Does the smart card readers do any cryptography function?

Question

As far as we know, smart cards use a Mutual-Authentication method to clarify security between the card and the reader.

I want to know, where the cryptography operations done?(except in the card) In the reader or in the computer?

I mean, whether the reader do any cryptography operation? or it is only a translator for USB / COM protocol to the protocol that card use to transfer data?

In the other word, can I retrieve the [encrypted] data that transfer between the card and the reader, using a sniffer on my computer USB port that my reader conneted to? (Indeed I need to delete some bytes from head and tail of what I see in sniffing. but am I need to do any cryptography function also?)

Note that I need the same data that transfer between card and card reader. and I don't want to have decrypted data.

Answer 1

I have not yet encountered a reader doing cryptography (besides Mifare and similar), even if there may be specialized devices doing some. I also don't see this as a disadvantage for two reasons:

• as you mention, doing the cryptography in your application ensures, that the vulnerable device communication is still protected (apart from man in the middle attack types)
• quite often Mutual Authenticate not only performes an authentication, but also negotiates a session key derived from exchanged random numbers. For that quite a number of different methods exist and I would not rely on the manufacturer incorporating the correct variant in firmware while holding my breath.