Java Card Technology-based Corporate Card Solutions

Similar documents
IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

Sphinx Feature List. Summary. Windows Logon Features. Card-secured logon to Windows. End-user managed Windows logon data

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Java Card 3 Platform. Peter Allenbach Sun Microsystems, Inc.

XenApp 5 Security Standards and Deployment Scenarios

13. Databases on the Web

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Smart Card ICs. Dr. Kaushik Saha. STMicroelectronics. CSME 2002 (Chandigarh, India) STMicroelectronics

UiB 1. april 04. Sun Microsystems

UNIVERSITY EXAMINATIONS: NOV/DEC 2011 REGULATION PERVASIVE COMPUTING PART A

Technologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.

Power LogOn s Features - Check List

Introduction. Enterprise Java Instructor: Please introduce yourself Name Experience in Java Enterprise Edition Goals you hope to achieve

2.0 System Requirements

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Endpoint Protection with DigitalPersona Pro

An Approach to the Generation of High-Assurance Java Card Applets

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

John Heimann Director, Security Product Management Oracle Corporation

The Mobile Finnish Identity Certificate

Factsheet of Public Services Infrastructure (PSi) Updated on: 1st Sep 03

Vision of J2EE. Why J2EE? Need for. J2EE Suite. J2EE Based Distributed Application Architecture Overview. Umair Javed 1

Security-by-Contract for Open Multi-Application Smart Cards

PKI Credentialing Handbook

ActivCard Strong Authentication product line. Jerome Becquart, Senior Product Manager

SAML-Based SSO Solution

HP Instant Support Enterprise Edition (ISEE) Security overview

Certificate Enrollment for the Atlas Platform

DCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification

CREDENTSYS CARD FAMILY

Outline. Introduction to Java. What Is Java? History. Java 2 Platform. Java 2 Platform Standard Edition. Introduction Java 2 Platform

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

BioPassport TM Enterprise Server

PKI is Alive and Well: The Symantec Managed PKI Service

Owner of the content within this article is Written by Marc Grote

Building solutions using Secure Global Desktop Curtis Cunningham (Presentation stolen from Mr. Steve Taylor)

The Password Authentication Paradigm In today s business world, security in general - and user authentication in particular - are critical components

white paper SMS Authentication: 10 Things to Know Before You Buy

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Adding value to your MS customers

End User Device Strategy: Interoperability Standards

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PCMS. PC-linked Reader with Mass Storage.

Enterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

Chapter 6 Enterprise Java Beans

CERN Certification Authority

Indeed Card Management Smart card lifecycle management system

Trusted Platform Module explained

WebSphere Application Server, Version 5. What s New?

Intel Security/McAfee Endpoint Encryption

Security in NFC Readers

Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

X100 ARCHITECTURE REFERENCES:

Java Card Technology Overview

CO Java SE 7: Develop Rich Client Applications

IBM SecureWay On-Demand Server Version 2.0

Excel4apps Wands 5 Architecture Excel4apps Inc.

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions

Deltek Touch Expense for Ajera. Touch 1.0 Technical Installation Guide

ASIA PKI Forum Overcome PKI Deployment Obstacles. Terry Leahy, CISSP Vice President, Wells Fargo Sept 15th, 2003

1 Modular architecture

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Smart Card Operating Systems Overview and Trends

NFC Identity and Access Control

1Z Oracle. Java Enterprise Edition 5 Enterprise Architect Certified Master

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Axway Validation Authority Suite

Overview. SSL Cryptography Overview CHAPTER 1

midentity midentity Basic KOBIL midentity Basic Mobile, Secure and Flexible

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Hitachi ID Password Manager Telephony Integration

SAML-Based SSO Solution

Security for Mobile Instant Messaging

Building the Enterprise

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

HP Business Availability Center

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

SSH Communications Tectia SSH

Are You Flirting with Risk?

SC-1 Smart Card Token. QUICK Reference. Copyright 2007 CRYPTOCard Corporation All Rights Reserved

Glossary. xii. Marina Yue Zhang and Mark Dodgson Downloaded from Elgar Online at 02/04/ :16:01PM via free access

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios

How to use the MESH Certificate Enrolment Tool

CS530 Authentication

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

FUJITSU Cloud Service S5. Introduction Guide. Ver. 1.3 FUJITSU AMERICA, INC.

