I am currently in Limoges, visiting the University to work on a collaborative research project. The buzz in the computer science department is that Christophe Clavier, one of their researchers, has just won the DPA contest, organized at CHES. And of course, I took the opportunity to discuss that with him. I won’t even start […]
Category Archives: Miscellaneous
Live from J1: The PlaySIM Project
The PlaySIM project is about using a SunSPOT device as a Java Card 3.0-enabled SIM card. It is a collaboration between Sun and Telenor, and as far as I know, it is the first experiment based on Java Card 3.0 performed by a mobile operator. The interest of this project is to combine the expressive […]
The hidden price of smart card security
Our friends from Radboud University made the news again last week, when they got the Best Practical Paper Award at the IEEE Symposium on Security and Privacy. The most interesting part of this is the background, of course. NXP tried to stop the researchers from publishing the results of their work, and they failed, after […]
Secure magstripe?
Visa seems to be investigating a new way to use magnetic stripe cards. The article does not give much details, but the basic idea seems to be that the magnetic stripe is scanned with a high definition, which provides a “unique” pattern, which Visa compares to the DNA or fingerprint of the card. Of course, […]
JC301-4: Where are the differences?
[Corrected April 9, 2009: more mentions of Classic, added a conclusion] You have been warned in the previous posts. The Connected Edition of Java Card 3.0 is very different from Java Card 2.x. But, how exactly are these two versions different? Well, there are differences at all levels, from the virtual machine to the application […]
JC101-20C: A secure channel API
Continuing our secure channel example, we will next define a secure channel API, and provide a small example based on this API. Beware! As mentioned before, this is only an example, not intended for real use. In addition, the code has not been actually tested so far …
Update on Android and the SIM card
One year ago, I blogged on Android security. I recently received a comment asking if my impression had changed now that Android actually exists, even on devices. Well, no. Not at all.
Cloned debit cards are good for secure EMV cards
Reports about cloning debit cards have been all around, for instance here. The combination of cloning cards and making millions with a fraud scheme instantly makes smart card people happy: we told you that your magstripe cards would lead to big problems! OK. But let’s try to analyze this a bit deeper.
JC301-3: Connected vs. Classic
After a month of silence, just a quick post to restart the tutorial thing, about the two editions of Java Card 3.0. Two editions As mentioned earlier, Java Card 2.x represents 5 billion cards today, and over a billion are issued each year. This represents a very significant part of the smart card business in […]
JC101-19C: Secure channel protocol
Starting a session Protocol For our session start, we will here use a classical architecture, but with slightly different commands. First, here is a definition of the exchanges between two actors (say, Alice and Bob) to start a secure session: Alice sends a 16-byte random number to a1 … a16 to Bob. Bob replies with […]