SlideShare a Scribd company logo

Security's Once and Future King

Download as PPT, PDF
Kapil Sachdeva
Kapil Sachdeva

Slides of the google techtalk : See the techtalk here - http://youtube.com/watch?v=0L5tydvxNM0

TechnologyBusiness
1 of 37
Security’s Once and Future King Smart Cards for Web 2.0 Kapil Sachdeva Software Technologist Technology & Innovation Gemalto, Austin
Smart Card : The Hardware ,[object Object],[object Object],[object Object],[object Object],[object Object],Plastic card Contact pad Gold wiring Epoxy fill Secure chip ROM Crypto CPU RAM NVM ROM, Operating system EEPROM, Application Memory
Smart Card : The Security Device ,[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Card : The Comm. Protocol ,[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Card : The Form Factors ,[object Object],[object Object],[object Object],[object Object]
Smart Card : The Business Verticals 300 Million 20 Million 2600 Million 500 Million 2007 Shipment Estimates Source: EUROSMART
Smart Card : The Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver (USB CCID Class) Smart Card Readers Smart Cards PC/SC IFD Handler Interface PC/SC RM Interface
Smart Card : The History ,[object Object],[object Object],[object Object],[object Object],[object Object]
JavaCard : A Revolution
JavaCard: The revolutionary Smart Card ,[object Object],[object Object],[object Object],Anecdote: The first Java Card prototype used an 8-bit processor, 26K of ROM, 400 bytes of RAM & 1KB of EEPROM. Today smart cards have 32-bit chips, 16KB of RAM, 512KB of ROM/Flash
JavaCard Virtual Machine & Runtime ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
package com.gemalto.wallet; public class MyWallet extends Applet { public void select() {...} public void install() {...} public void debit(byte[] buff){ } public void credit(byte[] buff){ } public void process(APDU apdu) { byte[] buff = apdu.getBuffer(); switch(Util.getShort(buff,(short)0) { case INS_WALLET_DEBIT: debit(buff); break; case INS_WALLET_CREDIT: credit(buff); break; default: ISOException.throwIT(INVALID_INS); } } } A JavaCard toy Application
JavaCard : Some misses ,[object Object],[object Object],[object Object]
.NET Card : An Innovation
.NET Card: The evolutionary Smart Card ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
namespace MyCompany { public class MyWallet : MarshalByRefObject { [Transaction] public void Debit(int amount) { } [Transaction] public void Credit(int amount) { } public static void Main(string[] args) { ChannelServices.RegisterChannel(new APDUServerChannel()); RemotingServices.Marshal(new MyWallet(), “Wallet.uri"); } } } A .NET Card toy Application
Smart Card : The Applications ,[object Object],[object Object],[object Object],[object Object],[object Object]
Fitting in the client crypto architecture ,[object Object],[object Object],[object Object],[object Object]
A Quick Recap
Smart Card : The Client Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver Smart Card Readers Smart Cards Service Providers Service Providers Service Provider Middleware PC/SC IFD Handler Interface PC/SC RM Interface Service Provider Interfaces
The Web
Ubiquity is key for Web applications
Smart Cards and the Web: Classical ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
In other words, Break the ubiquity of web & Lose the mobility of Smart Cards
A security mechanism should not make accessing a resource, or taking some action more difficult than it would be if security mechanism were not present. Principle of Psychological Acceptability
DEMO: Let me show you what I mean
Web 2.0
Blogs AJAX Phishing E-gov Theft Web Services XML SOAP RSS Flickr Google Maps REST Social Networking
A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with server. XMLHttpRequest
If I have seen further it is by standing on the shoulders of Giants - Issac Newton
A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with Smart Card SConnect
[object Object],[object Object],[object Object],[object Object],[object Object],SConnect OPERATING SYSTEMS BROWSERS DOWNLOAD 15
<html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp() { var scom = new SConnect.PCSC(); var readersWithCards = scom.listReaders(true); // if more then one reader, employ some discovery mechanism scom.connect(readerWithCards[idx]); var response = scom.exchange(“00A4040007A0000000020302”); if (response == “9000”){ _otp = scom.exchange(“002100000106”); } scom.dispose(); // put the _otp value in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> A few lines of JavaScript…
<html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script src=“http://www.sconnect.com/scripts/marshaller.js” language=“javascript”/> <script src=“oath_stub.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp(){ var oathApp = new Samples.OATHApp(“selfdiscover”,0,”OATHService.uri”); _otp = oathApp.get_OTP(); // put the value of _otp in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> Fewer lines of JavaScript…
DEMO: Device Administration Service ,[object Object],[object Object]
DEMO: Two-factor auth. for Web Apps ,[object Object],[object Object],[object Object],[object Object]
Begin at the beginning and go on till you come to the end: then stop. Thank You

Recommended

Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Svetlin Nakov
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Smart Vehicle
Smart VehicleSmart Vehicle
Smart VehicleAnil Chaurasiya
 
Dickie Sant
Dickie SantDickie Sant
Dickie Santrsant90
 
擴充功能講習 主管
擴充功能講習 主管擴充功能講習 主管
擴充功能講習 主管guesta1cf86
 
抗震 让爱心传[1]..
抗震 让爱心传[1]..抗震 让爱心传[1]..
抗震 让爱心传[1]..kattgu
 
Tiempobueno
TiempobuenoTiempobueno
Tiempobuenoguest6ff9db
 

Recommended

Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Svetlin Nakov
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Smart Vehicle
Smart VehicleSmart Vehicle
Smart VehicleAnil Chaurasiya
 
