Abstract
In recent years, a clear trend has emerged where businesses need to provide flexible access to its services so as to increase their usage by a much wider cross-section of users operating over public infrastructures but still within a trusted environment. This trusted environment must be established between all participating users and service provider entities before any transactions are carried out. To meet the challenge of enabling mobile users to work within a trusted environment on any untrusted machine, the notion of a trusted personal device (TPD) has emerged. This paper provides a survey giving a snapshot of the growing body of work ongoing in the area of TPDs and the services they support.
Similar content being viewed by others
References
Erl T (2005) Service-oriented architecture (SOA): concepts, technology and design. Prentice Hall, Upper Saddle River
W3C Web Services Activity. http://www.w3.org/2002/ws
Chan J, Rogers G, Agahari D, Moreland D, Zic J (2006) Enterprise collaborative contexts and their provisioning for secure managed extranets. In: Proceedings of the 15th IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises (WETICE’06), Manchester, pp 313–318
Camarinha-Matos L, Afsarmanesh H (2005) Collaborative networks: a new scientific discipline. J Intell Manuf 16:439–452
Chan J, Nepal S, Moreland D, Hwang H, Chen S, Zic J (2007) User-controlled collaborations in the context of trust extended environments. In: Proceedings of the 16th international workshops on enabling technologies: infrastructure for collaborative enterprises (WETICE’07), Paris, pp 389–394
Camarinha-Matos L, Afsarmanesh H, Ollus M (2005) Virtual organizations: systems and practices. Springer, Boston
Plisson J, Ljubic P, Mozetic I, Lavrac N (2007) An ontology for virtual organization breeding environments. IEEE Trans Syst Man Cybern C 37(6):1327–1341
Henkel M, Perjons E, Zdravkovic J (2007) Towards guidelines for the evolution of e-service environments. Int J Public Inf Syst 3:183–200
Rankl W, Effing W (2004) Smart card handbook. Wiley, New York
Lu H (2007) Network smart card review and analysis. J Comput Netw 51(9):2234–2248
Aussel J (2007) Smart cards and digital security. In: Proceedings of the 4th international conference on mathematical methods, models and architectures for computer network security (MMM-ACNS), St Petersburg, pp 42–56
Prinz W, Loh H, Pallot M, Schaffers H, Skarmeta A, Decker S (2006) ECOSPACE—towards an integrated collaboration space for eProfessionals. In: The 2nd international conference on collaborative computing: networking, applications and worksharing (CollaborateCom’06), Atlanta, pp 1–7
Wilson M, Arenas A, Schubert L (2007) IST-FP6 TrustCoM framework for trust, security and contract management V4. http://www.eu-trustcom.com
Bobba R, Gavrila S, Gligor V, Khurana H, Koleva (2005) Administering access control in dynamic coalitions. In: Proceedings of the 19th large installation system administration conference (LISA’05), San Diego, pp 249–261
Seamons K, Chan T, Child E, Halcrow M et al (2003) TrustBuilder: negotiating trust in dynamic coalitions. In: Proceeding of the DARPA information survivability conference and exposition, vol 2, Washington, pp 49–51
Ajayi O, Sinnott R, Stell A (2007) Trust realisation in multi-domain collaborative environments. In: Proceedings of the 6th IEEE/ACIS international conference on computer and information science (ICIC’07), Melbourne, pp 906–911
Asokan N, Debar H, Steiner M, Waidner M (1999) Authenticating public terminals. J Comput Netw 31:861–870
Surie A, Perrig A, Satyanarayanan M, Farber D (2006) Rapid trust establishment for transient use of unmanaged hardware. In: Technical Report CMU-CS-06-176
Garriss S, Caceres R, Berger S, Sailer R, Van Doorn L, Zhang X (2007) Towards trustworthy Kiosk computing. In: Proceedings of the 8th IEEE workshop on mobile computing systems and applications (HotMobile’07), Tucson, pp 41–45
Lin C, Varadharajan V (2006) Trust enhanced security—a new philosophy for secure collaboration of mobile agents. In: Collaborative computing: networking, applications and worksharing (CollaborateCom’06), Atlanta, pp 1–8
Bormann F, Manteau L, Linke A (2005) European research project “InspireD” (http://www.inspiredproject.com)—the future of smart cards. In: SIT Smart Card Workshop, Darmstadt
Bormann F, Manteau L, Linke A, Pailles J, Dijk J (2006) Concept for trusted personal devices in a mobile and networked environment. In: 15th IST mobile and wireless communication summit, Myconos
Smith J, Nair R (2005) Virtual machines: versatile platforms for systems and processes. Morgan Kaufmann, San Francisco
Trusted Computing Group. http://www.trustedcomputinggroup.org
