Card components and security features
Since smart cards are primarily used to provide authorization for specific actions or identify cardholders, security features on the card body are often needed in addition to the embedded chip. Since the authenticity of the card may be verified by humans as well as by machines, many security features are based on visual features. However, some security features employ a modified smart card microcontroller and thus can only be verified by a computer. In contrast to the security features used with microcontrollers, the usual features for human verification of the authenticity of a card are not based on cryptographic procedures (such as mutual authentication). Instead, they are primarily based on using secret materials and production processes or using processes whose mastery requires a large amount of effort or considerable expertise, or that are technically difficult. Particularly in the area of new card components, there is considerable potential for new developments in the near future with regard to the integration of additional components such as keypads, displays, solar cells and batteries.

Mifare DESFire EV1 8K Access Control Cards,Mifare DESFire 8K Offset Printing Card,Mifare DESFire EV1 8K Silk Screen Printing Cards,

Figure 3.7 Example of a smart card with a different form factor. This photo shows a USB plug with a soldered-in smart card microcontroller and the necessary interface components, which has been opened up to reveal its internal components

Mifare DESFire EV1 8K Printing Cards,Mifare DESFire EV1 8K Proximity Cards,NXP Mifare DESFire D81 ISO Card,Mifare DESFire EV1 8K Pre-printed Cards,

Figure 3.8 Inlay foil for a super smart card. The actual smart card microcontroller can be seen at the left, connected to the contact below it. The contact pads for a display are located at the lower left. The driver IC for the display is located to the right of the contact pads, with four large contacts for the battery above it. The contacts for a pushbutton switch can be seen at the lower right, with various components for the interface adapter located to the left (Source: Giesecke & Devrient)

Signature panels
A very simple way to identify the cardholder is to use a signature panel attached to the card, as is common with credit cards. Once such a panel has been signed, it cannot be altered, so it is erasure-proof. A very fine colored pattern printed on the panel makes any attempt to cover the panel immediately apparent. The signature panel is permanently bonded to the card body by using a hot-gluing process to attach a printed paper strip to the card. Alternatively, the signature panel may be part of the top layer of the card, which is laminated into the card when it is assembled.

Mifare DESFire EV1 8K Silk Screen Printing Cards,Mifare DESFire EV1 8K ISO Printing cards,Mifare DESFire EV1 8K Plain White Cards,

Figure 3.9 Early laboratory prototype of a super smart card for an electronic purse system using contactless cards. A pushbutton switch for confirming transactions can be seen at the upper left, with two solar cells in the middle to supply power. A five-digit display for showing the purse balance and other data is located at the upper right (Source: Giesecke & Devrient)

Guilloche patterns
Asomewhat more complicated technique is to place a foil printed with guilloche patterns under the transparent outer layer of the card. Guilloche patterns are decorative patterns consisting of very fine interwoven lines, usually round or oval, such as are found on some bank notes and share certificates. These patterns have such fine structures that they can presently only be produced by printing processes, and are thus difficult to copy.

Another technique that is based on the security provided by fine printed line structures is using microtext lines. These appear be plain lines to the naked eye, but they can be recognized as text using a loupe. Like guilloche patterns, microtext cannot be photocopied.

Ultraviolet text
In order not to affect the visible layout of the card, control characters or control numbers can be printed on the card using ink that is only visible under ultraviolet light. However, this technique provides only relatively limited protection against forgery.

For storing a small amount of data, a barcode can be printed on the surface of the card using laser engraving or thermal-transfer printing. The advantage of barcodes is that they can be automatically read at close range using optical equipment. The barcodes used on smart cards include not only the widely use one-dimensional type, but also two-dimensional barcodes in the form of stacked or matrix barcodes. A two-dimensional matrix barcode, such as PDF 417 for example, can easily encode up to 1000 bytes, and if an integrated Reed–Solomon code is used for error correction, the data can be recovered even when up to 25 percent of the barcode area is unreadable.

