查看文章

One often hears the claim that smart cards are the solution to a number of security problems, including those arising in point-of-sale systems. In this paper, we characterize the minimal properties necessary for the secure smart card point-of-sale transactions. Many proposed systems fail to provide these properties: problems arise from failures to provide secure communication channels between the user and the smart card while operating in a potentially hostile environment (such as a point-of-sale application.) Moreover, we discuss several types of modi cations that can be made to give smart cards additional input/output capacity with a user, and describe how this additional I/O can address the hostile environment problem. We give a notation for describing the e ectiveness of smart cards under various environmental assumptions. We discuss several security equivalences among di erent scenarios for smart cards in hostile environments. Using our notation, these equivalences include: private input private output trusted input+ one-bit trusted output trusted output+ one-bit trusted input secure input secure output