Tech 101: Contactless smart cards
A primer on radio frequency identification
13 December, 2011
category: Contactless, Education, Library
For more than two decades, the contactless card has been a key tool in managing security, access and payments. Whether it’s used to open doors, facilitate public transit ticketing or mange multiple applications, contactless has become an essential element in many environments. But how does the technology enable all these uses without ever touching a reader?
Contactless cards use radio waves of specific frequencies as carriers for communication. Bryan Ichikawa, vice president for Identity Solutions at Unisys, explains that when used for identification applications radio frequencies come in three basic categories: low frequency, high frequency and ultra-high frequency. Each has a set of ideal applications.
Low frequency (LF) proximity cards operate at 125 or 134 kHz. These lower cost, lower security cards are typically used for door access applications.
High frequency (HF) products operate at 13.56 MHz and included the common ISO 14443 and 15693 standards. The vast majority of ID credentials are high frequency, says Ichikawa, adding that things like passports and bankcards use the ISO 14443 standard.
Ultrahigh frequency (UHF) operates at 433 to 953 MHz and has a longer range. “These cards can be read at 30 feet, but 10 to 15 feet is good accuracy,” says Ichikawa. UHF cards also work on different frequencies depending on geography and the allocation on the spectrum by the global standardization bodies and governments. UHF is commonly used in RFID tags for logistics applications and asset tracking.
Contactless components
The key component in a contactless card is an embedded integrated circuit (IC) chip that contains the applications and data that make the card functional. The chip is either a microprocessor with internal memory, or a memory chip with non-programmable logic. The components within the IC store, transmit and process data.
A contact smart card also has an IC chip but it is exposed on the card’s surface. In order to be read, it must be inserted into a card reader where physical contact enables the chip to power up and communicate.
In a contactless card, the chip resides completely within the card’s body. Because the chip isn’t exposed, it cannot be read via contact with a reader. Instead, the card only needs to come within proximity of the reader to be powered up.
Inside the card an antenna coil is connected to the chip, eliminating the need for an internal power source. “The major feature [of contactless] is that it has no battery … it’s powered by the field of the reader,” says Martin Gruber, segment director for the Transit Team at NXP.
An extra benefit is that the IC lasts longer because the plastic protects it, unlike the contact chip, which is exposed to the elements. “[The embedded chip] has a longer lifetime span of four to five years,” says Abu Ismail, senior engineer, Customer Application Support for NXP, adding that a contact chip’s lifespan is about two years.
The other part of the contactless system is the card reader. The card relies on the reader as both a power source and the means by which the card shares data. The reader has a primary coil and a secondary coil that generates a magnetic field, says Ismail. When the card enters the reader’s magnetic field, it accesses the power it needs to turn on.
As the card is held in proximity to the reader, it transfers data to the reader. With the radio frequency connection there is no limit to the amount of data that can be transmitted between the two. The speed at which data can be transferred to the reader varies. Ismail says an NXP Mifare card has speeds up to 848 KB per second.
Contactless cards are also equipped with a unique identification number (UID) that enables the reader to properly identify them. This is important in case of collision, when multiple cards try to talk with a reader at once. “It’s like three kids in school. You say, ‘Tell me your name,’ and they all speak at the same time. Then you ask them to go alphabetically to get them to speak [one at a time],” says Ismail.
“In a similar process, the reader is sending the command, ‘Give me your unique ID,’ explains Ismail. If all cards answer at the same time, anti-collision processes enable identification to occur one card at a time.
The identification of a specific card happens much quicker than getting children to respond one at a time. “If you have one card, the detection is 3 to 3.5 milliseconds, depending on the size of the UID,” says Ismail. Adding two cards at the same time adds an additional 2.5 milliseconds, and two more cards adds another 2.5 milliseconds to reading time.
In terms of security, Ismail says a contactless card can support two different types of algorithms, Data Encryption Standards (DES) and Advanced Encryption Standards (AES). DES has a block size of 192 bits, whereas AES, which is perceived as a stronger type of security, has a 128-bit block size. The type of security within the card depends on the application for which it’s used, says Ismail. Each encryption standard secures the data on a card in a different way.
Contactless applications
Contactless cards are ideally suited for specific applications. One of these is public transportation, an application that NXP started working on in the mid-nineties. “The Mifare pilot was the Seoul Metro in 1994, with the rollout in 1996,” says Gruber, adding that Seoul was “really the first city ever” to implement a contactless card payment system.
Now cities all over the world, including Chicago, London and Boston, use contactless cards as an efficient way to board passengers. Users wave the cards over readers and are granted almost instant access. This short transaction time paired with the high-speed communication between the card and reader makes it an optimal solution. Plus, because the card doesn’t come into contact with the reader, there’s less wear and tear on the card, increasing its lifespan.
Physical access control is another application best addressed by contactless cards, with employees at businesses all over the world gaining access to their workplaces through a simple tap of a card to a door reader.
However, contactless cards aren’t the answer for every application. “There are two enemies to these technologies: Steel and water,” says Ichikawa.
Steel blocks radio waves, which is why the newest passports have steel cloth woven into their covers. “You can’t read it when it’s closed,” says Ichikawa.
Ichikawa also notes that since the human body is made mostly of water, the current trend in Mexico of implanting an RF tag in one’s shoulder to help locate you if kidnapped should be avoided. “If you put an RF card right next to your body, the body will absorb the radio waves, and there’s nothing to bounce back,” says Ichikawa.
“There are general laws of physics here that make things pretty hard,” says Ichikawa.