Smartcards with Webservice Interface



Similar documents
Chytré karty opět o rok dál...

ISO/IEC for secure mobile web applications

Using ISO/IEC for mobile devices

Java Card. Smartcards. Demos. . p.1/30

Secure web transactions system

SIP Protocol as a Communication Bus to Control Embedded Devices

How To Create A Virtual Network With A Router And Network Operating System (Ip) For A Network (Ipv) (Ip V2) (Netv) And A Virtualization) (Network) (Wired) (Virtual) (Wire)

Lean and Easy Ways to Adopt MOST Technology

SEEK project - Access to Secure Elements on Android. Frank Schäfer

White Paper. Bearer Independent Protocol (BIP)

An NFC Ticketing System with a new approach of an Inverse Reader Mode

SOSSE. Matthias Brüstle Simple Operating System for Smartcard Education. Kommunikationsnetz Franken e.v.

Detailed Table of Contents

Elluminate Live! Access Guide. Page 1 of 7

Making Sense of Internet of Things Protocols and Implementations

Introduction. Interoperability & Tools Group. Existing Network Packet Capture Tools. Challenges for existing tools. Microsoft Message Analyzer

Building SOA Applications with JAX-WS, JAX- RS, JAXB, and Ajax

RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne

Elluminate Live! Access Guide. Page 1 of 7

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Ten Critical Success Factors for Successful Smart Card Projects

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris

CASQUE SNR Presentation 16 th April 2015

Automatic Configuration and Service Discovery for Networked Smart Devices

3-Tier Architecture. 3-Tier Architecture. Prepared By. Channu Kambalyal. Page 1 of 19

Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 04 Java

Embedded Java & Secure Element for high security in IoT systems

Mobile Operating Systems Lesson 07 Symbian OS

Apigee Gateway Specifications

A GENERIC ARCHITECTURE FOR WEB APPLICATIONS TO SUPPORT THREAT ANALYSIS OF INFRASTRUCTURAL COMPONENTS

Security Guide Release 7.3

Smartcard Web Server Enabler Architecture

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

Data Integration using Integration Gateway. SAP Mobile Platform 3.0 SP02

AMHS Interfaces. AMHS Interface Options for Third-party, Non-AMHS Systems

Chapter 4: Networking and the Internet

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

ni.com Remote Connectivity with LabVIEW

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Wireless Java Programming for Enterprise Applications

Lead to order integration of CRM on demand and Oracle E-Business Suite. Michael Baggott Dataweave Service Delivery Director

Java Card TM Open Platform for Smart Cards

Linux Network Security

CRM On Demand. Oracle CRM On Demand CTI Developer s Guide

Smart Card Web Server, How to bring operators applications and services to the mass market. February

Mobile Electronic Payments

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013

KURA M2M/IoT Gateway. reducing the distance between embedded and enterprise technologies. Tiziano Modotti, October 28 th, 2014

Securing ArcGIS Server Services: First Steps

Introduction of Information Security Research Division

Present and Act Upon. Register. Consume. Stream Analytics. Event Hubs. Field Gateway. Applications Cloud Gateway. Legacy IoT (custom protocols)

POINT-TO-POINT vs. MEAP THE RIGHT APPROACH FOR AN INTEGRATED MOBILITY SOLUTION

ZODIANET API (ZAPI2)

OPEN SYSTEMS INTERCONNECTION OVERVIEW OF PROTOCOL LAYERING AND OSI MODEL OF NETWORK STACKS

Home Gateway Enabling Evolution of Network Services

Load Balancer Comparison: a quantitative approach. a call for researchers ;)

Reduce Cost and Complexity of M2M and IoT Solutions via Embedded IP and Application Layer Interoperability for Smart Objects

