Visa puts its faith in wallets

Consumers are not shopping online because they are reluctant to send their payment card details across the Internet. Using smart cards to hold card details and then to encrypt these details automatically for transmission to merchant sites is the long-term solution. But the widespread introduction of smart cards — and readers at PCs to handle them — is still some way off. So Visa has come up with an interim solution — the electronic wallet.     

A remote user authentication scheme without using smart cards

User authentication is one of the fundamental procedures to ensure secure communications over an insecure public network channel. Especially, due to tamper-resistance and convenience in managing a password file, various user authentication schemes using smart cards have been proposed. A smart card however far from ubiquitous because of the high cost of a smart card and the infrastructure requirements. In this paper, we study secure user authentication using only a common storage device such as a universal serial bus (USB) memory, instead of using smart cards. We first show that the existing schemes using smart cards cannot be immediately converted into schemes using a common storage device. We then propose a practical and secure user authentication scheme, capable of supporting the use of the common storage device, which retains all the advantages of schemes using smart cards.     

Smart card, the stealth leaker

Information leakage is a major issue for homeland security. When entering and leaving certain countries which are particularly concerned by their national security, electronic devices such as mobile phones and laptops are examined, as well as data storage devices such as USB sticks and mobile hard drives. Technical investigations can be more or less thorough, and might lead up to confiscation of the material in case of doubt. At the same time, the use of smart cards is spreading over the world, mainly as a mode of payment, in public transportation or as SIM cards in mobile phones. These usages are widely adopted, in particular due to the security benefits delivered by these systems. But smart card technologies can also be used in an unconventional way to efficiently hide information crossing national borders. Smart cards have been designed as objects which ensure security in an untrustworthy environment. Their main function is to protect from the outside world and to hide their ways of working. A smart card is a programmable device, close to a very small computer, in which it is possible to hide functionalities impossible to detect. Today, it becomes possible to use a smart card in an unconventional manner, by using its storage and cryptographic capacities to carry information in an undetectable way, under the cover of a harmless common object. The following action could take place in any international airport: a sensitive list of identities and codes which should not been intercepted has to leave the country, the carrier even does not know he brings such of list within his SIM card. In the same way, one could use a smart card as a vector of infection in a closed environment, as modern operating systems now include the protocol layers necessary for their usage.     

Advances in network smart cards authentication

Smart cards have been widely used as simple token hardware in authenticationn processes. Nevertheless, a new trend indicates a shift towards more enhanced cards with networking capabilities. We propose revising the usual focus on smart card authentication protocol designs, as well as highlighting the need to adapt to new trends. Our main objective is to define an authentication model that uses the card as a stand-alone supplicant in a mutual end-to-end authentication schema. We also propose a protocol architecture which allows us to integrate the smart card within the network in the authentication plane. Finally, this new approach to network smart cards authentication processes is applied to a practical electronic payment scenario.     

Design and implementation of a smart card based healthcare information system

Smart cards are used in information technologies as portable integrated devices with data storage and data processing capabilities. As in other fields, smart card use in health systems became popular due to their increased capacity and performance. Their efficient use with easy and fast data access facilities leads to implementation particularly widespread in security systems. In this paper, a smart card based healthcare information system is developed. The system uses smart card for personal identification and transfer of health data and provides data communication via a distributed protocol which is particularly developed for this study. Two smart card software modules are implemented that run on patient and healthcare professional smart cards, respectively. In addition to personal information, general health information about the patient is also loaded to patient smart card. Health care providers use their own smart cards to be authenticated on the system and to access data on patient cards. Encryption keys and digital signature keys stored on smart cards of the system are used for secure and authenticated data communication between clients and database servers over distributed object protocol. System is developed on Java platform by using object oriented architecture and design patterns.     

A sociotechnical approach to smart card systems design: an Australian case study

Sociotechnical theory represents an important frontier as an effective design tool for new technology. This paper suggests a working model for adopting the objectives of sociotechnical principles for smart card systems design. As an example, a case study based on the collective design practices of Australian firms known to be using smart card is presented. It is found that we are witnessing the birth of a new capacity of Australian firms to understand in a practical way, how sociotechnical knowledge can be applied. It is concluded that current smart card design practices of Australian firms are not responsible for the limited success of attempts by Australian firms to introduce smart card technology. Rather, it is suggested that there are good economic and organizational reasons why smart card acceptance and use in Australia may have been inhibited. Some important challenges that must be addressed have been noted.     