A hologram integrated into the card is a security feature that by now is familiar to all card users. The security of holograms is primarily based on the fact that they are produced by only a few companies in the world and that they are not readily available. The holograms used for smart cards are called ‘embossed’ holograms. Since they can
be viewed using diffuse reflected daylight, they are also referred to as ‘white-light reflection holograms’. By contrast, a conventional transmission hologram must be viewed using coherent laser light. Supplementary security features that can only be seen with laser light are sometimes integrated into the hologram as well. In order to produce an embossed hologram, it is necessary to first generate a master hologram using the conventional holographic technique. A master embossing stamp is then prepared from the master hologram using a transfer process. The embossing stamp contains the microstructures that will produce the subsequent embossed holograms. Daughter stamps are prepared from the master stamp using electroplating processes, and these daughter stamps are used to emboss the hologram structure in plastic films. These films are then coated with a layer of vaporized aluminum to produce the well-known white-light reflection holograms. The hologram is permanently bonded to the card body, so it cannot be removed without destroying it. This can be done using either a lamination process or the ‘roll-on’ process. In the latter process, a hologram located on a carrier film is pressed onto the card by a heated roller. The carrier film is then pulled off, and the hologram remains permanently welded to the plastic card body. A third process that is used is the ‘hot-stamping’ process, which is similar to the roll-on process except that a heated stamp is used instead of a heated roller.

Kinegrams, which are popularly called ‘3-D images’, are made in the same way as holograms. The viewer sees an image that changes abruptly when the viewing angle is changed. Kinegrams are just as hard to forge as holograms, and they have the advantage that they are more quickly recognized by the viewer and thus can be verified more quickly.

Multiple laser image (MLI)
A multiple laser image is a sort of kinegram that is very similar to a simple hologram. It uses an array of lenses pressed into the surface of the card, some of which have been blackened by a laser. The main difference between an MLI and a hologram is that card-specific information is shown in the small MLI image. For instance, this technique can be used to mark the name of the cardholder on an individual card in the form of a kinegram.

Laser engraving
Darkening a special plastic layer by heating it with a laser beam is called laser engraving, or simply ‘lasing’. In contrast to embossing, this is a secure way to write data on an individual card, such as the cardholder’s name and the card number. It is secure because the necessary equipment and the knowledge of how to use it are not readily available.

Mifare DESFire EV1 8K Access Control Cards,Mifare DESFire 8K Offset Printing Card,Mifare DESFire EV1 8K Silk Screen Printing Cards,

Figure 3.10 Cross-section of laser engraving in a card (not to scale). Laser engraving can take place either on the surface of the card or in an internal layer below a cover foil that is transparent to the laser light

Two different methods are used for laser engraving: vector engraving and raster engraving. In the vector method, the laser beam is directed along its path without interruption. This is very well suited to writing characters and has the advantage of being quick. In the raster technique, by contrast, a large number of adjacent points are blackened to produce an image, similar to the operation of an ink-jet or dot-matrix printer. This method is primarily used to place a picture on the card. Although it has the advantage of high resolution, which allows details to be reproduced well, it has the disadvantage of being very time-consuming. For instance, it takes approximately 10 seconds to laser-engrave a standard-quality passport photograph.

Another way to add user data to a card is to emboss characters onto the card. This is done by hammering metal letter punches against the card. In principle, this process works the same way as a mechanical typewriter. Nowadays, the only benefit of embossing is that the embossed characters can easily be transferred to preprinted forms using carbon paper. However, this is very important in practical use, since this is still the most widely used method of paying with a credit card. It is very easy to manipulate embossed characters, since the plastic can easily be flattened by moderately heating the embossed characters (using an iron, for example). In order to counter this, one of the embossed characters is often placed on top of the hologram, which will be destroyed if it is heated.

Thermochrome displays
There are certain applications in which it is desirable to occasionally change the text and image(s) printed on the card. A good example is a student identification card in the form of a smart card that must be renewed twice a year. Ideally, it should be possible to visually read the expiry date without having to use any special equipment. This means that it must be printed on the card, rather than just being stored in the chip. A similar example is an electronic purse smart card, which requires using a card reader to show the current balance of the ‘money’stored in the card.

Smart cards with microcontroller-driven displays are currently technically possible, but they are still too expensive for large-scale use. A thermochrome display (TC display) is a simple alternative that has some drawbacks compared with ‘real’ display, but is inexpensive and already available. A TC display is a supplementary card component on which characters and images can be reversibly printed (printed and subsequently reprinted) using a special card reader.

