Smart cards combine the utility of a small computer with the convenience of a credit card. Having a computer
as part of the card allows the storage of significant amounts of data. Processing, such as data manipulation or
encryption/decryption, can also be performed. The resulting product is useful for a wide variety of applications
in the financial industry, in access control, and in any other functions where mobile data storage and
processing is required.
The following activities represent some of the output of RMTCI in the field of smartcards.
- Technical Editor for preparation and certification of the Smart Card Security Users
Group Smart Card Protection Profile. This effort involved a consortium of the major
payment associations (Visa, MasterCard, American Express, and JCB) as well as multiple
government representatives (US, Canada, Great Britain, France, Germany, and Japan).
The Protection Profile
(written according to the requirements of the Common Criteria ISO 15408) was certified in the US,
Canada ,
Germany, and
France
in September, 2001.
- Author of EMV Integrated Circuit Card Credit and Debit Application Protection
Profile draft (submitted to EMVCo for review in 2001).
- Adjunct Technical Consultant for Authenti-Corp.
Contributed to:
- Defining Smart Card Security, A Guide to Process and References, DRAFT 2002
- NIST Special Publication 500-157a, Smart Card Technologies: Physical and Logical
System Security Tools DRAFT 2002.
- Government Smart Card Interoperability Specification - Smart
Card Application Protection Profile, DRAFT 2003.
- Author of Monographs for Smart Card Industry Association (SCIA is now part of the
Smart Card Alliance).
- Smart Card Attack Review - GSM Cellphone Clone, Differential Power Analysis, July 1998
- Smart Card Attack Review, June 1999
- Common Criteria and Smart Card Security Evaluations, May 2000
- Instructor for Smart Card Forum smart card security
(Smart Card Forum is now part of the Smart Card Alliance).
- Developer of prototype 3Com Palm III Java card smart card
reader
(in association with AcuLab, Inc.)
- Developer of PC based prototype smart card identification
card with photo contained in smart card memory
(in association with
AcuLab, Inc.)
- Attended Europay International and MasterCard International Chip Vendor
Services Program, September 2000 to review presentations and provide independent
comments on possible improvements.
- Invited attendee to TNO EIB "Cooperation in Security - A Seminar and Look
Behind the Scenes", Delft, The Netherlands, September 2000.
- Invited attendee to TNO ITSEF Seminar "Security a Moving Target", Delft,
The Netherlands, October 2004.
- Provided training in Common Criteria to various industrial groups.
- Provided technical writing services for various customers to generate papers
on Smart Card Security Principles, Chip Card Migration Studies, Smart Card
Test Requirements, and reviews of specific smart card hacks and penetrations.
- Managed smart card security evaluations while at Sandia National
Laboratories, Albuquerque, New Mexico (prior to "retirement" in 1997).
- Professional Contributions:
- "Common Criteria and the Smart Card Security Users Group Smart Card
Protection Profile", presented at the SMPTE Study Group DC28.4, Los Angeles, CA, May 22, 2001.
- "Review of Smart Card Security Reports and Publications", presented at Smart Card
Industry Association Fall '98 Workshop, Arlington, VA, November 16-17, 1998.
- "Smart Card Security and System Integrity", presented at Smart Card Forum 1997,
Fifth Annual Meeting, Washington, DC, September 16, 1997 as part of Smart Card Forum
Educational Institute Smart Card Introductory Course.
- "Multi-Application Cards", presented at the International Cards Council,
London, England, April 15, 1997.
|