论文信息 - Smart card technology for deploying a secure information management framework

Smart card technology for deploying a secure information management framework

The continuously increasing need for de‐centralized information systems offering data to the people who need them irrespective of their physical location, as well as the requirement for exchanging information between different but interoperable systems, make the system’s architectural and functional design more complex and in many cases extremely vulnerable in respect to its security attributes. The concept of a “secure portable information file”, that can nowadays be easily implemented through the available smart card technology, can significantly ease information management and ensure maximum data protection in respect to their integrity, confidentiality and availability. This paper presents the use of smart cards in an educational environment as a case‐study example for demonstrating the above mentioned benefits, focussing on the utilization of the smart card’s cryptographic functions for implementing mechanisms capable of providing an extremely secure operational framework in terms of user and application provider authenticity, management of access privileges and data integrity and confidentiality.

Costas Lambrinoudakis

[1] Ton Verschuren. Smart Access: Strong Authentication on the Web , 1998, Comput. Networks.

[2] Siemens Nixdorf,et al. Interoperability Specification for ICCs and Personal Computer Systems , 1997 .

[3] Paul G. Spirakis,et al. Attack Modelling in Open Network Environments , 1996, Communications and Multimedia Security.

[4] Kathrin Schier. Multifunctional smartcards for electronic commerce-application of the role and task based security model , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[5] Konstantinos Markantonakis. The Case for a Secure Multi-Application Smart Card Operating System , 1997, ISW.

[6] Gustavus J. Simmons,et al. The Smart Card: A Standardized Security Device Dedicated to Public Cryptology , 1992 .

[7] Peter Honeyman,et al. Smartcard Integration with Kerberos V5 , 1999, Smartcard.

[8] Jose M. Oton,et al. Smart cards , 1994 .

[9] C. H. Fancher. In your pocket: smartcards , 1997 .

[10] M. C. McChesney. Banking in cyberspace: an investment in itself , 1997 .

[11] Dimitris Gritzalis,et al. Towards a formal system-to-system authentication protocol , 1996, Comput. Commun..

[12] Diomidis Spinellis,et al. Architectures for secure portable executable content , 1999, Internet Res..

[13] Adam Shostack,et al. Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards , 1999, Smartcard.