GemStone Systems. GemStone. GemStone/J 4.0

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

CSE 565 Computer Security Fall 2018

The SafeNet Security System Version 3 Overview

TFS WorkstationControl White Paper

CS November 2018

Virtual Machine Encryption Security & Compliance in the Cloud

Transcription:

Java Card Technology-based Corporate Card Solutions Jack C. Pan, Leader and Sr. Architect Hervé Garcia, Tech. Project Manager econsumer Emerging Technologies, Citibank

Overall Presentation Goal The objectives are to provide 1) an overview and 2) an in-depth technical discussion of a smart card based Corporate ID badge program using the latest multi-application, Java Card technology 2

Learning Objectives As a result of this presentation, you will be able to: Understand the SmartCard and Java Card technologies at a high level Obtain an overview of the Sun Corporate Badge ID Program Understand the Java Card and Open Platform technologies deployed in the program Learn the architectural and technical lessons from such a program 3

Speaker s Qualifications Jack Pan is responsible for the delivery of the Sun Corporate Badge solution from Citibank Hervé Garcia is the overall Technical Lead for the Sun Corporate Badge program from Citibank Both Jack and Hervé are active contributors in smart card industry consortiums such as Java Card Forum and Global Platform 4

Presentation Outline Overview of SmartCard and Java Card technologies Overview of the Sun Corporate Badge Program Detailed discussion of Java Card and Open Platform technologies deployed in the program In depth discussion of architectural and technical lessons learned from the program 5

Overview of SmartCard and Java Card Technologies

What Is a Smart Card? A credit-card sized plastic card with an embedded computer chip. Microprocessor intelligent vs. Memory dumb Contact vs. Contactless Hybrid vs. Combi Single vs. Multiple Applications Other Technologies/Functions Mag stripe Bar code Embossing Signature panel Biometrics 7

The Role of Smart Card Value-add in this Internet Age: Secure authentication token Aggregation of multiple applications Customer Service Secure E-Mail Network Based Services Secure Web Sites and Data Storage Financial Transactions Electronic Purchasing Electronic Contract Signing 8

What Is Java Card Technology? Java Card technology Defines a platform on which Java technology-based applets can run on smart cards and other memory constrained devices Java Card programming language A subset of the Java programming language is supported (e.g., no threads, long, etc.) Java Card virtual machine (JCVM) Off-card piece does conversion from class file to CAP file while On-card piece does bytecode interpretation 9

What Is Java Card Technology? (Cont.) Java Card runtime environment (JCRE) Applets PKI Applet ID Applet Loyalty Applet JCRE Framework Classes (APIs) Industryspecific Extensions Installer System Classes Applet Management Transaction Management I/O Network Communication Other Services Java Card Virtual Machine (Bytecode Interpreter) Native Methods Smart Card Hardware and Operating System 10

Java Card Technology-based Government/GSA Card Program Launched since May, 1999 Standard Credit Card Official Employee Badge Building Access Web Server Access Digital Certificates Calling Card Property Management e-boarding Biometrics The High End Multi-application Smart Card Technology Based on Java Card 2.0/Open Platform 1.0 11

Overview of the Sun Corporate Badge Program

Sun Microsystems Corporate Badge Program A corporate ID badge for Sun s global deployment (50,000 cards) Joint SIT to start in 3Q, 2001; Re-badge to start in 1Q, 2002 Based on Java Card 2.1/Open Platform 2.0 w/29k EEPROM space 13

Sun Microsystems Corporate Badge Program (Cont.) Building Access (Mifare & Mag-stripe) Sun Ray workstations Session Mobility System Login (secure storage of ID/Password) via WinTel, Solaris or Sun Ray workstations Remote Access Authentication (e.g., challengeresponse, synchronous, or VPN based) Multiple digital certificates (e.g., for encryption and authentication) Card and Application Life Cycle Management System (LCMS) and Second Tier Customer Service 14

Java Card and Open Platform Technology-based Solutions

Sun Corporate Badge A Multi-application Implementation of Java Card Technology Use leading-edge features of the Java Card platform: Real multi-application implementation with independence between applications Use Shareable interface to share PIN authentication within card Use crypto API for RSA, including on-card key generation Use instantiation parameters to define applets behavior for run-time Allows applets update post-issuance 16

Sun Corporate Badge Chip Card Applications ID: Store user identification and manage PIN Login: Login to Wintel, SunRay and Solaris platforms PKI: Generate and store key pairs and certificates; used for encryption, e-mail, SSL authentication; compatible with PSM and PKCS#11 client software SKI: Store symmetric key X9.9 for Sun.net access; generate response from X9.9 challenge Quick Password: Secure and convenient storage of user private passwords 17

Card Applets Relationship PIN GCA #1 SKI GCA is Generic Container Applet PKI #1 PKI #2 GCA #2 GCA #3 GCA #4 One Application Requires Several Card Applets App. Management System Must Track Card Applets Configuration 18

Life Cycle of the Smart Card: Open Platform Open Platform (OP) is defined by a consortium; becomes an industry standard for Smart Cards Specifies the interface between the outside world and the Card s JVM Defines life cycle states for entities of the card: platform and applets Secure channel brings end-to-end cryptography: from chip to back-end system (data authenticity, confidentiality, integrity) Services are exposed via Java APIs for card applets 19

Architectural and Technical Lessons learned from the Sun Corporate Badge Program

Life Cycle of a Smart Card 1. 3. 2. 4. Help Desk 1. Manufacture card: build, print card background and serial number and load applets 2. Issue card: Print name and picture; load chip with personal information 3. Use and update applications 4. Track and replace for lost, stolen, revoked cards Requires Card Life Cycle Management System (LCMS) Requires back-end Application Servers 21

What Is the Card Life Cycle Management System? (LCMS) The LCMS Tracks and maintains information about a card life cycle Design principles Based upon the Open Platform standard Separates the platform management from the application management Handles card life cycle and card software configuration Does not process application transactions Based on a principle of privacy so that it does not store any application data. 22

LCMS Architecture Leverage on Standards 23 Partitioning allows many corporations to use the service Has standard interfaces for back-end systems or Application Servers within the corporation Is platform agnostic uses platform independent languages and protocols Java, XML => Makes economical sense to use the Internet as a transport: any corporation has access XML based messaging: Open, Easy to develop interfaces, works with any platform SSL with client authentication: brings confidentiality, integrity, authenticity

The Application Server Concept A system within the corporation which interfaces with the LCMS to handle application transactions Performs card personalization and application transactions for one application Can be centralized or distributed Runs on any platform (Solaris OS, Win NT...) Communicates with LCMS through Internet, using HTTPS+XML as transport Communicates with client using Servlets and Java /JavaScript technologies in browser Communicates with other enterprise servers with other protocols (e.g. LDAP) 24

The Application Server Principle Web Server Application(s) server https:// Secure Applet load Submit Req. Sync. APDU Browser Applet (Java) Java Badge Library (Java classes) JNI DLLs/Device Drivers Read Write 25

Example of Messaging to LCMS SSL Mutual Authentication LCMS Application Server Badge Printer XML Assign badge # 6523 To employee # 7625 HTTP server App Server LDAP OK XML Oracle Database Badge Printer Submits the Issuance Message 26

XML Message to LCMS Message example: Badge Printer to LCMS <..Message header..> <CardUniqueId>6523</CardUniqueId> <EmployeeId>7625</EmployeeId> <State>CS_PRINTED</State> <Time>2001-08-24T13:20:00.000 05:00</Time> <..Message footer..> 27

Summary Use Smart Cards: essential in ensuring secure transactions over the Internet for added security, convenience and mobility Focus on the infrastructure: Build a scalable, multi-application support ready for evolution Use Java Card Technology: It is dominating the multi-application smart card world (e.g., GSM, Logical Access, Financial applications, etc.) Use XML: for system intercommunication to alleviate platform dependency and to take advantage of built-in browser security Use Java technology: Most components are out there to build solutions that alleviate platform dependency; Java, Java Card, JSP, JSSE, EJB, JDBC,etc. 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback