Smart Cards: Are They Safe?

Smart Card

A smart card is a device that includes an embedded integrated circuit chip (ICC) that can be either a secure microcontroller or equivalent intelligence with internal memory or a memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. Smart card technology is available in many different forms including  plastic cards, key fobs, and watches, among others. Using magnetic or electromagnetic fields to both power the card as well as to exchange data with the reader, information is stored on a chip embedded within the contactless smart card. The chip is not powered on until the card is brought into the electromagnetic field of the reader. Once the chip is powered on, a wireless communication protocol is initiated and established between the card and the reader for data transfer.

 

Smart cards provide a robust set of encryption capabilities including key generation, secure key storage, hashing, and digital signing. These capabilities can be used by a system to protect privacy in a number of ways. For example, a smart card system can produce a digital signature for the content in an email, providing a means to validate the email authenticity. This protects the email message from subsequently being tampered with and provides the email recipient with an assurance of where it originated. The fact that the signing key originated from a smart card adds credibility to the origin and intent of the signer.

 

Smart cards provide a means of secure communications between the card and card readers. Similar in concept to security protocols used in many networks, this feature allows smart cards to send and receive data in a secure and private manner. This capability can be used by a system to enhance privacy by ensuring that data sent to and from the card is not intercepted or tapped into.

 

Many of today’s smart cards have been certified that they comply with industry and government security standards. They obtain these certifications only after completing rigorous testing and evaluation criteria by independent certification facilities. These certifications help systems protect privacy by ensuring that the security and privacy features and functions of the smart card hardware and software operate as specified and intended.

 

Information provided by smartcardalliance.org