Editing Smart card (section)

== Applications ==
=== Financial ===
Smart cards serve as credit or [[ATM card]]s, [[fuel card]]s, mobile phone [[Subscriber Identity Module|SIM]]s, authorization cards for pay television, household utility pre-payment cards, high-security identification and [[access badge]]s, and public transport and public phone payment cards.

Smart cards may also be used as [[electronic wallet]]s. The smart card chip can be "loaded" with funds to pay parking meters, vending machines or merchants. [[Cryptographic protocol]]s protect the exchange of money between the smart card and the machine. No connection to a bank is needed. The holder of the card may use it even if not the owner. Examples are [[Proton (bank card)|Proton]], [[Geldkarte]], [[Chipknip]] and [[Moneo]]. The German Geldkarte is also used to validate customer age at [[vending machine]]s for cigarettes.

{{Main|Contactless smart card|Near-field communication|Credit card}}

These are the best known payment cards (classic plastic card):
* Visa: Visa Contactless, Quick VSDC, "qVSDC", Visa Wave, MSD, payWave
* Mastercard: PayPass Magstripe, PayPass MChip
* American Express: ExpressPay
* Discover: Zip
* Unionpay: QuickPass

Roll-outs started in 2005 in the U.S. Asia and Europe followed in 2006. Contactless (non-PIN) transactions cover a payment range of ~$5–50. There is an [[ISO/IEC 14443]] PayPass implementation. Some, but not all, PayPass implementations conform to EMV.

Non-EMV cards work like [[magnetic stripe card]]s. This is common in the U.S. (PayPass Magstripe and Visa MSD). The cards do not hold or maintain the account balance. All payment passes without a PIN, usually in off-line mode. The security of such a transaction is no greater than with a magnetic stripe card transaction.{{Citation needed|date=October 2015}}

EMV cards can have either contact or contactless interfaces. They work as if they were a normal EMV card with a contact interface. Via the contactless interface they work somewhat differently, in that the card commands enabled improved features such as lower power and shorter transaction times. EMV standards include provisions for contact and contactless communications. Typically modern payment cards are based on hybrid card technology and support both contact and contactless communication modes.

=== SIM ===
The [[subscriber identity module]]s used in mobile-phone systems are reduced-size smart cards, using otherwise identical technologies.

=== Identification ===
Smart-cards can [[authenticate]] identity. Sometimes they employ a [[public key infrastructure]] (PKI). The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. Examples include the [[United States Department of Defense|U.S. Department of Defense]] (DoD) [[Common Access Card]] (CAC), and other cards used by other governments for their citizens. If they include biometric identification data, cards can provide superior two- or three-factor authentication.

Smart cards are not always privacy-enhancing, because the subject may carry incriminating information on the card. Contactless smart cards that can be read from within a wallet or even a garment simplify authentication; however, criminals may access data from these cards.

Cryptographic smart cards are often used for [[single sign-on]]. Most advanced smart cards include specialized cryptographic hardware that uses algorithms such as [[RSA (algorithm)|RSA]] and [[Digital Signature Algorithm]] (DSA). Today's cryptographic smart cards generate key pairs on board, to avoid the risk from having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card). Such smart cards are mainly used for [[digital signature]]s and secure identification.

The most common way to access cryptographic smart card functions on a computer is to use a vendor-provided [[PKCS11|PKCS#11]] library.{{Citation needed|date=May 2010}} On [[Microsoft Windows]] the [[Cryptographic Service Provider]] (CSP) API is also supported.

The most widely used cryptographic algorithms in smart cards (excluding the GSM so-called "crypto algorithm") are [[Triple DES]] and [[RSA (algorithm)|RSA]]. The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage.

Some of these smart cards are also made to support the [[National Institute of Standards and Technology]] (NIST) standard for [[Personal Identity Verification]], [[FIPS 201]].

Turkey implemented the first smart card driver's license system in 1987. Turkey had a high level of road accidents and decided to develop and use digital tachograph devices on heavy vehicles, instead of the existing mechanical ones, to reduce speed violations. Since 1987, the professional driver's licenses in Turkey have been issued as smart cards. A professional driver is required to insert his driver's license into a digital tachograph before starting to drive. The tachograph unit records speed violations for each driver and gives a printed report. The driving hours for each driver are also being monitored and reported. In 1990 the European Union conducted a feasibility study through BEVAC Consulting Engineers, titled "Feasibility study with respect to a European electronic drivers license (based on a smart-card) on behalf of Directorate General VII". In this study, chapter seven describes Turkey's experience.

Argentina's Mendoza province began using smart card driver's licenses in 1995. Mendoza also had a high level of road accidents, driving offenses, and a poor record of recovering fines.{{Citation needed|date=September 2011}} Smart licenses hold up-to-date records of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph. Emergency medical information such as blood type, allergies, and biometrics (fingerprints) can be stored on the chip if the card holder wishes. The Argentina government anticipates that this system will help to collect more than $10&nbsp;million per year in fines.

In 1999 [[Gujarat]] was the first Indian state to introduce a smart card license system.<ref>{{Cite web |url=http://www.parivahan.nic.in/ |title=Smart Card License System |access-date=29 May 2006 |archive-date=10 April 2009 |archive-url=https://web.archive.org/web/20090410042404/http://parivahan.nic.in/ |url-status=dead }}</ref> As of 2005, it has issued 5 million smart card driving licenses to its people.<ref>{{Cite journal |url=https://ideas.repec.org/p/wpa/wuwpur/0510003.html |title="Smart Card Driving License System in Gujarat" |journal=Urban/Regional |date=26 October 2005 |access-date=29 October 2015 |archive-date=4 March 2016 |archive-url=https://web.archive.org/web/20160304131820/https://ideas.repec.org/p/wpa/wuwpur/0510003.html |url-status=live |last1=Kumar |first1=Deepak }}</ref>

In 2002, the Estonian government started to issue smart cards named [[Estonian ID card|ID Kaart]] as primary identification for citizens to replace the usual passport in domestic and EU use. As of 2010 about 1 million smart cards have been issued (total population is about 1.3&nbsp;million) and they are widely used in internet banking, buying public transport tickets, authorization on various websites etc.

By the start of 2009, the entire population of [[Belgium]] was issued eID cards that are used for identification. These cards contain two certificates: one for authentication and one for signature. This signature is legally enforceable. More and more services in Belgium use eID for [[authorization]].<ref>{{cite web |url=http://eid.belgium.be/ |title=Taalkeuze/Choix de langue fedict.belgium.be |publisher=Eid.belgium.be |access-date=13 February 2014 |archive-date=8 February 2014 |archive-url=https://web.archive.org/web/20140208214121/http://eid.belgium.be/ |url-status=live }}</ref>

Spain started issuing national ID cards (DNI) in the form of smart cards in 2006 and gradually replaced all the older ones with smart cards. The idea was that many or most bureaucratic acts could be done online but it was a failure because the Administration did not adapt and still mostly requires paper documents and personal presence.<ref>{{cite web|url=http://www.eldiario.es/turing/dni-electronico-dnie_0_179182675.html|title=Diario Turing – Tecnología y sociedad en red|date=25 September 2013|access-date=25 August 2017|archive-date=26 August 2017|archive-url=https://web.archive.org/web/20170826031709/http://www.eldiario.es/turing/dni-electronico-dnie_0_179182675.html|url-status=live}}</ref><ref>{{cite web|url=http://www.ticbeat.com/tecnologias/reportaje-dni-electronico/|title=¿Qué fue del DNI electrónico?|work=TICbeat |date=26 April 2015 |access-date=25 August 2017|archive-date=26 August 2017|archive-url=https://web.archive.org/web/20170826030716/http://www.ticbeat.com/tecnologias/reportaje-dni-electronico/|url-status=live |last1=Fraga |first1=Alberto Iglesias }}</ref><ref>{{cite web | title=FRACASO DEL DNI ELECTRONICO | website=A las pruebas me remito | date=4 May 2015 | url=http://blogs.elcomercio.es/hispadata/2015/05/04/fracaso-del-dni-electronico/ | language=es | quote=FAILURE OF THE ELECTRONIC ID | ref={{sfnref | A las pruebas me remito | 2015}} | access-date=6 June 2018 | archive-date=5 March 2018 | archive-url=https://web.archive.org/web/20180305145550/http://blogs.elcomercio.es/hispadata/2015/05/04/fracaso-del-dni-electronico/ | url-status=live }}</ref><ref>{{cite web|title=El DNI electrónico ha muerto: ¡larga vida al DNI 3.0!|date=2 October 2013|language=es|url=https://www.elconfidencial.com/tecnologia/2013-10-02/el-dni-electronico-ha-muerto-larga-vida-al-dni-3-0_35442/|quote=The electronic DNI has died: long live the DNI 3.0!|access-date=25 August 2017|archive-date=26 August 2017|archive-url=https://web.archive.org/web/20170826071906/https://www.elconfidencial.com/tecnologia/2013-10-02/el-dni-electronico-ha-muerto-larga-vida-al-dni-3-0_35442/|url-status=live}}</ref>

