Article details

Title: Signing Electronic Documents, Encrypting Data and Managing Cryptographic Objects in a Secure Environment
Author(s): Alexandra Lupascu   Cristian Lupascu            

Abstract: Given the significant growth of interest in the security of information technology domain, more and more organizations choose to implement solutions that ensure the authenticity, integrity and confidentiality of their data. Digital signatures enable organizations that have invested in business automation systems and electronic content management systems to conduct their activities with greater efficiency by eliminating the need of paper without making compromises in terms of information security. Furthermore, smart card based systems significantly strengthens security, protecting both the credentials used to authenticate people and the resources or information they wish to access. This paper proposes a framework for signing electronic documents, encrypting data and managing cryptographic objects using smart cards that are compatible with the Java Card technology. The first part is concerned with smart card technology standards and a generic cryptographic token interface necessary to meet interoperability requirements. The second part describes the general architecture of the proposed framework that is designed to integrate into current systems without the need to modify any existing application that requires cryptographic services.

Keywords: cryptography, smart cards, interoperability, Java Card.

References:

[1] T. SCHWARZHOFF, J. DRAY, J. WACK, E. DALCI, A. GOLDFINE, M. IORGA – Government Smart Card Interoperability Specification, Version 2.1, Interagency Report 6887-2003 Edition, National Institute of Standards and Technology (NIST), Jul. 16, 2003
[2] *** – ISO/IEC 7816-4:1995, Information technology - Identification Cards - Integrated Circuit(s) Cards with Contacts – Part 4: Interindustry Commands for Interchange, International Organization for Standardization, Aug. 1995, https://www.iso.org/standard/14738.html
[3]C.E. ORTIZ – An introduction to Java Card Technology, Part 1, May 29, 2003, http://www.oracle.com/technetwork/java/embedded/javacard/documentation/javacard2-138597.html
[4] Z. CHEN – Java Card Technology for Smart Cards: Architecture and Programmer’s Guide, Addison-Wesley Longman Publishing Co., Inc. Boston, MA, 2000
[5] *** – PKCS#15 v1.1: Cryptographic Token Information Syntax Standard , RSA Laboratories, Jun. 6, 2000
[6] ***– ISO/IEC 7816-15:2004, Identification cards – Integrated Circuit(s) Cards – Part 15: Cryptographic Information Application, First Edition, International Organization for Standardization, 2004