Authentication using Smart Card Technology

Smart card is an important method for authentication mechanism. Its look like a credit card –sized plastic which has following parts.
1. Microprocessor
2. Rom, for encryption and decryption and installing operating system.

Although Smart Card has a small tiny structure but it can be used for variety of application from high level digital application to low-level phone identification application for individuals.

Do not be confused between concept of this posting (smart card) and RFID. Actually, RFID is just an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags. A RFID tag does not have both paths mentioned above.

Smart Card sub-system Architecture
Basic components of the smart card subsystem
o A resource manager that uses a Windows application programming interface (API)

o The smart card Resource Manager runs as a trusted service in a single process.
o Resource manager have access of all the information which is passed to smart card and smart card reader that contains the requested card.
o So the resource manager is responsible for managing and manipulating all the access for application for any smart card which is used with any reader and it can also control all the application for inserted smart card in any smart card reader.
o The Resource Manager provides a given application with a virtual direct connection to the requested smart card.
o The Resource Manager performs three basic tasks in managing access to multiple readers and cards. First, it identifies and tracks resources. Second, it controls the allocation of readers and resources across multiple applications. Finally, it supports transaction primitives for accessing services available on a specific card.
o This is important because current cards are single-threaded devices that often require execution of multiple commands to complete a single function. Transaction control allows multiple commands to be executed without interruption, ensuring that intermediate state information is not corrupted.
* A user interface (UI) that works with the resource manager.


Authentication Techniques
o Dynamic Password Authentication
o User Authentication
o Symmetric key cryptography
o Asymmetric key cryptography


Dynamic Password Authentication
Smart Card creates different passwords for each authentication attempt
Generates new pass codes many times a day.
The host executes the same algorithm as the smart card, so it knows the current valid password at any given time.
This method ensures card authenticity as the password keeps on changing dynamically and the algorithm is hard to crack down.


Symmetric key cryptography & Asymmetric key cryptography
Symmetric Key Authentication

Fig: Authenticating using Symmetric Key Crytography

There are many ways and method are available for the authentication of smart card. We can implement an authentication method using PKI infrastructure and without using Smart Card too. However these simpler cards have considerably lower prices because they do not require a cryptographic coprocessor that is needed for executing public key cryptographic operations with reasonable speed.

Fig: Public Key Authentication using RSA (Rivest Shamir Adelman Cryptosystem)

The server gives a random challenge to the smart card and requests a message authentication code (MAC, a kind of signature) generated over the card ID (identifier) and the challenge. Often, a password provided by the user has to be given to the smart card before the card generates the MAC. This procedure ensures that a thief or finder of a card cannot use it without knowledge of the password.

The smart card uses a key to generate the MAC over the card ID and the challenge obtained from the server. Then it will sends both the ID and the MAC back to the server and The server uses the card ID to derive the card key from a master key and uses that card key to verify the MAC sent from the card.

Here is the example of Authentication using public key smart cards. Here first The server sends a random challenge to the smart card then in reply The smart card uses its private key to generate a digital signature over the challenge then The digital signature and the certificate associated with the private key of the smart card are sent to the server. The server verifies the certificate and then uses the public key contained in the certificate to verify the signature .

Applications
o Secure network access Smart Cards can carry an individual's digital signature .
o Cellular phones, Smart Cards offer a mechanism to secure cellular phones against fraudulent use.
o Financial , The applications of smart cards include their use as credit or ATM cards


Benefits
o Strengthen security: The two-factor authentication of smart cards requires more than entering valid credentials. You must possess the smart card and know the personal identification number (PIN).
o Flexible: Smart card memory contains security certificates, and can be used for in-house development projects.
o Simple: Smart cards are easy to use. No cumbersome password generators to carry around. No bulky device to break.
o Leverage existing infrastructure: Using the PKI of Windows 2000 Server or Windows Server 2003, you can create your own security certificates and manage the process internally without dependence upon an external partner