A security privacy aware architecture and protocol for a single smart card used for multiple services

Abstract

In the face of the expanding Internet and an ever-growing number of threats, today's society is becoming more geared towards greater security and protection of privacy and personal information. Smart cards provide protection for information at the hardware level, however, smart cards are designed for use with a single specific application. In this paper we introduce the concept of utilising a single smart card with multiple applications. Such a scheme would, however, increase the reward of an attack on the smart card due to the amount of information stored on a smart card. This paper proposes an architecture to allow a single smart card to be used in a dynamic multiple application environment. In conjunction with the architecture, a protocol messaging scheme is provided to protect all information communicated between the smart card and an application through the use of one-time passwords, whilst maintaining the privacy of one's personal information.