What is Private Key Challenge?

When i reading about smartcards i came across this term called private key challenge.

Private key challenge – to ensure the certificate is bound to the token to which it was issued an开发者_JAVA技巧d has not been copied or cloned.

How this Private Key Challenge will be done ?

Thanks and Regards,

Sunny.

from what i know this is usually done by providing a nonce (number once used ... a random number) to a system and asking it to take this number as input for a cryptographic function that needs the private key that belongs to the challanged certificate:

for encryption stuff you usually take your nonce, encrypt it and hand over the cyphertext to the challanged system ... if the system can decrypt your nonce (and give it back to you), it has access to the private key ...

in a signing scenario you hand over your plaintext nonce, and the system has to sign it ... if the signature is valid, the system has access to the private key

of course for a real world application you will want to extend this scheme to avoid playback attacks, man in the middle, etc.