As a part of providing secure access systems, some companies provide mechanisms which allow their clients to write data to portable identification cards. This capability is usually achieved by providing the client with some sort of device which is capable of interfacing with the portable cards and writing data thereto. Such devices are commonly referred to as programmers, field programmers, readers, reader-writers, printers, encoders, etc. Generally speaking, devices having the ability to write data to portable cards are referred to as card-access devices in that they have the ability to communicate with portable cards (usually an access credential in the form of an Integrated Circuit (IC) card) and write data thereto. While these card-access devices have the ability to write data to portable cards, they may also have the ability to read data from portable cards.
In many cases, such as when the portable card is being manufactured, initialized, or personalized, the card-access devices are operated by a computer program running on a general-purpose, multi-programming operating system such as Windows, Linux, or Mac O/S.
Because an IC card and other types of portable cards are a secure repository for data, before being able to read data from or write data to a portable card, one typically has to engage in an authentication protocol with the portable card. The purpose of requiring the authentication protocol is to ensure that the entity writing data to the portable card is authorized to access data in the portable card.
In the situation where a computer program running on a general-purpose, multi-programming operating system is being employed to access data on a portable card, the sensitive data (e.g., cryptographic keys and personal identification numbers) used to conduct these authentication protocols, as well as to protect the data being read from or written to in the portable card, may be exposed in plaintext or in the clear of the general-purpose computing environment. This sensitive data is thereby subject to compromise and breach by other programs such as malware, spyware, and software probes and debuggers concurrently running in the general-purpose, multi-programming operating system.
In the situation that the sensitive data used to conduct these authentication protocols as well as to protect the data being read from or written to the portable card is held in the card-access device, the sensitive data is subject to compromise and breach through the use of hardware probes and environmental attacks on the card-access device as these devices are not typically as secure as the portable card itself.
Accordingly, there exists a need to provide a card-access device and methods of operating the same which allow the general-purpose, multi-programming operating system to conduct the majority of data read and write operations on a portable card or the like while still maintaining a sufficient amount of security around the sensitive data used to communicate with the portable card.