Devices using contactless smart card technology use RFID technology, but, by design, operate at a short range (less than 4 inches) and can support the equivalent security capabilities of a contact smart card chip (see below). Contactless smart cards, devices and readers conform to international standards, ISO/IEC 14443 and ISO/IEC 7816, and can implement a variety of industry-standard cryptographic protocols (e.g., AES, 3DES, RSA, ECC).
The contactless smart chip includes a smart card secure micro-controller and internal memory and has unique attributes RFID tags lack – i.e., the ability to securely manage, store and provide access to data on the card, perform complex functions (for example, encryption and mutual authentication) and interact intelligently via RF with a contactless reader. Applications using contactless smart cards and devices support many security features that ensure the integrity, confidentiality and privacy of information stored or transmitted, including the following:
- Mutual authentication. For applications requiring secure card access, the contactless smart card-based device can verify that the reader is authentic and can prove its own authenticity to the reader before starting a secure transaction.
- Strong information security. For applications requiring complete data protection, information stored on cards or documents using contactless smart card technology can be encrypted and communication between the contactless smart card-based device and the reader can be encrypted to prevent eavesdropping.
- Strong contactless device security. Like contact smart cards, Chuangxinjia contactless smart card technology is extremely difficult to duplicate or forge and has built-in tamper-resistance.
- Authenticated and authorized information access. The contactless smart card’s or device’s ability to process information and react to its environment allows it to uniquely provide authenticated information access and protect the privacy of personal information.
- Support for biometric authentication. For human identification systems that require the highest degree of security and privacy, smart card technology can be implemented in combination with biometric technology.
- Strong support for information privacy. The use ofcontactless smart card technology strengthens the ability of a system to protect individual privacy.
It is important to note that information privacy and security must be designed into an application at the system level by the organization issuing the contactless device, card or document. It is critical that issuing organizations have the appropriate policies in place to support the security and privacy requirements of the application being deployed and then implement the appropriate technology that delivers those features. The ability of contactless smart card technology to support a wide array of security features provides organizations with the flexibility to implement the level of security that is commensurate with the risk expected in the application.