The ISO/IEC 7816-4 specification provides a paradigm for identity authentication that is found consistently across most smart card applications. Moreover, it defines an authorization mechanism that builds upon this authentication facility so as to allow the definition of security policies that limit access to information stored in the file systems found on smart cards or to standard computations performed on information found in the file system of a smart card.
In the course of a typical smart card application, there are three distinct actors whose identities need to be authenticated:
host (off-card computer) application
smart card (on-card computer) application
The host and the smart card computers need to authenticate themselves to each other. After they do this, they can communicate information and services because each knows that the other belongs to the same security domain. It is possible for these two entities to establish a private (encrypted) channel and thus preclude any eavesdropper from listening in on the proceedings of the transaction. These two computer systems can then participate in the application on behalf of the cardholder, assuming that the cardholder is truly the owner (holder) of the smart card. So, an additional authentication mechanism is needed to authenticate the identity of the cardholder to the smart card. After this is done, the card can participate in the application on behalf of the cardholder.
The method used for authenticating the two computer systems to each other (i.e., the smart card ICC to the host computer) consists of each computer proving to the other that it knows a secret shared between the two machines. To enhance the long-term security of the two systems, it is desirable that this mechanism not involve actually moving the secret between the two systems. So, in the approach used, the shared secret is a key that can be used by a cryptographic algorithm to encrypt information. The approach can use either symmetric key cryptography or asymmetric key cryptography. In the authentication process, a key is used by one side of the operation (either the card or the host computer) to encrypt a random piece of information that has been specified by the other side of the operation. If both sides are using (know) the same key, then the "other" side will be able to decrypt and recover the random piece of information.
When the card has authenticated the off-card computer's identity, the card is then said to be in an AUTH state relative to the key used in the authentication process. Various commands can be tagged such that the on-card system must be in an AUTH state before the command can be executed. Since the off-card computer sends commands to the on-card computer, this mechanism means that the off-card system has to be authenticated to the on-card system in order execute these commands. Since the various commands provide access to information or computational services on the card, this defines an authorization mechanism which limits access to that information of those services.
There can be multiple key files stored on a card and there can be multiple keys in each of those files. This means that, in theory, a very large number of identities can be authenticated by the card and given access to various pieces of information or services.
Another authentication mechanism uses a PIN stored in a file. If an off-card computer can provide a command containing the correct PIN, it can cause the on-card system to enter a state called CHV (cardholder verified). Commands can be predicated upon being in the CHV state just as for the AUTH state. So, by proper design of the information structures on the card, various information and various capabilities (in essence, various applications) can be made available to different off-card identities. In this case, the off-card identities are the "owners" of the application systems in which the on-card components work.
In the following sections, we'll examine the details of the specific commands used to authenticate identities. Plus, we'll see a standard information storage system and the commands that, under authorization control such as we've just discussed, are able to operate on this storage system.