New Security Aspects to SmartCards

Article ImageFor more than a decade, European reliance on SmartCards—to secure financial transactions, authenticate cell phones, and more recently, to launch the ePassports initiative—has grown steadily. A SmartCard is essentially a little computer that, when put on a banking card, mobile phone, or other device, acts as a gatekeeper between the stored content and the outside world. Unlike the magnetic strips of credit cards that passively spit out data as they're swiped, "the SmartCard chip plays a much more active part in the transaction," says Chris Caruk, chief technologist and VP of marketing for Aspects Software. Today, as a result of work done by Aspects, SmartCards are poised to play a much bigger role in enabling the secure transfer of content in all its glorious forms.

While experience demonstrates that no encryption scheme is 100% hacker-proof, SmartCard has proven relatively effective for content protection. "A huge amount has been done to lock down SmartCards so they can't be cracked," says Caruk. "And when you have so many people in the world trying to crack everything that's out there, the fact that SmartCards haven't been hacked yet is quite an accomplishment."

But until now, SmartCards have suffered a significant limitation as they could be manufactured for use only with static, application-specific devices. "Basically, when you built a device, you built it to do what it does and there's no flexibility. Each one does one thing," Caruk explains. "There was a real need to have an OS that could run multiple applications on one piece of plastic." Aspects has attempted to fill that need with the release of OS755. "It's an implementation of Sun's Java Card OS that allows people to write applets in Java that in one way or another provide additional functionality to the card," says Caruk. "It's like comparing your calculator to your computer." OS755 also enables mobile phone operators, financial institutions, and the like to update cards remotely.

Besides reducing the time to market for SmartCard-based phones, financial cards, and more, Aspects sees a bright future for OS755 in the next generation of flash memory devices. "These new flash memory devices are a combination of a SmartCard and flash memory," says Caruk, adding much needed security to things like USB thumb drives through password protection and/or biometrics like thumbprints. "If you lose one of these devices such as they are now, all the information that's on it can be read by anyone. The kind of technology that we've enabled can lock down that info."

Aspects' aspirations aren't limited just to USB thumb drives, though. "We think this technology can be used in hard drives, motherboards, graphics cards . . . anywhere you might be using media," says Caruk. The first OS755-equipped flash drives are packaged as SD cards and make use of the same electrical interfaces as standard SD cards, meaning that only the driver software needs to be changed to use these devices on PDAs and phones that already support SD cards.

Ultimately, secure flash memory could become the piece that completes the DRM puzzle as they enable content consumers and content providers to establish secure relationships while also allowing consumers to take their content with them. "If you download something to a mobile phone, you want to be able to get that content onto another device," says Caruk. For example, he says, "With MP3s stored on flash memory with this security, you can make that content portable."

Next-generation flash drives may also revolutionize the concept of personal computing as they increase in capacity, decrease in cost, and gain the added security of OS755-equipped SmartCards. "My whole profile could go onto one drive, all of my email folders as well as the majority of my working documents," says Caruk. "All of the things that make my session with my computer unique could be stored on a flash drive."