The one-card trick. Multi-application smart card E-commerce prototypes

Download The one-card trick. Multi-application smart card E-commerce prototypes

Post on 20-Sep-2016




3 download





    T has been exploring the brenefits of multi- application smart cards, i.e. processor cards which hold more than one application as well as data on the card. BT believes that market

    trends indicate that electronic commerce will be a key arena for the use of smart cards.

    The means to sign documents and authenticate yourself to remote parties to a transaction are vital to the widespread uptake of electronic commerce. Digital IDS based on public key cryptography will become the standard mechanism for achieving the required levels of secyrity. Since the use of multi-application smart cards substantially reduces the cost of developing and deploying smart card applications, the use of such cards as part of public key infrastructure (PKI) is very effective.

    In addition, BT wished to examine the value of smart cards (storing digital IDS) as a secure and flexible identity

    Consult Hyperion has designed and built prototypes for BT which show the use of a Multos multi-application smart card for storing a digital ID and then demonstrating various E-commerce business applications (secure E-mail, ticketing, Web site log on etc.) via a variety of devices and networks. In addition, dynamic loading and deletion of card applications after card issue has been demonstrated. This article describes the prototypes.

    token that will provide access to a whole spectrum of services via a range of network terminals and devices, not just PCs.

    BT asked Consult Hyperion to design and build portable prototypes: a laptop PC and a smart phone. The same smart cards work with both access devices without modification: the one-card trick. The prototypes commissioned demonstrate the following:

    storing a digital ID on the smart card which is secure and portable using this digital ID on a smart card to: -gain access to secure Web sites -access E-commerce services such as Internet

    storing data on the same smart card such as tele- phone numbers, E-mail addresses, or value tokens (e.g. tickets).




    GUassmq @Iff mGPauooyms term meaning

    BT asked Hyperion to include Multos card application download and deletion across open networks. Building on digital ID on a smart card, BT chose to demonstrate









    (Multos) application delete certificate (Multos) application load certificate (Multos) application load unit bump in the cord British Telecom certificate authority Data Encryption Standard, a popular symmetric-key encryption method developed in 1975 and standardised by ANSI in 1981 electrically erasable programmable read only memory, a special type of PROM that can be erased by exposing it to an electrical charge; like other types of PROM, EEPROM retains its contents even when the power is turned off General Information Systems Ltd., Cambridge, UK interactive voice response, a talking computer designed to give information without a live operator; IVR systems can interact with a database of information from a mainframe computer; callers communicate with the system by using an ordinary touch tone telephone liquid crystal display Multos executable language multipurpose Internet mail extensions-the standard is universally used by Web servers to identify the files they are sending to Web clients, in thik way new file formats can be accommodated simply by updating the browsers list of pairs of MIME types and appropriate software for handling each type multiple application operating system personal computer the PCMCIA (Personal Computer Memory Card International Association) is an industry group organised to promote standards for a credit card-size memory or U0 device that would fit into a personal computer personal identification number public key infrastructure public key certificate public switched telephone network RC2 is a variable key-size block cipher designed by Ron Rivest for RSA Data Security; RC stands for Rons Code or Rivests Cipher; it is faster than DES and is designed as a drop-in replacement for DES secure sockets layer, a program layer created by Netscape for managing the security of message transmissions in a network; Netscapes SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate

    - the following services:

    0 secure E-mail 0 secure E-ticketing 0 secure E-banking using a smart phone with a built-in

    smart card reader.

    A value-added service was also requested whereby card holders can store their favourite E-mail addresses and telephone numbers on the smart card.

    ~ M ~ ~ ~ - 3 l ~ ~ u ~ G Z l ~ ~ @ I ~ SooOZlm QXlUdS There are a number of multiple-application smart

    cards emerging onto the market (Multos, JavaCard, Windows Card). BT expects that in the future these cards will all work together and that the card holders will be able to access services using any of the various card types.

    At the time these prototypes were developed, Multos smart cards were chosen because they were the most advanced and provided a number of attractive features:

    0 Security: The cards are tamper resistant and there are firewalls between the applications loaded on the card which prevent them from affecting each other.

    0 Multi-application: By allowing more than a single application on the card, the business case for the card can be improved. In this prototype, the three applications are: security; E-friends and family; and E-ticketing. However, other card applications in the future may include: medical records; credit; debit; building access; GSM loyalty; library card.