On 14 August 2012, the ID cards in [[Pakistan]] were replaced. The Smart Card is a third generation chip-based [[identity document]] that is produced according to international standards and requirements. The card has over 36 physical security features and has the latest{{clarify|date=May 2017}} encryption codes. This smart card replaced the NICOP (the ID card for [[Pakistani diaspora|overseas Pakistani]]).

Smart cards may identify emergency responders and their skills. Cards like these allow first responders to bypass organizational paperwork and focus more time on the emergency resolution. In 2004, The Smart Card Alliance expressed the needs: "to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification".<ref name="Smart card alliance">{{cite web|url=http://www.smartcardalliance.org/pages/publications-emergency-response-official-credentials|title=Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery|date=3 January 2011|access-date=3 January 2011|archive-date=27 January 2013|archive-url=https://web.archive.org/web/20130127012958/http://www.smartcardalliance.org/pages/publications-emergency-response-official-credentials|url-status=dead}}</ref> [[emergency response]] personnel can carry these cards to be positively identified in emergency situations. [[WidePoint Corporation]], a smart card provider to [[Federal Emergency Management Agency|FEMA]], produces cards that contain additional personal information, such as medical records and skill sets.

In 2007, the [[Open Mobile Alliance]] (OMA) proposed a new standard defining V1.0 of the Smart Card Web Server (SCWS), an [[HTTP server]] embedded in a SIM card intended for a [[smartphone]] user.<ref name="oma">{{cite web | url=http://www.openmobilealliance.org/comms/pages/OMA_quarterly_2007_vol_2.htm#news1 | title=OMA Newsletter 2007 Volume 2 | access-date=20 March 2012 | archive-date=19 July 2012 | archive-url=https://web.archive.org/web/20120719083228/http://www.openmobilealliance.org/comms/pages/OMA_quarterly_2007_vol_2.htm#news1 | url-status=live }}</ref> The non-profit trade association SIMalliance has been promoting the development and adoption of SCWS. SIMalliance states that SCWS offers end-users a familiar, [[operating system|OS]]-independent, browser-based interface to secure, personal SIM data. As of mid-2010, SIMalliance had not reported widespread industry acceptance of SCWS.<ref name="http://www.simalliance.org/en?t=/documentManager/sfdoc.file.supply&fileID=1279268442341">{{cite web | url=http://www.simalliance.org/en?t=/documentManager/sfdoc.file.supply&fileID=1279268442341 | title=Update from SIMalliance on SCWS | date=30 June 2010 | access-date=20 March 2012 | author=Martin, Christophe | archive-date=1 August 2013 | archive-url=https://web.archive.org/web/20130801073734/http://www.simalliance.org/en?t=/documentManager/sfdoc.file.supply&fileID=1279268442341 | url-status=live }}</ref> The OMA has been maintaining the standard, approving V1.1 of the standard in May 2009, and V1.2 was expected to be approved in October 2012.<ref name="oma2">{{cite web|title=OMA Smart Card Web Server (SCWS)|url=http://www.openmobilealliance.org/comms/pages/oma_2011_ar_scws.html|url-status=dead|archive-url=https://web.archive.org/web/20121101093544/http://www.openmobilealliance.org/comms/pages/oma_2011_ar_scws.html|archive-date=1 November 2012|access-date=10 June 2021}}</ref>

