Security Techniques
One of the main advantages of smart cards in comparison with other data storage media, such as magnetic-stripe cards and diskettes, is that they can store data such that it is protected and kept secret. An essential requirement for this is chip hardware that is tailored and optimized for this purpose, along with suitable cryptographic methods for protecting confidential data. However, security depends on more than just special microcontroller hardware and algorithms implemented in operating system software. The security of the smart card application, and the design principles used by its developers, are also of fundamental importance. This chapter is a compendium of essential principles, methods and strategies for producing secure smart cards and secure smart card applications.

USER IDENTIFICATION
Since ancient times, a variety of techniques have been used for the unambiguous identification of persons. The simplest form of identification is an identity card bearing a photograph or a signature written in the presence of the examiner. The photograph on an identity card can be compared with the actual person, with the result being an assessment of the genuineness of the person’s identity. In the field of information technology, this comparison is not so easy, since it must be performed by a computer instead of another person. Despite their success in performing mindless activities, computers still have tremendous difficulty in performing intelligent tasks. Consequently, entering a password via a keypad has generally become the preferred identification method. The effort needed for the comparison is minimal, since essentially all the computer has to do is to compare the entered password with a stored reference value and make a simple yes/no decision. Password comparison effectively amounts to making a decision regarding the genuineness of the identity of the person being tested. There are basically only three different methods that can be used to identify a person. If a password is used, what is tested is whether the person knows a particular secret. If he or she does, the conclusion is that the person is who he or she claims to be. The second option is to test whether a person possesses a particular object. The third possibility is to test specific, unique bodily features of the person. Methods that rely on knowing a secret or possessing a particular item have a significant drawback, which is that the person to be identified must either remember something or carry something on his or her person. Depending on the situation, the fact that the secret or object can be passed to another person can be considered to be an advantage or a disadvantage. In any case, it is not possible to unambiguously ascertain that the person holding the secret or the object is truly its legitimate owner, instead of someone else who may have illegitimately acquired the secret or item that is tested.

The third identification method eliminates this transferability, since it is based on using specific features of the human body for purposes of identification. Of course, the measurements are in most cases technically difficult, since for obvious reasons biological features that can be easily measured, such as weight or height, cannot be used. It is easier to understand these three possible identification methods if you consider the following example. Suppose you have to meet an unknown person at the train station. As soon as you see a possible candidate, you have the problem of deciding whether he is really the person you are looking for. However, if the unknown person shows up at the right place and the right time, this actually amounts to an implicit test of a secret, since you can at least hope that the place and time of your meeting are not generally known. An explicit test of a secret would occur if the unknown person were to utter a password that is known only to you and him. Alternatively, he could identify himself by means of an item that he possesses, for example by holding a newspaper printed on a specific day under his arm. Certainly, the most secure method would be to check the person for a specific bodily feature. Perhaps he has an unusually large nose, like Pinocchio’s (which grows very long when he lies . . . ). This train station scenario clearly shows that identifying an unknown person can be regarded as a classic problem that occurs in everyday life as well as in spy novels, rather than just being limited to computers and smart cards. It has now become a common practice to enter a PIN into many types of automated equipment and computers. The resulting marked increase in the number of PINs used for various purposes makes it very difficult for ordinary people to keep track of all of their PIN codes. After all, who can remember 20 or more different PINs? The security and good name of a system are naturally not improved if every user jots down his or her PIN on the card, since the number of cases of fraud will be excessive. For this reason, a desire to use other identification methods in place of PIN codes has arisen in recent years. Biometric features that allow a particular person to be unambiguously identified by a machine are ideal for this purpose.