Hand-held computers can be better smart cards

Dirk Balfanz, Edward W. Felten

Research output: Contribution to conferencePaper

Abstract

Smart cards are convenient and secure. They protect sensitive information (e.g., private keys) from malicious applications. However, they do not protect the owner from abuse of the smart card: An application could for example cause a smart card to digitally sign any message, at any time, without the knowledge of the owner. In this paper we suggest that small, hand-held computers can be used instead of smart cards. They can communicate with the user directly and therefore do not exhibit the above mentioned problem. We have implemented smart card functionality for a 3COM PalmPilot. Our implementation is a PKCS#11 module that plugs into Netscape Communicator and takes about 5 seconds to sign an email message. Generalizing from this experience, we argue that applications that are split between a PC and a hand-held device can be more secure. While such an application remains fast and convenient to use, it gains additional security assurances from the fact that part of it runs on a trusted device.

Original languageEnglish (US)
StatePublished - Jan 1 1999
Event8th USENIX Security Symposium - Washington, United States
Duration: Aug 23 1999Aug 26 1999

Conference

Conference8th USENIX Security Symposium
CountryUnited States
CityWashington
Period8/23/998/26/99

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Hand-held computers can be better smart cards'. Together they form a unique fingerprint.

  • Cite this

    Balfanz, D., & Felten, E. W. (1999). Hand-held computers can be better smart cards. Paper presented at 8th USENIX Security Symposium, Washington, United States.