Smart card payment systems provide a convenient billing mechanism for public transportation providers and passengers. In this paper, a smart card-based transit log is used to reveal functionally related regions in a city, which are called zones. To discover significant zones based on the transit log data, two algorithms, minimum spanning trees and agglomerative hierarchical clustering, are extended by considering the additional factors of geographical distance and adjacency. The hierarchical spatial geocoding system, called Geohash, is adopted to merge nearby bus stops to a region before zone discovery. We identify different urban zones that contain functionally interrelated regions based on passenger trip data stored in the smart card-based transit log by manipulating the level of abstraction and the adjustment parameters.

We have fabricated printed active antenna for flexible information tag which have a loop antenna combined with step-edge vertical channel organic field-effect transistor (SVC-OFET). Fabrication using printing process, characterization of SVC-OFETs, and performances of active antenna elements are discussed in detail.

Digital Rights Management (DRM) ensures that the usage of digital media adheres to the intentions of the copyright holder and prevents the unauthorized modification or distribution of media. Due to the widespread adoption of digital content use, DRM has received a fair amount of attention and has seen implementation in many commercial models. Although many DRM schemes have been introduced in the literature, they still suffer from some security issues and may not guarantee the quality of performance. In this paper, we propose a trust-distributed DRM model to provide improvements for realistic DRM environments to bring more functionality to users. We use the features of the smart cards to provide an option of anonymity for the consumer while continuing to protect the rights of the copyright holder and the financial interests of the media industry. We also classify the security criteria of DRM systems and show that our proposed smart card based DRM scheme satisfies all of these criteria.

Recently, Lee et al. [Y. Lee, E. Kim, S. Seok, and M. Jung, A smartcard-based user authentication scheme to ensure the PFS in multi-server environments, IEICE Transactions on Communications, vol.E95-B, no.2, pp.619–622, 2012] proposed a smartcard-based user authentication scheme for multi-server environments. They claimed that their scheme could withstand various attacks and provide the perfect forward secrecy (PFS). However, in this letter, we will point out that their scheme is vulnerable to three kinds of attacks and cannot provide the PFS.

In this work we propose a novel smart card based privacy-protecting authentication scheme for roaming services. Our proposal achieves so-called Class 2 privacy protection, i.e., no information identifying a roaming user and also linking the user's behaviors is not revealed in a visited network. It can be used to overcome the inherent structural flaws of smart card based anonymous authentication schemes issued recently. As shown in our analysis, our scheme is computationally efficient for a mobile user.

Since the number of server providing the facilities for users is usually more than one, remote user authentication schemes used for multi-server architectures, rather than single server circumstance, is considered. As far as security is concerned, privacy is the most important requirements, though some other properties are also desirable in practice. Recently, a number of dynamic ID-based user authentication schemes have been proposed. However, most of those schemes have more or less weaknesses and/or security flaws. In the worst case, user privacy cannot be achieved since malicious servers or users can mount some attacks, i.e., server spoofing attack and impersonation attack, to identify the unique identifier of users and masquerade of one entity as some other. In this paper, we analyze two latest research works and demonstrate that they cannot achieve true anonymity and have some other weaknesses. We further propose the improvements to avoid those security problems. Besides user privacy, the key features of our scheme are including no verification table, freely chosen password, mutual authentication, low computation and communication cost, single registration, session key agreement, and being secure against the related attacks.

Power analysis can be used to attack many implementations of cryptosystems, e.g., RSA and ECC, and the doubling attack is a collision based power analysis performed on two chosen ciphertexts. In this paper, we introduced a modified doubling attack to threaten RSA and ECC implementations by exploiting only one chosen ciphertext of small order. To attack the RSA implementations we selected an input of order two while to attack the ECC implementations we exploited one chosen invalid point of small order on a cryptographically weak curve rather than on the original curve. We showed that several existing power analysis countermeasures for RSA and ECC implementations are still vulnerable to the proposed attack. To prevent the proposed attack, we suggested countermeasures for RSA as well as for ECC.

User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.

In key-recovery methods using smart cards, a user can recover the disk encryption key in cooperation with the system administrator, even if the user has lost the smart card including the disk encryption key. However, the disk encryption key is known to the system administrator in advance in most key-recovery methods. Hence user's disk data may be read by the system administrator. Furthermore, if the disk encryption key is not known to the system administrator in advance, it is difficult to achieve a key authentication. In this paper, we propose a scheme which enables to recover the disk encryption key when the user's smart card is lost. In our scheme, the disk encryption key is not preserved anywhere and then the system administrator cannot know the key before key-recovery phase. Only someone who has a user's smart card and knows the user's password can decrypt that user's disk data. Furthermore, we measured the processing time required for user authentication in an experimental environment using a virtual machine monitor. As a result, we found that this processing time is short enough to be practical.

A multi-application smart card system consists of an issuer, service vendors and cardholders, where cardholders are recipients of smart cards (from the issuer) to be used in connection with applications offered by service vendors. Authentic post-issuance program modification is necessary for a multi-application smart card system because applications in the system are realized after the issuance of a smart card. In this paper, we propose a system where only authentic modification is possible. In the proposed system, the smart card issuer stores a unique long bitstring called PID in a smart card. The smart card is then given to the cardholder. A unique substring of the PID (subPID) is shared between the cardholder and a corresponding service vendor. Another subPID is shared between the issuer and the cardholder. During program modification, a protocol using the subPIDs, a one-way hash function and a pseudorandom number generator function verifies the identity of the parties and the authenticity of the program.

Advances in smart card technology encourages smart card use in more sensitive applications, such as storing important information and securing application. Smart cards are however vulnerable to side channel attacks. Power consumption and electromagnetic radiation of the smart card can leak information about the secret data protected by the smart card. Our paper describes two possible hardware countermeasures that protect against side channel information leakage. We show that power analysis can be prevented by adopting photo-coupling techniques. This method involves the use of LED with photovoltaic cells and photo-couplers on the power, reset, I/O and clock lines of the smart card. This method reduces the risk of internal data bus leakage on the external data lines. Moreover, we also discuss the effectiveness of reducing electromagnetic radiation by using embedded metal plates.

The intent of this letter is to propose an efficient timestamp based password authentication scheme using smart cards. We show various types of forgery attacks against Shen et al.'s timestamp-based password authentication scheme and improve their scheme to ensure robust security for the remote authentication process, keeping all the advantages of their scheme. Our scheme successfully defends the attacks that could be launched against other related previous schemes.

Smart card-based key exchange in the three-party setting allows two users with smart cards to agree on a common session key with the help of the trusted server. In this letter, we propose an efficient three-party smart card-based key exchange scheme with explicit (or mutual) authentication which requires only three rounds. Our scheme is the most round-/communication-efficient smart card-based key exchange scheme among those found in the literature, while providing key independence, forward secrecy and security against denial-of-service (DoS) attacks.

A robust 1T1C FeRAM sensing technique is demonstrated that employs both word base access and reference level generation architecture to track the thermal history of the cells by utilizing a Feedback inverter Input Push-down (FIP) method for a Bit line Ground Sensing (BGS) pre-amplifier and a self-timing latch Sense Amplifier (SA) which is immune to increasing non-switching charges due to thermal depolarization or imprint of ferroelectric capacitor. The word base access unit consists of one 2T2C cell that stores 0/1 data and also generates '0' and '1' reference levels by which other 1T1C signals are compared. A 0.18-µm CMOS 3-V 1-Mbit device was qualified by a 250 bake for a short time retention and 150 1000-hour bake which is an accelerated equivalent to 10-years retention. It endured 1012 fatigue cycles with an access time of 81 ns, 3.0 V VDD at 85. Also a Smart Card application chip which is embedded with the 1-Mbit FeRAM macro showed 30% faster download time than one with EEPROM.

Recently, Wu-Chieu proposed an improvement to their original scheme, in order to make the scheme withstand impersonation attacks. However, the improved scheme is susceptible to an off-line password guessing attack and is inefficiently designed. Accordingly, the current letter demonstrates the vulnerability of Wu-Chieu's modified scheme to an off-line password guessing attack and evaluates the efficiency of their schemes and related schemes.

Differential power analysis (DPA) is an effective technique that extracts secret keys from cryptographic systems through statistical analysis of the power traces obtained during encryption and decryption operations. This letter proposes symmetric discharge logic (SDL), a circuit-level countermeasure against DPA, which exhibits uniform power traces for every clock period by maintaining a set of discharge paths independent of input values. This feature minimizes differences in power traces and improves resistance to DPA attacks. HSPICE simulations for the test circuits using 0.18 µm TSMC CMOS process parameters indicate that SDL reduces power differences by an order of magnitude, compared to the existing circuit-level technique.

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. Recently, Lee et al. have proposed an efficient nonce-based scheme for remote user authentication using smart cards. This work reviews Lee et al.'s authentication scheme and provides a security analysis on the scheme. Our analysis shows that Lee et al.'s scheme does not achieve its basic aim of authenticating remote users and furthermore has a very hazardous method for changing passwords. In addition, we recommend some changes to the scheme so that it can attain at least its main security goal.

In 2000, Sandirigama, Shimizu, and Noda proposed a simple password authentication scheme, SAS. However, SAS was later found to be flawed. Recently, Chen, Lee, Horng proposed two SAS-like schemes, which were claimed to be more secure than similar schemes. Herein, we show that both their schemes are still vulnerable to denial-of-service attacks. Additionally, Chen-Lee-Horng's second scheme is not easily reparable.

Recently, Chien et al. proposed an efficient timestamp-based remote user authentication scheme using smart cards. The main merits include: (1) user-independent server, i.e., there is no password or verification table kept in the server; (2) users can freely choose their passwords; (3) mutual authentication is provided between the user and the server; and (4) lower communication and computation cost. In this paper, we show that Chien et al.'s scheme is insecure against forgery attack because one adversary can easily pretend to be a legal user, pass the server's verification and login to the remote system successfully. An improved scheme is proposed that can overcome the security risk while still preserving all the above advantages.

Recently, Juang proposed an efficient password authenticated key agreement scheme using smart cards for the multi-server architecture. Juang's scheme was intended to provide mutual authentication and session key agreement. Herein, we show that Juang's scheme is vulnerable to a privileged insider's attack and is not easily reparable. Furthermore, it does not provide forward secrecy and the user eviction mechanism.