How does Smart Card Authentication work?

Smart Card Authentication is a means of checking users into enterprise resources including workstations and applications using a physical card in tandem with a smart card reader and application on the workstation. Smart card authentication is hugely secure but it has a poor user experience and is expensive to deploy and maintain.

Smart card systems enable a distributed transaction network, without physical link between network terminals. The smart card is the data distribution tool that supports the data used in transactions. The terminal or card acceptor device (CAD) processes the smart card supplied data based on business processes for its application.

A smart card system is most cost-efficient when the CAD can check transaction approval without querying a host device databases of valid cards. It can ensure system-wide data integrity, the terminal should have a means for validating data.

The terminal validates data by needing the smart card to prove system membership before it accepts information from the card. The key is that the smart card proves its membership that is it need its processing capabilities. These methods are usually known as smart card authentication and involves passwords, cryptography, and challenge response protocols.

The password authentication approach mimics computer log on, which is its basic application. The card disclose its identifier during each authentication try. This method is efficient only if the password changes for each authentication try; therefore, it is easy to fake the authentication. Dynamic password authentication is the best method.

Cryptography is an efficient way to prove system membership without disclosing the identifying characteristics of the cards to the external world. But cryptographic methods needed key distribution, which improves system complexity, adds more system administration, and decrease flexibility.

Smart card systems enable updates to the card with data supplied by the terminal. Smart cards should authenticate the terminals before approving data. This avoids the smart card from supplying bogus data to terminals during future transactions. Smart cards need their processing capability with built-in security characteristics and will only accept changes to data after security requirements are met.

Each authentication technique has tradeoffs between costs, operating efficiency, and benefits. The authentication methods are judged by multiple factors such as ease of execution, sophistication of the smart card microprocessor needed, system management effort (e.g., secret key distribution), vulnerability of the system to negotiate, and time to done the authentication.

The first three are cost-driven factors, the fourth manage with data integrity, and the final with user satisfaction. The selection of a satisfactory authentication technique is based on the individual application's requirements, which are recognized through a system analysis procedure. System analysis is the key to choosing the proper authentication method and basically a cost-efficient smart card system.