SmartCards

Previous page
Table of content
Next page

SmartCards

SmartCards are small plastic cards about the size of a credit card. In some cases, they are credit cards, with an embedded microchip that can be loaded with data and applications. These applications can be used for telephone calling, electronic cash payments, storing personal medical history and data, verifying identity, tracking purchases, and providing automatic discounts for volume or loyalty purchases.

The physical hardware for making the cards and the devices that can read these cards is currently produced by three principal companies: Bull, Gemplus, and Schlumberger. The software that runs these cards is based on a restricted subset of Java. The operating system to support this language is the Java Virtual Machine (JVM). The OS provides authentication and authorization for loading new applets, managing the card's applets, and maintaining the card's integrity. The language is referred to as JavaCard. The card manufacturer or other software vendor contracted to develop the particular Java program or applet may write the applications.

SmartCards provide a mechanism by which data storage and processing can be performed in a secure environment kept physically on the person on whose behalf this processing is being performed. SmartCards allow personal information to be stored and provided to authorized services via insecure or untrusted hardware and networks, used as the transmission medium. This capability is accomplished by providing authentication and encryption capability on the card itself so that no personal information leaves the card bound for unauthenticated entities, or in unencrypted form. If you are purchasing or integrating an existing SmartCard implementation into your wireless network or device, you are trusting that the SmartCard is functioning as advertised.

By this point in the book, you should be asking yourself, how do we know that the OS and applets were implemented properly? Aren't SmartCard developers subject to the same potential errors and omissions as OS or application developers? How is it guaranteed that a malicious applet is not loaded onto the card? How do I know that the encryption is done properly? How do I know that the keys are generated and stored in an appropriate manner? What if someone steals my SmartCard can she get my private information?

This is not a book on SmartCard security, so we will not go into detail on these issues. Typically, the cards that reach consumers are free from errors and provide the services specified. However, we bring them up here to reinforce the following points:

         Don't trust that others, even those whose primary purpose is security, are providing capability or services, just because it seems logical that they are.

         Knowing what they are not providing is as important as knowing what they are.

         Just because someone or something should be doing something does not mean that they are.

 


Previous page
Table of content
Next page
Wireless Security and Privacy(c) Best Practices and Design Techniques
Wireless Security and Privacy: Best Practices and Design Techniques
ISBN: 0201760347
EAN: 2147483647
Year: 2002
Pages: 73
Authors: Tara M. Swaminatha, Charles R. Elden
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Oracle Developer Forms Techniques
Data Structures and Algorithms in Java
An Introduction to Design Patterns in C++ with Qt 4
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy