How do smart cards help to protect privacy?
cards offer a number of features that can be used to provide or enhance privacy
protection in systems. The following is a brief description of some of these
features and how they can be used to protect privacy.
- Authentication: Smart cards provide mechanisms for authenticating
others who want to gain access to the card. These mechanisms can be used to
authenticate users, devices or applications wishing to use the data on the
card’s chip. These features can be utilized by a system to protect privacy
by ensuring that a health record is only accessed by authorized parties.
- Secure data storage: Smart cards provide a means of securely
storing data on the card. This data can only be accessed through the smart
card operating system by those with proper access rights. This feature can
be utilized by a system to enhance privacy by, for example, storing personal
health information on the card rather than in a central database.
- Encryption: Smart cards provide a robust set of encryption
capabilities including key generation, secure key storage, hashing and
digital signing. These capabilities can be used by a system to produce a
digital signature for email content i, providing a means to validate the
- Strong device security: Smart card technology is extremely
difficult to duplicate or forge and has built-in tamper-resistance. The
chips are manufactured with features such as extra metal layers, sensors to
detect thermal and UV light attacks, and additional software and hardware
circuitry to thwart differential power analysis.
- Secure communications: Smart cards provide a means of secure
communications between the card and card readers. Similar in concept to
security protocols used in many networks, this feature allows smart cards to
send and receive data securely.
- Biometrics: Smart cards provide mechanisms to securely store
biometric templates and perform biometric matching functions. Storing
fingerprint templates on a smart card rather than in a central database can
be an effective way of increasing privacy in a single sign-on system that
uses fingerprint biometrics as the single sign-on credential.
- Personal device: A smart card is, of course, a personal and
portable device associated with a particular cardholder. The smart card
plastic is often personalized, providing an even stronger binding to the
cardholder. These features can be leveraged by systems to improve privacy.
For example, a healthcare application might elect to store drug prescription
information on the card instead of in paper form to improve the accuracy and
privacy of a patient’s prescriptions.
- Certifications: Many of today’s smart cards comply with industry
and government security standards. Independent certification facilities
provide rigorous testing and evaluation to verify compliance.