Smart cards are also used to identify user accounts on arcade machines.<ref>{{cite web | url=https://my-aime.net/aime/en/p/info/about.html | title=What is "Aime"? | access-date=6 August 2017 | archive-date=20 March 2014 | archive-url=https://web.archive.org/web/20140320011610/https://my-aime.net/aime/en/p/info/about.html | url-status=live }}</ref>

=== Public transit ===
{{main|List of public transport smart cards|Automated fare collection}}
[[File:Transperth SmartRider Card.jpg|thumb|right|SmartRider smart card (Transperth)]]
[[File:ICCard Connection en.svg|thumb|Diagram of Japan's IC card systems and their nationwide interoperability acceptance under the [[Nationwide Mutual Usage Service]] (as of March 2024)]]

Smart cards, used as [[transit pass]]es, and [[integrated ticketing]] are used by many public transit operators. Card users may also make small purchases using the cards. Some operators offer points for usage, exchanged at retailers or for other benefits.<ref>{{Cite web |url=http://www.octopus.com.hk/get-your-octopus/en/index.html |title=Octopus Card Benefits |access-date=31 May 2011 |archive-date=21 July 2011 |archive-url=https://web.archive.org/web/20110721085510/http://www.octopus.com.hk/get-your-octopus/en/index.html |url-status=live }}</ref> Examples include Singapore's [[CEPAS]], Malaysia's [[Touch 'n Go]], Ontario's [[Presto card]], Hong Kong's [[Octopus card]], Tokyo's [[Suica]] and [[PASMO]] cards, London's [[Oyster card]], Ireland's [[TFI Leap Card|Leap Card]], Brussels' [[MoBIB]], Québec's [[Opus card]], Boston's [[CharlieCard]], San Francisco's [[Clipper card]], Washington, D.C.'s [[SmarTrip]], Auckland's [[AT HOP card|AT Hop]], Brisbane's [[go card]], Perth's [[SmartRider]], Sydney's [[Opal card]] and Victoria's [[myki]]. However, these present a [[privacy]] risk because they allow the mass transit operator (and the government) to track an individual's movement. In Finland, for example, the Data Protection [[Ombudsman]] prohibited the transport operator [[Helsinki Metropolitan Area Council]] (YTV) from collecting such information, despite YTV's argument that the card owner has the right to a list of trips paid with the card. Earlier, such information was used in the investigation of the [[Myyrmanni bombing]].{{Citation needed|date=May 2011}}

The UK's [[Department for Transport]] mandated smart cards to administer travel entitlements for elderly and disabled residents. These schemes let residents use the cards for more than just bus passes. They can also be used for taxi and other concessionary transport. One example is the "Smartcare go" scheme provided by Ecebs.<ref>{{cite web |url=http://www.ecebs.com/local-government-products/smartcare-go.html |title=Smartcare go |access-date=24 September 2012 |archive-date=9 October 2012 |archive-url=https://web.archive.org/web/20121009060525/http://www.ecebs.com/local-government-products/smartcare-go.html |url-status=live }}</ref> The UK systems use the [[ITSO Ltd]] specification. Other schemes in the UK include period travel passes, carnets of tickets or day passes and stored value which can be used to pay for journeys. Other concessions for school pupils, students and job seekers are also supported. These are mostly based on the [[ITSO Ltd]] specification.

Many smart transport schemes include the use of low cost smart tickets for simple journeys, day passes and visitor passes. Examples include Glasgow [[Glasgow Subway|SPT subway]]. These smart tickets are made of paper or PET which is thinner than a PVC smart card e.g. Confidex smart media.<ref>{{cite web |url=https://www.confidex.com/products/public-transport-ticketing |title=Smart Tickets |access-date=24 April 2018 |archive-date=25 April 2018 |archive-url=https://web.archive.org/web/20180425115302/https://www.confidex.com/products/public-transport-ticketing |url-status=live }}</ref> The smart tickets can be supplied pre-printed and over-printed or printed on demand.

