The current art involving the use of Personal Security Devices (PSD), for example, smart cards, subscriber identity module (SIM) cards, biometric devices, or combinations thereof, requires specialized messaging software or firmware to be installed on a local Client in which the PSD is connected. These specialized routines are used to translate messages from high-level messaging formats into low-level messaging formats (i.e. into PSD-formatted messages). An example of such routines is what is generally known in the art as an Application Protocol Data Unit (APDU) interface. Installing and maintaining APDU interfaces for a large number of local Clients can be a substantial and costly challenge in a multi-user organization. In addition, Client resources such as disk space, memory and computing resources are unnecessarily tied up by the software, which could be better utilized for other purposes.
Another significant limitation of the current art is that security mechanisms are implemented on a local Client to gain access to secure functions contained within a connected PSD. In a typical secure transaction with a PSD, a request is generated in the local Client by way of high-level software such as API-level software, which is subsequently encrypted in the Client and translated into APDU messaging format using an APDU interface, and sent to the PSD to access the intended secure function.
The potential exposure of secure information weakens the basic functionality of current PSDs, which is to protect private keys and other proprietary information from being unnecessarily disclosed. The limitations of the current art are such that localized key generating mechanisms, APDU interface software and transactions involving this software are potentially vulnerable to compromise by unauthorized programs running on the local Client or by other illicit means intending to monitor the key generation process and thus gaining access to security codes, algorithms and other sensitive data contained within the PSD or elsewhere. These limitations are magnified in a multi-user environment where the ability to control unauthorized access to local Clients and vulnerable software contained therein is increased.