Presentation from Vasco’s Nicolas Fort. Of course, the use case is about banking, since this Vasco’s stronghold. Banks have been used to interface with customers face to face in branches. 40 years ago, they added the phone, first with a human on the bank’s end, then without. They then added the ATM network to check […]
Category Archives: Miscellaneous
Chip to Cloud live, day 1: Opening panel on eID in Europe
This is the conference formerly known as e-Smart. Apart from changing its name, the conference has also moved from Sophia Antipolis to Nice. No more bike riding from home to conference this year. However, the new setting at Acropolis is really nice, with a lot of room. To celebrate that, I have decide to attend […]
Payment Card Security Codes
It is not always easy to explain the advantages of using smart cards for payment security, because most people lack knowledge about the security of payment with a card. So, here is some information about it, and in particular about the codes used to authenticate a valid payment card. Every card is identified by a […]
Protecting your contactless card
As I mentioned in NFC Payments 101, current contactless cards aren’t protected against the simple attack that consists in performing a transaction while your card is in your pocket. Since some models don’t require anything else than tapping the card, the attack is workable. Well, that may change. researchers for the University of Pittsburgh’s RFID […]
Google Wallet has a Vulnerability (not on SE)
The game has started for Google Wallet. Some guys are looking for vulnerabilities, and of course, finding some. You can read the papers to get all the details on this attack. Basically, they have been smart enough to use a salt before hashing the PIN value to avoid brute-force attacks. However, they haven’t been smart […]
E-smart becomes Chip-to-Cloud
After over 10 years, e-Smart is changing its name to become the Chip-to-Cloud Security Forum (which will also replace the other conferences from the Smart Event). This looks like a welcome move from card-centered business to application-centered business, reflecting what is happening in the industry. The technology is now ready, and it has not evolved […]
Java Card is 15 years old
I just realized that I missed Java Card’s 15th birthday. This birthday was sometime in the end of October, 1996. I don’t have the exact date, because the only document I have is the Java Card API: Specification of the Java Virtual Machine and Application Programmer’s Interface, version 0.13, dated October 10, 1996. Although this […]
Q&A: How to generate and protect keys in Java Card?
Cryptographic keys are often at the heart of Java Card applications, which often rely on cryptography to protect their data in storage and/or communication. Keys therefore become the most sensitive pieces of data in such applications. All evaluators know that, as getting the values of secret/private keys is the ultimate goal of a security evaluation. […]
Q&A: What do NFC NDEF Signature records bring?
Here is another question related to NFC, this time about what I understand of NDEF signatures (could be incomplete). The NFC Forum has recently added the possibility to include a signature record in tags. Adding such a signature can be used to ensure that the content of the tag (say, a URL) has been written […]
Q&A: NFC attacks
Over the years, I got quite a few questions about Java Card and related technologies. As a diverging extension to the tutorial, and as a way to bring back some technical content here, I will try to write a few Q&A entries on a regular basis. The first one is about NFC attacks, a topic […]