Nov 02
A secure element (SE) is a tamper-resistant device capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities. This presentation shows our solutions about Secure Element  
Tags: | |
Oct 18
We worked a lot in the past months on NCryptoki, the .NET wrapper to PKCS#11 module and we worked a lot in finding the best way to integrate PKCS#11 tokens in a web page (aspx, php, jsp, etc.). Till now we used a Java based approach using a Java Applet embedded in the web page. Such an applet includes a Java version of NCryptoki (JCryptoki) and a JQuery script that supplies a JavaScript interface to JCryptoki's classes. Such a Java approach works as expected by has some not nice-to-have security issues that: 1) give a bad user experience; 2) are higly dependant on the JRE installed on the client side. So we searched for a better way. We ported the entire NCryptoki package to Silverlight 5 and we have created a Silverlight user control that exports the NCryptoki classes to the JavaScript world. This approach seems very nice respect to the user exeprience and doesn't give strong security i... [More]
Oct 14
Una delle richieste più frequenti in quest'ultimo periodo è la disponibilità di un componente che consenta di leggere da pagina web (aspx, php, etc.) i dati contenuti nella CNS e di usare la CNS per autenticarsi in un sito web. La soluzione che ho proposto finora era basata su di un applet Java che inserita in una pagina web consente di accedere al contenuto della CNS (si veda: Cosa c'è nella mia CRS). Sebbene la soluzione funzioni bene, ha il difetto di mostrare all'utente un antipatico warning che avverte della presenza di un applet Java che potrebbe contenere codice maligno e danneggaire il computer. Ho quindi indagato sulla possibilità di sfruttare le potenzialità di Silverlight per realizzare un componente che sostituisse l'applet e con grande entusiasmo posso annunciare di aver realizzato uno User Control Silverlight che consente di ac... [More]
Oct 08
EMV is a set of specifications for interoperation of smart cards ("Chip cards") and smart card capable points of service (POS) and ATMs (Automatic Teller Machine) for authenticating credit and debit card payments.  The EMV standard defines the interaction at the physical, electrical, data and application levels between smart cards and smart card processing devices (mainly a POS or an ATM with a smart card reader) for financial transactions. Portions of the standard are heavily based on the smart card interface defined in ISO 7816. Values involved in an EMV transaction are transported and identified by a tag which defines the meaning of the value, the format and the length. Working on EVM capable smart cards and acceptance devices one of the most complex issue is to understand the meaning of the tags involved in a transaction. I collected in this page all EMV tags with a detailed ... [More]
Tags: