Connecting Smart Cards to the Internet

1
Connecting Smart Cards to the Internet

• Scott Guthery, CTO
• Mobile-Mind, Inc.
• sguthery_at_mobile-mind.com

2
A Very Brief History of Computers
ERA NEED TECHNOLOGY
WINNER Computers
Applications Programming Languages
IBM Minicomputers Multi-Tasking
Operating Systems DEC Personal Computers
Usability User Interfaces
Wintel Trusted Computers Transactions
Mathematics ????
an ever tighter binding of hardware and
software.
3
An Even Briefer History of Smart Cards

• 1967 - Jürgen Dethloff invents the smart card
  computer.
• 1972 - 1993 Patents, standards and security
  through obscurity choke off applications and
  innovation.
• 1994 - MAOSCO and Keycorp create programmable
  smart cards.
• 1996 - Zeitcontrol and Schlumberger provide
  high-level languages.
• 1998 - Microsoft contributes a real file system
  and application development tools.
• 2000 - Smart cards become Internet nodes.

4
Out of Sight, Out of Mind
Application
Transport
Network
Datalink
Physical
5
Why IP on a Smart Card?

• End-to-End Security
• Standards-Based Card-Edge Interoperability
• Web-Based Application Development
• Direct Addressing
• More Points of Acceptance
• Remote Card Management
• Multiple Non-Proprietary Implementations

6
End-to-End Security
Card-Edge Interoperability

67.483.22.56
67.483.22.01
Security Association
7
Factors Favoring Decentralized Architecture

• Time and Cost Efficiency
• reliable, instant access to data with no disk
  farm overhead
• Increased Accuracy
• single copy of cardholder data shared by all
  partners
• Enhanced Privacy
• no liability exposure for issuer physical
  reassurance for cardholder
• Universal Portability
• insert data into whatever system or network needs
  it
• Off-Line Use
• use data at points not connected to any network

8
Network Protocol Stacks
aML with bScript / C, Basic, Perl, Java
Application
WAE
Process/ Application
Presentation
WSP
HTTP, AAA, MIP, SNMP
Session
WTP
UDP, TCP, T/TCP
Host-to-Host
Transport
WTLS
IP, ARP, ICMP
WDP
Internet
Network
Data Link
Network Interface
Bearer Services
ISO 7816-3, T0, T1
Physical
ISO OSI
WAP
Internet
9
Issues to be Addressed

• Data-link subnetwork definition, addressing and
  fragmentation
• IP over T0, 1, and 2
• ARP, RARP and ICMP
• IPv4 versus IPv6 Addresses
• Static versus Dynamic Card Addresses
• Address Finding Forwarding (PPP, DHCP and
  Mobile IP)
• UDP, T/TCP, TCP
• Authentication, Authorization and Auditing (AAA)
• Transaction Internet Protocol (TIP)

10
Initial Thinking

• Data-link subnetwork
• every smart card is a host, the terminal is
  gateway router
• need an addressing scheme on this subnetwork
• IPv6 will require a data-link fragmentation
  protocol
• IP over ISO 7816-3
• data field is IP packet
• 5-byte header describes packet
• ARP
• include ATR
• Both static and dynamic address cards seem to be
  useful
• start with IPv4
• Need a transaction model

11
Interconnection of networks
Mobile
Desktop
Smart cards connect sneaker net to the Internet.
12
Contenders for Mobile Trust

• Mobile Telephones
• GSM, 3G, WAP, ...
• Pagers
• Pagewriter, Blackberry,
• H/PCs
• Palm, Visor,
• Smart Card Carry-Along Readers
• Xiring, Towitoko, Spyrus,
• Authentication Tokens
• Mobil Fastpass, First Access, Ensure, i-Key, ...
• Settop and Game Controllers
• WebTV, Tatung, Sega, Nintendo, ...
• Personal Digital Audio
• Diamond Rio, Sony ICD-70PC, Audible, ...

13
Trust
Who are YOU?
14
Identity Modules

• Mobile transactions need reliable identification
  of the caller regardless of the mobile device.

• 300M GSM telephones use a smart card chip called
  a Subscriber Identity Module (SIM).
• SIMs separate the identity function from the
  communication function.
• A SIM in some form will be a part of any mobile
  trust solution.

15
IP over SMS and ISO 7816-3
Customers ME
SIM
Web ServerApplet
IP tunnelling
SIM Toolkit
Courtesy of Joachim Posegga, Deutsche Telekom
16
WebSIM AuthenticationGeneric Version
Geeks ME
GeeksSavingsBank
Geeks Mobile Operator
Courtesy of Joachim Posegga, Deutsche Telekom
17
Status and Plans

• Status
• First smart card IP implementation built by
  University of Michigan
• Internet-Draft for IP over ISO 7813-3 submitted
  to IETF
• Bull describes proxy-based IP for smart cards
  with proprietary host/card communication
• Smart card Web server built for GSM SIM and
  demonstrated on GSM mobile network by Deutsche
  Telekom and Mobile-Mind
• Plans
• Second IP implementation IETF standards track
  submission
• Generate proposal for smart card IP address (IPv4
  vs. IPv6)
• Connect network smart cards and WebSIM to dot com
  apps.
• Integrate Web server with smart card browsers
• Experiment with alternative transaction protocols

18
Conclusions

• Smart card modules are particularly attractive
  on-line identity tokens regardless of the nature
  of the network or the device used to connect to
  it.
• Utility beyond simple authentication is very
  application and situation dependent.
• If you think getting the bits around was fun,
  wait until we start moving trust and risk around.

19
You can all join in!
Traffic, 1968