Smart card information and operations using biometrics

Nowadays many systems need a portable media to store some sensible data, such as smart cards. The information can be protected by the user with his Personal Identification Number (PIN), or through biometrics. Unfortunately, there is not a smart card today that can verify the biometric template inside it, performing this task in the terminal. The author has developed the algorithms and data structures needed to solve this problem. Therefore, he has created a smart card with user biometric authentication, based on an Open Platform smart card (in this case, a JavaCard). To achieve these results, different biometric techniques have been studied: speaker verification, hand geometry and iris recognition. Experimental results are given to show the viability of the prototype developed     

Access control system with hand geometry verification and smartcards

An access control system that joins the uniqueness of biometric verification, as well as the storage security and processing capabilities of smart cards, is defined here. The biometric technique chosen has been hand geometry, which is considered to provide low/medium security (there are other much more secure, as fingerprint, iris or retina), to be easy to use, to achieve high acceptance by users, and which performance is given throughout fast processing and medium cost. Also, the small template size needed for each user is positive for storage and processing capabilities required in the system. But the innovation in the system proposed is that the smart card not only stores the user's template, but also performs the verification process with the features set by the terminal to the card. With this improvement, the security of the system has risen because the template is never extracted from the card, avoiding duplication of such sensible data. The specifications for the enrolment process will be presented as well as the applications where this new system is recommended     

Achieving security in integrated circuit card applications realityor desire?

It has always been claimed that smart cards provide a really high level of security, considering them as a tamper-proof device, with the possibility to auto-block some or all of the services it provides. Unfortunately, nowadays some hackers appear to have demonstrated the lack of security involved in some applications where Integrated Circuit Cards (ICC) have been used. This has led to the opinion that smart cards are not secure enough, and their security is only in the minds of the commercial companies involved with the technology. In this paper, the author explains the reasons why this hacking has succeeded. For example, sometimes memory cards have been used instead of smart cards, or very old smart cards have been issued and not renewed, or the development team involved has not used basic security techniques, such as diversified keys. The author also gives clues to achieve a high level of security depending on the final application, and the environment in which it is going to be used     

Fingerprint verification using smart cards for access control systems

Over the past few years, the authors have tried to integrate biometrics into a smart card. In this paper, to improve error rates obtained with hand geometry biometrics and the costs with the iris recognition system, fingerprints are used. This technique, quite well known in the industry and deeply studied for the last century, has improved its electronic sensors, pulling down prices and, therefore, enabling its use in many more applications. The first step, as in every biometric system, is to obtain an image of the user's fingerprint. After this, a pre-processing algorithm is applied, which enables feature extraction to obtain the location and type of all minutiae, i.e., the discontinuities in the ridges and valleys of the fingerprint. Due to the fact that it is not possible to always catch the same number of minutiae, a special matching algorithm should be applied to compare the feature vector with the corresponding user's template. Efforts to integrate this matching algorithm in a low computer power device, such as a smart card, are given, showing the paths that should be followed in order to improve the security of access control and payment systems available today.     

数字信封在智能卡对称密钥传输中的应用

伴随智能卡EMV迁移,使用智能卡进行交易日趋频繁,应用系统对数据交换提出了高安全要求,特别是对称密钥导入和导出的安全.基于RSA数字信封体系的应用很好的解决了对称密钥的安全性问题,可以有效的防止对称密钥在导入或者导出过程中被窃取.     

Security Technology. The 36th International Carnahan conference on security technology

The following topics are dealt with: security environment; civil force protection; security technologies; transportation; vulnerability analysis; smart cards; biometric identification; human detection; passenger-examining imaging systems; intrusion detection; and hoax detection.     

基于5G的通导融合位置认证系统性能分析

随着无人化智能移动装备在工业、交通等安全敏感领域的普及应用,民用导航定位系统中的定位安全问题日益突出。位置认证是对终端的物理位置声明进行认证的过程,是导航定位安全技术的重要组成部分。基于第五代(5G)移动通信网络的通导融合位置认证系统具有覆盖范围广、认证精度高、用户容量大、建设运维成本低等多重优势。本文首先介绍了多基站位置认证系统的检测判决原理,提出了漏检平均距离的定义作为位置认证系统精度的量化评价指标。在此基础上,通过数值仿真分析了信号带宽、基站同步误差、信噪比对位置认证系统精度的影响,并利用5G信道模型评估了典型场景下的位置认证系统的性能。结果表明,在具备3个以上的视距基站时,基于5G的通导融合位置认证系统可以实现米级的位置认证精度。     

