago. “It’s been put to rest,” Borchert explains. “The readers are supporting both types at the same time and it’s no longer a topic of contention.”
Another change has been how the cards are constructed. A contactless smart card has an embedded integrated circuit chip that contains the applications, data and memory that make the card functional. The chip and the antenna are embedded in the layers of different substrates that make up the identity card or document.
In the early days, there were issues from time to time with the antenna and IC connection breaking. Today, however, new manufacturing techniques encapsulate the chip and antenna leading to greater durability and a 10-year lifespan, Borchert explains.
Other contactless form factors
Another change is that contactless technology is being ported to form factors beyond cards and documents. Wearables are embedding the technology and then there’s the ever-present mobile device.
Contactless smart card technology and the ISO 14443 standard is the same technology that’s used in near field communication. With Apple Pay and Samsung Pay taking advantage of NFC, the same technology is being used in an entirely different form factor, says Andreae.
It’s only a matter of time before this technology is enabled to do even more than make payments, Andreae explains. Transit agencies around the globe are moving to open-loop systems so these technologies can be used for access. Hotels and other consumer service industries are also increasingly using the technology.
It won’t be too long before NFC is included in laptops, PCs and tablets, Andreae says. In this way consumers can use their phone or a card as an additional factor of authentication when accessing secure sites or making purchases.
Another important aspect of the NFC adoption is the ubiquity of reader infrastructure. Governments and businesses no longer need to rely on heavy hardware infrastructure investments for rolling out nationwide contactless card schemes, because the new use cases rely more on developing apps on these consumer devices, explains NXP’s Barbu.
Even with different form factors emerging, contactless cards continue to grow in both numbers and capabilities. Next generation chips are capitalizing on the stable foundation constructed during the previous two decades, while amping up speed and capacity. This opens new doors and is paving the way for an even brighter contactless future.