Smart Card Terminals
The only connection between a smart card and the outside world is the serial interface. There is no other way in which data can be exchanged, so an additional device that provides electrical connections to the card is necessary. In this book, such a device is always referred to as a terminal. However, other terms are used, such as interface device (IFD), chip-accepting device (CAD), chip-card reader (CCR), smart card reader1 and smart card adapter. The basic functions, which are to supply power to the card and to establish a data link, are the same for all of these devices. Any terminal that consists of more than just a contact unit, a voltage converter and a clock generator always has its own processor (usually with an 8- or 16-bit architecture) and associated memory. In simple equipment, the processor can be part of a microcontroller, but it is often a
component of a single-board computer. Terminals are usually programmed only by terminal manufacturers using C, C++ or Java [JavaPOS]. In mobile telephones, which are also smart card terminals, a variant of Java (Java 2 Micro Edition, or J2ME) will attain considerable importance in the future as a programming language. Terminals do not have their own hard disk drives, which means that they must store their programs and data in battery-backed RAM, EEPROM or Flash EEPROM. The amount of available memory is usually on the order of a few megabytes. The problems related to allowing third parties to program terminals have been solved in the same manner as for smart cards by using executable program code, so here the solutions will most likely lead to the same sorts of developments. The Europay Open Terminal Architecture (OTA), with a Forth interpreter, was one of the first attempts at a solution in 1996, and Java for terminals is the next step. The EMV specification also explicitly includes a concept for downloadable program code.

In contrast to smart cards, which all have very similar constructions, terminals are built in many different ways. A fundamental distinction can be made between portable and stationary terminals. Portable terminals are battery-powered, while fixed terminals are preferably powered from the mains network or the data interface. Terminals can also be classified by their user interfaces. Portable devices in particular may have displays and simple keypads to allow their most important functions to be used on site. Although fixed terminals also often have displays and keypads, they have permanent links to higher-level computer systems as well. A terminal lacking a man–machine interface (i.e., display and keypad) must have a direct connection to a computer in order to provide a link between the smart card and the user. There is a general and very practical characterization of classes of terminals in one of the specifications of the German ZKA, which divides terminals into four classes. A Class 1 terminal is one that essentially consists of a contact unit without any supplementary functional elements, along with an interface to another system (e.g., USB). Class 2 includes all of the capabilities of Class 1, with the addition of a keypad. A Class 2 terminal need not have its own keypad if it is connected between a contact unit and a PC. A Class 3 terminal has a display, in
addition to the elements of Class 2. Class 4, which is the most elaborate, has all of the functional elements of Class 3 as well as a hardware security module (HSM) with RSA capability. There are also a few terminals equipped with Infrared Data Association (IrDA) or Bluetooth interfaces. Such terminals can be used for direct communication between the terminal and a personal digital assistant (PDA) or a mobile telephone. The advantage of this is that the user, who can assume that his or her own device is trustworthy, does not have to enter data (such as a PIN) using a ‘foreign’ terminal. The division into portable and fixed terminals leads to a further distinguishing feature, which is how the terminal is used. An online terminal has an uninterrupted connection to a remote computer during operation, and this computer assumes part of the control function. A typical example is a terminal used for physical access control, which is completely controlled by a background system to which it is permanently connected. The opposite type of terminal is an offline terminal. Such a terminal works completely independently of any higher-level system. However, although there are very many types of online terminals, there are practically no ‘pure’ offline terminals. All offline terminals occasionally exchange data with a background system, if only to request a new blacklist or an updated version of the terminal software.

In typical applications within a building, the physical link between the terminal and the remote computer is either an electrical cable or a fiber-optic cable. However, the link can also be formed by a telephone connection to the nearest computer center, as is the case with point-of-sale terminals for electronic payments. This may involve a dial-up link or a permanent link (leased line), depending on the application. Since leased lines are expensive, there is an increasing tendency to use the telephone line only as necessary, in order to reduce operating costs. This means that the terminal must be equipped with a dial-up modem. Smart card terminals in the form of PC cards (formerly called PCMCIA cards) do not readily fit into the above classification scheme. They can be used both online and offline, and with both desktop and portable computers. In principle, such terminals are just simple and usually inexpensive hardware interfaces between a smart card and a computer. The only prerequisite for using a PC-card terminal is a PC card slot, which must be either a type I slot (3.3 mm high) or type II slot (5 mm high), depending on the manufacturer. Some PC-card smart card terminals contain expansion memory for the smart card and coprocessor ICs for mass data encryption and decryption, in addition to the smart card interface. These terminals, which are only a few millimeters thick, are certainly the most versatile of all. They open up application areas for smart cards that in some cases are totally new.With such terminals, it is now possible for smart cards to work together with standard PCs and standard software without additional cables, power supplies or external hardware. The spectrum of possible applications is very wide. It includes access protection for specific PC functions, software copy protection and e-mail transfers protected by digital signatures. ‘Diskette terminals’ are also available. They provide a simple means to exchange data between a smart card and a PC. Such a terminal has the form of a 3.5-inch diskette and contains a very thin contact unit, card-activation electronics, a battery and a coil for transferring data to and from the read/write head of the diskette drive. There is enough room in a 3.3-mm thick diskette terminal to insert a smart card. On the PC side, all that is needed is a suitable software driver to handle data exchange. This is one way to integrate smart cards into existing systems in an uncomplicated and economical manner, although in practice this solution has not achieved widespread acceptance.

Many years of R&D activity lie between the earliest two-chip smart cards and the modernday versions, which are equipped with very powerful microcontrollers. Terminals have undergone a similar technical evolution over the same period. The first terminals often had very primitive mechanical and electrical constructions, partly due to lack of experience. The consequence of this was that smart card microcontrollers were frequently damaged and thus failed prematurely. Since then, most terminal manufacturers have overcome these ‘teething troubles’, and a development stage has been reached in which external design is a more important factor in the buyer’s choice of terminal than technical features and specifications, which are generally similar for all terminals and manufacturers. In functional terms, a smart card terminal consists of two parts: a contact unit for the card and a terminal computer. The card reader, into which the smart card is inserted so that it can be electrically contacted, essentially has only a mechanical function. The terminal computer is needed to electrically drive the contacting unit, manage the user interface and establish a link to a higher-level system. In the simplest case, it can be a single microcontroller, while in technically more sophisticated solutions, it is a single-board computer.