<!-- Edit EirGrabber 3.01 -->
<HTML>
<HEAD>
<TITLE>Smart Card Developer's Kit:Smart Cards and Security</TITLE>



<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="201-203.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="206-208.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H4 ALIGN="LEFT"><A NAME="Heading6"></A><FONT COLOR="#000077">Integrity</FONT></H4>
<P>Integrity is the concept that none of the information involved in a transaction is modified in any manner not known or approved by all the participants in the transaction, either while the transaction is in progress or after the fact. In the previous homework example, when the student turns in the homework, the total transaction may not actually be concluded until the teacher reviews the homework and records a grade. In this simple example, the integrity of the information is maintained by the teacher keeping the homework in controlled possession until it is graded and the grade recorded. The student&#146;s integrity facility in this case is to get the homework back from the teacher and be able to review it to make sure that it&#146;s in the same state as when it was turned in.
</P>
<P>For the homework example, the integrity of the transaction system is typically not of paramount importance to the student since teachers don&#146;t often maliciously modify homework in their possession. The teacher might be more concerned with the integrity of the information&#151;first, in the sense of knowing that the homework hasn&#146;t been modified since it was turned in (usually not too likely), and second, in knowing that the homework was actually done by the student.</P>
<P>This latter aspect is often not guaranteed by any stringent mechanism in the case of homework. In the case of examinations, which might be viewed as more valuable, more proactive mechanisms are sometimes used. For example, some universities make use of an &#147;honor code&#148; under which a student might be required to attest to the fact that an examination was completed by the student and that the student neither gave nor received any assistance during the examination proper. Providing mechanisms to facilitate this concept in the highly dispersed environment of electronic transactions across a wide area computer network is a bit more challenging.</P>
<H4 ALIGN="LEFT"><A NAME="Heading7"></A><FONT COLOR="#000077">Nonrepudiation</FONT></H4>
<P><I>Nonrepudiation</I> is establishing the fact of participation in a particular transaction by all the parties to the transaction, such that none of the parties can claim after the fact that they did not actually take part in the transaction. Mechanisms to facilitate this concept are typically closely related to the mechanisms used to authenticate identity. In many discussions, the two concepts are viewed as essentially equivalent.</P>
<BLOCKQUOTE>
<P><FONT SIZE="-1"><HR><B>Note:&nbsp;&nbsp;</B><BR>Of these five characteristics of security, it is the concept of privacy that precipitates the greatest concerns on the part of governmental entities. As you will see, encrypting information through mechanisms that allow only the intended participants of a transaction to be able to understand it is often a highly regulated capability. The same encryption mechanisms used to establish privacy can often also be used to authenticate identity. When used for authentication, encryption is viewed much more benignly by governmental entities than when used for privacy.<HR></FONT>
</BLOCKQUOTE>
<H3><A NAME="Heading8"></A><FONT COLOR="#000077">The System Components</FONT></H3>
<P>The previous section defines some of the abstract characteristics of security as it relates to a variety of transactions. This section defines the components of a networked system; that is, those elements comprising a system through which transactions can be realized. More specifically, this networked system uses smart cards as an integral element of the security infrastructure.
</P>
<H4 ALIGN="LEFT"><A NAME="Heading9"></A><FONT COLOR="#000077">The Card</FONT></H4>
<P>Smart cards use a computer platform on which information can be stored such that access to it can be strictly controlled by the cardholder, the card issuer, or the provider of any specific applications on the card. Further, software can be executed on the card under strict control of either the cardholder, the card issuer, or the provider of specific applications on the card. Given these characteristics, the smart card provides a variety of useful security characteristics, including
</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;Storage of passwords for access to computer systems, networks, information stores, and so on
<DD><B>&#149;</B>&nbsp;&nbsp;Storage of keys, public and private, for authenticating identity
<DD><B>&#149;</B>&nbsp;&nbsp;Storage of keys, public and private, for encrypting information to ensure its privacy
<DD><B>&#149;</B>&nbsp;&nbsp;Storage of information to be conveyed to various access points for a system (for example, a financial system) without the cardholder being able to access or change that information in any way
<DD><B>&#149;</B>&nbsp;&nbsp;Performance of encryption algorithms for authenticating identity
<DD><B>&#149;</B>&nbsp;&nbsp;Performance of encryption algorithms for ensuring the privacy of information
</DL>
<H4 ALIGN="LEFT"><A NAME="Heading10"></A><FONT COLOR="#000077">The Cardholder</FONT></H4>
<P>A smart card can represent the cardholder in an electronic environment. Further, the card can be programmed to require some type of identity authentication from the cardholder before it will provide such electronic representation for the cardholder. That is, the smart card can use a variety of mechanisms in a transaction with the cardholder through which the cardholder convinces the card that it should act on the cardholder&#146;s behalf. Some of the mechanisms used by the card to authenticate the identity of the bearer include
</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;Requiring the bearer to enter a personal identification number (PIN)
<DD><B>&#149;</B>&nbsp;&nbsp;Requiring the bearer to enter some known personal information stored on the card
<DD><B>&#149;</B>&nbsp;&nbsp;Requiring some biometrical characteristic of the bearer, such as a fingerprint or a facial image, to be measured by a sensor or collection of sensors and then matched against a benchmark of this characteristic stored on the card
<DD><B>&#149;</B>&nbsp;&nbsp;Requiring the bearer to properly perform a series of operations leading to a specific state known to the card
</DL>
<P>The identity authentication transaction that occurs between the card and the cardholder is a rather complete specific example of the transaction that one wants to occur generally through the enabling actions of the card. Both sides of the transaction (that is, the card and the cardholder) must be concerned with
</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;Authenticating the identity of the other (party to the transaction)
<DD><B>&#149;</B>&nbsp;&nbsp;Being authorized with the appropriate privileges once identity is authenticated
<DD><B>&#149;</B>&nbsp;&nbsp;Being assured of the integrity of the transaction
<DD><B>&#149;</B>&nbsp;&nbsp;Being assured of the privacy of the transaction
<DD><B>&#149;</B>&nbsp;&nbsp;Being able to confirm that the transaction took place in a proper fashion
</DL>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="201-203.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="206-208.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>



</BODY></HTML>