Increasingly enterprises and governments are relying on smart cards to provide identity authentication of individuals, information, devices, and/or assets. Smart cards can house and in some cases process security information that can be used for securely validating the identity of individuals, financial accounts, assets, etc.
In fact, some governments (e.g., Spain, Malaysia, and Belgium) are now issuing smart cards to their citizens for purposes of validating the identity of their citizens and providing useful history information about their citizens. Many states in the United States and many foreign governments now issue drivers' licenses in the form of smart cards, which include a variety of information about the drivers, such as blood type, medical conditions, prior driving record, photograph of the driver, physical characteristics of the driver, etc. Smart cards are also used to conduct business transactions and securely activate other devices or assets, such as accessing bank accounts, activating a lock to a safety deposit box, and the like.
Many individuals most commonly recognize the use of “smart cards” with respect to their mobile phones via their Subscriber Identity Module (SIM) cards, which are installed in their mobile phones. A SIM card uniquely permits a particular phone and phone number to be recognized over a mobile phone network and associated with a particular user. In fact, a user can switch phones by removing his/her individual SIM card from one phone and installing it in another phone. The SIM card not only activates the phone for network use but also provides a mechanism for the user to store and retrieve other useful information, such as contact information, profile information, and the like.
Some forms of smart cards require little to no security at all, such that a possessor of the smart card can utilize the information housed on that card. This occurs with credit cards that are forms of read only smart cards or SIM cards that are not password protected. Yet, most smart cards today require some form of activation to access the confidential information included on the smart cards, such as a password or a secret. However, for smart cards that provide vital authentication information and/or access to important governmental or enterprise assets, a straight forward password authentication technique that activates the smart cards for use may be too lenient and too easily compromised by intruders.
Accordingly, improved techniques for smart card authentication are desirable.