作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (11): 167-169. doi: 10.3969/j.issn.1000-3428.2011.11.05

• 安全技术 • 上一篇    下一篇

基于UCONABC的智能卡分析与应用

胡善学1,胡永涛2,姚静晶2,周家晶1   

  1. (1. 上海交通大学软件学院,上海 200240;2. 公安部第三研究所信息网络安全公安部重点实验室,上海 201204)
  • 收稿日期:2010-12-02 出版日期:2011-06-05 发布日期:2011-06-05
  • 作者简介:胡善学(1984-),男,硕士研究生,主研方向:信息安全;胡永涛,副研究员;姚静晶,助理研究员;周家晶,硕士研究生
  • 基金资助:
    国家“863”计划基金资助项目(2008AA01Z412)

Analysis and Application of UCONABC-based Smart Card

HU Shan-xue  1, HU Yong-tao  2, YAO Jing-jing  2, ZHOU Jia-jing  1   

  1. (1. School of Software, Shanghai Jiaotong University, Shanghai 200240, 2. Key Laboratory of Information Network Security, Ministry of Public Security, Third Research Institute of Ministry of Public Security, Shanghai 201204, China)
  • Received:2010-12-02 Online:2011-06-05 Published:2011-06-05

摘要: 在现有智能卡规范中,对于来自终端的访问缺少有效的安全访问控制管理,容易导致智能卡在使用过程中存在非法输入、重放攻击、旁路攻击、强制复位等安全风险。为此,对智能卡的应用过程进行分析,并对UCONABC访问控制模型的特点进行研究,提出一种基于UCONABC的智能卡访问控制管理方法。将基于UCONABC的访问控制管理子系统嵌入到智能卡内,把外部定义的访问控制策略写入卡内的策略库文件,从而灵活地控制外界访问,保护智能卡的安全应用。

关键词: 智能卡, 访问控制, 使用控制模型, 公钥基础设施, 卡片操作系统

Abstract: The current existing specifications of smart card lack effective security access control and management for the terminal access, and possibly cause some security risks in the use of smart card, including illegal input, replay attack, bypass attack, mandatory reset, and so on. In response to these security risks, this paper analyzes the application process of smart card, does some research on the feature of UCONABC access control model and gives a method of smart card access control management based on UCONABC. It embeds the subsystem of access control management into the smart card, and then writes the access control policy defined by external into the policy library file of the smart card, to realize effective access control flexibly, to ensure the secure application of the smart card. Results prove this method can be more secure to protect the real application of smart card.

Key words: smart card, access control, usage control model, Public Key Infrastructure(PKI), card operating system

中图分类号: