Smart Card Authentication

Internet and online applications usage have tremendously increased nowadays and become an integral part of our day-to-day lives. For applications like internet banking, confidential information passing and online financial transactions top notch security is the prerequisite. However, in the recent past cyber-attacks have become very common and are posing huge challenges to both the users and service providers alike. The modus operandi of the prevailing cyber stealing racket is hijacking user credentials especially username and password to breach the security of user-based authentication systems. To resolve this problem, smart-access card system is secure and reliable authentication system that secures user credentials and removes the inconveniences like remembering multitude of password and usernames.

Introduction to Smart Card Authentication

There are several methods that exist for authentication systems like badge or card system; bio metric data based systems like iris pattern or fingerprint systems; username and password- based systems. However, these methods are easily prone to sophisticated attacks. Smart card technology provides strong authentication based systems for both physical and logical access authentication by enhancing the security as well as the privacy of the information.

A smart-access card or integrated circuit card is a pocket-sized card built with embedded integrated circuits. Such a smart card provides identification, data storage, authentication and application processing capabilities.

Smart Card Types

Smart cards are classified based on their components, card interfaces and card Operating systems. Depending on the card components, they are classified into memory cards and chip cards. Chip card is more expensive as it contains a microprocessor and also an EEPROM for application data, ROM for data storage and RAM for the processor. Due to the encryption and decryption capabilities of the data, these cards are mostly used for financial and credit transactions. Memory type cards are least expensive and most common cards as they consist of EEPROM and ROM wherein the security logic on this card controls the memory access.

Smart Card Types

Based on interfacing, smart cards are contact type cards or contact less cards or a combination of  both these types. In the contact type card, one square centimeter contact area comes with the card. A reader plate has the provision for this contact area of the card, and if the card is inserted into the reader plate, it makes contact with some electrical connectors that communicate with the reader. On the contrary, the contact less smart cards don’t come with the contact pad, but a reader and card connection is established remotely with the wireless communications like RF. This card possesses an inductor, and when it enters into an RF reader field, it induces current in the inductor wire and thus prompts the communication to establish. A combo card uses both contact reader option for transaction of huge data and a contact less option for mutual authentication.

There are several operating systems for smart cards, and most commonly Java card operating system is used, which is developed by Sun Micro systems.

Internet Browsing System Using Smart Access Card

Nowadays though the websites and web applications usage has become necessary for all individuals, they are facing some insecurity problems particularly in case of e-governance and e-banking systems. As discussed above, the smart card system imparts extremely strong authentication and security to a system, and when it is deployed to web applications – it is capable of addressing many of the security related issues in the web-world today

PC/SC standard for smart cards

.

Smart card access system for internet browsing requires a web browser extension that connects smart card communication layer and library to provide API for web applications. Smart card is attached with Personal computers by using a PC/SC standard for accessing smart cards. This standard is available in all the major PC operating systems, as shown in the above figure. The web browser first connects this PC/SC layer, and then enables the communication to a smart card and finally activates a library for accessing web applications.

There are two major parts in web applications wherein one executes on a server and the other in a browser. The server part of the applications consists of HTML content to assist the clients. The browser consists of scripts to interact with users, and most commonly JavaScript is used as a scripting language in many of the browsers today.

Internet Browsing System

The above figure shows how a smart card connects to a user PC. Before starting browsing on application, access from the smart card is necessary. Therefore, web application must communicate with the smart card. Here, a S Connect based web application does this communication. For connecting and accessing smart cards, S Connect library provides a JavaScript API for developers to write web applications. In this web application, the client side JavaScript is stored in a web server and runs in a web browser whenever required.

For example, in case of a smart card and IP based health care information system, two types of smart cards are provided to the users: one is ‘Health Insurance Card’ and the other one is a ‘Health Professional Card’. These cards store an insured person’s details and data regarding health, applications like technical aid, issued drugs, transaction details, etc.

In this system, web access or internet browsing of user details are authenticated using smart cards as shown below. This system encompasses complete document transactions and necessary security features through Secure Socket Layer (SSL). The card terminal and driver software are interfaced to a PC such that once the card gets authenticated, the web connectivity enables the user to access his/her details via the internet from the data base management system server. This system also provides the processes like data checking, log details, previous transactions details, and so on.

Health care information system

Applications of Smart Access Card Systems

• Door Security System Using Smart Card Technology
• Smart Card Based Prepaid Electricity System
• Advanced Parking System Using Smart Access Card
• Electronic Voting System Using Touch Screen and Smart Card Technology
• Smart Card System for Hotel Management System
• Device or Appliance Control in Industries Using Smart Card
• Corporate Authentication System for Multinational Companies
• Smart Card System for Online Transaction in Offices
• Home or Office Security System Based on Smart Cards
• Smart Card Based Rural Health Insurance System

This is all about the Smart access card system and the applications of authenticated web applications’ browsing systems. From this article, we hope that you might have got some basic ideas about the smart system for internet browsing system. If you have got any doubts pertaining to the implementation of security systems, even for implementing RFID based systems, you can reach us by commenting below.

Photo Credits:

• Smart Card Authentication by advanide
• Smart Card Types by dss
• PC/SC standard for smart cards by microsoft
• Health care information system by isoc