A Smart Card Management System (SCMS) or Credential Management System (CMS) is a system for managing
smart card
A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
s through the life cycle
of the smart cards. Thus, the system can issue the smart cards, maintain the smart cards while in use and finally take the smart cards out of use (
EOL
EOL or Eol may refer to:
* Encyclopedia of Life, a freely-accessible, online collaborative bio-encyclopedia
* End-of-life (product), a term used with respect to terminating the sale or support of goods and services
* End-of-line, a special charac ...
). Chip/smart cards provide the foundation for secure
electronic identity, and can be used to
control access to facilities, networks or computers. As the smart cards are security
credentials for authenticating the smart card holder (for example using
two-factor authentication
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
) the security requirements for a smart card management system are often high and therefore the vendors of these systems are found in the
computer security
Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
industry.
Smart card management systems are generally implemented as
software
Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work.
At the lowest programming level, executable code consists ...
applications. If the system needs to be accessible by more than one operator or user simultaneously (this is normally the case) the software application is often provided in the form of a
server application
In computing, a server is a piece of computer hardware or software (computer program) that provides functionality for other programs or devices, called " clients". This architecture is called the client–server model. Servers can provide vario ...
accessible from several different client systems. An alternative approach is to have multiple synchronized systems.
Smart card management systems connect smart cards to other systems. Which systems the smart card management system must connect to depends on the use case for the smart cards. Typical systems to connect to include:
* Connected
smart card reader
* Unconnected (
RFID
Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder, a radio receiver and transmitter. When triggered by an electromag ...
) smart card reader
*
Card printer Card or The Card may refer to:
* Various types of plastic cards:
**By type
***Magnetic stripe card
*** Chip card
*** Digital card
**By function
***Payment card
****Credit card
**** Debit card
****EC-card
****Identity card
****European Health Insur ...
*
User directory
*
Certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
*
Hardware security module
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptograp ...
* Physical
access control
In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
systems
During the smart card lifecycle, the smart card is changing state (examples of such states include issued, blocked and revoked), the process of taking a smart card from one state to another, is the main responsibility of a smart card management system. Different smart card management systems call these processes by different names. Below a list of the most widely used names
of the processes are listed and briefly explained:
* Register – adding a smart card to the smart card management system
* Issue – issuing or personalizing the smart card for a smart card holder
* Initiate – activating the smart card for first use by the smart card holder
* Deactivate – putting the smart card on hold in the backend system
* Activate – reactivating the smart card from a deactivated state
* Lock – also called block; smart card holder access to the smart card is not possible
* Unlock – also called unblock; smart card holder access to the smart card is re-enabled
* Revoke – credentials on the smart card are made invalid
* Retire – the smart card is disconnected from the smart card holder
* Delete – the smart card is permanently removed from the system
* Unregister – the smart card is removed from the system (but could potentially be reused)
* Backup - Backup smart card certificates and selected keys
* Restore - Restore smart card certificates and selected keys
Notes
{{Reflist
References
* Schneier, Bruce (1996). "Applied Cryptography," ''John Wiley & Sons Inc.''
* Rankl, Wolfgang & Effing, Wolfgang (2003). "Smart Card Handbook," ''John Wiley & Sons Ltd''
* Wilson, Chuck (2001). "Get Smart," ''Mullaney Publishing Group''
* Hansche, Susan & Berti, John & Hare Chris (2004). "Official (ISC)2 guide to the CISSP exam," ''Auberbach Publications''
Smart Card Industry Glossaryfrom Smart Card Alliance
Smart cards
Public-key cryptography
Computer network security