I stepped into an article that outlines a great use of contactless payment technology. The idea is here to order drinks from an interactive table, and to use a contactless card to pay for them; it has been implemented in a bar in an English college. This does not look very interesting, until we ask …
Bruce Shneier has pointed to another article on the security of e-passports. This one focuses on cloning, but contrarily to a previous article, which simply mentioned that cloning was possible (which is natural, since nothing is done to avoid it), the authors now look for ways to actually exploit the cloned passports. The ideas are …
As mentioned by Bruce Schneier, FIDIS, a network of excellence on identification systems, has published the Budapest Declaration that lists security issues with the current electronic passport schemes. This is a very interesting read, as it outlines many potential issues. One of them is related to the “victim identification” threat that interests me. Since the …
The Java Card platform is the most widely used application platform in the world, with around 2 billion cards deployed. However, it remains very different from the other platforms such as Windows or even MIDP. However, for interoperability reasons, most applications are heavily standardized (for instance in the banking and identity markets), which reduces even …
e-Smart, day 3. e-Smart is over. I did not manage to attend a lot of sessions, but I found a few interesting things. I looked back at the things I commented on, and I found only three conclusions: I am obsessed by fault induction, but there is hope for a cure, at both the software …
e-Smart, day 2. Serge Chaumette, Damien Sauveron, and the rest of the team directed by Serge at LaBRI, is the developer of the Java Card Grid, They have put together a bunch of smart cards readers with cards in them, and then used that as a server for security-sensitive operations. The basic idea was very …
e-Smart, day 2. Pascal Urien has been working on EAP for a few years, and has now reached interesting results [Uri06]. He has had a lot courage, because he started his wrk with some of the crypto algorithms programmed in Java (RC4, for instance). And even with this very strong handicap, he managed to get …
e-Smart, day 2. François Guillaume, from RATP, presented the status of RAPT’s use of Java Card for Navigo [Gui06]. Navigo is RATP’s transport smart card program. RATP has issued millions of these contactless cards. Today, Navigo is mostly used for contracts, i.e., monthly transport cards, but their objective is to use is also for individual …
e-Smart, day 1. I arrived late, just in tiome for the talk by Gemalto’s Patrick George about Web applications for smart devices (he was replacing Jean-Jacques Vandewalle) [Van06]. Patrick gave an account of many previous attempts to link the Web and smart card, which we all know did not work so far: as of today, …
There have been several posts on Bruce Schneier’s blog about e-passports, including a recent one. Bruce’s views are interesting, and he raises interesting issues about RFID on passports. On the other hand, the comments posted on this post and related ones, show that there are lots of misunderstandings about the technology. Of course, this is …