    0 Secure load/delete: The infrastructure for loading and deleting applications on Multos cards is well thought out, flexible and secure (see below). This means that users will be able to decide what applications they would like on their cards after they have been issued. Multos cards are therefore adaptable to future needs. Through the load and delete certificate mechanism, the issuer can control which applications the card holder is allowed to load or delete.

    0 Powerful functionality: Multos cards have a number of powerful primitives resident which allow application developers to develop applications more easily which perform complicated operations on the Multos card, e.g. public key cryptography.

    Multos card application load and deletion Card application load and deletion in the field after

    card issue is one of the most attractive features of Multos cards. If the issuer allows it, the card holder may delete resident applications on their card and download new applications over open networks such as the Internet or DCThT \


  • RT CARDS In order to load an application to the users Multos card, digital ID is PIN protected so that only the card holder

    he must have the correct application load certificate can use it. The PIN may be up to 8 digits long. Non-digits (ALC) together with the application load unit (ALU). The are not allowed so that the PIN may be entered at a issuer may allow the card owner to obtain these files over terminal which only has a numeric key pad (e.g. a smart the Internet and they may be encrypted for added phone). security. The ALU is essentially the application code and The longer the cryptographic keys, the stronger the data. The ALC is a certificate which determines which cryptography generated by the keys. The key length is cards the application may be loaded onto. restricted by the browser in use since that is where the

    If there is room on the users Multos card for the keys are generated. At the time of building the prototype, application, it may be loaded using appropriate software the strongest keys allowed by the version of Netscape which breaks up the ALU and ALC Communicator exported from the

    USA were 512 bits long. However, the security MEL application is

    into appropriate chunks and fires them at the card in the correct order.

    Deleting applications from a o@rjjJ@~@gp@ Qpfi@kD8 capable of operating with longer Multos card is a similar process. The keys if reassembled with a constant correct application delete certificate changed. The effect would be to (ADC) is required for the card and increase the application data size application. The issuer may allow and so a new ALU would be

    required also. A further restriction was that the Multos (v3.2) cards

    the card holder to download this over the Internet. Deleting an application from a Multos card used here were limited to a key causes the application and its data length of 576 bits (Multos 4 cards to be lost permanently and the emerging at the time of writing will

    allow 1024-bit keys). Once the digital certificate is

    reserved space on the card becomes free for subsequent applications to be loaded. ~ h ~ @ a g h @[ff∾@n~ loaded (e.g. from BT Trustwise)

    In this way, the Multos card onto the card, it resides inside the may be used as a lifestyle card. @@Vi@@@ security application. The Applications reside on the card as certificates are standard X.509 long as the user wants them and (with the card issuers permission) the users may delete applications and load When presented with the correct PIN, the security new ones as their requirements change.

    Uhijs is Eh@

    Eh@ smam Gap@ p@mn@ am@

    S@GUV@ amGI b@ @IS@@ E@

    @ma[@ a G G @ s s E@ S @ W i G @ S


    application will:

    Prototyping Hyperion designed two prototypes for BT to meet the

    requirements. The first is based on a laptop PC with Internet connection. The second uses a smart phone with PSTN connection to the outside world. The same smart card and applications on the card are/used with both prototypes. This is the one-card trick: the smart card is portable and secure and may be used to enable access to services through different access devices.

    Whats on the cards? Three applications were developed to run on Multos

    cards. On the 8 k cards available at the time of this work (which actually have only approximately 6 kbyte of EEPROM available for application code and data), there was not enough EEPROM to fit all three applications at the same time. However, dynamic application load an$ deletion allows the card holders to modify which applications reside on their smart card, so they are not prevented from using any services. Also, at the time of writing, the first 16 k Multos cards are emerging. (i) Security: The first MEL application holds a digital ID (a ceAificate and an asymmetric cryptography key pair) and enables them to be used for security purposes. The

    0 On request, deliver the digital certificate held on the card (which contains the card holders public key). Allow the private key to be used on the card for signing, authentication and decryption of small items such as session secret keys, but will never reveal the private key. Generate a hash digest of the certificate on the card and sign it with the private key. This allows this application to operate in an environment where hashes cannot be generated off the card, e.g. when using a smart phone. If the application is used in conjunction

    \ with a Web browser or other appropriate software, then the certificate hash may be generated off the card.