基于5G的通导融合位置认证系统性能分析

随着无人化智能移动装备在工业、交通等安全敏感领域的普及应用，民用导航定位系统中的定位安全问题日益突出。位置认证是对终端的物理位置声明进行认证的过程，是导航定位安全技术的重要组成部分。基于第五代(5G)移动通信网络的通导融合位置认证系统具有覆盖范围广、认证精度高、用户容量大、建设运维成本低等多重优势。本文首先介绍了多基站位置认证系统的检测判决原理，提出了漏检平均距离的定义作为位置认证系统精度的量化评价指标。在此基础上，通过数值仿真分析了信号带宽、基站同步误差、信噪比对位置认证系统精度的影响，并利用5G信道模型评估了典型场景下的位置认证系统的性能。结果表明，在具备3个以上的视距基站时，基于5G的通导融合位置认证系统可以实现米级的位置认证精度。     

航空数据存储卡毁钥能力评价方法研究

为满足复杂战场态势下机载数据的安全性需求，需要建立对航空数据存储卡毁钥能力有效评价的方法。 建立航空数据存储卡毁钥能力有效性评价的目的是保证航空装备信息安全的重要措施，是科学、准确评价毁钥 设计是否满足需求的重要手段，是航空装备定型列装前必要的信息安全测评过程。通过对航空数据存储卡的典 型结构和硬件毁钥原理进行分析，对毁钥后电学、物理和化学等技术手段进行深入的研究，提出一种针对航空 数据存储卡毁钥能力的评价方法，从数据存储卡读取能力和存储介质损毁状态两个过程对毁钥效果开展评价， 从而规范了当前测评机构对数据存储卡毁钥能力评价过程中无统一方法的现状。本文利用该评价方法对某样品 航空数据存储卡经硬件毁钥试验后开展毁钥效果分析，验证方法的有效性。航空数据存储卡毁钥能力评价方法 可以很好的评估毁钥设计的效果，确保机载数据的安全。     

基于ARM的USB读卡器设计与测试

设计了一个基于ARMCortex—M3和USB接口的智能卡读卡器系统,采用具有ARMCortex—M3内核的STM32F103R6T6等芯片进行相关的硬件设计;分别使用Keil和VisualC＋＋6．0进行固件程序和驱动程序开发,实现了计算机与智能卡的准确、高效通信。同时,通过设计测试程序对系统的功能和性能进行测试,证明其有效性。     

Minutiae detection algorithm for fingerprint recognition

Among the main innovation prospects within the so-called Information Society, and in the framework of future communications systems, we find the design of database-access integral services, e-commerce and communication systems, together with remote control of terminals and devices, being the result of global services derived from last generation integration of mobile telephony and internet. Some features standout from such future services: security (guaranteeing user's privacy while in operation) in human-machine interacting (thus offering the same degree of spontaneity found in human communication through speech). To deal with security problems, the use of biometric-based technology (specifically through face, fingerprint, and speech) is proposed, because those technologies have reached a high degree of maturity, such as allowing successful application on secure authentication     

Oracle 9i数据库的安全性策略

存储在数据库中的数据必须具有安全保证.为此,DBMS提供了安全管理技术.安全性策略是DBMS实现安全管理的基本技术.文章较详细地介绍了Oracle 9i数据库管理系统的安全管理技术中的安全性策略.这些策略涉及系统安全性策略、数据安全性策略和用户安全性策略.进一步地介绍了数据库验证、外部验证、企业验证和并发许可等用户验证和许可限制.上述安全技术构成了Oracle 9i数据库安全管理技术的基础,也是DBA必须掌握的基本技术.文章最后给出Oracle 9i安全策略的优点.     

State-of-the-art in speaker recognition

Recent advances in speech technologies have produced new tools that can be used to improve the performance and flexibility of speaker recognition. While there are few degrees of freedom or alternative methods when using fingerprint or iris identification techniques, speech offers much more flexibility and different levels to perform recognition: the system can force the user to speak in a particular manner, different for each attempt to enter. Also, with voice input, the system has other degrees of freedom, such as the use of knowledge/codes that only the user knows, or dialectical/semantical traits that are difficult to forge. This paper offers an overview of the state-of-the-art in speaker recognition, with special emphasis on the pros and cons, and the current research lines. The current research lines include improved classification systems, and the use of high level information by means of probabilistic grammars. In conclusion, speaker recognition is far away from being a technology where all the possibilities have already been explored.     