Smart cards: integrating for portable complexity

The decreasing cost of embedded chips is one of many factors that have spurred growing interest in smart cards. Today, typical markets for smart cards fall into three broad areas: electronic currency, an application in which smart cards replace cash or traditional credit cards in pay phone, transit, and toll collection systems; electronic identification, which permits controlled access to buildings or systems (like computers or cash registers); and data warehousing, applications that must opportunistically store and retrieve data, such as medical records, object tracking information, or process verification information. Such applications are only the beginning-future applications could make smart cards an integral and almost transparent part of our daily lives. Two factors seem to be converging to make this possible. First, as the world we live in becomes increasingly complex, smart cards offer a way to integrate that complexity into a compact and portable package. Second, the increasing functionality developers can integrate into a smart card opens new avenues for application development     

Recovering from a lost digital wallet: A smart cards perspective extended abstract

Multi-application smart cards enable a user to potentially have a diverse set of applications on her smart card. The growing trend of services convergence fuelled by Near Field Communication and smart phones has made multi-application smart cards a tangible reality. In such an environment, cardholders might have a number of applications on their smart cards and if a card is lost, all of the applications would be lost with it. In addition, consumers might decide to upgrade their smart cards and require a seamless and secure framework to migrate their applications from the old smart card to the new one. Currently, the recovery of a smart card-based service might take from a day to a week at best as each of the lost cards can only be replaced by the respective card issuer, during which time the card issuer might lose business from the user because she is not able to access the provisioned services. Similarly, there is at present no migration mechanism proposed for smart card applications. The proposed framework in this paper enables a user to acquire a new smart card as she desires and then migrate/restore all of her applications onto it—allowing her to recover from her lost digital wallet in a secure, efficient, seamless and ubiquitous manner.     

Smart card applications and security

This article gives brief introduction to the security mechanisms used in smart card technology. Firstly we introduce the properties of contact and contactless smart cards; then we give the anatomy of smart card hardware and the popular security features implemented. These security features are arranged in the attack and countermeasure pairs, so it is easier for the readers to understand the security issues in the smart card technology.     

On trial at the summer Olympic games: smart cards

Visa International has teamed up with the three largest banks in the southeastern United States to offer stored-value cards to the four million visitors and residents expected to attend the Olympics in Atlanta. Stored-value cards (or cash cards) transfer stored, digital money from the card to merchants' special terminals. Although 350 million smart cards are in use around the world, few Americans have ever used one. The paper considers how the future of the smart card in the US is riding on this high-profile trial at the Olympics     

第二代身份证信息系统在便民生活中的应用设想

随着社会的进步和科技的发展,治安、交通、金融、医疗、通信、商业、社会保障和服务、防伪、跟踪等部门刷卡办业务将是未来的一种发展趋势,形形色色的磁条卡、IC卡在社会上流通,导致刷卡管理上的混乱和人们生活的不便,而＂一证在手,一卡通＂的方式将会因其具有方便、快捷、安全、实用等众多有利因素而最终成为现实。当二代证信息系统和一卡通服务终端设备在社会上投入运行时,无论系统软件的维护和更新,还是各类一卡通服务终端设备的研发和更新升级,都将有不可估量的巨大市场。     

Java智能卡的安全漏洞分析与防御

智能卡由于自身较高的安全特性和易携带等优点,使其成为人们生活中被广泛使用的工具。Java智能卡凭借技术优势更是受到社会青睐。智能卡通常携带个人私密信息和重要数据,使之受到来自多方面的威胁。对Java智能卡的安全研究有助于提高卡内虚拟机的安全性。本文详细阐述JCVM(Java Card Virtual Machine)存在的安全漏洞,给出实际的病毒代码,深入分析并找出漏洞存在的根本原因,在研究学习前人的基础之上并结合实际给出对应的防御措施。     

Overview about attacks on smart cards

When compared with data carriers such as cards with magnetic stripes or diskettes, the potential for protecting and securing data is one of the main advantages of cards with electronic chips (smart cards). Consequently, the chip hardware must be designed in an optimum fashion to meet this purpose; this includes the corresponding cryptographic procedures for securing the secret data. However, security is not only dependent on the specialised hardware of the microcontroller or on the cryptographic algorithms implemented in the operating system software. The security of applications for smart cards and the design principles applied by the developers to meet these security needs are of fundamental importance. The essential property of a smart card is its ability to offer a secure environment for data and programs. This article examines the range of possible attacks against smart cards, and the measures that can be used to protect against these attacks.     

