DECENTRALIZED AUTHORIZATIONWITH ECDSA ON A JAVA SMART CARD A Software Implementation

Traditionally, smart cards have been used as secure tokens in identity based access control. That is, a smart card has been used as an intelligent storage of protected cryptographic information, such as a shared secret or a private key in a public key system. The cryptographic information is then used to prove the possession of the card in a secure way either locally or remotely over telecommunication links. In this paper we present a basis for another type of use for smart cards, where smart cards are not used as identiication tokens but as authorization tokens. Our approach is based on SPKI-like authorization certiicates along with ECDSA based public key cryptography. The ECDSA algorithms provide us the beneets of smaller key sizes, potentially better running times in software-only implementations, and the possibility to create new key pairs on the card in a reasonable time. The latter feature can be used, as we show, to provide additional protection to the user in the form of enhanced privacy. Our current prototype implementation uses the Java Card speciication, and we also compare our card implementation with an earlier ECDSA implementation written for a workstation environment.