    (ig Egriends and family: This application holds favourite names, telephone numbers and E-mail addresses. Up to ten records may be stored on a card. The application is merely a container which stores data and retrieves the same data when requested. Any textual data may be stored.

    (i$ E-ticketing: This application stores electronic tickets. The tickets are-stored as journey legs, each signed by




    Fig. 1 PCDnternet functional diagram

    the ticket issuer so as to prevent fraud. If a criminal intercepted an E-ticket on its way to the card and stored it to their hard disc, they may change the date and replay the data to store it to the card. However, the ticket would not be valid since the signature would not match the ticket body.

    PCLnternet pro to type 6) Overview: As shown in Fig. 1, this prototype consists of:

    0 the users laptop PC (with appropriate software loaded), a smart card reader and a Multos card (we used 8 k Multos 3.2 cards)

    - 0 the Hyperion Web server 0 the BTTrustwise Web server (which issues digital

    0 the Internet to connect the above together. IDS) 2 1-

    69 Using the PC/Internetprototype: The typical sequence of actions which the user goes through once the prototype is installed on their PC is: ,

    0 Load the security application on to the Multos card from the Hyperion Web server over the Internet.

    0 Get a digital ID over the Internet using their Web browser and the BT Trustwise Web server and store it on their Multos card (inside the security application).

    Now the user is in the position to be able to send and receive secure E-mails (see below) using their digital ID on their Multos card. 0 Sign terms and conditions over thelnternet using their

    digital ID on their Multos card in order to be allowed to

    load the E-friends and family application onto their Multos.

    Now they can edit and store their favourite E-mail addresses and phone numbers on their Multos card (inside the E-friends and family application).

    0 Delete the E-friends and family application to make room on the card for loading the E-ticketing applica- tion.

    0 Access the Hyperion Web server to purchase electronic tickets by signing the transaction. Tickets are stored on the card (in the E-ticketing application).

    Each of these stages outlined above is described in more detail below:

    (iii) Curd application loud and deletion: As described earlier, when the user wishes to load or delete an application form their card, they need the permission of the issuer. In this demonstration, the applications which may be loaded or deleted are restricted to those which are available through the Hyperion demonstration Web site.

    The loading of some card applications is restricted to holders of a valid BT Trustwise certificate. In order to be able to load the restricted applications, the user must first establish an SSL connection to the Web site using their digital ID on their smart card.

    By pointing their browser at the Hyperion Web site, users may click on links which enable them to download the appropriate files required for application load (ALU and ALC) or delete (ADC). When the files arrive over the Internet, the browser checks the MIME type and auto- matically starts up the helper (see Fig. 2). h


  • SMART CARDS The user is able to check

    which applications are on the card by clicking the &rectory button. By clicking the Load or Delete buttons, the action is started. The scrolling window displays progress reports to the user.

    (iv) Getting a digital ID from BT Trustwise onto a smart card: BT is currently offering free trial digital IDS which remain valid for 60 days from its Trustwise Web site. By visiting the Web site (www. and supplying

    library functionality provided on smart cards. This is what the Hyperion 'Cryptoki' module does in order to allow Netscape Communicator to store digital IDS to Multos cards and then use them for signing and cryptographic

    __ . _ _ - i purposes. &.&c&mNsm, I

    (U) Secure E-mail: General secure E-mail using digital IDS on the PC hard disc is provided by Netscape Communicator. The Hyperion Cryptoki module allows Netscape Communicator to

    Fig. 2 Card application load and delete helper

    basic information such as name and E-mail address, the user is able to request a public key certificate. The crypto- graphic key pair is generated in the browser, the public key is sent to BT Trustwise for inclusion in the public key certificate, while the private key is stored on the Multos card never to be revealed. Using the public key, BT Trustwise generates a digital certificate which is signed by VeriSign. The hierarchy of trust dictates that since we trust VeriSign (its public certificate is present in all our browsers) and VeriSign trust BT Trustwise, we trust the credentials supplied in BT Trustwise certificates.

    Currently, most people store their digital IDS in their Web browser's database on the PC hard disc. However, this is not particularly secure. It is preferable to store the digital ID on a tamper-proof (and portable) smart card. But how do we do this?

