Security's Once and Future King
•Download as PPT, PDF•
1 like•1,174 views
Slides of the google techtalk : See the techtalk here - http://youtube.com/watch?v=0L5tydvxNM0
![Smart Card : The Hardware ,[object Object],[object Object],[object Object],[object Object],[object Object],Plastic card Contact pad Gold wiring Epoxy fill Secure chip ROM Crypto CPU RAM NVM ROM, Operating system EEPROM, Application Memory](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
Similar to Security's Once and Future King
Similar to Security's Once and Future King (20)
Recently uploaded
Recently uploaded (20)
Security's Once and Future King
- 1. Security’s Once and Future King Smart Cards for Web 2.0 Kapil Sachdeva Software Technologist Technology & Innovation Gemalto, Austin
- 6. Smart Card : The Business Verticals 300 Million 20 Million 2600 Million 500 Million 2007 Shipment Estimates Source: EUROSMART
- 7. Smart Card : The Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver (USB CCID Class) Smart Card Readers Smart Cards PC/SC IFD Handler Interface PC/SC RM Interface
- 9. JavaCard : A Revolution
- 12. package com.gemalto.wallet; public class MyWallet extends Applet { public void select() {...} public void install() {...} public void debit(byte[] buff){ } public void credit(byte[] buff){ } public void process(APDU apdu) { byte[] buff = apdu.getBuffer(); switch(Util.getShort(buff,(short)0) { case INS_WALLET_DEBIT: debit(buff); break; case INS_WALLET_CREDIT: credit(buff); break; default: ISOException.throwIT(INVALID_INS); } } } A JavaCard toy Application
- 14. .NET Card : An Innovation
- 16. namespace MyCompany { public class MyWallet : MarshalByRefObject { [Transaction] public void Debit(int amount) { } [Transaction] public void Credit(int amount) { } public static void Main(string[] args) { ChannelServices.RegisterChannel(new APDUServerChannel()); RemotingServices.Marshal(new MyWallet(), “Wallet.uri"); } } } A .NET Card toy Application
- 19. A Quick Recap
- 20. Smart Card : The Client Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver Smart Card Readers Smart Cards Service Providers Service Providers Service Provider Middleware PC/SC IFD Handler Interface PC/SC RM Interface Service Provider Interfaces
- 21. The Web
- 22. Ubiquity is key for Web applications
- 24. In other words, Break the ubiquity of web & Lose the mobility of Smart Cards
- 25. A security mechanism should not make accessing a resource, or taking some action more difficult than it would be if security mechanism were not present. Principle of Psychological Acceptability
- 26. DEMO: Let me show you what I mean
- 27. Web 2.0
- 28. Blogs AJAX Phishing E-gov Theft Web Services XML SOAP RSS Flickr Google Maps REST Social Networking
- 29. A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with server. XMLHttpRequest
- 30. If I have seen further it is by standing on the shoulders of Giants - Issac Newton
- 31. A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with Smart Card SConnect
- 33. <html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp() { var scom = new SConnect.PCSC(); var readersWithCards = scom.listReaders(true); // if more then one reader, employ some discovery mechanism scom.connect(readerWithCards[idx]); var response = scom.exchange(“00A4040007A0000000020302”); if (response == “9000”){ _otp = scom.exchange(“002100000106”); } scom.dispose(); // put the _otp value in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> A few lines of JavaScript…
- 34. <html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script src=“http://www.sconnect.com/scripts/marshaller.js” language=“javascript”/> <script src=“oath_stub.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp(){ var oathApp = new Samples.OATHApp(“selfdiscover”,0,”OATHService.uri”); _otp = oathApp.get_OTP(); // put the value of _otp in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> Fewer lines of JavaScript…
- 37. Begin at the beginning and go on till you come to the end: then stop. Thank You