I read the following from the link - http://www.tpex.com/smartcrds.htm
Identification and Authentication Medium
The smartcard is generally used as a substitute for user ID /
password systems. A much higher level of security can be achieved with
a secure communication protocol between the smartcard and reader and between
the reader and PC. It works as follows (the steps in brackets are not essential).
- Smartcard reader and smartcard identify themselves with a two-way handshake via the possession of the same key (CK=Company Key or CCK Chipcard Communication Key). This excludes initial cards or cards from other organizations from being processed. Subsequently the CCK can be used to secure communication between smartcard and reader.
Regards,
Latha
