Secure User and System Authentication: Beyond Conventional Smart Cards

摘要

The use of smart cards can alleviate several computer security-related problems,especially considering user identity verification and protection of security-critical information, such as cryptographic keys. However, in order to analyze the security of smart card-based systems, a model, capturing the involved entities and their interactions, is required. Here, such a model is presented together with an analysis of potential problems. To further improve the security analysis an extended model is introduced. This model illuminates the necessity of secure communication between the smart card and the other entities, which is generally absent in available systems. Thus, security-enhancing extension are required. In this work, possible implementations of such extensions are discussed.