Smart Cards

Asmart card is a step above a memory card, in that it can actually process information because it has a microprocessor and integrated circuits. The user inserts
the smart card into a reader, which has electrical contacts that interface and
power the smart card processor. The user then enters a PIN value, which “unlocks” the information and processing power contained on the smart card. The
card can hold a user’s private key, generate a one-time password, or respond to
a challenge-response request.
Smart cards are much more tamperproof when compared to memory cards
and after a certain number of incorrect PIN values have been inputted, the card
can actually “lock”itself, which would require the user to contact the vendor to receive an overriding PIN value to “unlock” the card again. Some cards zeroize
themselves after too many invalid login attempts, which means they render themselves totally useless and must be reprogrammed.
Both memory and smart cards have the extra expenses of creating new cards
and purchasing the required readers, which must be calculated in their implementation and lifetime costs. If the cards require a second credential set to be
provided (password or PIN), it is referred to as two-factor authentication
(something that you have and something that you know).
Smart cards can be contact cards, meaning they need to be inserted into a
reader, orcontactless, meaning they do not need to be inserted into a card reader
but need to be within a certain proximity of the reader. Contactless cards need
only to be passed within range of a radio frequency acceptor to read information
from the chip. Some smart cards have both contact and contactless functionality. A hybrid card has two chips on it, one for contact readers and one for
contactless readers. And a combi card has a single chip with both the contact
and contactless interfaces.