A Paradigm Shift in Smart Card Ownership Model

Smart cards have been proliferated into many aspects of modern life. Historically, the ownership of smart cards has remained with the smart card issuers. Although this ownership model is favored by a wide range of industries and service providers, it does not provide optimum convenience and flexibility to cardholders. One potential solution could be to shift the control of smart cards from the smart card issuers to the smart card users. In this paper, we will analyze the feasibility of an ownership model that delegates the ownership of a smart card to its user. The operational and security requirements of the proposed ownership model will be provided. In addition, principal research questions are identified that would merit further in-depth analysis to test the viability of this ownership model.

[1]  Jose M. Oton,et al.  Smart cards , 1994 .

[2]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[3]  Marieke Huisman,et al.  Checking Absence of Illicit Applet Interactions: A Case Study , 2004, FASE.

[4]  Keith Mayes,et al.  Smart Cards, Tokens, Security and Applications , 2010 .

[5]  Erik Poll,et al.  Malicious Code on Java Card Smartcards: Attacks and Countermeasures , 2008, CARDIS.

[6]  David A. Basin,et al.  Verified Bytecode Model Checkers , 2002, TPHOLs.

[7]  Keith Mayes,et al.  Application Management Framework in User Centric Smart Card Ownership Model , 2009, WISA.

[8]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems. OTM 2018 Conferences , 2018, Lecture Notes in Computer Science.

[9]  Joachim Posegga,et al.  Java Bytecode Verification by Model Checking , 1999, CAV.

[10]  Luca Martini,et al.  Enforcement of applet boundaries in Java card systems , 2004, IASTED Conf. on Software Engineering and Applications.

[11]  Gilles Barthe,et al.  A Formal Correspondence between Offensive and Defensive JavaCard Virtual Machines , 2002, VMCAI.

[12]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[13]  Damien Sauveron,et al.  Multiapplication smart card: Towards an open smart card? , 2009, Inf. Secur. Tech. Rep..

[14]  Josef Langer,et al.  Management of Multiple Cards in NFC-Devices , 2008, CARDIS.

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[16]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[17]  Chao-Min Chiu,et al.  A longitudinal investigation of continued online shopping behavior: An extension of the theory of planned behavior , 2006, Int. J. Hum. Comput. Stud..

[18]  Xavier Leroy,et al.  Bytecode verification on Java smart cards , 2002 .

[19]  Pierre Girard Which Security Policy for Multiplication Smart Cards? , 1999, Smartcard.

[20]  Wolfgang Rankl,et al.  Smart Card Handbook , 1997 .

[21]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[22]  Keith Mayes,et al.  Location Based Application Availability , 2009, OTM Workshops.

[23]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .