Previous Table of Contents Next


The Card Issuer

The card is typically given to the cardholder by a card issuer. In the case of financial cards, the issuer is generally a bank or other financial institution. The card issuer generally is responsible for providing the system in which the card can function to perform its security-related functions. One aspect of this system is typically the linking of salient information about the cardholder to the functional characteristics of the card. The issuer functions as a certification authority or as a trust broker. It is through the actions of the issuer that various parties of a subsequent transaction can achieve some level of trust in the transaction, although they do not know each other prior to the initiation of the transaction.

In the financial environment, very well-defined protocols have been put in place by associations of financial organizations and buttressed by binding national and international laws and agreements. In the emerging world of computer networks, the existence of equivalent certification authorities is only now being legitimized by evolving system deployment.

The Terminal

The access point of any smart card with any electronic system is typically referred to as a terminal; sometimes the terms smart card reader or smart card interface device are also used. Terminals can vary significantly in complexity and capability and hence in the level of security that they support. At the most capable level, a terminal is a secure computing platform on par with the smart card itself, although typically not nearly so small, inexpensive, and portable. In such a configuration, a terminal might contain a comparatively powerful computer processor, memory, telecommunications interfaces to local and wide area computer networks, display screens, input devices (for example, a keypad or keyboard) through which a user can enter information (to the terminal’s processor and then perhaps on to the smart card), and perhaps even biometric sensors that the terminal can use to ascertain personal characteristics of the cardholder. For example, fingerprint readers and facial characteristics scanners are beginning to emerge within the security marketplace as viable elements of terminals.

A highly integrated configuration including a tamper-resistant computer, memory and secondary storage, and a secure cardholder verification entry facility would typically be provided by a card issuer to a merchant. This terminal provides a secure point of presence (from the standpoint of the card system issuer) in the merchant’s environment through which the issuer system can communicate with the cardholder’s smart card.

The PC

In emerging computer network environments, the terminal component from earlier smart card-based systems is separated into a computer component (that is, a PC, a network computer, a workstation, or some similar designation) to which is attached a relatively simple smart card reader. This particular configuration raises some security concerns with respect to the use of smart cards. In particular, the cardholder should always understand the security risks in providing verification of identity to the card through a computer system of unknown control. Obviously, this same concern can be raised for all levels of systems; trojan horse ATMs reportedly have been deployed to fraudulently gain account numbers and PINs from unsuspecting users. For home computer-type systems, however, the risks of the system being in a position to capture sensitive information are significantly greater.

The point then is that the cardholder should be reasonably cautious of the computer systems through which the card is used. If it’s the personal computer system of the cardholder, then the risks are greatly minimized since the cardholder has control over the system’s security environment. If it’s a personal computer system being used in a commercial environment, then the cardholder should be concerned with the manner in which a PIN is entered.

For example, if a personal computer configuration makes use of a simple smart card reader and the cardholder is expected to enter a PIN through the computer’s keyboard, then it’s a relatively simple procedure for the system manager of the personal computer configuration to be able to capture the keystrokes and know the PIN for the cardholder’s card. If the computer belongs to the cardholder and is under the direct control of the cardholder, then the security risks (of having the PIN captured) are greatly minimized. For public environments, it is possible to obtain more sophisticated smart card readers which have integrated keypads through which a PIN can be entered and passed on to the card, not to the computer system to which this terminal is connected.

The Network

The network through which computer systems are connected should always be treated as a completely nonsecure environment. The application developer, the card issuer, and the cardholder should all view the communication channel as completely open to the world. Information that passes through these channels can be monitored, captured, and manipulated by unknown persons or systems.

The Application

The application is the particular system or system component that is provided through the auspices of the card issuer (or at least with the concurrence of the card issuer) and is intended to provide some type of service accessed by the cardholder. The application may make use of an infrastructure within the network or within the end computer system through which the cardholder gains access to it. In these cases, however, the application must be concerned with the security of this infrastructure.

In many existing smart card-enabled systems, all the players operate within an environment provided by the card issuer. In the Internet environment, it is more difficult to provide a well-controlled infrastructure for all these players. They must each understand the security limits of the components that they deal with.

The Mechanisms

The previous sections define some of the abstract concepts of security as well as the major components of the systems for which a secure environment is desired. This section examines some of the mechanisms that the various players can use to facilitate the various security concepts.


Previous Table of Contents Next