USENIX Technical Program - Abstract - Smartcard 99
Mutual Authentication with Smart Cards
Bastiaan Bakker, Delft University of Technology
The World Wide Web has become the de facto interface for consumer
oriented electronic commerce. So far the interaction between consumers
and merchants is mostly limited to providing information about
products and credit card based payments for mail orders. This is
largely due to the lack of security currently available for commercial
transactions. At the moment the only security mechanism present in
most browsers is the Secure Socket Layer (SSL) which is limited to
authentication and encryption of the HTTP session. It does not aim to
This report describes the design of a new three party
authentication and key distribution protocol to serve as a foundation
for WWW based transactions. Instead of having a radically new design
it is derived from KryptoKnight protocol family developed at IBM. An
important design consideration has been that it can be implemented
with existing smart card technology. Specifically the Dutch Chipper
and ChipKnip cards have been examined for their applicability. The
result is an ABK(t) type protocol that runs with any card that
supports either the ISO7816 internal authenticate command or
the En726 read stamped or protected read instructions.
Secondly a prototype has been implemented in Java that can run in
either the Java Development Kit or the Netscape or HotJava browser.
Though Java was not designed for implementing hardware drivers it has
proven perfectly suitable for communication with smart cards. Also it
has effectively demonstrated its cross platform capabilities over
multiple operating systems: except for a small native library to talk
to the RS232 port the same code runs on Win32, Linux and the NCD
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.