Cryptography Reference
In-Depth Information
with an ATM. The card and the card reader execute a
sequence of encrypted sign/countersign-like exchanges to
verify that each is dealing with a legitimate counterpart.
Once this has been established, the transaction itself is
carried out in encrypted form to prevent anyone, includ-
ing the cardholder or the merchant whose card reader is
involved, from eavesdropping on the exchange and then
later impersonating either party to defraud the system.
This elaborate protocol is carried out in a way that is invis-
ible to the user, except for the necessity of entering a PIN
to initiate the transaction. Smart cards are in widespread
use throughout Europe, much more so than the “dumb”
plastic cards common in the United States. The Advanced
Encryption Standard (AES), approved as a secure com-
munications standard by the U.S. National Institute of
Standards and Technology (NIST) in 2000, is compatible
with implementation in smart cards, unlike its predeces-
sor, the Data Encryption Standard (DES).
