IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [smartcard]

A smart card, or chip card, is a fingernail-sized integrated circuit that is often embedded in a credit-card-sized plastic sheet. Smart cards are used as identification badges, banking cards, SIM in mobile phones, for key storage, and more.

A smart card (also called chip card, or ICC (integrated circuit card)) consists of an integrated circuit that is often embedded in a credit-card-sized plastic sheet. Smartcards do not contain their own power source. Contact smart cards communicate by being inserted into a reader device, while contactless smart cards communicate over radio waves; some cards support both methods.

Uses for smart cards include banking (ATM cards), electronic wallets, identification badges (for transit, healthcare, building access, computer login, …), mobile phone SIMs, …

Smart cards are often protected against physical tampering to some degree. They are often a repository of secret keys, making them a common “what you have” factor in authentication. Chip cards range in capabilities from being a simple memory card which is read passively, to being capable of performing cryptographic operations on a key that never leaves the card.

235 questions
10
votes
4 answers

Are all smart card readers the same?

My bank has me use a credit-card-sized smart card and a USB card reader to authenticate for online transactions. I want to optimize for size when I travel light. I see that there are small SIM card readers, designed to read data from a cell phone…
Philippe
  • 203
  • 2
  • 6
5
votes
1 answer

SmartCard for private keys - personal usage

I've just found my notebook has a SmartCard reader. Would it be wise/possible/practical to buy a single SmartCard, transfer my private key on that (somehow), and use it as my primary private key storage? Or would I need a SmartCard "writer", which…
Martin Pecka
  • 161
  • 6
5
votes
1 answer

SmartCard Key Extraction / Alternatives

(1) As it is possible to extract the secret key from a SmartCard using laboratory equipment, I wonder if there is any (new) way to protect against this sort of security breach? Does it affect all kinds of SmartCard? (2) Do eToken/ crypto-token…
user3200534
  • 881
  • 10
  • 22
5
votes
3 answers

Lost Smart Card - extract private key?

Consider you lost your laptop with sensitive data and your smart card that contains the private key for your GnuPG and Truecrypt accounts. The smartcard is secured with a 8-digit PIN. 1) Is it possible for an attacker who finds the smartcard to…
user3200534
  • 881
  • 10
  • 22
5
votes
2 answers

Smart cards for user authentication - is configuration of PIN complexity important?

In our company domain we are now able to login to Windows using a smart card plus a 4 digit numeric PIN. The same smart card is used to sign e-mails too. My understanding is that authentication to the domain does not involve the PIN directly, only…
D.H.
  • 628
  • 7
  • 14
3
votes
1 answer

Is there a common standard for digitally signing via smart cards?

Am I right that "minidrivers" which are specific to different national or regional smart cards (eg PIV/CAC, Brazil, Estonia, Sweden, France, etc) are needed for digital signatures (RSA)? Can the right minidriver be installed automatically upon…
Larry K
  • 601
  • 3
  • 11
3
votes
2 answers

Smart Card private key usage

How does an application get the private key from a smart card in order to sign some data? I presume that the data is being signed by a code running on the main OS (Windows/Linux) and not on the smart card device. am I correct? Also, some smart cards…
MrD
  • 31
  • 1
  • 2
3
votes
2 answers

Drill a (physical) hole on a g10 openpgp smart card

I have a g10 smart card (http://g10code.com/p-card.html) I want to make a hole on it, so I can pass a cord on it and hopefully remember to bring it with me. would I kill the card if I drill a hole on it? I have in mind something like this:
gfa
  • 33
  • 4
2
votes
0 answers

First time contactless card payment does not require PIN to enable

I unwittingly made my first contactless card payment a few days ago: the vendor took my bank card [current account debit card] (I assumed so that they could insert it into their "deskbound" payment terminal: I know that you are supposed to never…
dave559
  • 166
  • 7
0
votes
0 answers

Does OpenSC required proprietary Gemalto SafeNet middleware to support Gemalto IDPrime card?

I am interesting by buying a Gemalto IDPrime MD 830 card to be used onto two computers in various scenarios: - Storing certificate (Windows, Linux) - Authentication (Linux) The Windows computer would be accessed by multiple operators always in the…
OlivierM
  • 156
  • 3
0
votes
0 answers

How do chipped credit cards increase security?

So I've looked at various articles trying to understand how chipped credit cards increase security over traditional credit cards. In the times I've used my card with a chipped reader (wally world, target, etc) I've scribbled a half legible…
Sidney
  • 699
  • 5
  • 10
-1
votes
1 answer

mifare classic security

We know mifare Classic has been broken. My question is, say I store encrypted data (using some out of band RSA encryption) instead of plain data on Mifare Classic card. And also store a signature over this data on the card. Does this make Mifare…
user2568508
  • 111
  • 2