SlideShare a Scribd company logo

Security's Once and Future King

Download as PPT, PDF
Kapil Sachdeva
Kapil Sachdeva

Slides of the google techtalk : See the techtalk here - http://youtube.com/watch?v=0L5tydvxNM0

TechnologyBusiness
1 of 37
Security’s Once and Future King Smart Cards for Web 2.0 Kapil Sachdeva Software Technologist Technology & Innovation Gemalto, Austin
Smart Card : The Hardware ,[object Object],[object Object],[object Object],[object Object],[object Object],Plastic card Contact pad Gold wiring Epoxy fill Secure chip ROM Crypto CPU RAM NVM ROM, Operating system EEPROM, Application Memory
Smart Card : The Security Device ,[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Card : The Comm. Protocol ,[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Card : The Form Factors ,[object Object],[object Object],[object Object],[object Object]
Smart Card : The Business Verticals 300 Million 20 Million 2600 Million 500 Million 2007 Shipment Estimates Source: EUROSMART
Smart Card : The Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver (USB CCID Class) Smart Card Readers Smart Cards PC/SC IFD Handler Interface PC/SC RM Interface
Smart Card : The History ,[object Object],[object Object],[object Object],[object Object],[object Object]
JavaCard : A Revolution
JavaCard: The revolutionary Smart Card ,[object Object],[object Object],[object Object],Anecdote: The first Java Card prototype used an 8-bit processor, 26K of ROM, 400 bytes of RAM & 1KB of EEPROM. Today smart cards have 32-bit chips, 16KB of RAM, 512KB of ROM/Flash
JavaCard Virtual Machine & Runtime ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
package com.gemalto.wallet; public class MyWallet extends Applet { public void select() {...} public void install() {...} public void debit(byte[] buff){ } public void credit(byte[] buff){ } public void process(APDU apdu) { byte[] buff = apdu.getBuffer(); switch(Util.getShort(buff,(short)0) { case INS_WALLET_DEBIT: debit(buff); break; case INS_WALLET_CREDIT: credit(buff); break; default: ISOException.throwIT(INVALID_INS); } } } A JavaCard toy Application
JavaCard : Some misses ,[object Object],[object Object],[object Object]
.NET Card : An Innovation
.NET Card: The evolutionary Smart Card ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
namespace MyCompany { public class MyWallet : MarshalByRefObject { [Transaction] public void Debit(int amount) { } [Transaction] public void Credit(int amount) { } public static void Main(string[] args) { ChannelServices.RegisterChannel(new APDUServerChannel()); RemotingServices.Marshal(new MyWallet(), “Wallet.uri"); } } } A .NET Card toy Application
Smart Card : The Applications ,[object Object],[object Object],[object Object],[object Object],[object Object]
Fitting in the client crypto architecture ,[object Object],[object Object],[object Object],[object Object]
A Quick Recap
Smart Card : The Client Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver Smart Card Readers Smart Cards Service Providers Service Providers Service Provider Middleware PC/SC IFD Handler Interface PC/SC RM Interface Service Provider Interfaces
The Web
Ubiquity is key for Web applications
Smart Cards and the Web: Classical ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
In other words, Break the ubiquity of web & Lose the mobility of Smart Cards
A security mechanism should not make accessing a resource, or taking some action more difficult than it would be if security mechanism were not present. Principle of Psychological Acceptability
DEMO: Let me show you what I mean
Web 2.0
Blogs AJAX Phishing E-gov Theft Web Services XML SOAP RSS Flickr Google Maps REST Social Networking
A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with server. XMLHttpRequest
If I have seen further it is by standing on the shoulders of Giants - Issac Newton
A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with Smart Card SConnect
[object Object],[object Object],[object Object],[object Object],[object Object],SConnect OPERATING SYSTEMS BROWSERS DOWNLOAD 15
<html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp() { var scom = new SConnect.PCSC(); var readersWithCards = scom.listReaders(true); // if more then one reader, employ some discovery mechanism scom.connect(readerWithCards[idx]); var response = scom.exchange(“00A4040007A0000000020302”); if (response == “9000”){ _otp = scom.exchange(“002100000106”); } scom.dispose(); // put the _otp value in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> A few lines of JavaScript…
<html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script src=“http://www.sconnect.com/scripts/marshaller.js” language=“javascript”/> <script src=“oath_stub.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp(){ var oathApp = new Samples.OATHApp(“selfdiscover”,0,”OATHService.uri”); _otp = oathApp.get_OTP(); // put the value of _otp in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> Fewer lines of JavaScript…
DEMO: Device Administration Service ,[object Object],[object Object]
DEMO: Two-factor auth. for Web Apps ,[object Object],[object Object],[object Object],[object Object]
Begin at the beginning and go on till you come to the end: then stop. Thank You

