How do smart cards help to protect privacy?

Smart cards offer a number of features that can be used to provide or enhance privacy protection in systems. The following is a brief description of some of these features and how they can be used to protect privacy.

• Authentication: Smart cards provide mechanisms for authenticating others who want to gain access to the card. These mechanisms can be used to authenticate users, devices or applications wishing to use the data on the card’s chip. These features can be utilized by a system to protect privacy by ensuring that a health record is only accessed by authorized parties.
   
• Secure data storage: Smart cards provide a means of securely storing data on the card. This data can only be accessed through the smart card operating system by those with proper access rights. This feature can be utilized by a system to enhance privacy by, for example, storing personal health information on the card rather than in a central database.
   
• Encryption: Smart cards provide a robust set of encryption capabilities including key generation, secure key storage, hashing and digital signing. These capabilities can be used by a system to produce a digital signature for email content i, providing a means to validate the email authenticity.
   
• Strong device security: Smart card technology is extremely difficult to duplicate or forge and has built-in tamper-resistance. The chips are manufactured with features such as extra metal layers, sensors to detect thermal and UV light attacks, and additional software and hardware circuitry to thwart differential power analysis.
   
• Secure communications: Smart cards provide a means of secure communications between the card and card readers. Similar in concept to security protocols used in many networks, this feature allows smart cards to send and receive data securely.
   
• Biometrics: Smart cards provide mechanisms to securely store biometric templates and perform biometric matching functions. Storing fingerprint templates on a smart card rather than in a central database can be an effective way of increasing privacy in a single sign-on system that uses fingerprint biometrics as the single sign-on credential.
   
• Personal device: A smart card is, of course, a personal and portable device associated with a particular cardholder. The smart card plastic is often personalized, providing an even stronger binding to the cardholder. These features can be leveraged by systems to improve privacy. For example, a healthcare application might elect to store drug prescription information on the card instead of in paper form to improve the accuracy and privacy of a patient’s prescriptions.
   
• Certifications: Many of today’s smart cards comply with industry and government security standards. Independent certification facilities provide rigorous testing and evaluation to verify compliance.