    Netscape Communicator uses a security library to carry out the functions associated with digital IDS. Versions of Netscape Communicator since v4.05 allow software cryptography modules to be added by prog- rammers which provide access to some of the security

    access the digital ID on the Multos card in order to sign or decrypt E-mails.

    An introduction to sending signed and encrypted E-mails using Netscape Messenger (found within the Communicator 'package') is given on the BT Trustwise Web site (www.trustwise.codClasslhelp.htm1) and also the VeriSign site ( mail. htm).

    (U$ E-frends and family: The user's favourite E-mail addresses and telephone numbers may be held in the E-friends and family card application. This card applica- tion is a simple container which stores up to ten records. On the PC, the E-friends and family editor application talks to the card and allows the user to read the records, edit them, and store them back to the card (see Fig. 3). There is also an option to export the data to the PC hard disc as a back up and later import them back. This is useful if the card application is deleted to make room for another since deleting a card application also deletes its data.

    RlWl fiom card

    i I i - - - - _ - - ; SrOIcEtocanl Fig. 3 E-friends and family editor window




    Fig. 4 E-ticketing helper window

    }LEGl: 20-01-99Mldford 06SOLondon - - _ 11862: 20-01-99London 083OHanchester

    (vii) E-ticketing using the PC: It is assumed, for the E-ticketing demonstration that the user has registered their credit card details with the ticket issuer in advance. The user visits the ticket issuer's Web site (in this case a demo Web site made by Hyperion) and selects the details of the journey they wish to make, e.g. Guildford to Edinburgh on the 20th January 1999. The Web site presents a list of possible journeys, at various times of day and perhaps via different routes. The user selects the one they want and they are then asked to digitally sign the transaction using their private key on their Multos card. .

    Once the signed purchase is received at the Web site, the signature is verified and, if OK, the ticket is issued. The ticket is issued over the Internet as separate journey legs each signed by the ticket issuer and stored on the Multos card inside the E-ticketing application. The E-ticketing PC helper (see Fig. 4) is automatically fired up when the tickets arrive at the browser because of the file MIMEtype. It would be possible to extend this prototype to allow day passes or season tickets to be stored on the card. This would have the advantage to the user of not having to read the card as a reminder of what journey tickets were stored to



    Fig. 6 Screen phonePSTN prototype functional diagram

    the card; either the season ticket is valid, or it has expired.

    Smart phone/PSTNprototype 6) Overview: For the second E-commerce prototype the user access device is a smart phone. We used an ordinary telephone in conjunction with a bump-in-the- cord (BITC) device (see Fig. 5).

    The BITCdevice is designed and programmed by General Information Systems (GIs) in Cambridge (www. It is a small desktop device which uses an 8 bit microcontroller which controls all the major functions. A rubber mat keyboard occupies the top of the unit. The unit is fitted with two integrated IS07816 compatible sockets, each capable of reading smart cards. A high contrast dot matrix LCD is used to convey information to the user regarding the current function of the unit.

    The BITC talks to the Multos card locally and also communicates across the PSTN to the host IVR system. This prototype demonstrates the use of the same smart card and card applications but is a cheaper access device (compared to a laptop PC with card reader) which does not require Internet connection. An additional business application is included which does not require a new card application: electronic banking.

    The main difference from the PCAnternet prototype is that the user interface is necessarily less visual since the input and output devices are more limited (no mouse, very small display).

    As shown in Fig. 6 this prototype consists of

    0 the GIS BITC device pre-programmed with appro- priate software and a Multos card (we used 8k Multos 3.2 cards)

    0 the Hyperion IVR host and servers e the PSTN to connect the above together.

    At the Hyperion prototyping lab, the IVR host and

    servers run on a standard PC (NT workstation) with two voice modems connecting it to two phone lines (allowing up to two incoming calls at the same time). The server programs behind the IVR host provide for: authentica- tion; card application download and delete; banking; and ticketing.

    (ii) Using the smart phone prototype: Since we wished to use the same digital IDS for this second prototype as for the PCLnternet prototype, and there is currently no easy way of obtaining them without Internet connection, we decided to assume that cards used for this prototype have a digital ID already loaded. In the real world, cards may be issued with digital ID already resident.