Ormandy T (2007) An empirical study into the security exposure to hosts of hostile virtualized environments. In: The 8th annual CanSecWest conference, Vancouver
Ferrie P (2006) Attacks on virtual machine emulators. In: The 9th annual association of antivirus Asia researchers international conference (AVAR’06), Auckland
Montgomery M, Ali A, Lu H (2004) Secure network card—implementation of a standard network stack in a smart card. In: Proceedings of the 6th international conference on smart card research and advanced application (Cardis’04), Toulouse, pp 193–208
Giesecke & Devrient Internet Smart Card Technology (2006) http://www.gi-de.com/portal/page?_pageid=42,54860&_dad=portal&_schema=PORTAL
Urien P (2000) Internet card, a smartcard as a true Internet node. J Comput Commun 23(17):1655–1666
Rees J, Honeyman P (2000) Webcard: a Java card web server. In: Proceedings of the 4th working conference on smart card research and advanced application (Cardis’00), Bristol, pp 197–208
Zouari B, Afifi H, Hecker A, Labiod H, Pujolle G, Urien P (2003) A novel authentication model based on secured IP smart cards. In: Proceedings of the IEEE International Conference on Communications (ICC ‘03), vol 2, Anchorage, pp 809–813
Gemalto (formerly Axalto and Gemplus). http://www.gemalto.com
USB Implementers Forum. http://www.usb.org/
Remote NDIS (RNDIS) and Windows (2004). http://www.microsoft.com/whdc/device/network/NDIS/rmNDIS.mspx
Belcarra Technologies Extends USBLAN Support for Microsoft Windows™ to Include Ethernet Emulation Model (2006). http://www.belcarra.com/pdf/usb-otg-eem_announce_1.0.pdf
Nepal S, Zic J, Hwang H, Moreland D (2007) Trust extension device: providing mobility and portability of trust in cooperative information systems. In: Proceedings of the 15th international conference on cooperative information systems (CoopIS’07), LNCS 4803, Vilamoura, pp 253–271
Nepal S, Zic J (2006) A portable trusted device. In: Provisional Australian Patent
Ministry of Home Affairs Singapore (2006) In: The 15th annual governmentware securing intelligent enterprises (GovWare’06), Singapore
Gratzer V, Naccache D (2007) Trust on a nationwide scale. IEEE Secur Priv Mag 5(5):69–71
Encryptakey. http://www.encryptakey.com
Caceres R, Carter C, Narayanaswami C, Raghunath M (2005) Reincarnating PCs with portable SoulPads. In: Proceedings of the 3rd international conference on mobile systems, applications, and services (MobiSys’05), ACM Press, New York, pp 65–78
Kozuch M, Satyanarayanan M, Bressoud T, Helfrich C, Sinnamohideen S (2004) Seamless mobile computing on fixed infrastructure. IEEE Comput 37(7):65–72
Adams C, Lloyd S (2002) Understanding PKI: concepts, standards, and deployment considerations. Pearson Education, London
Nepal S, Zic J, Kraehenbuehl G, Jaccard F (2007) A trusted system for sharing patient electronic records in autonomous distributed healthcare systems. Int J Healthc Inf Syst Informat 2(1):14–34
Ubuntu. http://www.ubuntu.com
CeNTIE Enterprise Systems Focus Group. http://www.ict.csiro.au/page.php?did=14#enterprise
Tan L (2007) Personal security gets DIVA treatment. In: BusinessWeek. http://www.businessweek.com/globalbiz/content/sep2007/gb20070926_102683.htm?chan=top+news_top+news+index_global+business
Ong A (2004) Smart VIP (smart visa for identification with passport). http://www.ida.gov.sg/Technology/20061002195651.aspx
Forget G, Stervinou A (2007) The virtual smart card. Card Technol Today 19(7–8):12
Microsoft Development Network (MSDN) CardSpace. http://msdn2.microsoft.com/en-au/netframework/aa663320.aspx
Microsoft Live Labs Security Token Service (2006) http://sts.labs.live.com/
Bottoni A, Dini G (2007) Improving authentication of remote card transactions with mobile personal trusted devices. J Comput Commun 30(8):1697–1712
European Telecommunications Standards Institute (ETSI) Digital cellular telecommunications system (Phase 2+); specification of the SIM application toolkit for the subscriber identity module—mobile equipment (SIM–ME) interface. ETSI TS 101 267 (GSM 11.14)
Oprea A, Balfanz D, Durfee G, Smetters D (2004) Securing a remote terminal application with a mobile trusted device. In: Proceedings of the 20th annual computer security applications conference (ACSAC’04), Tucson, pp 438–447
Sailer R, Zhang X, Jaeger T, Van Doorn L (2004) Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX security symposium, San Diego, pp 223–238
Mayes K, Markantonakis K (2008) Smart cards, tokens, security and applications. Springer, New York
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Moreland, D., Nepal, S., Hwang, H. et al. A snapshot of trusted personal devices applicable to transaction processing. Pers Ubiquit Comput 14, 347–361 (2010). https://doi.org/10.1007/s00779-009-0235-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-009-0235-6