In Sweden, as of 2018–19, the old SL Access smart card system has started to be phased out and replaced by smart [[phone app]]s. The phone apps have less cost, at least for the transit operators who don't need any electronic equipment (the riders provide that). The riders are able buy tickets anywhere and don't need to load money onto smart cards. New NFC smart cards are still in use for foreseeable future (as of 2024).

=== Video games ===

In Japanese [[amusement arcade]]s, [[contactless smart card]]s (usually referred to as "IC cards") are used by game manufacturers as a method for players to access in-game features (both online like [[Konami]] [[E-Amusement]] and [[Sega]] [[ALL.Net]] and offline) and as a memory support to save game progress. Depending on a case by case scenario, the machines can use a game-specific card or a "universal" one usable on multiple machines from the same manufacturer/publisher. Amongst the most widely used there are Banapassport by [[Bandai Namco Entertainment|Bandai Namco]], [[E-amusement pass]] by [[Konami]], [[Aime]] by [[Sega]] and [[Nesica]] by [[Taito]].

In 2018, in an effort to make arcade game IC cards more user friendly,<ref>{{Cite web|url = https://www.konami.com/amusement/corporate/en/news/release/20180209/|title = Konami Amusement, Sega Interactive, and Bandai Namco Entertainment Agree on Unified System for Arcade Game IC Cards|access-date = 10 June 2020|archive-date = 10 June 2020|archive-url = https://web.archive.org/web/20200610084912/https://www.konami.com/amusement/corporate/en/news/release/20180209/|url-status = live}}</ref> Konami, Bandai Namco and Sega have agreed on a unified system of cards named ''Amusement IC''. Thanks to this agreement, the three companies are now using a unified card reader in their arcade cabinets, so that players are able to use their card, no matter if a Banapassport, an e-Amusement Pass or an Aime, with hardware and ID services of all three manufacturers. A common logo for ''Amusement IC'' cards has been created, and this is now displayed on compatible cards from all three companies. In January 2019, Taito announced<ref>{{Cite web|url = https://game.watch.impress.co.jp/docs/news/1165709.html|title = タイトー、「アミューズメントICカード」規格に参入決定。タイトー対応タイトル第1弾は「ストV タイプアーケード」|date = 22 January 2019|access-date = 10 June 2020|archive-date = 10 June 2020|archive-url = https://web.archive.org/web/20200610084911/https://game.watch.impress.co.jp/docs/news/1165709.html|url-status = live}}</ref> that their Nesica card was also joining the ''Amusement IC'' agreement with the other three companies.

=== Computer security ===
Smart cards can be used as a [[security token]].

[[Mozilla Foundation|Mozilla's]] [[Firefox]] [[web browser]] can use smart cards to store [[Public key certificate|certificate]]s for use in secure web browsing.<ref>[//www.mozilla.org/projects/security/pki/pkcs11/ Mozilla certificate store]</ref>

Some [[Disk encryption software|disk encryption systems]], such as [[VeraCrypt]] and Microsoft's [[BitLocker]], can use smart cards to securely hold encryption keys, and also to add another layer of encryption to critical parts of the secured disk.

[[GNU Privacy Guard|GnuPG]], the well known encryption suite, also supports storing keys in a smart card.<ref>[http://www.gnupg.org/documentation/howtos.en.html#GnuPG-cardHOWTO smartcard] {{Webarchive|url=https://web.archive.org/web/20120917080846/http://www.gnupg.org/documentation/howtos.en.html#GnuPG-cardHOWTO |date=17 September 2012 }} howto for GNUPG</ref>

Smart cards are also used for [[single sign-on]] to [[log on]] to computers.

