Quality Assurance and Testing
Quality assurance, with its associated test procedures and methods, is particularly important for smart cards. A smart card manufacturer must fabricate its products in very large numbers at high quality and low cost. In contrast to other branches of the semiconductor industry, these products also contain relatively complicated and sensitive microcontrollers together with software that generally cannot be modified afterwards. If we compare this situation with that for standard PC software, for example, the basic difference is obvious. In the latter case, it has become standard practice to replace the first release of new software (usually identified by a ‘0’ at the end of the version number) within a short time, ranging from a few weeks to at most one or two months, by revised and improved versions (with version numbers ending in ‘a’, ‘b’, ‘c’ and so on). Thiswould be impossible with smart cards. Their mask-programmed software is by nature unalterable, and it is not feasible to replace a large number of issued cards using any sort of recall campaign. Even with cards that are not used in the particularly sensitive area of financial transactions, such a campaign would cause lasting damage to the reputation of the card issuer, and the costs would be immense. This is why quality assurance and testing are of fundamental importance in the production of smart cards. After the cards have been manufactured and distributed, it is simply not possible to ‘stuff in’ an improved version of the software a short time later. This naturally means that a large amount of effort must be expended to produce a product that has as few errors as possible. With regard to the various tests, a basic distinction must be made between qualification tests and production tests. Qualification tests are used to make a basic decision about whether the smart card in question can be used at all. These tests are usually performed before introducing a new card body, chip, module or operating system. If the new or modified product meets the specified requirements, it is then qualified for production and can be manufactured in large numbers. After this, qualification tests are performed only infrequently on random samples. A different sort of testing method is used for production tests. These tests can usually be executed quickly without using complex equipment or procedures, in order to meet the inescapable demand of mass production for short turnaround times and high throughput. They primarily involve only simple measurements of general mechanical and electrical parameters, together with sending suitable test commands to the smart card microcontroller. Many test specifications for large smart card applications are primarily designed with interoperability between smart cards and terminals in mind. A good example is the GSM 11.17 specification, entitled ‘Subscriber Identity Module (SIM) Test Specification’, which occupies around 100 pages. It describes detailed tests for GSM smart cards, which cover aspects ranging from the card body and general electrical parameters (including the supply voltage and current consumption) to data transmission protocols, commands and files. The GSM 11.17 tests are organized as follows:
–physical characteristics
–electrical signals and transmission protocols
–logical model
–security functions
–file contents.

The organization of the individual tests in this specification is equally clear and practical. Each individual test consists of four parts. The first part contains a formal definition of the test and specifies its application. The second part lists the requirements to be satisfied, and the third part describes the objective of the test in detail. The final part specifies the actual test procedure.

There is presently only one international standard for testing cards with and without chips, which is the ISO/IEC 10373 standard. In Europe, there is also the EN 1292 standard, but this deals exclusively with smart cards and terminals, including their general electrical requirements. Standards relating to cards also often include individual tests and test procedures for checking the properties defined in the standard. On the following pages, many of the usual tests and verifications for smart cards are briefly described in alphabetical order. The testing laboratories of card manufacturers usually have a repertoire of 120 to 150 different tests for cards. Standard ambient conditions are a fundamental requirement for the test environment, which means that a temperature of 23◦ C ± 3◦ C and a relative humidity of 40–60% must be maintained in the test laboratory. The cards to be tested must be appropriately acclimatized to these conditions for at least 24 hours before the actual testing takes place.