A Smart Card Solution for Access Control and Trust Management for Nomadic Users

  • Daniel Díaz Sánchez
  • Andrés Marín Lopez
  • Florina Almenárez Mendoza
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3928)


Increasing efforts are placed on security solutions for nomadic users. Solutions based on smart cards offer physical and logical portability, robustness, low cost, and high security. Nevertheless, such solutions concentrate only on offering the cryptographical capabilities of the smart card, together with key and user certificate storage. Advanced trust management and access control are not addressed. In this article, we propose a scheme to include trust management and attribute certificates for authorization in two widely used cryptographic APIs: Microsoft CryptoAPI and RSA labs PKCS#11.


Access Control Smart Card Trust Management Cryptographic Operation Physical Store 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    RSALabs: Pkcs#11 v2.11: Cryptographic token interface standard (2004)Google Scholar
  2. 2.
    Microsoft: The smart card cryptographic service provider cookbook (2002), http://msdn.microsoft.com/library/en-us/dnscard/html/smartcardcspcook.asp
  3. 3.
  4. 4.
    Farrell, S., Housley, R.: An internet attribute certificate profile for authorization.Technical Report RFC 3281, IETF PKIX Working Group (2002)Google Scholar
  5. 5.
  6. 6.
    RSALabs: Pkcs#15 v1.1: Cryptographic token information format standard (2000)Google Scholar
  7. 7.
    Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)Google Scholar
  8. 8.
    Team, T.G.: Gnupg (2005)Google Scholar
  9. 9.
    Union, I.T.: The directory: Public-key and attribute certificate frameworks. TechnicalReport X.509, International Telecommunication Union (2000)Google Scholar
  10. 10.
    ISO/IEC: 7816-4: Integrated circuit(s) cards with contacts. part 4: Interindustry commands for interchange (1995)Google Scholar
  11. 11.
    ISO/IEC: 7816-3: Integrated circuit(s) cards with contacts. part 3: Electronic signals and transmission protocols (1997)Google Scholar
  12. 12.
    ISO/IEC: 7816-15: Integrated circuit(s) cards with contacts. part 15: Cryptographic information application (1997) Google Scholar
  13. 13.
    Campo, C., Marin, A., Garcia, A., Diaz, I., Breuer, P., Delgado, C., Garcia, C.: JCCM: flexible certificates for smartcards with java card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 34. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Almenárez, F., Marín, A., Campo, C., García, C.: PTM: A Pervasive Trust Management Model for Dynamic Open Environments. In: First Workshop on Pervasive Security, Privacy and Trust PSPT 2004 in conjuntion with Mobiquitous (2004)Google Scholar
  15. 15.
    Almenarez, F., Diaz, D., Marin, A.: Secure ad-hoc mBusiness: Enhancing windowsCE security. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 90–99. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    TEAM, I.S.: Pkcs csp (2003), http://www.ilex.fr
  17. 17.
    Gemplus: Gemsafe products: Gemxpresso pkcs#11 documentation xpresso/ (2004), http://www.gemplus.com/products/software/gemsafe
  18. 18.
    Cucinotta, T.: Smart sign pkcs#11 modules (2005), http://sourceforge.net/projects/smartsign
  19. 19.
    Axalto: Cyberflex access sdk: Pkcs#11 module for cyberflex (2004), http://www.axalto.com/infosec/cyberflexaccess.asp
  20. 20.
    Libre-entreprise, R.: Cryptographic service provider number 11: How it works (2004), http://csp11.labs.libre-entreprise.org
  21. 21.
    Benjumea, V., Lopez, J., Montenegro, J.A., Troya, J.M.: A first approach to provide anonymity in attribute certificates. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 402–415. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Daniel Díaz Sánchez
    • 1
  • Andrés Marín Lopez
    • 1
  • Florina Almenárez Mendoza
    • 1
  1. 1.Telematic Engineering DepartmentCarlos III University of MadridLeganés, MadridSpain

Personalised recommendations