Enhanced SmartCard for Electronic Commerce
by Zoltán Kincses and István Mezgár
Electronic commerce is a new, fast growing field of conduct business, selling any type of services, goods or even stocks on the network of computers using the Internet. The development of electronic commerce is extremely fast, according to statistics, the number of firms/providers duplicates each six month in some regions of the world. The lack of secure money transfer through the Internet is a barrier for the even faster spread of electronic commerce. SmartCard technology can offer a solution for this problem by fulfilling simultaneously the main demands of identification, security and authenticity. The application of chip-based cards, the SMC probably can offer a general solution even beyond the electronic commerce. Research has been started at SZTAKI to disclose the theoretical background of a complex SmartCard technology and outline some integration aspects and possibilities of the main functions.
The application of SmartCard technology in electronic commerce can result in the next step of the technological revolution because of offering new possibilities in effective integration of commercial, banking and identification functions. Traditional SmartCard-based applications spread very fast in different fields (telephone cards, bank cards, etc) and according to forecasts, the SmartCard market volume will double every year until 2000.
The forecasts on electronic commerce and SmartCard spread call for international electronic transaction standards. The current version of Secure Electronic Transaction (SET) is an open specification for protecting payment card purchases on any type of network. The SET specification incorporates the use of different cryptography algorithms to keep the privacy of personal and financial information over any open network.
As the SmartCard technology will be widely applied in many fields of everyday life, all people should be provided with the chance to use SmartCards including handicapped users. The present research work aims at disclosing the possibilities of widening SmartCard applicability into this direction by extending and integrating the different SmartCard functions into an enhanced SmartCard.
Need for Enhanced SmartCards
In electronic commerce, instead of validating the identity tools individuals have to be identified. Transaction security and validity can be guaranteed through properly selected methods. It is important to handle the different aspects of security, identification and applicability of different fields and developments on a common base, therefore, platform-independent open (hardware and software) architectures have to be applied. Moreover, all the solutions must be integrated into an easy-to-use application.
Research goal is to disclose the theoretical background of a complex SmartCard technology and outline some integration aspects and possibilities taking the following functions into consideration:
- certainty determination of identity
- secure data transmission
- open architecture and a platform-independent management
- complex handy application.
The next generation standard of the field must be physically, syntactically, semantically and vendor-independently interoperable. The migration to new technologies is ensured by this interoperability.
The best solution to resolve the identification is live fingerprint recognition. Today there exist software tools the recognition rate of which is 100%. There are other biometrical recognition systems and they complete or substitute the live fingerprint recognition if the user suffers from any kind of deficiency. Extending the characteristics of the SmartCard with this factor, the new, enhanced SmartCard can become a real all-round tool for electronic identification.
Security and authentication are guaranteed by using RSA-based or elliptic curve-based cryptography. The 40 and 48 bit lengths codes have already been broken with brute force algorithms by network based parallel programming, therefore longer keys have to be applied.
The open architecture and platform-independent ideas should contain open standards (like ISO 7816 in SmartCard world). The platform-independent Java language ought to be applied in future standards. It plays a key role in our research, especially from the appearance date of JavaCard specification.
The handy tools are SmartCards which had an unsuccessful period because of their high production price. Today's technology allows to make handy SmartCard in a big number at a low price with high and secure data storage capacity and with own operating system eg JavaCard which has an 8 Kbyte operating system and a 4 Kbyte Virtual Machine. ISO 7816 standard is implemented in JavaCard.
A key point of the research is the definition and integration of SmartCard functions for handicapped users. Taking the 800 million people in Europe into consideration, the approximate figures of handicapped people with the most frequent deficiencies are summarised in the table. Some ideas for the possible solutions are given, but enormous work has to be done to find solutions for the empty cells before reaching a global standardisation.
Table: Solutions considering the needs of handicapped
(O -exists, ? - possible, X - not yet )
The problem of multiple deficiency (one cannot act without permanent help) also has to be mentioned. In this case the master-slave card should be a solution. The slave card belongs to the multiply disabled person while the master card is used by the person in charge. The slave card can be used only with the master card. The master card can be used alone by its owner, but not for the slave's user transactions. One slave card can have several masters, and vice versa.
In order to develop a widely applicable SmartCard concerning both the functions and users, all the exceptions have to be taken into consideration during the design phase. There is a strong need for (a set of) international standard(s) that guarantee the operation of particular identification systems as well. The standards must contain a general solution with less discrimination, placing human beings in the forefront instead technical solutions, offering this way equal opportunity also for the handicapped. We hope that our research results will contribute to achieving these long-term standardisation goals.
Zoltán Kincses - ELTE/SZTAKI
Tel: +36 1 1811 143
István Mezgár - SZTAKI
Tel: 36 1 1811 143