Skip main navigation

The Use of Smart Cards and RFID

In this video, you will learn about smart cards and RFID cards. Specifically, you will learn about their advantages and disadvantages.
And we’ll finish the section on technologies by taking a look at some of the other related technologies that we’ve touched on previously. So this is just to round off some of the knowledge around smart cards and RFID. Smart cards use integrated circuits embedded in a physical token. The physical token, almost always, is a plastic card. Example uses are national ID cards, SIM cards in your mobile phone, bank cards. And these use a PKI, they have a small amount of embedded storage, and we can have one card that can be used for multiple purposes because it can contain multiple credentials. We tend to have lots of individual cards, with each card being linked to individual service providers.
What you may notice, because PKI is involved, if the PKI revokes the certificate stored on your smart card, you’ll notice that if you have an issue with a lost card, it’s very difficult to reinstate that card. Typically, you have to dispose of that card and have another one issued, and this is because of the certificate being embedded in the chip on the card. One of the issues we have with smart cards is that it is a physical token. Whoever has the card has a degree of access. We can, as most bank passes do - most bank cards do - have accompanying forms of control here through the use of things like PIN numbers.
Other potential issues with smart cards: we can have physical damage, the need to encode them to actually issue them can be time consuming, if you order a new bank card, it can take one week, maybe two weeks for it to arrive. And the process we’ll look at in one of the case studies when we look at the government to citizen relationship
for identity card provision: if you’re dealing with issuing 20 million identity cards, this is a significant piece of work. How do we manage that? How do you manage the initial encoding, and also the replacement? So this plugs into the processes. So this is a single contact or contactless card, and very, very widely used. Related to smart cards, we have another kind of physical token, RFID. And this can be used with smart cards. Very low cost, and doesn’t require a battery if we’re using it in a passive capacity. We have an antenna in the RFID card, and an integrated circuit. Concerns here typically relate to tracking and privacy.
Something to be aware of is, with RFID, because they work on a particular radio frequency, is that the signal can be potentially jammed, and also can be skimmed. So people can listen into the radio conversation. We said previously that RFID presents a unique identifier, so if the RFID unique identifier can be captured, the RFID card, the token, can then potentially be cloned. We mentioned previously that we’ve seen a growth in human implants of RFID tokens. In fact, I have a cat flap in my house, and the cat has an identification RFID token. And for the cat to gain access to the property, it has to go through the RFID reader on the cat flap, and it will unlock the door.
This prevents other animals entering and leaving the property - really clever. So RFID, very, very common. The RFID concerns typically are around privacy, around jamming, and around cloning. Do bear in mind, if we’re using RFID, we have to look at its integration into a wider set of tools, and we may want to supplement the RFID access or its use as a token with another authentication factor, like a PIN number, for example. That way, if somebody steals an ID card and swipes into your building, they would also need to present a PIN number, something you have and something you know.

In this video, you will learn about smart cards and RFID cards. Specifically, you will learn about their advantages and disadvantages.

Remember, a smart card will use an integrated circuit embedded in a token, like a plastic card. On the other hand, radio-frequency identity (RFID) cards contain antennas and an integrated circuit contained in a physical token.

Reflect and share: Will you be incorporating smart cards or RFIDs into your IdAM approach? Why or why not? Share below.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education