Card Holder Verification (CHV) is the process of verifying the identity of the cardholder using a personal identification number (PIN) or other authentication method as defined in the ISO/IEC 7816-4 specification. This verification process often is referred to as PIN entry or PIN checking. In this process, a file is written within the file structure of a smart card. A PIN value is then written in this file. When a cardholder inserts a card into a terminal, the off-card application requests the bearer to enter a PIN through a terminal keypad. The number sequence then entered is passed through an application protocol data unit (APDU) command to the card, which then compares the value supplied by the terminal (which was entered by the cardholder) to the value in the CHV file. If they match, the cardholder is then identified (so far as the card is concerned) as the person for whom the card will act. The CHV process is typically used to protect sensitive data stored on the smart card, such as financial information or personal identification information.

The ISO/IEC 7816-4 specification defines several CHV-related commands that can be used by the card reader to communicate with the smart card and perform the verification process. These commands include the VERIFY command, which is used to verify the correctness of the PIN entered by the cardholder, and the CHANGE REFERENCE DATA command, which is used to change the PIN.

The ISO/IEC 7816-4 specification provides several guidelines for the implementation and use of the cardholder verification (CHV) process in a smart card system. Some of these guidelines include:

Secure storage of the secret key: The smart card should securely store the secret key used for the CHV process to prevent unauthorized access. The key should be protected against physical tampering, and the card should have measures in place to detect and respond to attempted attacks.

Strong authentication methods: The CHV process should use strong authentication methods, such as PINs, biometric data, or other forms of identification, to verify the cardholder’s identity. The authentication method used should be appropriate for the level of security required for the application or transaction.

Secure communication: The communication between the smart card and the card reader should be secure to prevent interception or tampering. The ISO/IEC 7816-4 specification defines several security protocols that can be used for this purpose, including mutual authentication, data encryption, and integrity checks.

Lockout and recovery mechanisms: The smart card should have mechanisms in place to prevent brute-force attacks on the CHV process, such as limiting the number of failed attempts and locking the card after a certain number of failures. The card should also have a mechanism for recovery, such as a PUK (PIN Unblock Key), that can be used to reset the PIN or unlock the card.

Clear user guidance: The smart card should provide clear and concise guidance to the user on how to use the CHV process, including how to enter and change the PIN, and what to do in case of a lockout.


Related Products

Related Articles

« Back to Glossary Index