Bluetooth 4.0 Solutions for Apple ios Devices. Bluegiga Technologies

M2M: EE Connectivity. 22 July , EE LIMITED 1

JavaCard. Java Card - old vs new

Creating Web Services in NetBeans

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

esim for consumer devices MWC 2016 Telefonica S.A. Feb. 2016

The Belgian e-id: hacker vs developer

Symbian Operating System

Smart Cards a(s) Safety Critical Systems

Tel: Toll-Free: Fax: Oct Website: CAIL Security Facility

GigaSpaces XAP 10.0 Administration Training ADMINISTRATION, MONITORING AND TROUBLESHOOTING GIGASPACES XAP DISTRIBUTED SYSTEMS

DB2 Connect for NT and the Microsoft Windows NT Load Balancing Service

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

Moving to Multi-factor Authentication. Kevin Unthank

Smart Card Technology Capabilities

Eclipse Open Healthcare Framework

So happy to be here! Paparazzi over IP. Daniel Mende & Pascal Turbing {dmende pturbing}@ernw.de.

A Generic Database Web Service

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).

How To Build A Connector On A Website (For A Nonprogrammer)

Mobile System Technologies Certification Program

TLS/SSL in distributed systems. Eugen Babinciuc

Introduction to E-commerce

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Product Release Bulletin

Die Zukunft des M-Payment The future of m-payment

CEB620MOBILE COMPUTING

Web Development with the Eclipse Platform

TYLER JUNIOR COLLEGE School of Continuing Studies 1530 SSW Loop 323 Tyler, TX

STEP Networks Inc North routledge Park Ontario, Canada, N6H 5N5 OUR COMMITMENT TO EXCELLENCE

Adaptive Authentication Integration Options. John Murray Manager, RSA Systems Engineering

Databases Lesson 04 Client Server Computing and Adaptation

PROTECTING DATA IN TRANSIT WITH ENCRYPTION IN M-FILES

Transcription:

Smartcards with Webservice Interface 22. SIT-SmartCard Workshop 8./9. February 2012 Jan Eichholz

Agenda Benefits of a Webservice Interface for Smartcards The Service Access Layer out of ISO/IEC 24727 The Architecture of the G&D Webservice Smartcard Demo Conclusion

The BioP@ss Project The German part of the project is funded by the German Federal Ministry of Education and Research Project start: June 2008, February 2009 in Germany Project end: January 2011 National Partners: IFX, NXP European Partners: Gemalto (Project Lead), STM, OKSystem, Precise Biometrics, Compuworx, id3, CEA, NXP-F

IT- Infrastructure Vision einer Internet Smart Card Status Quo Networking TCP/IP, USB, HTTP, Bluetooth Operating System Windows, Linux, Palm Devices PCs, PDAs, Phones Applications Internet Smart Card Model Networking TCP/IP, USB, HTTP,.NET, Bluetooth Smart Card Devices PCs, PDAs, Phones Middleware Smart Card T=1 Proprietary JavaCard STARCOS Reader Telco, Payment Corporate ID Operating System Applications Windows, Linux, Palm Source: Dr. Walter Hinz, 2007 17. SIT-SmartCard Workshop Darmstadt, 07. Februar 2007 #4

Smartcards with APDU Interface Authentication Identification Data Access Application Interface Application Interface 7816-15 APDU APDU 7816-15 APDU APDU Generation Öffentliche Ordner Öffentliche Ordner

Smartcards with Webservice Interface Authentication Identification Data Access Application Interface Application Interface 7816-15 Webservice Öffentliche Ordner

Smart Home and M2M Infrastructure Smart Devices Application Server Smart Device Server Secure Data Monitoring JC3.0 Secure Data Smart Home Device Security Gateway Source: Sönke Schröder

Agenda Benefits of a Webservice Interface for Smartcards The Service Access Layer out of ISO/IEC 24727 The Architecture of the G&D Webservice Smartcard Demo Conclusion

ISO/IEC 24727 in a nutshell Testing ISO/IEC 24727-5 Architecture ISO/IEC 24727-1 Service Application Service Access Layer (SAL) ISO/IEC 24727-3 Generic Card Access Layer ISO/IEC 24727-2 Interface Device-API (IFD-API) ISO/IEC 24727-4 Auth. Protocols ISO/IEC 24727-6

