Horst Henn

Securing e-business applications using smart cards

As the Internet is used increasingly as a platform for business transactions, security becomes a primary issue for Internet applications. Some applications are too sensitive for software-only security mechanisms. Higher levels of protection can be achieved with smart-card-based authentication schemes and transaction protocols. In this paper, we provide examples of typical banking applications implemented with smart cards using symmetrical (DES) and asymmetrical (RSA) cryptography. We present a pure JavaTM architecture for such applications, which is intended for use on standard Web application servers and client devices enabled for Web browsing and the Java language. It employs applets on the client side to access smart cards via the OpenCard Framework. The applets communicate with authentication servlets or application servlets on the server side and act as a mediator between the smart card and the application logic on the server.