论文信息 - Personal security environment on Palm PDA

Personal security environment on Palm PDA

Digital signature schemes are based on the assumption that the signing key is kept in secret. Ensuring that this assumption holds is one of the most crucial problems for all current digital signature applications. This paper describes the solution developed and prototyped by the authors - using a mobile computing device with a smart-card reader for creating digital signatures. We give an overview of several common settings for digital signature applications and the problems they have, also describing several frameworks for mobile security applications. A discussion about the choice of devices, design issues, concrete solutions and their security concerns follows. We conclude that although nothing can prevent careless private key handling, careful management is easier and more convenient when using our solution.

Jan Willemson | Sven Heiberg | Margus Freudenthal

[1] Adi Shamir,et al. Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[2] Edward W. Felten,et al. Hand-Held Computers Can Be Better Smart Cards , 1999, USENIX Security Symposium.

[3] David Chaum,et al. Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[4] Dan Boneh,et al. Experimenting with Electronic Commerce on the PalmPilot , 1999, Financial Cryptography.

[5] Sean W. Smith,et al. Smart cards in hostile environments , 1996 .

[6] Arjen K. Lenstra,et al. Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[7] Ronald Cramer,et al. The ESPRIT Project CAFE - High Security Digital Payment Systems , 1994, ESORICS.

[8] Jan Willemson,et al. Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[9] Adam Shostack,et al. Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards , 1999, Smartcard.

[10] Donald W. Davies,et al. Use of the 'Signature Token' to Create a Negotiable Document , 1983, CRYPTO.

[11] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12] Jonathan Grudin,et al. Development tools , 1995 .

[13] Philip R. Zimmermann,et al. The official PGP user's guide , 1996 .