Jean-Daniel Aussel

Smart Cards and remote entrusting

Smart cards are widely used to provide security in end-to-end communication involving servers and a variety of terminals, including mobile handsets or payment terminals. Sometime, end-to-end server to smart card security is not applicable, and smart cards must communicate directly with an application executing on a terminal, like a personal computer, without communicating with a server. In this case, the smart card must somehow trust the terminal application before performing some secure operation it was designed for. This paper presents a novel method to remotely trust a terminal application from the smart card. For terminals such as personal computers, this method is based on an advanced secure device connected through the USB and consisting of a smart card bundled with flash memory. This device, or USB dongle, can be used in the context of remote untrusting to secure portable applications conveyed in the dongle flash memory. White-box cryptography is used to set the secure channel and a mechanism based on thumbprint is described to provide external authentication when session keys need to be renewed. Although not as secure as end-to-end server to smart card security, remote entrusting with smart cards is easy to deploy for mass-market applications and can provide a reasonable level of security.

Smart Cards and Digital Security

Smart cards are portable tamper-resistant cryptographic devices that play a key role in digital security. This paper reviews the latest use of smart cards in securing network, online services, operating systems, and card-holder identity. Smart card network authentication is routinely used on GSM and 3G networks, and this paper shows how the same infrastructure can be extended to perform WiFi access point authentication. Securing online services with smart card is traditionally performed using public key cryptography and certificates, or using one-time-passwords. This paper presents new smart card authentication methods that either allow to reuse already issued cards or infrastructure, or provide stronger card-to-server mutual authentication. Finally, the paper will show how smart cards and trusted platform module have complementary roles for recuring the operating systems, and the use of smart cards in identity frameworks such as liberty alliance or Microsoft cardspace.