Skip to main content
SpringerLink
Log in

A snapshot of trusted personal devices applicable to transaction processing

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

In recent years, a clear trend has emerged where businesses need to provide flexible access to its services so as to increase their usage by a much wider cross-section of users operating over public infrastructures but still within a trusted environment. This trusted environment must be established between all participating users and service provider entities before any transactions are carried out. To meet the challenge of enabling mobile users to work within a trusted environment on any untrusted machine, the notion of a trusted personal device (TPD) has emerged. This paper provides a survey giving a snapshot of the growing body of work ongoing in the area of TPDs and the services they support.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Erl T (2005) Service-oriented architecture (SOA): concepts, technology and design. Prentice Hall, Upper Saddle River

    Google Scholar 

  2. W3C Web Services Activity. http://www.w3.org/2002/ws

  3. Chan J, Rogers G, Agahari D, Moreland D, Zic J (2006) Enterprise collaborative contexts and their provisioning for secure managed extranets. In: Proceedings of the 15th IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises (WETICE’06), Manchester, pp 313–318

  4. Camarinha-Matos L, Afsarmanesh H (2005) Collaborative networks: a new scientific discipline. J Intell Manuf 16:439–452

    Article  Google Scholar 

  5. Chan J, Nepal S, Moreland D, Hwang H, Chen S, Zic J (2007) User-controlled collaborations in the context of trust extended environments. In: Proceedings of the 16th international workshops on enabling technologies: infrastructure for collaborative enterprises (WETICE’07), Paris, pp 389–394

  6. Camarinha-Matos L, Afsarmanesh H, Ollus M (2005) Virtual organizations: systems and practices. Springer, Boston

    Book  Google Scholar 

  7. Plisson J, Ljubic P, Mozetic I, Lavrac N (2007) An ontology for virtual organization breeding environments. IEEE Trans Syst Man Cybern C 37(6):1327–1341

    Article  Google Scholar 

  8. Henkel M, Perjons E, Zdravkovic J (2007) Towards guidelines for the evolution of e-service environments. Int J Public Inf Syst 3:183–200

    Google Scholar 

  9. Rankl W, Effing W (2004) Smart card handbook. Wiley, New York

    Google Scholar 

  10. Lu H (2007) Network smart card review and analysis. J Comput Netw 51(9):2234–2248

    Article  Google Scholar 

  11. Aussel J (2007) Smart cards and digital security. In: Proceedings of the 4th international conference on mathematical methods, models and architectures for computer network security (MMM-ACNS), St Petersburg, pp 42–56

  12. Prinz W, Loh H, Pallot M, Schaffers H, Skarmeta A, Decker S (2006) ECOSPACE—towards an integrated collaboration space for eProfessionals. In: The 2nd international conference on collaborative computing: networking, applications and worksharing (CollaborateCom’06), Atlanta, pp 1–7

  13. Wilson M, Arenas A, Schubert L (2007) IST-FP6 TrustCoM framework for trust, security and contract management V4. http://www.eu-trustcom.com

  14. Bobba R, Gavrila S, Gligor V, Khurana H, Koleva (2005) Administering access control in dynamic coalitions. In: Proceedings of the 19th large installation system administration conference (LISA’05), San Diego, pp 249–261

  15. Seamons K, Chan T, Child E, Halcrow M et al (2003) TrustBuilder: negotiating trust in dynamic coalitions. In: Proceeding of the DARPA information survivability conference and exposition, vol 2, Washington, pp 49–51

  16. Ajayi O, Sinnott R, Stell A (2007) Trust realisation in multi-domain collaborative environments. In: Proceedings of the 6th IEEE/ACIS international conference on computer and information science (ICIC’07), Melbourne, pp 906–911

  17. Asokan N, Debar H, Steiner M, Waidner M (1999) Authenticating public terminals. J Comput Netw 31:861–870

    Google Scholar 

  18. Surie A, Perrig A, Satyanarayanan M, Farber D (2006) Rapid trust establishment for transient use of unmanaged hardware. In: Technical Report CMU-CS-06-176

  19. Garriss S, Caceres R, Berger S, Sailer R, Van Doorn L, Zhang X (2007) Towards trustworthy Kiosk computing. In: Proceedings of the 8th IEEE workshop on mobile computing systems and applications (HotMobile’07), Tucson, pp 41–45

  20. Lin C, Varadharajan V (2006) Trust enhanced security—a new philosophy for secure collaboration of mobile agents. In: Collaborative computing: networking, applications and worksharing (CollaborateCom’06), Atlanta, pp 1–8

  21. Bormann F, Manteau L, Linke A (2005) European research project “InspireD” (http://www.inspiredproject.com)—the future of smart cards. In: SIT Smart Card Workshop, Darmstadt

  22. Bormann F, Manteau L, Linke A, Pailles J, Dijk J (2006) Concept for trusted personal devices in a mobile and networked environment. In: 15th IST mobile and wireless communication summit, Myconos

  23. Smith J, Nair R (2005) Virtual machines: versatile platforms for systems and processes. Morgan Kaufmann, San Francisco

    MATH  Google Scholar 

  24. Trusted Computing Group. http://www.trustedcomputinggroup.org

  25. Ormandy T (2007) An empirical study into the security exposure to hosts of hostile virtualized environments. In: The 8th annual CanSecWest conference, Vancouver

  26. Ferrie P (2006) Attacks on virtual machine emulators. In: The 9th annual association of antivirus Asia researchers international conference (AVAR’06), Auckland

