Académique Documents
Professionnel Documents
Culture Documents
2
School of Telecommunications Engineering, Polytechnic University of Madrid,
Madrid, Spain
With technological advances and increased processing After the analysis phase it has addressed the design phase.
power of today's computers, there is the need to increase It makes a proposal that tries to meet the identified
security in authentication processes and incorporate new demands and solve all the problems and / or deficiencies
technologies to increase and provide a higher level of identified in the analysis. This design, from the technical
security. Various institutions have authentication systems point of view, is a modeled logical architecture through
for data access and authentication applications diagrams of a unified modeling language (Unified
characterized by the use of username / password [1], called Modeling Language - UML).
access classic, presenting the problem that can be easily As a result of the design there are models from the view
violated with current technology reducing security component showing the set of entities in the proposed
applications. However, there are other institutions that architecture as a solution and the relationship between
have decided to have a safer technology in protecting them. Also, this point addresses the integration of X.509
access to applications and information [2]. certificate and Java Card as part of the authentication
system. Likewise, there are two patterns of communication
In the specific study case discussed in this article, the from the view of diagrams sequence, one to obtain the
Technological University of Panama (UTP), it has a Public certificate, it means the mechanism by which the user gets
Key Infrastructure (PKI) [1] used only by teachers to an X.509 identity certificate that stores in its smart card,
record grades and by administrative for the annual and another for access to a generic service, that is how the
evaluation, but that is not available at present to all user uses the certificate to securely access and with
members of the university community. The aim of this guaranties to the offered services.
work is to improve the setting of access to services in the
UTP trying to extend the use of PKI [3] and performing an After the design, goes the implementation phase. This
integration of technologies that provide greater certainty phase is to develop a small demonstrator of the
for all users (teachers, administrators and students) and to architecture that can be used as a reference implementation
ensure a flexible, secure and guaranteed access to services. and for verifying the functionality of the design. These
individual demonstrator tests are carried out based on the
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org 24
results obtained, will influence the design stage to provide certificate from a client and it should be noted that not all
feedback and improve the solution. servers support client authentication.
Certificado X.509 RA
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org 25
The user has a Java card that communicates with the PC, 4.3 X.509 Certificate store Java Card
through the Java card reader to make use of the offered
services by the service provider (Final Application). To ensure the portability of the X.509 certificate, it must
Before accessing the services of the final application be stored in a portable media, from which it can be claimed
requires a first phase of user authentication based on a and validated. The portable storage way to use is Java
Personal Identification Number (PIN) that allows you to Card.
access the services of the Java Card. Once validated as the sd almacenar
to users using the CA and RA. The user is authenticated //envia kp()
//crearCertificadoX.509()
+Respuestas APDU
Card Accepting Device
Lector de Tarj etas
Member has a public key (Kp) and secret key (Ks),
Maquina Virtual Jav a previously generated by cryptographic algorithms, but
needs a trusted third party (TTP) as the RA to validate the
Sistema Operativ o de la Tarj eta
user registration and the CA, which is the entity that can
issue and check the status of an X.509 certificate.
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org 26
4.4 Obtaining X.509 Certificate services security using X.509 digital certificate stored on
the smart card.
Once the X.509 certificate is stored in the Java Card, it can sd serv i...
To get X.509 certificate it must be used the ASPEJC and //2. Solicita Servicio()
using the stored certificate, without being removed from //4. Ingresa PIN()
// 4.1.2.1 retornaCertificadoX.509()
usuario ASPEJC ASPEJC CA Gestin CA Java Card //4.1.3 solicitaServicio(certificadoX.509)
La validacin del
certificado cliente se
// 1. Acceso a Servicios() realiza con el
certificado del cervidor,
//4.1.3.1validaCertificadoCliente()
la CA y RA
// Obtener Certificado() // 4.1.3.2 devuelveServicioSolicitado()
//Solicitar PIN()
// ingresar PIN()
//validar PIN() The user accesses the PC to make use of a service offered
//Obtener Certificado()
by the final system. Needs to authenticate to access the
//Validar Certificado()
service and introduces Java card which in turn prompted
for authentication to verify that the user is the owner of the
//Validar Certificado() card (this authentication can be performed with the use of
biometric technology, which was not applied in this project
//retorna Certificado() due to financial constraints, technology and time, but is
planned as a future upgrade).
Fig. 4: Obtaining X.509 certificate from the Java Card The user enters his PIN to identify himself to card. The
card validates the user's PIN, if the PIN is correct provides
The Figure 4 shows the diagram sequence of how the user access to the services offered by the installed applets in
gets the X.509 digital certificate stored on the identity Java Card. In this second authentication, end service
smart card. access, it uses the X.509 digital certificate stored on the
card that shows the holder's identity to any entity through a
4.5 Access to Service mechanism, such as challenge-response that involves both
the Ks and Kp of the user, both stored on his card. This
The ASPEJC component is responsible for providing will authenticate the user and can securely access the final
secure access to a service provided by the final application system.
through a series of features and commands (APDUs).
The sequence diagram for the access to a service is shown Once submitted the results of the overall design phase then
in Figure 5. It shows how users access and authenticate examines the implementation phase, in which three parts
are considered. The first is the development of basic
authentication module. The second is the integration of
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org 27
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org 28
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org 29
Authority and Registration Authority that are in charge of Evaluation, Fourth International Conference on Digital
the generation and registration of digital certificates used Society, IEEE, 2010, pp. 192-197.
by the users according to their role. Also, it is included the [6] Ch. Zhu, "Java Card Technology for Smart Cards:
Architecture and Programmer's Guide. Addison-Wesley,
use of Java cards for storage of certificates and user
California, USA, 2010.
authentication. The flexibility, convenience and comfort
are some of the advantages of this technology.
To verify the functionality of the proposed mechanism, we Maria Ortega Master of Information Technology and
have developed a demonstrator user / server. This is the Communication of Technological University of Panama. I am
currently a student researcher at the University, Faculty of
X.509 certificate store on the card Java and an application Computer Systems. Current research interests include information
to access the resource by authenticating the card and user security.
certificates. With the integration of two technologies, we
have obtained the benefits of each as scalability, Sergio Sanchez PhD in Telecommunications from the
interoperability, portability and information security in Polytechnic University of Madrid (UPM). Spain. I currently work as
a professor in the PSU Department of Telematic Engineering and
your applications. Architectures (DIATEL) and I am a researcher in the group TSIC
(Telematic Systems for the Information Society and Knowledge) in
This has allowed a more secure communication to ensure the School of Telecommunications Engineering of the Polytechnic
University of Madrid (EUITT).
the authenticity, confidentiality, integrity and non-
repudiation of origin is an important point because it is a
security service that lets you test the participation of an
individual or entity in a communication.
References
[1] V. Nicussor, "Public Key Infrastructure for Public
Administration in Romania", Communications (COMM),
2010 8th International Conference, IEEE, 2010, pp. 481-484.
[2] D. A. Ignacio, G. A. Arturo, C. V. Maria, " Autenticacin en
la Red: ACerO y JCCM*: Java Card Certicate Management",
III Jornadas de Ingeniera Telemtica. JITEL, IEEE, 2001,
pp. 405-412.
[3] E. Nazar, A. Yaqoob, "An Approach for Multi Factor
Authentication for Securing Smart Cards' Applications",
Proceedings of the International Conference on Computer
and Communication Engineering IEEE, 2008, pp. 368-372.
[4] W. Yewel, Y. Huiming, Y. Xiaohong, "Case Study: Using
Smart Cards with PKI to Implement Data Access Control for
Health Information Systems. Proceding of the IEEE
SoutheastCon 2010 (SoutheastCon) IEEE, 2010, pp. 163-
167.
[5] A. Shadi, D. Mader, H. Hiba, "A Web Client Authentication
System Using Smart Card for e-Systems: Initial Testing and
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.