Abstract
Nowadays, electronic commerce (e-commerce) has brought facilitation to people’s daily lives. Smart-card-based systems are widely used as an implementation, where smart cards act as a secure carrier for small-sized data. However, most of these systems are developed and managed by each service provider individually and repeatedly, which causes both unnecessary work and difficulties in future maintenance. Besides, advantages of smart card technology are not full-fledged for the lack of enough consideration in flexibility and security. To propose a solution, this article presents a Universal Application Storage System, including card side, terminal side, and back-end system. The card side provides a universal and secured infrastructure for data storage, where data are organized and stored in a card file system with several security mechanisms. In the terminal side, a framework for accessing various forms of secure element is presented to simplify the procedures involved in manipulating smart cards. Through this framework, the back-end system is able to establish a direct connection to the card, and performs authorized operations by exchanging commands in a secure channel. The validity of the proposed system is verified at the end of this article, illustrated by an e-coupon system.
- Daniel Borleteau and Nicolas Bousquet. 2012. Security of mobile devices, applications and transactions. In Proceedings of ISSE 2012 Securing Electronic Business Processes. Springer Link Inc. 149--160.Google Scholar
Cross Ref
- Samia Bouzefrane, Julien Cordry, Herv Meunier, and Pierre Paradinas. 2008. Evaluation of Java card performance. Lecture Notes in Computer Science, Vol. 5189, Springer, Berlin, 228--240. DOI: 10.1007/978-3-540-85893-5-20Google Scholar
- Giesecke and Devrient GmbH. 2011. MSC Smartcard Service. (April 2011). Retrieved May 7, 2014 from http://code.google.com/p/seek-for-android/wiki/MscSmartcardService.Google Scholar
- GlobalPlatform. 2003. GlobalPlatform Card Specification, version 2.1.1.Google Scholar
- GlobalPlatform. 2012. GlobalPlatform Device Technology: Secure Element Access Control, version 1.0. GlobalPlatform Inc.Google Scholar
- GSMA. 2007a. Mobile NFC Technical Guidelines Version 1.0. GSMA.Google Scholar
- GSMA. 2007b. Pay-Buy-Mobile Business Opportunity Analysis—Public White Paper Version 1.0. GSMA.Google Scholar
- Robert J. Glushko, Jay M. Tenenbaum, and Bart Meltzer. 1999. An XML framework for agent-based e-commerce. Communications of the ACM 42 (1999), 106--114. Google Scholar
Digital Library
- ISO/IEC. 2005. ISO/IEC 7816-4: Identification cards—Integrated circuit cards—Part 4: Organization, security and commands for interchange, ISO/IEC Std. 2005.Google Scholar
- Antero Juntunen, Sakari Luukkainen, and Virpi Kristiina Tuunainen. 2010. Deploying NFC technology for mobile ticketing services--Identification of critical business model issues. In Proceedings of 2010 9th International Conference on Mobile Business & 2010 9th Global Mobility Roundtable. IEEE Computer Society. 82--89. Google Scholar
Digital Library
- M. Fahim Ferdous Khan, Yashiro Takeshi, Ito So, Masahiro Bessho, and Ken Sakamura. 2009. A secure and flexible electronic-ticket system. In Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference. 421--426. Google Scholar
Digital Library
- Hong-ping Li and Xiu-ming Jia. 2007. Comprehensive managing system of campus smart card. Journal of Lanzhou Petrochemical College of Vocational Technology 1 (2007), 45--52.Google Scholar
- Teddy Mantoro and Admir Milisic. 2010. Smart card authentication for Internet applications using NFC enabled phone. In Proceedings of the 3rd International Conference on Information and Communication Technology for the Muslim World 2010 (ICT4M). D13--D18.Google Scholar
Cross Ref
- Kazuo Matsuyama and Ko Fujimura. 1999. Distributed digital-ticket management for rights trading system. In Proceedings of the 1st ACM Conference on Electronic Commerce. New York, NY, 110--118. Google Scholar
Digital Library
- Jon Oberheide and Charlie Miller. 2012. Dissecting the android bouncer. SummerCon2012.Google Scholar
- Oracle. 2011. Java Card 3 Platform: Runtime Environment Specification, Classic Edition 3.0.4. Oracle Inc.Google Scholar
- Marius Popa and Cristian Toma. 2009. Secure automatic ticketing system. In Proceedings of WSEAS International Conference on Data, Networks, Communications, and Computers. 116--123. Google Scholar
Digital Library
- Wolfgang Rankl. 2007. Smart Card Applications: Design Models for Using and Programming Smart Cards. John Wiley and Sons, New York, NY. Google Scholar
Digital Library
- Marie Reveilhac and Marc Pasquet. 2009. Promising secure element alternatives for NFC technology. In Proceedings of 2009 1st International Workshop on Near Field Communication. 75--80. Google Scholar
Digital Library
- Juan J. Sánchez-Silos, Francisco J. Velasco-Arjona, and Irene Luque Ruiz. 2012. An NFC-based solution for discount and loyalty mobile coupons. In Proceedings of the 4th International Workshop with Focus on Near Field Communication. 45--50. Google Scholar
Digital Library
- SDCard Alliance. 2009. Advanced Security SD Card (EB/OL). (March 2009). Retrieved June 7, 2014 from https://www.sdcard.org/developers/overview/ASSD/.Google Scholar
- Takeshi Yashiro, M. Fahim Ferdous Khan, and So Ito. 2011. eTNet: A smart card network architecture for flexible electronic commerce services. In Proceedings of the 2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2011). IEEE. 1--5.Google Scholar
Index Terms
A Universal Application Storage System Based on Smart Card
Recommendations
A novel consumer-centric card management architecture and potential security issues
Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-...
Developing smart card applications using the OpenCard Framework
ACM-SE 42: Proceedings of the 42nd annual Southeast regional conferenceSmart cards provide a compact, secure, and widely used method for identifying ourselves and authenticating our transactions. With their increasing incorporation into credit cards and the cellular industries move toward smart card based GSM networks, ...
Recovering from a lost digital wallet
Multi-application smart cards enable a user to potentially have a diverse set of applications on her smart card. The growing trend of services convergence fuelled by Near Field Communication and smart phones has made multi-application smart cards a ...






Comments