Some access control systems employ older or less technically-sophisticated reader devices. Indeed, there is a large installed base of access control readers that are only equipped to read data from an access credential. These readers are sufficient to analyze the authenticity of an access credential (e.g., a thing carried by a user), but the readers and the access credentials are not natively equipped to analyze and verify a data object residing on a credential or the reader.
A user is often required to present their access credential to the reader and then enter a password or Personal Identification Number (PIN) code into the reader or a computing device associated with the reader. The computing device then transfers the user-entered password or PIN code to the reader via a dedicated communication link (often a wired connection). Providing a computing device in combination with the reader increases the level of security because the user that presents the access credential is now also required to prove something they know in addition to proving that they are caring a valid access credential. This is often referred to as dual-factor or two factor authentication.
One problem with this approach is that a keyboard logger or a similar snooping device could be installed to intercept the password/PIN entry process at the computing device or somewhere between the computing device and the reader. This potentially exposes the user's password/PIN to a malicious attacker. Additionally, even though many readers and credentials are improving, readers and credentials do not have the ability to manage many data objects stored on a single access credential or on a single reader. Likewise, many readers and credentials are not equipped to keep an entered pin, associated with a data object, inaccessible when many data objects reside on an access credential and/or reader.
One solution would be to maintain a master list containing valid PIN numbers for current data objects, and compare the valid PIN numbers to those received from a reader. Unfortunately, such a solution presents somewhat of a security risk as a master list containing pins and data objects could be considered a honey pot of information and would likely be the target of malicious hackers attempting to gain access to data objects or access physical objects protected by the data objects.