2,429 research outputs found
Smart cards: State-of-the-art to future directions
The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present
Interleaving Command Sequences: a Threat to Secure Smartcard Interoperability
The increasingly widespread use of smartcards for a variety of sensitive
applications, including digital signatures, creates the need to ensure and
possibly certify the secure interoperability of these devices. Standard
certification criteria, in particular the Common Criteria, define security
requirements but do not sufficiently address the problem of interoperability.
Here we consider the interoperability problem which arises when various
applications interact with different smartcards through a middleware. In such a
situation it is possible that a smartcard of type S receives commands that were
supposed to be executed on a different smartcard of type S'. Such "external
commands" can interleave with the commands that were supposed to be executed on
S. We experimentally demonstrate this problem with a Common Criteria certified
digital signature process on a commercially available smartcard. Importantly,
in some of these cases the digital signature processes terminate without
generating an error message or warning to the user.Comment: 6 pages; published in the 10th WSEAS International Conference on
Information Security and Privacy (ISP 2011
Maintaining consumer confidence in electronic payment mechanisms
Credit card fraud is already a significant factor inhibiting consumer confidence in e-commerce. As more advanced payment systems become common, what legal and technological mechanisms are required to ensure that fraud does not do long-term damage to consumers' willingness to use electronic payment mechanisms
- …