A model driven architecture for the development of smart card software

Smart cards are portable integrated devices that store and process data. Speed, security and portability properties enable smart cards to have a widespread usage in various fields including telecommunication, transportation and the credit card industry. However, the development of smart card applications is a difficult task due to hardware and software constraints. The necessity of the knowledge of both a very low-level communication protocol and a specific hardware causes smart card software development to be a big challenge for the developers. Written codes tend to be error-prone and hard to debug because of the limited memory resources. Hence, in this study, we introduce a model driven architecture which aims to facilitate smart card software development by both providing an easy design of smart card systems and automatic generation of the required smart card software from the system models. Differentiating from the previous work, the study in here contributes to the field by both providing various smart card metamodels in different abstraction layers and defines model-to-model transformations between the instances of these metamodels in order to support the realization of the same system on different smart card platforms. Applicability of the proposed methodology is shown for rapid and efficient application development in two major smart card frameworks: Java Card and ZeitControl Basic Card. Lessons learned during the industrial usage of the architecture are also reported in the paper. Finally, we discuss how the components of the architecture can be integrated in order to provide a domain-specific language for smart card software.     

Network smart card review and analysis

Smart cards are secure tokens that have provided security services to a wide range of applications for over thirty years. Along with other technology advances, smart card technology has changed dramatically as well. However, its communication standards, largely unchanged, do not match with those of mainstream computing, which has limited its success in the Internet age. For nearly a decade, researchers have sought to connect smart cards to the Internet. The benefits are plentiful, including providing services over the Internet and eliminating smart card specific infrastructure. A key to this quest is to equip smart cards with a secure and effective networking capability. Various approaches have been taken to find this key. There is still much work to do. This paper reviews years of research in this area, looks at the state of the art, and analyzes and compares various networking options for smart cards. Furthermore, the paper outlines remaining technical challenges for making smart cards a part of the Internet world.     

EFTPoS– the engine of the card business

The slow but increasing spread of chip-based payment cards, the introduction of the euro and the recent flurry of panic over the security of the smart card payment system in France offers new opportunities to point-of-sale terminal manufacturers.     

大型城市一卡通系统线上应用方案

随着我国的信息化事业的迅猛发展,以Internet技术为基础的计算机网络已成为人们生活中最重要的基础设施之一,与此同时,智能卡（通常称为IC卡）也已在国民经济各部门、各行业以及各地区获得了广泛应用。我国电信、社会保障、交通、建设及公用事业、卫生、组织机构代码管理等领域应用的智能卡数量已经超过了40亿张,智能卡的广泛应用在促进政府与行业管理模式和工作方法的转变,推动国家经济与社会的协调发展,方便百姓生活,提高人民的信息化意识方面发挥了关键作用,做出了重大贡献。从Internet技术和智能卡技术入手,将两者相结合,提出了一个基于网络的大型城市一卡通系统线上交易与网上银行交互的应用方案。     

射频卡智能水表系统的设计

给出了一种基于超低功耗芯片MSP430F149单片机的射频卡智能水表系统的设计方案,其中采用射频卡T5557及其读写基站U2270B作为系统的射频读写模块。重点阐述了系统的硬件构成及软件设计流程,并简单介绍了基于此系统的用水管理系统的设计。该射频卡智能水表可广泛应用于各城市供水系统,并可作进一步推广应用到工业用液体如石油,化工等流量计量计费系统。     

Understanding the behavior changes in belief and attitude among experienced and inexperienced learning object users

Prior empirical studies in the implementation of general information technologies (IT) have revealed that IT adoption and usage were determined by user beliefs and attitudes. However, little is known about how user beliefs and attitudes form and change over time. To address these issues, this paper reports a study of 481 inexperienced and 120 experienced potential users on learning objects. Technology acceptance model’s constructs were used to conduct a longitudinal study across three phases (introduction, training and direct-use experience) to examine the formation and the changes in users’ beliefs and behavioral intention to use learning objects over time. The results showed that the rates of changes in users’ beliefs and behavioral intention toward learning objects usage were time-variant and were more predominant during the early stage (introduction to training) of learning objects usage than in the later stages (training to direct-use experience). The study confirmed that initial exposure through introduction and training was effective in improving inexperienced users’ beliefs and intentions to use learning objects. It also helped to reduce the belief and intention gaps that existed between experienced and inexperienced users. In addition, the influence of initial introduction and training on users’ beliefs and perceptions was sustained over time, thus further indicating their importance.     

NEWS COMMENT — No clear passage for new ‘smart’ passports

The smart card industry has the answers for many identity problems facing the world today — from corporate identity cards to the use of SIM cards in wireless LAN. But in the new and confused world of ‘smart passports’ the industry has been shown to be lacking in recent months.