Center for Information Technology Integration
University of Michigan
Smartcards have traditionally been isolated from computer networks, communicating exclusively with the host computers to which they are attached through a serial port.
This era is ending, in part due to the flexibility and programmability of JavaCards. Researchers are now beginning to communicate with smartcards using Internet protocols.
At CITI, we are building a middleware infrastructure that allows secure access to remote smartcards, communicating encrypted payloads over UDP/IP. Session key establishment uses SPEKE, a PIN-based encrypted key exchange protocol. We also provide each card with an Internet domain name, assuring a unique name regardless of card location.
We have built two sample applications that use this infrastructure:
Kerberos and SSH. These authentication protocol clients highlight the security
and convenience benefits of using Internet smartcards for personal key
storage and cryptography.