The cryptography of smart cards

Cryptography dates back to antiquity.

It was from there that the first mechanisms to camouflage the message content were observed using a complex process to prevent unauthated persons from being aware or aware of it. A time when the process of encryption and decryption was typically done by hand. It was limited only to those who had the information necessary for the analysis of hidden formations, in short, the key to deciphering. Encryption keys varied by context, culture, and message.

This article will also interest you: Intel's key to update encryption discovered by researchers

Over time, secret codes have evolved a lot, and thanks to computer science, the encryption and decryption process is no longer done by hand. It then requires the use of a machine with a high computing power in relation to the degree of encryption. Much more efficient and reliable. Today, secret codes are no longer small numbers or some trace on a fault. That's thousands and thousands of numbers.

Thanks to this evolution, cryptography has been able to meet many needs in these modern times. Whether it's authentication to confirm a person's identity during a communication or connection; to prevent information from being disclosed and accessible by unauthorized persons, cryptography will have been much more useful during antiquity or the Middle Ages.

"The evolution of cryptography has also helped to meet other needs of our modern times: confidentiality ensures that information is not disclosed, integrity ensures that it is not altered, authentication ensures that communication is done with the right person or system, and non-repudiation prevents denying having been the author of a certain message. write Cécile Dumas and Eleonora Cagli of research engineers at the Office of the Commissioner for Atomic Energy and Alternative Energy (CEA)

But what about the smart card?

For example, in a transaction between two partners, when paying a fixed amount, it should be ensured that the payment is made exactly between who must pay and who must receive. At the level of the exact amount to be paid and at the level of the account on which the amount is to be transferred, but by ensuring that the transaction can remain confidential between the two individuals. Everything must be done in an acceptable period of time, so that each party can ensure that the action to be carried out is carried out reliably. The banking system that is at the centre of this transaction will then play a very important role in ensuring that the transaction runs smoothly. This is where the smart card usually present in the bank card, for example, comes in, which thanks to an internal memory and a proper computational capacity, will be used as a cryptosystem. It has the ability to not only store electronic data but also encryption and decryption keys, so that when connected to a terminal that provides it with energy, it will be able to perform the cryptographic actions necessary for the transaction. In other words to the smart card it's like a computer built into a small space. This is called an embedded system in the IT sector.

The cryptography effort of smart cards meets several requirements. It may be a matter of certification or system organization in a global way.

"However, this is not always enough. Having a good safe is of no interest, if the suit hangs on a paper placed next to it or if the key to the padlock is just slid under the doormat.

There may also be flaws in a cryptosystem if not everything has been well thought out. To ensure confidence in their product, smart card developers apply for a certificate from a trusted organization. The National Agency for Information Systems Security (ANSSI) is the French state certification scheme, but there are also schemes in other countries, as well as private schemes. The certificate is awarded to the developer on the basis of a technical evaluation report. ». Note Cécile Dumas and Eleonora Cagli.

Now access an unlimited number of passwords: