Card reader

IP access control
	IP fingerprint reader
Media type	Internet Protocol
Capacity	10000 templates
Usage	fingerprint identification, access control

Access control
	Proximity reader with keypad
Usage	access control

Last updated December 07, 2024

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

Mechanisms

Magnetic card readers

Magnetic stripe technology, usually called mag-stripe, is so named because of the stripe of magnetic oxide tape that is laminated on a card. There are three tracks of data on the magnetic stripe. Typically the data on each of the tracks follows a specific encoding standard, but it is possible to encode any format on any track. A mag-stripe card is cheap compared to other card technologies and is easy to program. The magnetic stripe holds more data than a barcode can in the same space. While a mag-stripe is more difficult to generate than a bar code, the technology for reading and encoding data on a mag-stripe is widespread and easy to acquire. Magnetic stripe technology is also susceptible to misreads, card wear, and data corruption. These cards are also susceptible to some forms of skimming where external devices are placed over the reader to intercept the data read.^{[ citation needed ]}

Smart card readers

Smart card readers use an electrical current to read data from embedded circuitry or magnetic features in a card. A contact smart card must physically touch contacts on a reader to connect a circuit between them. A contactless smart card uses radio waves or a magnetic field to transmit information to a reader remotely (though most readers have a range of 20 in (51 cm) or less).^{[ citation needed ]}

Contact smart card readers

Smart card reader Gnome-dev-smartcard.svg — Smart card reader

A contact smart card reader is an electronic device that physically connects to an integrated circuit in a smart card, supplies the circuit in the card with electricity, and uses communications protocols to read data from the card. Smart card readers used for banking or identification may be connected to a keyboard to allow verification with a personal identification number (PIN).

Communication protocols
Name	Description
T=0	Asynchronous half-duplex byte-level transmission protocol, defined in ISO/IEC 7816-3
T=1	Asynchronous half-duplex block-level transmission protocol, defined in ISO/IEC 7816-3.
T=2	Reserved for future use.
T=3	Reserved for future use.
Contactless	APDU transmission via contactless interface ISO/IEC 14443.

If the card does not use any standard transmission protocol, but uses a custom/proprietary protocol, it has the communication protocol designation T=14.^[1]

The latest^{[ which? ]} PC/SC CCID specifications define a new smart card framework. This framework works with USB devices with the specific device class 0x0B. Readers with this class do not need device drivers when used with PC/SC-compliant operating systems, because the operating system supplies the driver by default.^{[ citation needed ]}

PKCS#11 is an API designed to be platform-independent, defining a generic interface to cryptographic tokens such as smart cards. This allows applications to work without knowledge of the reader details.

Smartcard readers have been targeted successfully by criminals in what is termed a supply chain attack, in which the readers are tampered with during manufacture or in the supply chain before delivery. The rogue devices capture customers' card details before transmitting them to criminals.^[2]

Contactless smart card readers

A contactless smart card uses high frequency radio waves (13.56 MHz instead of 125 kHz), which allows the transfer of more data, and communication with several cards at the same time. A contactless card does not have to touch the reader or even be taken out of a wallet or purse. Most access control systems only read serial numbers of contactless smart cards and do not utilize the available memory. Card memory may be used for storing biometric data (i.e. fingerprint template) of a user. In such case a biometric reader first reads the template on the card and then compares it to the finger (hand, eye, etc.) presented by the user. In this way biometric data of users does not have to be distributed and stored in the memory of controllers or readers, which simplifies the system and reduces memory requirements.^{[ citation needed ]}

RFID card readers

Electronic key for RFID based lock system RFkey.jpg — Electronic key for RFID based lock system

Proximity card readers

A reader radiates a 1" to 20" electrical field around itself. Cards use a simple LC circuit. When a card is presented to the reader, the reader's electrical field excites a coil in the card. The coil charges a capacitor and in turn powers an integrated circuit. The integrated circuit outputs the card number to the coil, which transmits it to the reader.

A common proximity format is 26-bit Wiegand. This format uses a facility code, sometimes also called a site code. The facility code is a unique number common to all of the cards in a particular set. The idea is that an organization will have their own facility code and a set of numbered cards incrementing from 1. Another organization has a different facility code and their card set also increments from 1. Thus different organizations can have card sets with the same card numbers but since the facility codes differ, the cards only work at one organization. This idea worked early in the technology, but as there is no governing body controlling card numbers, different manufacturers can supply cards with identical facility codes and identical card numbers to different organizations. Thus there may be duplicate cards that allow access to multiple facilities in one area. To counteract this problem some manufacturers have created formats beyond 26-bit Wiegand that they control and issue to organizations.

In the 26-bit Wiegand format, bit 1 is an even parity bit. Bits 2–9 are a facility code. Bits 10–25 are the card number. Bit 26 is an odd parity bit. 1/8/16/1. Other formats have a similar structure of a leading facility code followed by the card number and including parity bits for error checking, such as the 1/12/12/1 format used by some American access control companies.

1/8/16/1 gives as facility code limit of 255 and 65535 card number

1/12/12/1 gives a facility code limit of 4095 and 4095 card number.

Wiegand was also stretched to 34 bits, 56 bits and many others.

Wiegand card readers

Wiegand card technology is a patented technology using embedded ferromagnetic wires strategically positioned to create a unique pattern that generates the identification number. Like magnetic stripe or barcode technology, this card must be swiped through a reader to be read. Unlike the other technologies, the identification media is embedded in the card and not susceptible to wear. This technology once gained popularity because it is difficult to duplicate, creating a high perception of security. This technology is being replaced by proximity cards, however, because of the limited source of supply, the relatively better tamper resistance of proximity readers, and the convenience of the touch-less functionality in proximity readers.

Proximity card readers are still referred to as "Wiegand output readers", but no longer use the Wiegand effect. Proximity technology retains the Wiegand upstream data so that the new readers are compatible with old systems.^{[ citation needed ]}

Memory card readers

A USB card reader like this one will typically use the USB mass storage device class. SanDisk-memory-card-reader.jpg — A USB card reader like this one will typically use the USB mass storage device class.

A memory card reader is a device for accessing the data on a memory card such as a CompactFlash (CF), Secure Digital (SD) or MultiMediaCard (MMC). Most card readers also offer write capability, and together with the card, this can function as a pen drive. Memory card readers can be built in to laptop computers or computer peripherals, or use a USB interface to transfer data to and from a computer.

Punched card readers

The Jacquard machine

The earliest example of a punched card reader, the Jacquard machine, physically pressed punched cards against rows of mechanical control rods to convert the data on the cards into physical positions of the loom's hooks. A hole in the card would allow the rod to pass through and remain unmoved; if there was no hole the rod would be pushed, moving its hook out of position.

Electrical punched card readers

Beginning with the Tabulating machine in 1890, data was read from punched cards by detecting whether a hole in the card allowed an electrical circuit to connect or an unpunched section of card interrupted that circuit.

An IBM 80-column punched card of the type most widely used in the 20th century Blue-punch-card-front-horiz.png — An IBM 80-column punched card of the type most widely used in the 20th century

The earliest punched card readers used pins that would dip into tiny cups of mercury when passing through a punched hole, completing an electrical circuit; in the late 1920s, IBM developed card readers that used metal brushes to make electrical contact with a roller wherever a hole passed between them.^[3]

Optical punched card readers

By 1965, punched cards were read using photoelectric sensors. The IBM 2501 is an example of an early optical punched card reader.

A photoelectric punched card reader patent was issued in 1971.^[4]

Uses

Identification and access control

Card readers are often used to read identification cards for the purposes of physical or electronic access control or to read data from an identity card.

Access control card readers are used in physical security systems to read a credential that allows physical access through access control points, typically a locked door. They can also be used in information security systems to control access to data. An access control reader can be a magnetic stripe reader, a bar code reader, a proximity reader, or a smart card reader.

Readers may compare the data collected from the card, or data stored in the reader, to a biometric identification: fingerprint, hand geometry, iris, Voice Recognition, and facial recognition.^{[ citation needed ]}

A card reader with a biometric system compares the template stored in memory to the scan obtained during the process of identification. If there is a high enough degree of probability that the template in the memory is compatible with the live scan (the scan belongs to the authorized person), the ID number of that person is sent to a control panel. The control panel then checks the permission level of the user and determines whether access should be allowed. The communication between the reader and the control panel is usually transmitted using the industry standard Wiegand interface. The only exception is the intelligent biometric reader, which does not require any panels and directly controls all door hardware.

