JCCM: Flexible Certificates for Smartcards with Java Card
نویسندگان
چکیده
Smartcards and PKCS #11 are an appealing solution for combined storage and certificate management at the enduser level. Many applications use PKCS #11 primitives for security reasons: a popular browser, like Netscape Navigator contain a PKCS #11 cryptographic module that plays a critical role in secure web surfing and e-mail signing and encryption. Nevertheless, most market-ready solutions ([SMARTSIGN], [GPKPKCS#11], [SLBCBPKCS#11]) use non-programmable cards or else do not exploit the card’s programmable capabilities. Instead they utilize cryptographic functions built into the card. This results in applications having the card manufacturer’s semantics instead of PKCS #11 semantics. In this article we present our work: Java Card Certificate Management (JCCM). JCCM moves PKCS #11 middleware into the card itself. This results in greater flexibility and less implementation dependence for applications. We have developed JCCM for two cards: the GemXpresso RAD 211is and the Cyberflex for Linux Starter’s Kit 2.1. We have also developed the corresponding dynamic library for Netscape enabling our endusers to use JCCM in their daily.
منابع مشابه
PKI based Access Control with Attribute Certificates for Data held on Smartcards
Common smartcard systems are not capable of providing effective Data Access Control in distributed IT-infrastructures with high configuration dynamics. The crucial points of that approach are resource consumption and inflexibility. The storage capacity of actual smartcards is clearly insufficient to store large certificate databases required by distributed services and applications. The exchang...
متن کاملA Pattern Oriented Lightweight Middleware for Smartcards
Smartcards are a very interesting means to include our own datas and code in a distributed system, during our interaction with it. To achieve this, smartcards integration must be ensured. A transparent usage of card services is necessary to a more wide-spread use. This usage should be available remotely within a distributed environment. Additionally other features such as possible upgrades of c...
متن کاملEnhancing WLAN Security by Introducing EAP-TLS Smartcards
Various researches have proposed multiple protocols within 802.11 security to protect and authenticate access to wireless LAN. This paper presents the first implementation of EAP-TLS protocol in smartcards. It introduces also the Pre-SharedKey protocol (PSK), a lightweight identity authentication for access control and key calculation and distribution within WLAN security. The performance and t...
متن کاملReasoning about Card Tears and Transactions in Java Card
The Java dialect Java Card for programming smartcards contains some features which do not exist in Java. Java Card distinguishes persistent and transient data (data stored in EEPROM and RAM, respectively). Because power to a smartcard can suddenly be interrupted by a so-called card tear, by someone removing the smartcard from the reader, Java Card provides a notion of transaction to ensure that...
متن کاملMalicious Code on Java Card Smartcards: Attacks and Countermeasures
When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the possibility of malicious, ill-typed code as an avenue of attack, though the Java Card platform offers some protection against this, notably by code signing. This paper gives an extensive overview of vulnerabilit...
متن کامل