Computer security and identity theft are increasing concerns. As e-commerce, e-government, etc. become more prevalent, the opportunities for hackers and identity thieves to invade and steal sensitive information also increase. Inadvertent information disclosure often occurs during data exchange between networked computers, typically from business servers to home computers and vice versa.
This data may include Social Security numbers, account identifiers and associated passwords, private keys, credit card numbers, etc. During the course of a session, a user may not even be aware of the data that a remote site is accessing on a local computer. Perhaps even more dangerous is when hackers access data on an unattended computer, when the user isn't even aware that access is occurring.
Removable security tokens, such as smart cards can reduce the risk of compromise to cryptographic keys because the smart card is infrequently connected to a networked computer and almost always supervised by an owner/stakeholder. However, even if the user is prompted to approve a transaction, they are not aware of the actual data being accessed, which credentials are being used, or the values of such transaction.
Further the risk of malware attacking such a token will increase as the use of such tokens also increases. So not only does an attack from a remote device pose a threat, but also an attack from malware residing on a public computer.