The hardware inside your credit card: this is how Smart Cards work

If you have ever wondered how the chip works inside the SIM card of your mobile, the credit card of your mobile or the electronic key of the last hotel you stayed in. Let us tell you that all of them are Smart Cards and have a common function.

What is a Smart Card?

A Smart Card is a plastic card that includes an integrated circuit inside. Said integrated circuit can be a security microcontroller with or without internal memory or include only one memory chip. All Smart Cards can be connected to a dedicated reader to be able to read their data or through contactless through a dedicated radio interface.

Smart Cards have the following utilities:

  • They are used for credit or debit cards.
  • Different types of SIM cards in smartphones are Smart Cards.
  • Personnel cards in many companies, which allow them to clock in and out.
  • They are used to provide secure access to private networks.
  • As a system to prevent piracy in cable and satellite television services. Currently in extinction.

How does a Smart Card work?

Smart cards

Most Smart Cards are memory cards, so they do not contain an integrated microcontroller and require the reader to directly process the data included on the card, however there are variants whose integrated circuit contains a microcontroller, the which in many cases replaces the classic magnetic strip that they used

The microcontroller contained in the Smart Cards is no different than any other microcontroller on the market. Which integrates in a single piece of hardware several KB of RAM memory, several tens of KB of ROM memory already recorded in origin and several KB of programmable ROM memory.

Depending on the type of application and the sensitivity of the data, a microcontroller will be implemented or not, whose task is to ensure that the data included in the memory of the card is not accessed illegally.

How does a smart card communicate?

Smart Card Interface

Regardless of the type of hardware we are talking about, Smart Cards communicate using 7 different pins. Which are the following:

  • VCC: Since Smart Cards do not have a power supply inside, they need the card reader to power the card. It does so through this type with a voltage +5 V DC.
  • GND: Grounding.
  • CLOCK: The clock signal of the Smart Card, marks the pulse to which the data is sent.
  • Vp: The programming voltage serves to manipulate the data in the programmable ROM, whether to add new ones, delete them or overwrite them.
  • I / O: The pin through which data is transmitted to and from the Smart Card. Being a single pin we are faced with a serial interface.
  • Some Smart Cards have two additional pins to communicate with a USB interface external. Although not all Smart Cards have these pins active and they are only used in specific cases.

How is memory organized on a Smart Card?

Some Smart Cards, having a microcontroller inside, therefore have RAM memory so that said microcontroller can work. This memory is called Working RAM or Working RAM and like conventional RAM this depends on the card receiving powerTherefore, once the Smart Card is removed from the reader, your data will be lost forever.

Apart from working RAM, Smart Cards with microcontroller contain a ROM where the operating system of the same is located. This ROM is several kilobytes and tthe different encryption and security algorithms that are executed by the microcontroller are encoded inside and that are essential for certain applications. RAM is read-only and is built into the Smart Card during manufacture, eg.or so your data cannot be modified.

Inside the ROM there is an area called the secret ROM, this includes highly sensitive information, among the data that are usually stored are the following:

  • The unique key of the manufacturer, which only exists one for each card manufactured and will be used for the encryption and decryption exercises carried out by the card’s microcontroller.
  • The user keys, which contains the PIN of the credit card or mobile phone. In some models of Smart Cards, this data is found in the programmable ROM. Which makes them less secure.
  • A secret code, which is used to avoid duplicates and forgeries of the card.

The last memory is the programmable ROM, this is a type of ROM that can be rewritten through electrical signals. So we are facing an EEPROM memory. Not all smart card readers have the ability to manipulate programmable ROM, but others do. For example, an ATM does have this capacity, but a simple USB reader does not have this capacity.

Smart Card types

Types Smart Cards

Currently we can find two types of Smart Cards being used massively by hundreds of millions of people around the world on a daily basis.

The first type of Smart Cards are those that follow the ISO 7816 standard, but are memory cards and can contain inside a ROM programmable between 1 Kbit and 1 Mbit of information that can be programmed through an I2C EEPROM interface, of which between 3 Kbit-64 Kbits correspond to the secure segment that is not accessible by the interface. Among those that follow the ISO 7816 standard are the Smart Cards with integrated microcontroller. In this case, the information that your programmable ROM can store is usually not higher than the 144 KB, since you have to leave space for the microcontroller.


The third type are Contactless cards, which do not use ISO 7816 and they often use proprietary protocols for data transfer. These cards transmit data through an ultra-high frequency radio interface wirelessly, therefore they do not require a connection to a card reader and do not use the pins for communication.

And to finish we have those that have specialized microcontrollers integrated for different types and that have much more specific and concrete utilities. Among which are fingerprint reading systems and biometric systems for fluid analysis. Therefore, they also have applications in medicine, although these are apparently different from the classic Smart Cards, their operation is the same.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *