I was not at e-Smart this year, but here are some early reports from colleagues who attended the sessions. Over the coming days, I will comment on a few selected presentations. First, one of my favorite topics, which was covered Friday morning: attacks on the Java Card platform. There were two presentations this morning on […]
Category Archives: Miscellaneous
Live from JavaOne: Java Card and Smart Meters
The funny thing about this presentation is that I have first been invited to attend the e-Smart version of it (this week as well, in Sophia Antipolis). When I declined, they told me that the same talk was given at JavaOne, so here I am. From Onzo’s Tim Holley and Oracle’s Jean-Yves Bitterlich, this is […]
Smart Card Web Server security
UPDATED ON 04/06/10: Additional comments about security requirements Securing Web servers is hard work, as OWASP periodically reminds us. Of course, this applies to smart card web servers, regardless of the underlying technology. I received a comment from someone who noticed that some of the Java Card 3.0 Connected sample applications have really bad security. […]
Smart card security on the radio
Smart card security doesn’t often get on traditional media, so we can all (at least, the French-spaking ones) be happy that France Culture will spend an hour discussing the security of payment cards, trying to provide an answer to the question “Comment améliorer la sécurité des cartes bancaires?“. Among the speakers, we will have Jean-Louis […]
Live from Cardis2010: Combined attacks on Java Card
I just made my second presentation at Cardis2010, about combined attacks on Java Card (joint work with Anthony Ferrari, now in charge of these things at Trusetd Labs). Sorry, no “public” slides this time, this is related to security evaluation. Interestingly, the current presenter is Guillaume Barbu, from Oberthur, who is presenting an interesting attack […]
Live from Cardis 2010: Where is our smart card AppStore?
UPDATED: Added slideshare link. Here is a transcript of my invited presentation at Cardis2010, or at least the things that I thought about before getting there. The slides are available on SlideShare.
Chip cards for (some) Americans
It seems that the American plastic cards are getting them in trouble, at least when they travel in Europe. Of course, cards without chips still work perfeectly in restaurants, hotels, and stores. However, things are very different at automated machines. If you are in France and you want to pay for underground parking, for renting […]
Proving code correct
Most of us spent some time in school studying program proofs in a way or another. Many techniques exist, but in most cases, their most important use it to make students understand that, sometimes, a computation does not end. Proving programs is hard, but the hardness of the proof greatly depends on what you want […]
Live from Smart Event: Java Card 3.0 objectives
Last night, I was preparing an introduction for the Smart University session on Java Card 3.0, and I was looking for Java Card Forum material that would somehow prove how early the work started on that topic. I was expecting something around 2003-2004. I first noticed that in 2004, we already had a first architecture […]
Waiting for NFC (or not)
RATP has been working for a while on the future deployment of their Navigo transport cards over NFC phones. Such a move perfectly makes sense for a utility company, since card issuance is a pure cost for them, so dematerialization sounds good. One of the promises of such a deployment is over-the-air renewal of monthly […]