Enhanced SmartCard for Electronic Commerce
by Zoltán Kincses and István Mezgár
Electronic commerce is a new, fast growing field of conduct business,
selling any type of services, goods or even stocks on the network of computers
using the Internet. The development of electronic commerce is extremely
fast, according to statistics, the number of firms/providers duplicates
each six month in some regions of the world. The lack of secure money transfer
through the Internet is a barrier for the even faster spread of electronic
commerce. SmartCard technology can offer a solution for this problem by
fulfilling simultaneously the main demands of identification, security
and authenticity. The application of chip-based cards, the SMC probably
can offer a general solution even beyond the electronic commerce. Research
has been started at SZTAKI to disclose the theoretical background of a
complex SmartCard technology and outline some integration aspects and possibilities
of the main functions.
The application of SmartCard technology in electronic commerce can result
in the next step of the technological revolution because of offering new
possibilities in effective integration of commercial, banking and identification
functions. Traditional SmartCard-based applications spread very fast in
different fields (telephone cards, bank cards, etc) and according to forecasts,
the SmartCard market volume will double every year until 2000.
The forecasts on electronic commerce and SmartCard spread call for international
electronic transaction standards. The current version of Secure Electronic
Transaction (SET) is an open specification for protecting payment card
purchases on any type of network. The SET specification incorporates the
use of different cryptography algorithms to keep the privacy of personal
and financial information over any open network.
As the SmartCard technology will be widely applied in many fields of
everyday life, all people should be provided with the chance to use SmartCards
including handicapped users. The present research work aims at disclosing
the possibilities of widening SmartCard applicability into this direction
by extending and integrating the different SmartCard functions into an
enhanced SmartCard.
Need for Enhanced SmartCards
In electronic commerce, instead of validating the identity tools individuals
have to be identified. Transaction security and validity can be guaranteed
through properly selected methods. It is important to handle the different
aspects of security, identification and applicability of different fields
and developments on a common base, therefore, platform-independent open
(hardware and software) architectures have to be applied. Moreover, all
the solutions must be integrated into an easy-to-use application.
Research goal is to disclose the theoretical background of a complex
SmartCard technology and outline some integration aspects and possibilities
taking the following functions into consideration:
- certainty determination of identity
- secure data transmission
- open architecture and a platform-independent management
- complex handy application.
The next generation standard of the field must be physically, syntactically,
semantically and vendor-independently interoperable. The migration to new
technologies is ensured by this interoperability.
The best solution to resolve the identification is live fingerprint
recognition. Today there exist software tools the recognition rate of which
is 100%. There are other biometrical recognition systems and they complete
or substitute the live fingerprint recognition if the user suffers from
any kind of deficiency. Extending the characteristics of the SmartCard
with this factor, the new, enhanced SmartCard can become a real all-round
tool for electronic identification.
Security and authentication are guaranteed by using RSA-based or elliptic
curve-based cryptography. The 40 and 48 bit lengths codes have already
been broken with brute force algorithms by network based parallel programming,
therefore longer keys have to be applied.
The open architecture and platform-independent ideas should contain
open standards (like ISO 7816 in SmartCard world). The platform-independent
Java language ought to be applied in future standards. It plays a key role
in our research, especially from the appearance date of JavaCard specification.
The handy tools are SmartCards which had an unsuccessful period because
of their high production price. Today's technology allows to make handy
SmartCard in a big number at a low price with high and secure data storage
capacity and with own operating system eg JavaCard which has an 8 Kbyte
operating system and a 4 Kbyte Virtual Machine. ISO 7816 standard is implemented
in JavaCard.
A key point of the research is the definition and integration of SmartCard
functions for handicapped users. Taking the 800 million people in Europe
into consideration, the approximate figures of handicapped people with
the most frequent deficiencies are summarised in the table. Some ideas
for the possible solutions are given, but enormous work has to be done
to find solutions for the empty cells before reaching a global standardisation.
Table: Solutions considering the needs of handicapped
(O -exists, ? - possible, X - not yet )
The problem of multiple deficiency (one cannot act without permanent
help) also has to be mentioned. In this case the master-slave card should
be a solution. The slave card belongs to the multiply disabled person while
the master card is used by the person in charge. The slave card can be
used only with the master card. The master card can be used alone by its
owner, but not for the slave's user transactions. One slave card can have
several masters, and vice versa.
In order to develop a widely applicable SmartCard concerning both the
functions and users, all the exceptions have to be taken into consideration
during the design phase. There is a strong need for (a set of) international
standard(s) that guarantee the operation of particular identification systems
as well. The standards must contain a general solution with less discrimination,
placing human beings in the forefront instead technical solutions, offering
this way equal opportunity also for the handicapped. We hope that our research
results will contribute to achieving these long-term standardisation goals.
Please contact:
Zoltán Kincses - ELTE/SZTAKI
Tel: +36 1 1811 143
E-mail: kincses@ludens.elte.hu
István Mezgár - SZTAKI
Tel: 36 1 1811 143
E-mail: mezgar@sztaki.hu