Biometric templates may be stored in the memory of readers, limiting the number of users by the reader memory size (there are reader models that have been manufactured with a storage capacity of up to 50,000 templates). User templates may also be stored in the memory of the smart card, thereby removing all limits to the number of system users (finger-only identification is not possible with this technology), or a central server PC can act as the template host. For systems where a central server is employed, known as "server-based verification", readers first read the biometric data of the user and then forward it to the main computer for processing. Server-based systems support a large number of users but are dependent on the reliability of the central server, as well as communication lines.

1-to-1 and 1-to-many are the two possible modes of operation of a biometric reader:

In the 1-to-1 mode a user must first either present an ID card or enter a PIN. The reader then looks up the template of the corresponding user in the database and compares it with the live scan. The 1-to-1 method is considered more secure and is generally faster as the reader needs to perform only one comparison. Most 1-to-1 biometric readers are "dual-technology" readers: they either have a built-in proximity, smart card or keypad reader, or they have an input for connecting an external card reader.
In the 1-to-many mode a user presents biometric data such as a fingerprint or retina scan and the reader then compares the live scan to all the templates stored in the memory. This method is preferred by most end-users, because it eliminates the need to carry ID cards or use PINs. On the other hand, this method is slower, because the reader may have to perform thousands of comparison operations until it finds the match. An important technical characteristic of a 1-to-many reader is the number of comparisons that can be performed in one second, which is considered the maximum time that users can wait at a door without noticing a delay. Currently most 1-to-many readers are capable of performing 2,000–3,000 matching operations per second.

Banking

Some banks have issued hand-held smartcard readers to their customers to support different electronic payment applications:

Chip Authentication Program (CAP) uses EMV banking cards to authenticate online transactions as a phishing countermeasure.
Geldkarte is a German electronic purse scheme where card readers are used to allow the card holder to verify the amount of money stored on the card and the details of the last few transactions.

Data tabulation

Throughout the 20th century, punched card readers were used to tabulate and process data including census data, financial data, and government contracts.^[6] Punched card voting was widely used in the United States from 1965 until it was effectively banned by the Help America Vote Act of 2002.

Related Research Articles

In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

A smart card (SC), chip card, or integrated circuit card, is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, and more recently, contactless mobile devices, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

A proximity card or prox card also known as a key card or keycard is a contactless smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards and contact type smart cards. The proximity cards are part of the contactless card technologies. Held near an electronic reader for a moment they enable the identification of an encoded number. The reader usually produces a beep or other sound to indicate the card has been read.

<span class="mw-page-title-main">Common Access Card</span> Standard identification for Active Duty United States Defense personnel

The common access card, also commonly referred to as the CAC, is the standard identification for active duty United States defense personnel. The card itself is a smart card about the size of a credit card. Defense personnel that use the CAC include the Selected Reserve and National Guard, United States Department of Defense (DoD) civilian employees, United States Coast Guard (USCG) civilian employees and eligible DoD and USCG contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to defense computer networks and systems. It also serves as an identification card under the Geneva Conventions. In combination with a personal identification number, a CAC satisfies the requirement for two-factor authentication: something the user knows combined with something the user has. The CAC also satisfies the requirements for digital signature and data encryption technologies: authentication, integrity and non-repudiation.

<span class="mw-page-title-main">Nord-10</span>

Nord-10 was a medium-sized general-purpose 16-bit minicomputer designed for multilingual time-sharing applications and for real-time multi-program systems, produced by Norsk Data. It was introduced in 1973. The later follow up model, Nord-10/S, introduced in 1975, introduced CPU cache, paging, and other miscellaneous improvements.

HID Global Corporation is an American manufacturer of secure identity products. The company is an subsidiary of Assa Abloy, a multinational door and access control conglomerate. Björn Lidefelt was appointed CEO on 27 January 2020. He succeeded Stefan Widing, who led HID Global for over four years.

The Wiegand interface is a de facto wiring standard which arose from the popularity of Wiegand effect card readers in the 1980s. It is commonly used to connect a card swipe mechanism to the rest of an access control system. The sensor in such a system is often a "Wiegand wire", based on the Wiegand effect, discovered by John R. Wiegand. A Wiegand-compatible reader is normally connected to a Wiegand-compatible security panel.

Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic transfer with a payment terminal and access automated teller machines (ATMs). Such cards are known by a variety of names, including bank cards, ATM cards, client cards, key cards or cash cards.

A contactless smart card is a contactless credential whose dimensions are credit card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.

