Time as an Aid to Improving Security in Smart Cards
Very often, time is an important function of smart cards applications, particularly for security and authentication. The time data is made available to the program within the card from an external source, namely the application terminal. Unfortunately the card cannot independently authenticate the time data provided by the card terminal and hence the time function is susceptible to corruption by either accidental failure or deliberate fraud introduced via the terminal. Consequently most of the application designers do not consider time as a trusted reference for improving either the flexibility of the application or the level of security. Now, because of technical progress it seems possible to produce time from a clock that is embedded in the card as a part of the silicon chip. This clock in permanently active but the value of time it produces can only be used by the card when it is plugged in to a terminal for a transaction. But usually, this is the only circumstance for a time value to be required by the internal program. Verified `card time’ is then available to any application with different presentations.
The paper first introduces the most significant definitions used for modeling time, such as: event and time slice plus a few elementary notions of temporal logic to produce time functions. The physical clock is briefly described as a binary counter where most of time management is performed dither at the operating system level or at the application level. The available time functions are described as dates, delay or cycles.
By using these time functions as guarded commands commands acting as logical conditions on the regular commands of the card, it becomes possible to offer the application desingner options to introduce new security controls
Key wordsSmart card Security time logic application clock time slice operating system.
- ANALYSES & SYNTHESIS - http://www.cardshow.com , February 24, 1999.
- BALME, L., SILVY, C. - Project Smart Power card, Activity report, Laboratorie TIMA, Techniques de l’Informatique et de la Microelectronique pour l’Architecture d’ordinateurs, University de Grenoble, 1992.Google Scholar
- BESTOUGEFF H., LIGHOZAT G. — Time treatment software — from linguistic to artificial intellect, Masson, Paris Milan Barcelona Mexico, 1989.Google Scholar
- CORDONNIER V., NEMCHENKO V., KRIVOULYA F., NEMCHENKO S. - Smart cards application in the information space of modern society, Radioelectronika i informatika,Kharkiv, Ukraine, 2(3), 125–127, 1998Google Scholar
- CORDONNIER V., WATSON A.C. -, WATSON A.C. - “Access Control Determination of Multi-Application Smartcards Using a Security Index”, Third Australasian Security Research Symposium, Queensland University of Technology, July, 1997Google Scholar
- ELEA CARD WARE - http://www.eleacard.com /fr_acc.htm The smart cards access control, March 99.
- GRAHAM-DENNING - http;//www.cs.nps .navy.mil/curricula/tracks/security/notes/chap08_9.htm1#HEADING8 The Graham-Denning Model
- TONDA BENES - http://www.kolej.mff .cuni.cziprednes/oi0a.html Security in the Operating Systems, KSI MFF UK Praha, 1996.
- VANDEWALLE J.-J. — Smart card course, IUT « A » Lille 1, Informatics Department.Google Scholar
- ZAVALEEV V. - Smart card as the payment tool, Information technologies centre,http://wvvw.citforum.ru /marketing/articles/art_8.shtml