Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Trustee-based tracing extensions to anonymous cash and the making of anonymous change
Proceedings of the sixth annual ACM-SIAM symposium on Discrete algorithms
The ESPRIT Project CAFE - High Security Digital Payment Systems
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
An Efficient Off-line Electronic Cash System Based On The Representation Problem.
An Efficient Off-line Electronic Cash System Based On The Representation Problem.
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
E-Commerce in the Indian Insurance Industry: Prospects and Future
Electronic Commerce Research
Smartcards: Hot to Put them to Use in a User-Centric System
HUC '00 Proceedings of the 2nd international symposium on Handheld and Ubiquitous Computing
RFID Systems and Security and Privacy Implications
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Flexible Software Protection Using Hardware/Software Codesign Techniques
Proceedings of the conference on Design, automation and test in Europe - Volume 1
SAFE-OPS: An approach to embedded software security
ACM Transactions on Embedded Computing Systems (TECS)
Hand-held computers can be better smart cards
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Providing authentication to messages signed with a smart card in hostile environments
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
WWW electronic commerce and java trojan horses
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Analysis of a Biometric Authentication Protocol for Signature Creation Application
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
A generic proxy for secure smart card-enabled web applications
ICWE'10 Proceedings of the 10th international conference on Web engineering
Digital identity security architecture in Ethos
Proceedings of the 7th ACM workshop on Digital identity management
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Using multiple smart cards for signing messages at malicious terminals
ISC'06 Proceedings of the 9th international conference on Information Security
A user-friendly approach to human authentication of messages
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Performance study of a compiler/hardware approach to embedded systems security
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Remotely keyed cryptographics secure remote display access using (mostly) untrusted hardware
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Plug-n-trust: practical trusted sensing for mhealth
Proceedings of the 10th international conference on Mobile systems, applications, and services
| Hi-index | 0.00 |
One often hears the claim that smart cards are the solution to a number of security problems, including those arising in point-of-sale systems. In this paper, we characterize the minimal properties necessary for the secure smart card point-of-sale transactions. Many proposed systems fail to provide these properties: problems arise from failures to provide secure communication channels between the user and the smart card while operating in a potentially hostile environment (such as a point-of-sale application.) Moreover, we discuss several types of modifications that can be made to give smart cards additional input/output capacity with a user, and describe how this additional I/O can address the hostile environment problem. We give a notation for describing the effectiveness of smart cards under various environmental assumptions. We discuss several security equivalences among different scenarios for smart cards in hostile environments. Using our notation, these equivalences include: • private input a private output • trusted input + one-bit trusted output a trusted output + one-bit trusted input • secure input a secure output.