Recommended

Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Svetlin Nakov
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Smart Vehicle
Smart VehicleSmart Vehicle
Smart VehicleAnil Chaurasiya
 
Dickie Sant
Dickie SantDickie Sant
Dickie Santrsant90
 
擴充功能講習 主管
擴充功能講習 主管擴充功能講習 主管
擴充功能講習 主管guesta1cf86
 
抗震 让爱心传[1]..
抗震 让爱心传[1]..抗震 让爱心传[1]..
抗震 让爱心传[1]..kattgu
 
Tiempobueno
TiempobuenoTiempobueno
Tiempobuenoguest6ff9db
 

Recommended

Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)
Client-Side Wallets in DApps - Nakov @ BlockWorld 2018 (San Jose)Svetlin Nakov
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Smart Vehicle
Smart VehicleSmart Vehicle
Smart VehicleAnil Chaurasiya
 
Dickie Sant
Dickie SantDickie Sant
Dickie Santrsant90
 
擴充功能講習 主管
擴充功能講習 主管擴充功能講習 主管
擴充功能講習 主管guesta1cf86
 
抗震 让爱心传[1]..
抗震 让爱心传[1]..抗震 让爱心传[1]..
抗震 让爱心传[1]..kattgu
 
Tiempobueno
TiempobuenoTiempobueno
Tiempobuenoguest6ff9db
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfDEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfWlamir Molinari
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java CardJulien SIMON
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009Sebastian Hans
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam崇倍 洪
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authenticationdsapps
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceMartijn Oostdijk
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)ALOK GUPTA
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on MicrocontrollerRyuji Ishiguro
 
Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Majurageerthan Arumugathasan
 
La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011craigomatic
 
Embedded. What Why How
Embedded. What Why HowEmbedded. What Why How
Embedded. What Why HowVolodymyr Shymanskyy
 
Javacardtech
JavacardtechJavacardtech
JavacardtechVivek Bajpai
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Introduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformIntroduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformSrinath Perera
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDSebastián Guerrero Selma
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.pptssuser1b4013
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 
Unit 5 m commerce
Unit 5 m commerceUnit 5 m commerce
Unit 5 m commerceDr. C.V. Suresh Babu
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

More Related Content

Similar to Security's Once and Future King

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfDEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfWlamir Molinari
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java CardJulien SIMON
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009Sebastian Hans
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam崇倍 洪
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authenticationdsapps
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceMartijn Oostdijk
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)ALOK GUPTA
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on MicrocontrollerRyuji Ishiguro
 
La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011craigomatic
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Introduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformIntroduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformSrinath Perera
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.pptssuser1b4013
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 

Similar to Security's Once and Future King (20)

eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdfDEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
DEFCON-21-Koscher-Butler-The-Secret-Life-of-SIM-Cards-Updated.pdf
 
Security applications with Java Card
Security applications with Java CardSecurity applications with Java Card
Security applications with Java Card
 
PlaySIM Project Java One 2009
PlaySIM Project Java One 2009PlaySIM Project Java One 2009
PlaySIM Project Java One 2009
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
 
Java card technology
Java card technologyJava card technology
Java card technology
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authentication
 
Smart Cards, ePassports, and open source
Smart Cards, ePassports, and open sourceSmart Cards, ePassports, and open source
Smart Cards, ePassports, and open source
 
SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)SCOSTA (Smart Card Operating System for Transport Applications)
SCOSTA (Smart Card Operating System for Transport Applications)
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on Microcontroller
 
Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Smart shopping cart (using RFID)
Smart shopping cart (using RFID)
 
La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011La Cantine Presentation, Paris, 10th June 2011
La Cantine Presentation, Paris, 10th June 2011
 
Embedded. What Why How
Embedded. What Why HowEmbedded. What Why How
Embedded. What Why How
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
 
Introduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics PlatformIntroduction to WSO2 Data Analytics Platform
Introduction to WSO2 Data Analytics Platform
 
Demystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchIDDemystifying Apple 'Pie' & TouchID
Demystifying Apple 'Pie' & TouchID
 
Embedded systems presentation power point.ppt
Embedded systems presentation power point.pptEmbedded systems presentation power point.ppt
Embedded systems presentation power point.ppt
 
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
 
Unit 5 m commerce
Unit 5 m commerceUnit 5 m commerce
Unit 5 m commerce
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Security's Once and Future King

  • 1. Security’s Once and Future King Smart Cards for Web 2.0 Kapil Sachdeva Software Technologist Technology & Innovation Gemalto, Austin
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Smart Card : The Business Verticals 300 Million 20 Million 2600 Million 500 Million 2007 Shipment Estimates Source: EUROSMART
  • 7. Smart Card : The Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver (USB CCID Class) Smart Card Readers Smart Cards PC/SC IFD Handler Interface PC/SC RM Interface
  • 8.
  • 9. JavaCard : A Revolution
  • 10.
  • 11.
  • 12. package com.gemalto.wallet; public class MyWallet extends Applet { public void select() {...} public void install() {...} public void debit(byte[] buff){ } public void credit(byte[] buff){ } public void process(APDU apdu) { byte[] buff = apdu.getBuffer(); switch(Util.getShort(buff,(short)0) { case INS_WALLET_DEBIT: debit(buff); break; case INS_WALLET_CREDIT: credit(buff); break; default: ISOException.throwIT(INVALID_INS); } } } A JavaCard toy Application
  • 13.
  • 14. .NET Card : An Innovation
  • 15.
  • 16. namespace MyCompany { public class MyWallet : MarshalByRefObject { [Transaction] public void Debit(int amount) { } [Transaction] public void Credit(int amount) { } public static void Main(string[] args) { ChannelServices.RegisterChannel(new APDUServerChannel()); RemotingServices.Marshal(new MyWallet(), “Wallet.uri&quot;); } } } A .NET Card toy Application
  • 17.
  • 18.
  • 20. Smart Card : The Client Infrastructure ICC-Aware Application ICC-Aware Application Smart Card Aware Application Resource Manager IFD Handler IFD IFD IFD SC SC SC Reader Driver Smart Card Readers Smart Cards Service Providers Service Providers Service Provider Middleware PC/SC IFD Handler Interface PC/SC RM Interface Service Provider Interfaces
  • 22. Ubiquity is key for Web applications
  • 23.
  • 24. In other words, Break the ubiquity of web & Lose the mobility of Smart Cards
  • 25. A security mechanism should not make accessing a resource, or taking some action more difficult than it would be if security mechanism were not present. Principle of Psychological Acceptability
  • 26. DEMO: Let me show you what I mean
  • 28. Blogs AJAX Phishing E-gov Theft Web Services XML SOAP RSS Flickr Google Maps REST Social Networking
  • 29. A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with server. XMLHttpRequest
  • 30. If I have seen further it is by standing on the shoulders of Giants - Issac Newton
  • 31. A platform and application agnostic connectivity bridge to help JavaScript in a web page to communicate with Smart Card SConnect
  • 32.
  • 33. <html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp() { var scom = new SConnect.PCSC(); var readersWithCards = scom.listReaders(true); // if more then one reader, employ some discovery mechanism scom.connect(readerWithCards[idx]); var response = scom.exchange(“00A4040007A0000000020302”); if (response == “9000”){ _otp = scom.exchange(“002100000106”); } scom.dispose(); // put the _otp value in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> A few lines of JavaScript…
  • 34. <html> <head> <script src=“http://www.sconnect.com/scripts/sconnect.js” language=“javascript”/> <script src=“http://www.sconnect.com/scripts/marshaller.js” language=“javascript”/> <script src=“oath_stub.js” language=“javascript”/> <script language=“javascript”> var _otp; function getOtp(){ var oathApp = new Samples.OATHApp(“selfdiscover”,0,”OATHService.uri”); _otp = oathApp.get_OTP(); // put the value of _otp in text box } </script> </head> <body> <label>Press the button to get the OTP</label> <input type=“button” value=“click me” onclick=“getOtp(); submit();”/> </body> </html> Fewer lines of JavaScript…
  • 35.
  • 36.
  • 37. Begin at the beginning and go on till you come to the end: then stop. Thank You