Agenda Benefits of a Webservice Interface for Smartcards The Service Access Layer out of ISO/IEC 24727 The Architecture of the G&D Webservice Smartcard Demo Conclusion

G&D SAL-on-card architecture (Overview) APDU TCP/IP based communication Service Access Layer WebService instead of APDU communication Nearly no middleware necessary Simple Card Capability Discovery

The Protocol Stack XML / SOAP HTTP / HTTPS Streaming Interface BIP APDU TCP IPv4 / IPv6 EEM (Ethernet) T=0 / T=1 USB

JavaCard 3 Connected Servlets (HTTP communication) Multi-Threading Strings Extended APIs Garbage Collection eid-sallet SmartCard SALlet API SAL Servlet XML Parser SOAP Smart Card OS, Web Server Source: Oracle

SAL-Servlet: Communication flow On card eid-sallet SmartCard SALlet API SAL Servlet XML Parser SOAP Smart Card OS, Web Server

XML & SOAP Extension of the JavaCard API to support XML and SOAP XML & SOAP API according to definitions of Java Standard Edition (subset) Highly optimized with respect to performance, RAM and Flash consumption <env:envelope> <env:header/> <env:body> <CardApplicationConnect> <CardApplicationPath>eID-SALlet</CardApplicationPath> </CardApplicationConnect> </env:body> </env:envelope> SmartCard eid-sallet SALlet API SAL Servlet XML SOAP Parser Smart Card OS, Web Server

The SALlet-API Extension to the standard JavaCard API Allows the implementation of Webservice connected Applets (=SALlets) in an easy way Uses the objects out of ISO/IEC 24727 Card Applications Differential Identities Data Sets Access Control Lists SmartCard eid-sallet SALlet API SAL Servlet XML SOAP Parser Smart Card OS, Web Server

A sample SALlet DIDs and Access Rules //create a PIN-DID object DIDPIN did = new DIDPIN("DIDPIN", 1234, 3); add(did); //create access control list with security condition Vector<Short> actionsdidpin = new Vector<Short>(); actionsdidpin.addelement(action.dsi_read); actionsdidpin.addelement(action.dsi_write); AccessRule accessruledidpin = new AccessRule( new SecurityConditionDID(did), actionsdidpin); //attach access rules to data set dataset.addaccessrule(accessruledidpin); SmartCard eid-sallet SALlet API SAL Servlet XML SOAP Parser Smart Card OS, Web Server

Optimization of XML and SOAP Performance 10000 1000 time [sec.] 100 10 1 0,1 step I step II step III step IV step V step VI step VII step VIII development steps

Agenda Benefits of a Webservice Interface for Smartcards The Service Access Layer out of ISO/IEC 24727 The Architecture of the G&D Webservice Smartcard Demo Conclusion

DEMO

Agenda Benefits of a Webservice Interface for Smartcards The Service Access Layer out of ISO/IEC 24727 The Architecture of the G&D Webservice Smartcard Demo Conclusion

Conclusion The necessary Smartcard infrastructure can be reduced by using an high level interface on the Smartcard With the help of an addition to the JavaCard-API (SALlet-API) the development of SOAP-Applets is quite easy. The Demonstrator shows, that in principal the Webservice as Smartcard interface is possible, but The used JavaCard 3.0 connected platform is currently not mainstream The SOAP-binding is well used, due to specific context an optimized approach might be useful An implementation on top of the widely used JavaCard 3.0 classic platform is possible. IPv6 can offer a direct addressing of the Smartcard in the future, privacy aspects have to be considered!

Thank you for your Attention! Contact: Jan Eichholz Phone +49 89 4119-2684 email: Jan.Eichholz@gi-de.com Giesecke & Devrient GmbH Prinzregentenstr.159 81607 München

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information