An EC funded project worked on industrial strength methodologies and related technologies and developed a prototype of a card byte code verifier embedded into a smart card. This verifier constitutes an integral security component allowing autonomous downloads of new applications in the most cost-reliable way.

Digital Economy

Modern information society offers advanced services through the use of methodologies and technologies that display increased dependability. In fact, the more reliable these services are expected to be, the more dependable their system components become, especially for the software-based critical systems. Such systems include smart cards, railway signalling and control systems, as well as healthcare diagnostic systems. Smart cards used in most of our routine transactions are considered as blocks that lock and protect data and applications. They may display several functionalities through new applications in the form of downloadable codes after their first issuance. However, the execution of these applications needs to be done in the most secure way without compromising the reliability and privacy of the smart card system. This project called MATISSE exploited accurate, mathematically-based software engineering methods, or simply formal methods, for supporting validation throughout the development life-cycle. Hence, not only precise specification and design was provided, but also proof model-checking and simulation techniques. These formal methods may lead to higher degrees of safety and reliability of smart cards as well as enhancements to their construction. More specifically, the project developed an embedded byte code verifier - one of the most important security components of the smart card system-for a Java card. With the aid of formal methods, it was mathematically proved that the verifier was implemented according to specifications. Moreover, the card is capable of downloading new applications in the most autonomous way without any hard deployment infrastructure. With the innovative verifier smart card providers are now able to control the validity of the applications independently without any external certification authority. At the same time, the development process offers increased reliability without additional costs in any small object with space constraints using a Java Virtual Machine for integration. The ensured security achieved is expected to increase confidence in smart card transactions promoting the widespread adoption of services such as electronic commerce.