For many applications such as electronic ticketing, transport or digital access control systems security tokens are used to store relevant or security information. Typically, this information has to be protected with respect to confidentiality, authenticity and integrity. This protection does not only have to be maintained while the data is stored in the security token but also when transmitted to the back office system that processes the data after reading it out. In order to implement secure communication between a security token and a reader device, the two entities perform a mutual authentication from which session keys are derived that can be used for subsequent secure messaging between the communication partners.
A typical requirement for the beginning of secure messaging is that the communication partners perform a handshake protocol, which is often part of the mutual authentication protocol. A reason for mandating a handshake protocol is that the communication partners ensure that the authentication actually succeeded and that the key they agreed upon is indeed known by both parties.
Security tokens as used today, often use high performance authentication protocols or mechanisms which have a medium or even low security level.