=== Schools ===
Smart cards are being provided to students at some schools and colleges.<ref>{{cite news | url=http://www.theage.com.au/news/Breaking/Qld-schools-benefit-from-smart-cards/2004/12/06/1102182194085.html?from=moreStories | work=The Age | first=Sam | last=Varghese | title=Qld schools benefit from smart cards | date=6 December 2004 | access-date=20 May 2011 | archive-date=6 November 2012 | archive-url=https://web.archive.org/web/20121106204136/http://www.theage.com.au/news/Breaking/Qld-schools-benefit-from-smart-cards/2004/12/06/1102182194085.html?from=moreStories | url-status=live }}</ref><ref>{{cite web |author=CreditCards.com |url=http://australia.creditcards.com/credit-card-news/cashless-lunches-come-to-australian-schools.php |archive-url=https://web.archive.org/web/20101129142951/http://australia.creditcards.com/credit-card-news/cashless-lunches-come-to-australian-schools.php |url-status=dead |archive-date=29 November 2010 |title=Cashless lunches come to Australian schools |publisher=Australia.creditcards.com |date=27 October 2009 |access-date=13 February 2014 }}</ref><ref>{{cite web |url=http://www.ifr.ac.uk/media/newsreleases/smartcard.html |archive-url=https://web.archive.org/web/20051120144245/http://www.ifr.ac.uk/Media/NewsReleases/smartcard.html |url-status=dead |archive-date=20 November 2005 |title=News Release – Smart card technology to monitor smart food choices in schools |publisher=Ifr.ac.uk |date=14 July 2005 |access-date=13 February 2014 }}</ref> Uses include:

* Tracking student attendance
* As an [[electronic purse]], to pay for items at canteens, vending machines, laundry facilities, etc.
* Tracking and monitoring food choices at the canteen, to help the student maintain a healthy diet
* Tracking loans from the school library
* [[Access control]] for admittance to restricted buildings, [[dormitories]], and other facilities. This requirement may be enforced at all times (such as for a laboratory containing valuable equipment), or just during after-hours periods (such as for an academic building that is open during class times, but restricted to authorized personnel at night), depending on security needs.
* Access to transportation services

=== Healthcare ===
{{further|eHealth|health informatics|electronic health record}}
Smart health cards can improve the [[data security|security]] and [[medical privacy|privacy]] of patient information, provide a secure carrier for portable [[medical record]]s, reduce [[health care fraud]], support new processes for portable medical records, provide secure access to emergency medical information, enable compliance with government initiatives (e.g., [[organ donation]]) and mandates, and provide the platform to implement other applications as needed by the [[health care organization]].<ref>{{Cite web |url=http://www.smartcardalliance.org/pages/smart-cards-applications-healthcare |title=Smartcardalliance.org |access-date=10 March 2009 |archive-date=25 March 2009 |archive-url=https://web.archive.org/web/20090325055054/http://www.smartcardalliance.org/pages/smart-cards-applications-healthcare |url-status=live }}</ref><ref name=fernandez2013>{{cite journal | last1=Fernández-Alemán | first1=José Luis | last2=Señor | first2=Inmaculada Carrión | last3=Lozoya | first3=Pedro Ángel Oliver | last4=Toval | first4=Ambrosio | title=Security and privacy in electronic health records: A systematic literature review | journal=Journal of Biomedical Informatics | publisher=Elsevier BV | volume=46 | issue=3 | year=2013 | issn=1532-0464 | doi=10.1016/j.jbi.2012.12.003 | pmid=23305810 | pages=541–562|quote=Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems.| doi-access=free }}</ref>

=== Other uses ===
Smart cards are widely used to [[television encryption|encrypt]] digital television streams. [[VideoGuard]] is a specific example of how smart card security worked.

=== Multiple-use systems ===
The Malaysian government promotes [[MyKad]] as a single system for all smart-card applications. MyKad started as identity cards carried by all citizens and resident non-citizens. Available applications now include identity, travel documents, drivers license, health information, an electronic wallet, ATM bank-card, public toll-road and transit payments, and public key encryption infrastructure. The personal information inside the MYKAD card can be read using special APDU commands.<ref>[https://web.archive.org/web/20080123113825/http://mykadpro.net/ MYKAD SDK]</ref>