基于FTCS软件的民用飞机试飞任务优化研究

民用飞机试飞任务优化对提高试飞任务执行效率、缩短试飞取证周期具有重要意义。基于民用飞机试飞规划与管理软件,对人机交互任务单编制、单个任务单优化以及多个任务单优化进行了研究,探索出一条民机试飞任务优化的有效方法。结果表明,FTCS软件可极大降低试飞工程师的工作量,并提高试飞任务单的编制质量。     

基于Portal的统一身份认证系统研究与开发

描述了基于Portal的统一身份认证系统的实现方法。整个系统主要由用户登录和注销管理、用户在不同应用系统中的操作权限管理和各个应用系统的信息管理三部分组成。文章详细介绍了采用"票证"技术解决用户对不同应用系统的持续访问,并给出了实现过程的主要数据结构。经过实际测试证明本系统有效地解决了用户重复登录和多点管理账号的问题,提高了用户的工作效率和应用系统的安全性。     

基于区块链+北斗的铁路装备可信数字身份服务方法

智能铁路装备是一个典型的分布式物联系统,具有大量复杂的数据交互共享的需求与场景,装备及其产生的数据信令在系统中的数字身份标识是其重要安全基础。应用基于区块链去中心化的分布式数字身份标识技术,结合北斗时空信息,设计了铁路装备身份标识(railway decentralized identifier, RDID)可信数字身份服务,包括服务架构、生成流程、流转流程和验证流程,并进行了应用模型实现与效能分析。服务可以有效提升装备及其产生的数据信令的规范安全性,保证标识身份全局唯一,可追溯认证,从而提高智能装备系统通信过程数据的完整性与可靠性。     

Information technology security using cryptography

It is widely known that information technology applications should be secured. During the last years, special efforts have been applied to achieve a great level of security. These efforts have increased security in some aspects, such as cryptographic algorithms and authentication techniques, etc. But many other security holes have appeared in these applications, making the improvements achieved a "waste of time and money". In this paper, some of these security holes are exposed. Using security hardware modules can overcome some of these holes, if they are designed according to the applications specification.     

EBAA：An efficient broadcast authentication scheme for ADS-B communication based on IBS-MR

Automatic dependent surveillance-broadcast （ADS-B） systems can broadcast satellitebased aircraft position, identification, etc., periodically, and are now on track to replace radar to become the backbone of next-generation air traffic management （ATM） systems. However, ADS-B systems suffer severe cyber-security problems due to the broadcast-type data link and the lack of designed-in security measures. Especially, since ADS-B messages are unauthenticated, it is easy to insert fake aircraft into a system via spoofing or insertion of false messages. Unfortu- nately, the authentication for ADS-B messages has not yet been well studied. In this paper, based on identity-based signature with message recovery （IBS-MR）, an efficient broadcast authentication scheme for ADS-B messages is proposed. The security analysis demonstrates that the scheme can achieve authenticity and integrity of ADS-B broadcast messages, as well as adaptive evolution of broadcasters＇ private keys. The performance evaluation shows that the scheme is computationally efficient for typical avionics devices with limited resources. Furthermore, the scheme achieves low communication overhead since broadcast messages can be recovered from signatures, and thus it is suitable for low-bandwidth ADS-B data link.     

Surveillance system based on data fusion from image and acousticarray sensors

The present publication shows a model of a monitoring system of high benefit, based on two complementary sensorial systems (image+acoustics), which allows the information received to fuse, and to prioritize the computational resources toward the zones with considerable risk. The application uses components such as: active acoustic radar based on a phase array of microphones, with techniques of beamforming, and multibeam detection schemes; efficient compression algorithms and video transmission in real time. The system is composed of an arbitrary number of sensors (monitoring probes), distributed by the monitoring space, a data network and a central server (monitoring manager). The sensors consist of a microprocessor, with its memory and three main modules: (1) acoustic radar; (2) video capture card; and (3) network card. The flexibility of the system allows new modules to be added such as: personal detector card; sound card; cards for telecontrol; etc. The sensor microprocessor preprocesses the information received by the modules, packs and transmits it to the central server through a data network. The system uses IP protocol, and SNMPv2 for management     

Performance evaluation of digital beamforming strategies for satellite communications

Smart antennas are becoming one of the promising technologies to meet the rapidly increasing demands for more capacity of satellite communication systems. A main component in a smart antenna system is beamforming. Because of the limitations of analog beamforming, digital beamforming will be employed in future satellite communication systems. We evaluate the performance of various digital beamforming strategies proposed in the literature for satellite communications: 1) single fixed beam/single user, 2) single fixed beam/multiple users, 3) single adaptive beam/single user, and 4) single Chebyshev dynamic beam/multiple users. Multiple criteria including coverage, system capacity, signal-to-interference-plus-noise ratio (SINR), and computation complexity are used to evaluate these satellite communication beamforming strategies. In particular, a Ka-band satellite communication system is used to address the various issues of these beamforming strategies. For the adaptive beamforming approach, subarray structure is used to obtain the weights of a large 2D antenna array, and a globally convergent recurrent neural network (RNN) is proposed to realize the adaptive beamforming algorithm in parallel. The new subarray-based neural beamforming algorithm can reduce the computation complexity greatly, and is more effective than the conventional least mean square (LMS) beamforming approach. It is shown that the single adaptive beam/single user approach has the highest system capacity.