A Generic Proxy for Secure Smart Card-Enabled Web Applications
نویسندگان
چکیده
Smart cards are commonly used for tasks with high security requirements such as digital signatures or online banking. However, systems that Web-enable smart cards often reduce the security and usability characteristics of the original application, e.g., by forcing users to execute privileged code on the local terminal (computer) or by insufficient protection against malware. In this paper we contribute with techniques to generally Web-enable smart cards and to address the risks of malicious attacks. In particular, our contributions are: (i) A single generic proxy to allow a multitude of authorized Web applications to communicate with existing smart cards and (ii) two security extensions to mitigate the effects of malware. Overall, we can mitigate the security risks of Web-based smart card transactions and—at the same time—increase the usability
منابع مشابه
Proposing a Model for Patient Admission and NFC Mobile Payment by Biometric Identification and Smart Health Card
Abstract Following the advances in mobile communication and information technology, smart phones have been used in a wide variety of commercial, social, entertainment, file sharing and health transactions and applications. The current procedures in healthcare environment for patient registration, appointment scheduling and payment are time consuming and somehow tiresome. Traditionally, patie...
متن کاملProxy Smart Card Systems
The established legal value of digital signatures and the growing availability of identity-based digital services are progressively extending the use of smart cards to all citizens, opening new challenging scenarios. Among them, motivated by concrete applications, secure and practical delegation of digital signatures is becoming more and more critical. Unfortunately, secure delegation systems p...
متن کاملSharing Smart Card Authenticated Sessions Using Proxies
This paper discusses an approach to share a smart card in one machine with other machines accessible on the local network or the Internet. This allows a user at a browser to use the shared card remotely and access web applications that require smart card authentication. This also enables users to access these applications from browsers and machines that do not have the capability to use a smart...
متن کاملSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software card emulation is a new approch to advance the interoperability of NFC with legacy contactless smartcard systems. It has been first introduced to NFC-enabled mobile phones by Research In Motion (RIM) on their BlackBerry platform. Software card emulation aims at opening and simplifying the complex and tightly controlled card emulation functionality. While this form of card emulation, th...
متن کاملSecure Personalization Using Proxy Cryptography
In this paper we describe new secure personalization schemes using proxy cryptography. We first introduce the context of a large scale smart card application such as an electronic purse, the currents personalization schemes and the security requirements. We recall the notion of proxy cryptography and we consider an actual proxy cryptosystem based on ElGamal public key encryption. With this prox...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010