  27. Montgomery M, Ali A, Lu H (2004) Secure network card—implementation of a standard network stack in a smart card. In: Proceedings of the 6th international conference on smart card research and advanced application (Cardis’04), Toulouse, pp 193–208

  28. Giesecke & Devrient Internet Smart Card Technology (2006) http://www.gi-de.com/portal/page?_pageid=42,54860&_dad=portal&_schema=PORTAL

  29. Urien P (2000) Internet card, a smartcard as a true Internet node. J Comput Commun 23(17):1655–1666

    Article  Google Scholar 

  30. Rees J, Honeyman P (2000) Webcard: a Java card web server. In: Proceedings of the 4th working conference on smart card research and advanced application (Cardis’00), Bristol, pp 197–208

  31. Zouari B, Afifi H, Hecker A, Labiod H, Pujolle G, Urien P (2003) A novel authentication model based on secured IP smart cards. In: Proceedings of the IEEE International Conference on Communications (ICC ‘03), vol 2, Anchorage, pp 809–813

  32. Gemalto (formerly Axalto and Gemplus). http://www.gemalto.com

  33. USB Implementers Forum. http://www.usb.org/

  34. Remote NDIS (RNDIS) and Windows (2004). http://www.microsoft.com/whdc/device/network/NDIS/rmNDIS.mspx

  35. Belcarra Technologies Extends USBLAN Support for Microsoft Windows™ to Include Ethernet Emulation Model (2006). http://www.belcarra.com/pdf/usb-otg-eem_announce_1.0.pdf

  36. Nepal S, Zic J, Hwang H, Moreland D (2007) Trust extension device: providing mobility and portability of trust in cooperative information systems. In: Proceedings of the 15th international conference on cooperative information systems (CoopIS’07), LNCS 4803, Vilamoura, pp 253–271

  37. Nepal S, Zic J (2006) A portable trusted device. In: Provisional Australian Patent

  38. Ministry of Home Affairs Singapore (2006) In: The 15th annual governmentware securing intelligent enterprises (GovWare’06), Singapore

  39. Gratzer V, Naccache D (2007) Trust on a nationwide scale. IEEE Secur Priv Mag 5(5):69–71

    Article  Google Scholar 

  40. Encryptakey. http://www.encryptakey.com

  41. Caceres R, Carter C, Narayanaswami C, Raghunath M (2005) Reincarnating PCs with portable SoulPads. In: Proceedings of the 3rd international conference on mobile systems, applications, and services (MobiSys’05), ACM Press, New York, pp 65–78

  42. Kozuch M, Satyanarayanan M, Bressoud T, Helfrich C, Sinnamohideen S (2004) Seamless mobile computing on fixed infrastructure. IEEE Comput 37(7):65–72

    Google Scholar 

  43. Adams C, Lloyd S (2002) Understanding PKI: concepts, standards, and deployment considerations. Pearson Education, London

    Google Scholar 

  44. Nepal S, Zic J, Kraehenbuehl G, Jaccard F (2007) A trusted system for sharing patient electronic records in autonomous distributed healthcare systems. Int J Healthc Inf Syst Informat 2(1):14–34

    Google Scholar 

  45. Ubuntu. http://www.ubuntu.com

  46. QEMU. http://fabrice.bellard.free.fr/qemu

  47. TPM. http://developer.berlios.de/projects/tpm-emulator

  48. CeNTIE Enterprise Systems Focus Group. http://www.ict.csiro.au/page.php?did=14#enterprise

  49. Tan L (2007) Personal security gets DIVA treatment. In: BusinessWeek. http://www.businessweek.com/globalbiz/content/sep2007/gb20070926_102683.htm?chan=top+news_top+news+index_global+business

  50. Ong A (2004) Smart VIP (smart visa for identification with passport). http://www.ida.gov.sg/Technology/20061002195651.aspx

  51. Forget G, Stervinou A (2007) The virtual smart card. Card Technol Today 19(7–8):12

    Article  Google Scholar 

  52. Microsoft Development Network (MSDN) CardSpace. http://msdn2.microsoft.com/en-au/netframework/aa663320.aspx

  53. Microsoft Live Labs Security Token Service (2006) http://sts.labs.live.com/

  54. Bottoni A, Dini G (2007) Improving authentication of remote card transactions with mobile personal trusted devices. J Comput Commun 30(8):1697–1712

    Article  Google Scholar 

  55. European Telecommunications Standards Institute (ETSI) Digital cellular telecommunications system (Phase 2+); specification of the SIM application toolkit for the subscriber identity module—mobile equipment (SIM–ME) interface. ETSI TS 101 267 (GSM 11.14)

  56. Oprea A, Balfanz D, Durfee G, Smetters D (2004) Securing a remote terminal application with a mobile trusted device. In: Proceedings of the 20th annual computer security applications conference (ACSAC’04), Tucson, pp 438–447

  57. Sailer R, Zhang X, Jaeger T, Van Doorn L (2004) Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX security symposium, San Diego, pp 223–238

  58. Mayes K, Markantonakis K (2008) Smart cards, tokens, security and applications. Springer, New York

    Book  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Networking Technologies Laboratory, CSIRO ICT Centre, Corner of Vimiera and Pembroke Roads, Marsfield, NSW, 2122, Australia

    David Moreland, Surya Nepal, Hon Hwang & John Zic

Authors
  1. David Moreland
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Surya Nepal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hon Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. John Zic
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Moreland.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Moreland, D., Nepal, S., Hwang, H. et al. A snapshot of trusted personal devices applicable to transaction processing. Pers Ubiquit Comput 14, 347–361 (2010). https://doi.org/10.1007/s00779-009-0235-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-009-0235-6

Keywords

Search

Navigation