论文信息 - Biometrics to Enhance Smartcard Security (Discussion)

Biometrics to Enhance Smartcard Security (Discussion)

Matt Blaze: What are the semantics of match-on-card? In what way does the host computer trust it? Reply: The host computer in our case is the crypto key. For the matching card the crypto key is also a crypto key match module, in this case, because it's another trusted module. The thing is that the smartcard trusts this additional confidence. It is a new component, to perform the match. Matt Blaze: OK, so that's the trusted component. Reply: Yes, all these components are trusted in our analysis, it's true. After the markers see the file index, they give the information to the match model of the crypto key. This signed key we need to encrypt with the public key of the module, but again this is only for privacy reasons. Note that here we have no freshness, and there's no necessity to have freshness on a matching card for this information. However in a real implementation, where there is some constraint about how the position of the match module will change, you will need some nonces here, and these have been provided. Mike Roe: Why is this more efficient than just doing the match-on-card? Reply: No, this is no more efficient. The match-on-card requires translations, notations, so it requires some operations that the smart marker doesn't actually provide. This is the point.

Fabio Martinelli

[1] Stefano Bistarelli,et al. A protocol for simulating Match-on-Card authentication through the use of Template-on-Card technology , 2003 .

[2] Fabio Martinelli,et al. A Uniform Approach for the Definition of Security Properties , 1999, World Congress on Formal Methods.

[3] Pieter H. Hartel,et al. Pressure Sequence - A Novel Method of Protecting Smart Cards , 2000, CARDIS.

[4] Stefano Bistarelli,et al. Biometrics Authentication With Smartcard , 2002 .

[5] Thomas Jensen,et al. Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[6] S. Anderson,et al. Secure Synthesis of Code: A Process Improvement Experiment , 1999, World Congress on Formal Methods.

[7] Piotr Zielinski,et al. Decimalisation table attacks for PIN cracking , 2003 .

[8] Bruno Struif,et al. Use of Biometrics for User Verification in Electronic Signature Smartcards , 2001, E-smart.

[9] Giampaolo Bella. Inductive Verification of Smart Card Protocols , 2003, J. Comput. Secur..

[10] Lawrence C. Paulson,et al. The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..