A smart card certificate is part of the internal workings of a smart card. These certificates carry specific information related to the owner of the smart card. Common certificates hold access information, personal identification or digital signatures. A smart card certificate allows card users to quickly pass log-on or access information to a smart card reader without having to manually enter the data. Since it allows quick access of private information, the smart card certificate is a common target of privacy watchdog groups.
Smart cards allow the quick transferal of information between a special card and a reader. A smart card has a microchip embedded inside, often under a square of gold foil, which contains its information. These cards come in two basic varieties, contact and contactless. With a contact smart card, the card is slid directly into the reader. A contactless smart card just needs to be near the reader for the information to transfer.
The smart card certificate only holds some of the information inside the chip. Smart cards typically have two or three places where they store information. Certificates are writable areas where information about the card holder is stored. The chips also have a read-only area that holds specific information regarding the chip, programming information and security keys. Some smartcards also have a magnetic stripe similar to a credit card, which usually has a range of information, both about the owner and about the card.
Regardless of its actual contents, a smart card certificate holds personal information about its owner. This information could be something as simple as a library card number or listing of browser bookmarks, or something as important as retinal scans or fingerprints. When the smart card encounters a location where those items are needed, it will check its internal security key against that of the terminal reading the card. If the check passes, then the information is transferred.
Personal privacy groups often oppose smart cards due to the types of information that can be stored within their certificates. Much of the argument centers on the dissemination of personal information in places that don’t require it. For instance, a library does not need a patron's fingerprints to check out a library book, but if that information is available, they will have access to it.
Another part of the argument regards the security of the card itself. While there are safeguards to prevent reading a smart card outside of a designated area, it is possible to circumvent them. By accessing this information through illicit means, user data can be stolen or altered to give additional access. Finally, the entire card could be stolen and important user information compromised before the card is deactivated.