Print version

Smart cards and PC cards

• Download this publication

Abstract

This document introduces both smart cards and PC cards and covers some of their relevant applications to information security. This includes their use in access control, as portable secure storage for cryptographic keys and for computing cryptographic functions. The aim of this document is to highlight the differences between the two card formats (smart card and PC card) and to indicate their respective advantages and disadvantages. The intention is to assist organisations, implementing solutions utilising either format, to select the best option.

Executive Summary

This document introduces both smart cards and PC cards and covers some of their relevant applications to information security. This includes their use in access control, asportable secure storage for cryptographic keys and for computing cryptographic functions. The aim of this document is to highlight the differences between the two card formats and to indicate their respective advantages and disadvantages. The intention is to assist organisations, implementing solutions utilising either format, to select the best option. The two card formats considered here, smart cards and PC cards, were originally developed for different applications. Smart cards were developed as tamper resistant tokens which could provide certain cryptographic capabilities. They were also developed to replace the magnetic strip card and as such their dimensions are set by the demands of industry conformity and consumer acceptance. PC cards were developed to provide extra storage or to act as interfaces between different computerised devices and are still mainly used for these purposes. However, the PC card also provides a suitable format for applications similar to those of a smart card. Indeed both formats use very similar techniques and technologies to provide these security services. Smart cards are popular because of their general acceptance, widespread development and cost advantages. As electronic commerce applications increase, the cryptographic capabilities of smart cards will improve and diversify in response to public demand. Nevertheless, the extent of smart card functions will always be limited by the space available. This is also true for PC cards but there is significantly more space available with the PC format. Advances in technologies and techniques will apply to both formats but more of these will fit on a PC card. Indeed, if a high degree of cryptographic capability, more tamper resistant mechanisms and a larger storage space is required, then the PC card format is obviously the better choice. For these reasons it can be expected that these functions will be further developed, in the future, on PC cards as they penetrate the commercial market. It should be noted that smart cards still provide the same, if more limited, functionality at a lower cost. The capabilities of a smart card may be sucient in many situations. It is clear that the two formats need to be judged against the requirements of the particular situation and system in which they are to be used. For example, currently marketed smart cards can provide sufficient signature and key exchange capabilities but limited encryption capabilities. In contrast, with the PC cards, both signature and encryption operations can be done as as part of the usual card functions. Encryption will always be more viable with a PC card than a smart card because of the differences in input/output capabilities (PC cards have more input/output channels). If physical robustness is required then the PC card may not be as suitable as a smart card in particular environments. From this comparison it is evident that the features required of any system will influence the decision on which format is employed.

Back to the top