A Framework of Authentic Post-Issuance Program Modification for Multi-Application Smart Cards
نویسندگان
چکیده
Authentic program modification is very important for a multi-application smart card system since applications in the system are realized after the issuance of the smart card. In this paper, we propose a framework for such authentic program modification. In our framework, before issuing a smart card to an individual, the card issuer stores a unique long bit string called PID on the card. From the PID, unique substrings (subPIDs) are generated and used for different authentication purposes. The program modification protocol utilizes the subPIDs along with a one-way hash function and a pseudo random number generator function to verify the identity of the parties and the authenticity of the program. Our proposed framework provides a simple and practical solution to the program modification problem by avoiding direct interaction between the card holder and the issuer. In addition, use of hash functions makes the implementation cost of smart cards low.
منابع مشابه
Load time Policy Checker for open multi-application smart cards
Applications on multi-application smart cards contain sensitive data and can exchange information. Thus a major concern is that these applications should not exchange data unless permitted by their respective policy. As modern smart cards allow post-issuance installation and removal of applications, traditional approaches for information flow analysis are not suitable. We suggest the Security-b...
متن کاملTowards a Secure and Practical Multifunctional Smart Card
One of the most promising features of smart card technology is its potential to serve several applications using a single hardware token. Existing multifunctional smart cards, however, are either simple and suffer from serious limitations or they have a high complexity that is not justified for most applications. This paper describes a new scheme permitting different applications to flexibly sh...
متن کاملA Dynamic and Ubiquitous Smart Card Security Assurance and Validation Mechanism
Smart cards have been deployed as trusted components in a wide range of industries. The basis of the trust on a smart card platform and applications is static and evaluated before the card issuance to cardholders. A dynamic and post-issuance security assurance and validation mechanism can be useful, but it is not considered necessary in the Issuer Centric Smart Card Ownership Model. However, in...
متن کاملCryptographic Application of Programmable Smart Cards
In a complex, smart card based system this feature turns smart cards from passive datastorage devices into active computational units. In fact they contain a tamper resistant secure one-chip microcomputer able to execute various cryptographic functions. Moreover, their potential can be extended after the issuance of the card by uploading various new applications. However, the limited resources ...
متن کاملJava Card or How to Cope with the New Security Issues Raised by Open Cards?
In this paper, we aim to discuss various threats raised by Java Cards at various levels of the system. First, we address the Java Card platform security itself, from the chip security features to the Java Card virtual machine. Next, we expose how to deal with application security which is a standard problem for smart card manufacturers but a quite new one for third party Java developers beginni...
متن کامل