A few years ago smartcards were the latest thing. Experts predicted that they would be an essential part of the information age, though they weren't sure quite how. That vagueness should have been a warning sign. Smartcards were developed to fill a temporary lack of network connectivity. But the Smartcard companies have tried to portray them as something more in order to expand their limited markets.
I will try to show why there is such little demand for smartcards apart from that original use. I will also try to show that they are now (almost) surplus to requirements even where originally needed. In the conclusion I suggest more constructive ways for the smartcardcompanies' to build on their successes.
If you are new to the field of smartcards, please be aware that this document presents a very unorthodox view, which is not often expressed in the industry.
Smartcard companies attempt to sell memory cards as something in which to store data. But memory cards are not used to 'store' data - they only show a snapshot of data which is stored and maintained centrally. Whenever they appear to contain data they are usually being used instead of a constantly-connected network (whose transactions must be checked after the fact anyway). The intermittent, out-of-sync nature of such a pseudo-network requires a great deal of administrative man-power .
If the data on the card really is the master copy then that data is highly vulnerable. That makes satisfactory customer service impossible, so any such scheme would fail.
With the coming explosion of network bandwidth and access (Cables, data over mobile networks, local-area wireless connectivity) and the adoption of networking standards, much of this data will be able to bypass the smartcard bottleneck.
It is said that storing data on a smartcard allows the holder to verify and be aware of their personal details, but schemes have not been able to provide the necessary card-terminal equipment. The increase in bandwidth cancels out this advantage too, by offering a much simpler and more accessible means of viewing the centrally stored data via the internet.
It is also implied that holders would have some control over access to their data, but no such functionality is being developed. A card holder may refuse access to all of the card data by withholding the card, but that would simply be a refusal to participate in the card scheme - generally not an option at that point. Again, the internet offers a much more attractive solution, by providing the rich functionality required to really empower users.
There have been all kinds of vague pronouncements about the potential of running applications on cards. But processor cards only really need to process in order to provide encryption/authentication, and to present data in a structured and access-controlled form. Apart from the OS itself there is no need for programs to run on the card. Therefore, the processor card is not much more than a glorified memory card, and just as unnecessary.
By far the most successful application of Processor Cards (in fact, of any type of smartcard) is the SIM card in the GSM system. GSM uses the card for the reasons described above - as a structured, secure, memory store implemented locally. But as GSM evolves into the next generation there will no longer be a network performance gap for the card to fill. The SIM will probably continue to be used because GSM has become so established, but we should not expect new systems to hinder themselves in the same way.
The smartcard companies have tried to add pro-active features to the SIM card such as 'SIM Toolkit' applications and microbrowers but have failed because it is quite clear that the card is not the place for such functionality. Handset-based solutions such as WAP, Symbian (EPOC), Palm, and WindowsCE are receiving much more support because they offer greater functionality with an acceptable user interface, have access to more bandwidth, and are easily differentiated.
There is one thing that Smartcards can do that a network can not - highly secure public key authentication and encryption. Because they are self-contained and tamper-proof Smartcards can keep the private key in a key-pair totally secret while still processing data with that key.
This is an even more restricted use of smart cards than exists presently, but though there may be little technical glory in such cards, there could be a large market for them. It is significant that Microsoft's first smartcards will be aimed at network authentication.
Most of what we hear about smartcards is insubstantial marketing hype. New systems based only on that hype are generally poorly conceived. And old systems will only survive as long as their legacy standards hold out against better technologies.
So what should Smartcard companies do when they stop believing their own hype? Firstly, they should focus much more on public-key cryptography and identification, for which smartcards offer a real advantage. Secondly, the smartcard companies should realise that they have a great deal of technical expertise and business contacts in markets that are still expanding rapidly. They should use those advantages to offer lucrative consultancy services. Hopefully this will also enable them to enter or create new markets instead of just stretching the limits of one small market.
Copyright © Murray Cumming. Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.