A keycard lock is a lock operated by a keycard, a flat, rectangular plastic card. The card typically, but not always, has identical dimensions to that of a credit card, that is ID-1 format. The card stores a physical or digital pattern that the door mechanism accepts before disengaging the lock.

A datacard is an electronic card for data operations.

The NCR Century 100 was NCR's first all integrated circuit computer built in 1968. All logic gates were created by wire-wrapping NAND gates together to form flip-flops and other complex circuits. The console of the system had only 18 lights and switches and allowed entry of a boot routine, or changes to loaded programs or data in memory. A typewriter console was also available.

<span class="mw-page-title-main">Access badge</span>

An access badge is a credential used to gain entry to an area having automated access control entry points. Entry points may be doors, turnstiles, parking gates or other barriers.

Touch Memory is an electronic identification device packaged in a coin-shaped stainless steel container. Touch memory is accessed when a touch probe comes into contact with a memory button.

The Wiegand effect is a nonlinear magnetic effect, named after its discoverer John R. Wiegand, produced in specially annealed and hardened wire called Wiegand wire.

A whole new range of techniques has been developed to identify people since the 1960s from the measurement and analysis of parts of their bodies to DNA profiles. Forms of identification are used to ensure that citizens are eligible for rights to benefits and to vote without fear of impersonation while private individuals have used seals and signatures for centuries to lay claim to real and personal estate. Generally, the amount of proof of identity that is required to gain access to something is proportionate to the value of what is being sought. It is estimated that only 4% of online transactions use methods other than simple passwords. Security of systems resources generally follows a three-step process of identification, authentication and authorization. Today, a high level of trust is as critical to eCommerce transactions as it is to traditional face-to-face transactions.

A campus credential, more commonly known as a campus card or a campus ID card is an identification document certifying the status of an educational institution's students, faculty, staff or other constituents as members of the institutional community and eligible for access to services and resources. Campus credentials are typically valid for the duration of a student's enrollment or an employee's service.

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

The term digital card can refer to a physical item, such as a memory card on a camera, or, increasingly since 2017, to the digital content hosted as a virtual card or cloud card, as a digital virtual representation of a physical card. They share a common purpose: identity management, credit card, debit card or driver's license. A non-physical digital card, unlike a magnetic stripe card, can emulate (imitate) any kind of card.

References

↑ ISO/IEC 7816-3:2006 Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical interface and transmission protocols, clause 8.2.3
↑ Henry Samuel (2008-10-10). "Chip and pin scam 'has netted millions from British shoppers'". The Telegraph . Archived from the original on 2008-10-11. Retrieved 2008-10-13.
↑ "Early Punched Card Equipment, 1880 - 1951". Engineering and Technology History Wiki. 9 January 2015. Retrieved 25 January 2024.
↑ US US3553435A,James L Pike,"Photoelectric punched card and document reader",issued 1971
↑ "Reading Business Cards". How OCR Works. Retrieved 25 January 2024.
↑ "The IBM punched card". IBM Heritage. Retrieved 25 January 2024.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] ISO/IEC 7816-3:2006 Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical interface and transmission protocols, clause 8.2.3

[2] Henry Samuel (2008-10-10). "Chip and pin scam 'has netted millions from British shoppers'". The Telegraph . Archived from the original on 2008-10-11. Retrieved 2008-10-13.

[3] "Early Punched Card Equipment, 1880 - 1951". Engineering and Technology History Wiki. 9 January 2015. Retrieved 25 January 2024.

[4] US US3553435A,James L Pike,"Photoelectric punched card and document reader",issued 1971

[5] "Reading Business Cards". How OCR Works. Retrieved 25 January 2024.

[6] "The IBM punched card". IBM Heritage. Retrieved 25 January 2024.

[1]

[2]

[3]

[4]

[5]

[6]

v t e Memory cards
Main articles	Memory card reader Comparison of memory cards
Types	CompactFlash (CF, CFast, CFexpress) Express Card JEIDA MultiMediaCard (MMC) Memory Stick (MS, MS-PRO, MS-PRO HG, MS-XC) miCard Microdrive (MD) MiniCard NT Card P2 (MicroP2) PC Card (PCMCIA, CardBus, CardBay) Secure Digital (SDSC, SDHC, SDXC) SmartMedia (SM) SxS Universal Flash Storage (UFS) xD-Picture XQD