The technical operating principle is relatively simple. The thermochrome strip consists of a thin film (10–15 μm) of a temperature-sensitive material laminated to the card. This material darkens when it is heated to 120 ◦C. A printing head with a resolution of 200 or 300 dpi, such as is used in thermal-transfer and dye-sublimation printers, is used to heat individual points on the thermochrome strip to form characters or an image. This darkened material can be changed back to a nearly transparent state by heating the entire strip, which amounts to erasing the strip. The thermochrome process is currently the only economical manner to present time-varying information to the user on the surface of the card such that it can be read without using any special equipment. Its major disadvantages are that it is subject to fraud and that it requires a special card reader with a built-in thermochrome printer.

The MM technique
In 1979, the German banking industry decided to include a machine-readable security feature in all German Eurocheque (EC) cards. After various potential methods were tested, the MM technique (developed by the firm GAO) was selected as the security process for these cards. This security feature is still used in all German Eurocheque cards, even though they are now equipped with microcontroller chips. The objective of this security feature was, and still is, to prevent unauthorized copying or modification of the magnetic-stripe data. TheMMtechnique is a typical example of a secret and very effective security feature. It has been used for two decades in millions of cards. Its basic structure is summarized in an article by Siegfried Otto [Otto 82].

The name ‘MM technique’ comes from the German term moduliertes Merkmal (modulated feature), which can be understood to refer to a machine-readable substance that is incorporated in the interior of the card body [Mayer 96]. A card is verified by reading its MM code using a special sensor and passing the code to a security module called the ‘MM box’. The MM box also receives the complete content of the magnetic stripe, in particular the MM check value, which is also stored on the magnetic stripe. Inside the MM box, a one-way function based on the DES algorithm is used to calculate a value from the magnetic-stripe data and the MM code. If the result of this calculation is the same as the MM check value, it can be concluded that the magnetic-stripe data matches the card.

If a valid set of magnetic-stripe data is written onto a blank card, this will be detected by the fact that the blank card does not have any MM feature. Copying the magnetic-stripe data from one EC card to another EC card will also be detected, since the MM check value will be incorrect. The MM feature is invisible, and the details of how it works and exactly where it is located in the card are secret. In addition, it is produced using materials and technology that are not commercially available. AMMbox is built into every German bank machine (ATM), as well as some POS terminals. These devices can thus check whether the magnetic-stripe data matches the card. The technique itself is not defined in any standard, and it is used only in Germany. Thanks to it, the magnetic stripes of German Eurocheque cards are protected against copying, which nowadays does not
otherwise present any technical difficulties.

Security features
A large number of visual security features were developed in the period between the massive use of cards without chips and the introduction of smart cards. During this period, such features were the only way to verify the genuineness of the cards. The embedded microcontroller in the new type of card, and the cryptographic procedures that it makes possible, have diminished the importance of these features. They are nevertheless still very important whenever the genuineness of a card must be verified by a person instead of a machine, since a person cannot access the chip without special equipment.

Here we can only describe the most essential and best-known security features used with cards in a highly condensed form. There are many other types of features, such as invisible markings that can only be seen with IR or UV illumination, magnetic codes and special printing processes using rainbow-colored inks. These features are technically very interesting, but unfortunately there is not enough room to describe all of them. In the future, security features will be found not only on the cards but also in the chips.
It is conceivable that ‘security’ chips could could be used in the same way that bank-note paper is now used. Genuine bank notes cannot be printed without using real bank-note paper, which has specific features to show that it is genuine. In order to incorporate similar security features into chips, special chips with specifically modified hardware are necessary. A terminal can then measure the modification, which constitutes the ‘feature’ of the chip, and judge the genuineness of the chips from the result.

As an example of a hardware feature, suppose that computation of a fast cryptographic algorithm is implemented in supplementary hardware in a certain chip. The time required to
compute a particular value could be made so short, due to the hardware implementation of the algorithm, that it would not be possible to perform the same computation using a software emulation in a different chip in an equally short time. A terminal could thus distinguish this chip from other chips by making a simple timing measurement.

There are now chips available with hardware features similar or identical to what has just been described. Naturally, they are not freely available, just as bank-note paper is not freely available. Of course, such hardware features are only suitable for very large-scale applications, due to the high cost of developing chip-specific hardware. The consequence of this, which is that such chips are almost invariably available from only one manufacturer with no possibility of an alternate source, is difficult for many card producers to accept. However, hardware-based security is an important component of the security architecture of a smart card system, and it is unfortunately not available for free.