Many smart cards are cards embedded with memory and a processor that allows data to be stored and transacted between parties. The data may, for example, be associated with a value and/or information. The data may be transacted via a smart card reader that is part of a computing system. Today, smart cards have applications in industries such as healthcare, banking, entertainment, and transportation.
In order to protect their data, some smart cards require user authentication before releasing the data to a smart card reader. The user authentication may involve requesting personal information from a user that is compared with stored personal information on the smart card. The personal information may range from non-physical types of information such as personal identification numbers (PINs) or passwords to more personal types of information such as biometrics. Biometrics may include, for example, blood vessel patterns in a retina, fingerprints, DNA and other biological properties of the user. Unlike non-physical types of information, biometrics are unique to the user. If compromised, biometrics may be difficult if not impossible for a user to change.
Most public smart card systems today are unconditionally trusting of smart card readers. These smart card systems do not provide a mechanism for which a user can determine whether a smart card reader is trustworthy or reliable. This may become problematic when sensitive personal information such as biometrics is provided to an untrustworthy or unreliable smart card reader during user authentication. One approach to protecting personal information involves placing user authentication hardware directly on the smart card instead of requiring the reader to have it. This solution, however, increases the overall size and the cost of manufacturing the smart card, which is undesirable.