    The typical sequence of events which the user goes through when he has connected up his BITC and inserted his smart card is:

    Dial the IVR host, using the BITC device. When prompted by the BITC screen, lift the telephone handset and listen to the IVR menu. Select the service required and hang up the telephone. The connection switches from voice to data mode and the modems synchronise.

    0 Enter PIN to allow Multos card security application to perform authentication via the BITC across the PSTN to the Hyperion authentication server. Once the user is authenticated, the request may be serviced (banking, ticketing or card application down- loaddelete).

    These stages are described in detail below:

    fiiq Connecting to the ZVR host: The user inserts their card into the BITC and turns on the BITC. The BITC reads the card to see which applications are resident. If the user has the E-friends and family card application, the



    BITC will allow them to view the telephone numbers it contains and automatically dial whichever is selected. For example, the first record in the E-friends application when it is freshly downloaded contains the Hyperion IVR host phone number.

    Once connected to the Hyperion IVR host, the user listens to the spoken options (banking, ticketing, card application download) and selects one using the tele- phone or BITC key pads. A further level of menus is offered and the user makes another selection. At this point, the modem connection switches from voice to data mode.

    (iv) Authenticating the user: The authentication server requests the digital LD from the BITC. The BITC asks the user for their PIN and presents this to the security card application. If the PIN was correct, the security applica- tion will allow the BITC to request its certificate as well as a signed hash digest of the certificate. These are sent across the PSTN to the authenti-

    transaction taking place on the user's account on the banking server. Transactions are stored in the banking server database and used when a statement request is made.

    (vi$ E-ticketing using the BITC: After the authentication process, ticketing on the BITC device is very similar to that done using the PC prototype except that the display is much smaller and so the user must scroll through the journey options which are presented by the ticketing servcr. Once selected, the purchase is signed using the private key held in the security card application. The returned ticket journey legs are stored on the card in the E-ticketing card application.

    GaMlGOMSkDMlS Consult Hyperion has designed and built prototypes

    for BTwhich show the use of a single Multos multi- application smart card for storing digital ID and then

    demonstrating various E-commerce cation server. If authentication uh@ smam ~ a p a business applications (secure E- is successful, the authentication mail, banking, ticketing, Web site extracts the name from the digital p[am@pm W[[1[ @@ log-on) via a variety of devices and certificate which is used as an ID for networks (PCDnternet and BITC/ any following transactions. a bp81rn@'rn@@4fff81U PSTN). In addition, dynamic load

    and deletion of card applications (U) Multos card application marnag@' s@w"@ after card issue has been download and delete: This is very pp@pi7na@@ Q@ smam demonstrated. This article has similar to card application down- described this work done for BT. load and delete over the Internet. Gap@ flEsW@pQ am@ These are the kinds of services The user selects which application which will be provided by the BT is to be downloaded or deleted from appUflG8lfO@m smart card platform (SCP). The SCP

    will be a brand-neutral managed @CiJ@Wfld@L% service provided to smart card

    the IVR menu. If authentication is successful, the appropriate filks (ALC, M U , ADC) are sent from issuers and application providers. It Hyperion server across the PSTN to the BITC which fires will link a range of smart card terminals (e.g. PC, mobile the commands at the card to perform the load or delete phone, kiosk etc.) to a range of services (e.g. electronic operation. ticketing).

    (vi) E-banking: Before the user may use the E-banking service, they must have an account on the Hyperion banking server database. The ID extracted from the certificate is presented to the banking server in order to locate the correct user's account. The name in the digital certificate is used as the account identifier.

    The banking server sends a menu of options to the BITC which shows them on its LCD:

    0 balance request 0 statement request (last 5 transactions) 0 make a transfer

    a 0 pay a preset bill.

    A~krmawiled~mem& I would like to thank BT for permission to publish this

    description of the prototyping work. Thanks are also due to my colleagues at Consult

    Hyperion for their work on this project, especially Stuart Fiske, Steve Brooks, Andrew Whitcombe and Soheil Ah. Finally, I would like to thank Andrew Whitaker at GIS for his work on the screen phone prototype.

    Dr. John Elliott is a Chartered Engineer and an IEE Member. He has over five years of IT consultancy and project management experience in the UK and Europe. He is a Senior Consultant at the E-commerce consultancy, Consult Hyperion (www.hyperion., 8 Frederick Sanger Road, Surrey Research Park, Guildford, Surrey GU2 5YD, UK. Prior to joining Consult