Various applications are executed using contact-based and contactless read and/or write devices, generically referred to as a reader, that communicate with user cards. These applications include banking applications, such as credit card processing, as well as identification applications, such as epassport. Each application requires a particular level of security against manipulation and attacks, ranging from no-security, such as in the case of near field communication applications, to a high security level, such as in the case of banking applications.
To perform high security applications, there must be a high level of resistance to attacks not only by the user card, but also by the reader.
An upgrade of reader security level is difficult, if not impossible, to achieve for at least two reasons. First, an upgrade often requires a hardware change. Also, the upgraded reader must be customized and certified; since this is often only possible in a secure environment, it is not feasible for existing readers to be upgraded in the field. The result is a manufacturer's choice between equipping the reader with a lower security level, risking the reader may not meet future higher level security requirements, and equipping the reader with the highest possible security level, risking the initial version of the reader being more expensive than necessary for applications requiring a lower level security.