ACM Transactions on Computer Systems (TOCS)
Authentication and delegation with smart-cards
TACS'91 Selected papers of the conference on Theoretical aspects of computer software
Smart cards: a guide to building and managing smart card applications
Smart cards: a guide to building and managing smart card applications
Cryptography: Theory and Practice
Cryptography: Theory and Practice
Contemporary Cryptology: The Science of Information Integrity
Contemporary Cryptology: The Science of Information Integrity
Smartcard integration with Kerberos V5
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Providing authentication to messages signed with a smart card in hostile environments
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Smart cards in hostile environments
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Hi-index | 0.00 |
Unlike many other classes of hardware, smartcards do not have the ability to communicate securely with the user. Deprived of means to keep the owner informed, the positive properties of smartcards are difficult to utilize. We explore the area at the border between smartcards and other, more powerful (and thus more useful), machines. On the other side of this border we find the Personal Digital Assistant (PDA). In our view, to be useful as an extension of the users' private sphere, a machine must at least have enough functionality and resources to create trustworthy digital signatures (to speak for the user, as it were). A less resourceful machine can merely act as a memory prothesis, helping the owner remembering addresses and phone numbers. Smartcards are designed to be tamper resistant, and as such they seem ideal as a minimal machine. However, trustworthy digital signatures can not be created by smartcards alone, simply because the user does not know what is given to the card for signing. In order to be trusted--that is, being able to make trustworthy digital signatures--a smartcard must be supported by some infrastructure outside the card proper. We explore what must be included in such an infrastructure, and demonstrate that trustworthy digital signatures can in fact be made using a standard smartcard. We argue that based on this fact, nontrivial distributed systems can be constructed by utilizing smartcards; a nontrivial system is one where holders of smartcards are "first class citizens". Asserting that a smartcard can act as a trusted machine gives new opportunities for designers of user-centric systems. Assuming that smartcards are here to stay, finding ways to apply them in constructive manners is prudent.