Category Archives: Applications

Applications for Java Card: the good ideas, but also the more peculiar, and the not that successful.

The lowest hanging card

The latest news on six second card hacking is very entertaining, and frankly, not reassuring. This thing is just as simple that it is stupid. The CVV2/CVC2 is a secret number computed by banks using a secret key, so they are validated by the issuing bank. Apparently, most (all?) of them have chosen not to […]

Fashion statement

I am just out of the Cartes show. A bit depressing, mostly because of the current circumstances and the number of “Absent exhibitors”. However, there werea few interesting highlights. One of them came in the Wearable and IoT conference track, in a presentation from Oberthur’s Olga Titova Candel about Wearable Payments for Fashion. The main […]

POPWings is a cool business card, but where is the platform?

UPDATED March 1st, 2013: See follow-up article. I have been quite happy to hear a few weeks ago that Gemalto finally decided to consider NFC as more than secure services, by launching their POPWings service. I immediately ordered one of their business cards, excited to get a new NFC service. So, I got a card […]

Convenience vs. Security vs. (Perceived) Security

Yesterday, @poulpita tweeted a link to a blog explaining that convenience keeps winning against security. The main argument in this blog is about iOS6’s Passbook, which can store credit card numbers, for your convienience. The reasoning goes on with a comparison of the security merits of a credit card number stored on Passbook and a […]

Chip to Cloud, day 2: My personal attribute hub

This is a talk by Annette Laube, from the University of Bern. It builds on Switzerland’s eID program, extending it for new uses. The idea of national eIDs is to provide electronic signatures, and to certify personal attributes taken from official documents like a passport. The SuisseID used in Switzerland is a tradtional one, in […]

Chip to Cloud, day 1: Mobile authentication

Presentation from Vasco’s Nicolas Fort. Of course, the use case is about banking, since this Vasco’s stronghold. Banks have been used to interface with customers face to face in branches. 40 years ago, they added the phone, first with a human on the bank’s end, then without. They then added the ATM network to check […]

Chip to Cloud live, day 1: Opening panel on eID in Europe

This is the conference formerly known as e-Smart. Apart from changing its name, the conference has also moved from Sophia Antipolis to Nice. No more bike riding from home to conference this year. However, the new setting at Acropolis is really nice, with a lot of room. To celebrate that, I have decide to attend […]

Payment Card Security Codes

It is not always easy to explain the advantages of using smart cards for payment security, because most people lack knowledge about the security of payment with a card. So, here is some information about it, and in particular about the codes used to authenticate a valid payment card. Every card is identified by a […]

Google Wallet has a Vulnerability (not on SE)

The game has started for Google Wallet. Some guys are looking for vulnerabilities, and of course, finding some. You can read the papers to get all the details on this attack. Basically, they have been smart enough to use a salt before hashing the PIN value to avoid brute-force attacks. However, they haven’t been smart […]

Live from JavaOne: Java Card and Smart Meters

The funny thing about this presentation is that I have first been invited to attend the e-Smart version of it (this week as well, in Sophia Antipolis). When I declined, they told me that the same talk was given at JavaOne, so here I am. From Onzo’s Tim Holley and Oracle’s Jean-Yves Bitterlich, this is […]