Dickie Sant
Dickie SantDickie Sant
Dickie Santrsant90
 
擴充功能講習 主管
擴充功能講習 主管擴充功能講習 主管
擴充功能講習 主管guesta1cf86
 
抗震 让爱心传[1]..
抗震 让爱心传[1]..抗震 让爱心传[1]..
抗震 让爱心传[1]..kattgu
 
Tiempobueno
TiempobuenoTiempobueno
Tiempobuenoguest6ff9db
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfDEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfWlamir Molinari
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java CardJulien SIMON
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009Sebastian Hans
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam崇倍 洪
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authenticationdsapps
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceMartijn Oostdijk
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)ALOK GUPTA
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on MicrocontrollerRyuji Ishiguro
 
Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Majurageerthan Arumugathasan
 
La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011craigomatic
 
Embedded. What Why How
Embedded. What Why HowEmbedded. What Why How
Embedded. What Why HowVolodymyr Shymanskyy
 
Javacardtech
JavacardtechJavacardtech
JavacardtechVivek Bajpai
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Introduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformIntroduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformSrinath Perera
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDSebastián Guerrero Selma
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.pptssuser1b4013
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 
Unit 5 m commerce
Unit 5 m commerceUnit 5 m commerce
Unit 5 m commerceDr. C.V. Suresh Babu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

More Related Content

Similar to Security's Once and Future King

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfDEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfWlamir Molinari
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java CardJulien SIMON
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009Sebastian Hans
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam崇倍 洪
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authenticationdsapps
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceMartijn Oostdijk
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)ALOK GUPTA
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on MicrocontrollerRyuji Ishiguro
 
La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011craigomatic
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Introduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformIntroduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformSrinath Perera
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.pptssuser1b4013
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 

Similar to Security's Once and Future King (20)

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfDEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
 
Java card technology
Java card technologyJava card technology
Java card technology
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authentication
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open source
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on Microcontroller
 
Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Smart shopping cart (using RFID)
Smart shopping cart (using RFID)
 
La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011
 
Embedded. What Why How
Embedded. What Why HowEmbedded. What Why How
Embedded. What Why How
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
 
Introduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformIntroduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics Platform
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchID
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.ppt
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
 
Unit 5 m commerce
Unit 5 m commerceUnit 5 m commerce
Unit 5 m commerce
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Security's Once and Future King

  • 1. Security’s Once and Future King Smart Cards for Web 2.0 Kapil Sachdeva Software Technologist Technology & Innovation Gemalto, Austin
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Smart Card : The Business Verticals 300 Million 20 Million 2600 Million 500 Million 2007 Shipment Estimates Source: EUROSMART
  • 7. Smart Card : The Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver (USB CCID Class) Smart Card Readers Smart Cards PC/SC IFD Handler Interface PC/SC RM Interface
  • 8.
  • 9. JavaCard : A Revolution
  • 10.
  • 11.
  • 12. package com.gemalto.wallet; public class MyWallet extends Applet { public void select() {...} public void install() {...} public void debit(byte[] buff){ } public void credit(byte[] buff){ } public void process(APDU apdu) { byte[] buff = apdu.getBuffer(); switch(Util.getShort(buff,(short)0) { case INS_WALLET_DEBIT: debit(buff); break; case INS_WALLET_CREDIT: credit(buff); break; default: ISOException.throwIT(INVALID_INS); } } } A JavaCard toy Application
  • 13.
  • 14. .NET Card : An Innovation
  • 15.
  • 16. namespace MyCompany { public class MyWallet : MarshalByRefObject { [Transaction] public void Debit(int amount) { } [Transaction] public void Credit(int amount) { } public static void Main(string[] args) { ChannelServices.RegisterChannel(new APDUServerChannel()); RemotingServices.Marshal(new MyWallet(), “Wallet.uri&quot;); } } } A .NET Card toy Application
  • 17.
  • 18.
  • 20. Smart Card : The Client Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver Smart Card Readers Smart Cards Service Providers Service Providers Service Provider Middleware PC/SC IFD Handler Interface PC/SC RM Interface Service Provider Interfaces
  • 22. Ubiquity is key for Web applications
  • 23.
  • 24. In other words, Break the ubiquity of web & Lose the mobility of Smart Cards
  • 25. A security mechanism should not make accessing a resource, or taking some action more difficult than it would be if security mechanism were not present. Principle of Psychological Acceptability
  • 26. DEMO: Let me show you what I mean
  • 28. Blogs AJAX Phishing E-gov Theft Web Services XML SOAP RSS Flickr Google Maps REST Social Networking
  • 29. A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with server. XMLHttpRequest
  • 30. If I have seen further it is by standing on the shoulders of Giants - Issac Newton
  • 31. A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with Smart Card SConnect
  • 32.
  • 33. <html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp() { var scom = new SConnect.PCSC(); var readersWithCards = scom.listReaders(true); // if more then one reader, employ some discovery mechanism scom.connect(readerWithCards[idx]); var response = scom.exchange(“00A4040007A0000000020302”); if (response == “9000”){ _otp = scom.exchange(“002100000106”); } scom.dispose(); // put the _otp value in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> A few lines of JavaScript…
  • 34. <html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script src=“http://www.sconnect.com/scripts/marshaller.js” language=“javascript”/> <script src=“oath_stub.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp(){ var oathApp = new Samples.OATHApp(“selfdiscover”,0,”OATHService.uri”); _otp = oathApp.get_OTP(); // put the value of _otp in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> Fewer lines of JavaScript…
  • 35.
  • 36.
  • 37. Begin at the beginning and go on till you come to the end: then stop. Thank You