Smart Card Fundamentals
Complete introduction to smart card technology.
What Is a Smart Card?
A smart card is a plastic card — typically ISO ID-1 size (85.6 × 54 mm) — that contains an embedded integrated circuit capable of storing data, performing computations, and communicating with external readers. Unlike a magnetic stripe card, all sensitive operations happen inside the chip itself, so private keys and PINs never leave the card in plaintext.
The term smart card encompasses contact, contactless, and dual-interface variants. What distinguishes them from simple memory tokens is the presence of a processor that enforces access control and executes cryptographic algorithms on-chip.
Use the Card Type Identifier to identify an unknown card from its ATR or physical markings.
Internal Architecture
Every microprocessor smart card is built around three functional blocks:
| Block | Component | Role |
|---|---|---|
| Compute | CPU (8/16/32-bit RISC) | Execute OS and applet code |
| Secure storage | EEPROM / Flash memory | Persist keys, counters, data |
| Crypto acceleration | Crypto coprocessor | RSARSACryptographyPublic-key algorithm for smart card signatures and key exchange.Click to view →, ECCECCCryptographyEfficient public-key cryptography using elliptic curves.Click to view →, AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view → offload |
| I/O | Contact pad / RF antenna | Communicate with reader |
The secure element (SE) is the hardware boundary that enforces isolation: code running inside the SE cannot be observed or tampered with by external actors even if the host device is compromised.
Memory vs Microprocessor Cards
Not all chips are equal. Memory cards expose raw storage over a simple serial bus; microprocessor cards run a full operating system that mediates every read and write.
| Attribute | Memory card | Microprocessor card |
|---|---|---|
| CPU | None | 8–32-bit core |
| Access control | Hardware fuse / PIN counter | OS-enforced, per-file |
| Cryptography | None | RSA, ECC, AES on-chip |
| Applets | N/A | JavaCard, MULTOS |
| Reprogrammable | Limited | Yes (post-issuance via OTA) |
| Cost | Low (< $0.50) | Medium–High ($2–$15) |
| Examples | MIFARE Classic, SLE 4442 | EMVEMVApplicationGlobal chip payment card standard.Click to view → chip, ePassportePassportApplicationPassport with embedded contactless chip.Click to view →, PIVPIVIdentityUS federal identity card standard.Click to view → |
How Communication Works
When a contact card is inserted, the reader energises the chip through the C1 (VCC) and C5 (GND) pads, then releases RST (C2) to trigger a cold reset. The card responds with the ATR — a byte string that announces supported protocols (T=0, T=1), clock frequency, and optional historical bytes. Parse your card's ATRATRProtocolInitial response from card after power-on.Click to view → with the ATR Parser.
After negotiation (PPSPPSProtocolCard-reader parameter negotiation.Click to view → exchange), the host sends APDU command messages; the card returns APDUAPDUProtocolCommunication unit between card and reader.Click to view → responses. Every command/response pair is atomic from the application's perspective, though the underlying transport differs between T=0T=0ProtocolCharacter-oriented smart card protocol.Click to view → (byte-oriented) and T=1T=1ProtocolBlock-oriented smart card protocol.Click to view → (block-oriented with error recovery).
Choosing the Right Card Type
For payment and transit: EMV microprocessor cards are mandatory. For identity and logical access: cards certified to Common Criteria EAL4+ or higher are required by most government programmes. For IoT and embedded deployments: consider secure element modules or eSIM instead of full ID-1 form factor.
See Contact vs Contactless vs Dual-Interface for the next decision: which physical interface suits your deployment.
Questions fréquemment posées
A smart card is a pocket-sized card embedded with an integrated circuit (IC) chip that stores and processes data securely. Unlike magnetic stripe cards, the chip performs cryptographic operations on-card so secret keys never leave the device. Smart cards communicate with readers via contact (ISO 7816) or contactless (ISO 14443 / ISO 15693) interfaces.
A smart card chip typically contains a CPU (8-bit to 32-bit), ROM storing the operating system and fixed applications, EEPROM or flash for persistent data storage, RAM for runtime computation, and a cryptographic co-processor for hardware-accelerated RSA, ECC, AES, and DES operations. A hardware random number generator (TRNG) and security sensors complete the package.
Smart cards are used across payment (EMV credit/debit, contactless transit), identity (ePassports, national ID, PIV/CAC government credentials), telecom (SIM and eSIM), healthcare (insurance cards, patient records), and enterprise access control (building access, logical network authentication). The global smart card market ships over 10 billion units annually.
Smart cards were invented in the 1970s, with French engineer Roland Moreno patenting the concept in 1974. The first mass-market deployment was French telephone cards (Télécarte) in 1983. Banking adoption accelerated in the 1990s through the EMV standard, and contactless smart cards became widespread in the 2000s for transit and payment applications worldwide.
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.