Article Preview
Top1. Introduction
The concept of using Integrated Circuits (IC) in plastic card is very old and initial patents can be traced back to late 1960s. Technological advancement over last two decades (increase in terms of storage space, power, and processing speed along with reduction in terms of size of processor) enabled us to add further functionalities into smart card like Operating System, Authentication Mechanisms and Cryptography which led to mass implementation and usage of the system. The evolution of smart cards made them useful for wide range of applications (Rankl & Effing, 2004). Authentication is the process of verifying identity of a user (El-Latif et al., 2018; Nedjah et al., 2017; Nedjah et al., 2019; Tewari & Gupta, 2018; Zheng et al., 2017). There are 3 basic factors that can be used to authenticate users, i.e., Knowledge, Ownership and Inheritance. Knowledge consists of knowing a secret like a password, PIN, etc. Ownership consists of possessing an object like smartcard (Gupta & Quamara, 2019), software token in mobile, smart watch, etc. Inheritance consists of elements exclusive to the user like fingerprint, voice, DNA, etc.
Smart card system is one which uses smart card at its core and performs certain actions like authentication, cryptography, data storage, etc. in order to obtain the results that are desired by the user. This system consists of various entities, each assigned a specific role to carry out successful implementation of the execution. Most commonly used entities of a smart card system include Smart Card, Smart Card Reader, Server(s), and Communication Channel (Rankl & Effing, 2004).
There are a few basic steps that are a part of every smart card system. Smart card is connected to the smart card reader either directly or wirelessly. This gives power and clock pulse and the smart card is activated. After activation, command and response Application Protocol Data Units (APDUs) are transmitted between card and reader. After activation of smart card, a secure channel is established between card and reader. This channel can be based either on contact point or contactless media. Usually the established channel is encrypted, especially when medium is contactless. Architecture of a basic smart card system is given in Figure 1. Next step is to validate user identity by authenticating user. User authentication can be based on one or more factors. Validating identity of user can be performed locally at reader or special server called as authentication server. After authenticating user respective application on the smart card is executed. The application can either be providing access to some service or data. Once all the operations are performed, application is terminated.