I. Zs. Berta|
Security of programmable smart cards
Budapest University of Technology and Economics, 2001.
Programmable smart cards are small security-oriented microcomputers. Although they have been present in the market for many years now, their exact area of application is still subject to research.
The author gives a detailed background about these cards in this paper. A card is not only discussed by itself, but together with its environment: the terminal, the network resources and the user.
A brief overview of today's programmable cards is given, but focus is laid on the Java Card specification, which is one of the most popular smart card programming environments. Various features of the Java Card are discussed, especially those in connection with security, the main power of smart cards.
In this paper three applications for programmable smart cards are presented. The first application is an elliptic curve cryptography engine for a Java smart card. In this case the programmable smart card is used as a prototype to test new algorithms in smart card environment.
The second application uses the smart card to store the profile of a user of a heterogeneous system. The card plays an important role in user authentication, but in this system not only the user is authenticated. The smart card also checks the identity of the terminal and protects the user's interests by denying certain information toward the insecure (or possibly malicious) terminal. In this application the programmable smart card is used as a platform for a security oriented software. The algorithm it runs is so complex that implementations other than software are totally out of the question.
The third application is not a pioneer by any means. It does not break into new areas of cryptography for smart cards, and does not explore unknown areas of complex smart card applications either. It is a simple, but very useful program, that gives extra security in SSH challenge and response authentication. The cardlet for this low-resource machine was developed in the Java Card language, and thus it was integrated into the world of high level programming languages.