Skip to Content Java Solaris Communities Partners My Sun Sun Store United States Worldwide

Additional Feature Stories
»  Bienvenue Sun Labs Europe
»  Beyond Firewalls: Public Utility Computing for Private Networks
»  Brazil Project: The Future of Web Application Development
»  Paperless Publishing with a Twist: It May Work
Online Privacy: Taking it Personally
»  It's Come to This - http://www.myfridge/check_ice.html
»  Racing Toward the Future...
Feature Story

Online Privacy: Taking it Personally

Various SmartCards

Java CardTM technologies from Sun Microsystems Laboratories counter identity fraud with personal devices that are portable, secure, and interchangeable. The devices implement an architecture that resists tampering, accommodates "anywhere, anytime" personal computing, and tackles many of the security concerns that prompted the FTC's proposal to regulate the online marketplace. See Java Card demos live at the JavaOneSM conference in San Francisco..

In late May, the FTC issued an unprecedented call for Congress to regulate the Internet to protect consumer privacy. The proposal marked a reversal in the FTC's "hands-off" Internet policy and it was prompted by two trends: the failure of most sites to practice even minimal security policies and a still-rising wave of Internet identity fraud and hacker penetration of commercial web sites. In its report, the FTC noted that only one in five commercial Web sites met minimum privacy standards.

"If you take a look at what's happening out there in the world, consumers have not become less concerned [about privacy], they've become more concerned," said FTC Commissioner Mozelle Thompson. Indeed, the survey found the level of consumer unease at an all time high. The FTC report cited a survey showing that 92% of respondents from wired households stated that they do not trust online companies to keep their personal information confidential. "We're getting the sense that the issue may indeed be larger than industry itself can solve," concluded the FTC's Thompson.

"Identity theft and sundry-related computer crimes ported over the Internet may become an unparalleled, destabilizing force for 21st century society to deal with." Hal Berghel -- Communications of the ACM

The day after Thompson issued this statement, a majority of FTC commissioners, for the first time ever, advised Congress to place regulatory controls in the online marketplace to protect consumer privacy. This, of course, ignited opposition from the Internet industry as well as confusion over just how anyone might enforce privacy laws in the ethereal and quickly changing online marketplace.

Security in the Palm of Your Handheld

Dallas Semiconductor has developed a 1-Wire module for the Visor, a PDA from Handspring. This module lets the PalmOS communicate directly to the JavaTM-powered iButton over the minimalist 1-Wire net via Blue Dot receptors. The canny expansion module features Blue Dot receptors for reading and writing iButtons. You can press the Blue Dot firmly to snap the iButton into the module for the embedded mode or lightly for a momentary touch-and-go connection. The Blue Dots and the iButton are powered by the Visor's main battery with insignificant power drain.

The iButton builds a cryptographic moat between your Visor and the outside world, performing authentication, digital signatures and time stamping. The iButton uses a challenge/response authentication protocol. When challenged, you enter a password using the PDA.

With the Visor's iButton capability and wireless IR port or the serial/USB docking cradle, you can:

  • View conditionally accessed Web pages
  • Send and receive documents with secure signatures
  • Scramble and decode email messages
  • Buy or sell securely at commercial Web sites
  • Visors with Wireless modules are also on the way for Internet access using public infrastructure.

You can see demos of these products live at JavaOneSM.

Handspring Visor with iButton Reader
Handspring Visor with iButton Reader

The FTC and the Case for Java Card Technologies

Growing privacy concerns in the online marketplace and a wave of disk-zapping viruses are lending fresh currency to an old idea: taking security personally.

At Sun Microsystems Laboratories, taking security personally has a history. Java Card architect Eduard de Jong's commitment is evident in his job title. De Jong is the "Trusted Software Expert" for Consumer and Embedded products. His Personal Transaction Group collaborates closely with Sun Laboratories.

De Jong believes that, given the opportunity, no one has a bigger stake in protecting personal data than the owners of that data. That would be people themselves deploying computers, PDAs, cell phones, rings, and watch fobs that have been "personalized" for use online using the Java Card architecture.

"Personal cards and devices are the key to protecting your privacy," says de Jong, because they offer more physical protection than a remote corporate database or a PC disk drive. "A card is a personal device. It does something you trust: it connects your personal data only with trusted sources."

Java CardTM technologies could go a long way toward building solutions to the security problems that prompted the FTC's call for regulation.

In fact, Java Card technologies could go a long way toward building solutions to the security problems that prompted the FTC's call for regulation. "Devices that support Java Card technologies provide a flexible, secure architecture that matches today's 'anywhere, anytime' computing environment," observes Rinaldo Di Giorgio, a senior staff engineer for Sun Microsystems Laboratories.

The mobile computing environment has indeed evolved rapidly. The convenience of instant communication has made cellphones, PDAs, and pagers practical accessories for tens of millions of people worldwide. Now, as more and more of these devices connect to the Web, service providers and consumers are wondering how they can best balance convenience and security.

Java Card-enabled device architectures can solve fundamental security problems without compromising convenience. They provide secure remote authentication, unprecedented flexibility, and a re-programmable capability to apply the Java Card architecture's strong encryption algorithms against evolving protection needs. "The emerging Java Card architecture enables different layers and types of security to operate interchangeably in very large consumer and corporate networks for both authentication and payment as well as metered access to services," says Di Giorgio.

Layers of Security

The Java Card architecture's first layer of security is its interactivity, an advantage that was illustrated by the recent break-ins by congressional investigators. The imposters breezed through security in 18 of 19 government offices, including Janet Reno's Justice Department and the FBI. They also were given unescorted access into Reagan National and Orlando (Fla.) International airports, where the phony officers weren't searched and received permits to carry weapons aboard airplanes.

The imposters used New York Police badges that probably were obtained over the Internet. According to Di Giorgio, the badges reflected the limitations of a "passive" or "inert" security ID system. If Java Card architectures had been in place, the imposters "couldn't have gotten in," according to Di Giorgio.

Java Card-enabled devices are an "active" system. They require users to use a PIN or some other coded response to positively identify themselves. "It's inherently more secure because it is, in effect, a two-key system," says Di Giorgio. First you present your access card or device. Then you authenticate yourself by providing an access code. An active system limits rogue break-ins because it handicaps the identity thief's only advantage: his stolen credential.

The second layer of security is its flexibility. The Java Card architecture and the Open Card Framework "allows you to program both sides of the Java Card device, so you can write applications and also program the terminal," says de Jong. The terminal is the physical interface. Its programmability allows the Java Card device to interact with an unlimited number of devices. It also means that Java Card technology can assume many forms, including those of personal items we already know how to value and protect.

A case in point is the JavaTM-powered, house-key size Crypto iButton from Dallas Semiconductor. Stephen Curry, who supervises the software and firmware design group for the Crypto iButton, describes it as "a very personal computer." Curry recently noted that "the whole idea is that you wear your credential on a carefully guarded accessory. You can wear your iButton on a ring, a key chain, a badge, a wallet, a watch, something you've spent your entire life practicing how not to lose." Di Giorgio concurs with the security advantages of close proximity to personal data: "If you don't know where your personal data is stored, how can you protect it?"

Flexibility is a hallmark of Java Card devices. They are perhaps most widely known as multi-use, multi-function smart cards. With card readers attached to cell phones, PDAs, and computers, you can securely transfer personal data from device to device, pay for a long distance call, make secure, end-to-end Internet transactions, or encrypt sensitive files safely. Likewise for the Java Card-enabled SIM card embedded in tens of millions of GSM cell phones.

A third security layer is the re-programmability of Java Card devices. With a Java Card device, you can enhance and tune your security by using the re-programmable feature to "change key sizes or other cryptography parameters," says de Jong. Or you can download a new cryptographic protocols library as more sophisticated or application-sensitive encryption evolves. And with Java Card architecture and OCF, you can download with Web-time responsiveness.

As it is, Java Card architecture supports an armada of world class encryption capabilities. The Crypto iButton, for example, can support RSA encryption, Diffie-Hellman key exchange, and is in compliance with the Digital Signature Standard (FIPS 186).

Some devices, such as the iButton, feature another layer of security: tamper resistance. The iButton repels attackers even after it falls into an enemy camp. When tampering is detected -- whether by efforts to physically open the device or to storm its encryption algorithm with PIN sequencing attacks -- it instantaneously clears all memory using a feature known as rapid zeroization.

With the explosion in mobile Internet computing, shielding e-mail, making secure financial transactions, and generally keeping one's virtual life a private affair loom large as public concerns. De Jong reminds us that the best approach may be taking it personally.

Related Links

Would you recommend this Sun site to a friend or colleague?
Contact About Sun News Employment Privacy Terms of Use Trademarks Copyright 1994-2008 Sun Microsystems, Inc.