Abstract

Smart card systems differ from conventional computer systems in that different aspects of the system are not under a single trust boundary. The processor, I/O, data, programs, and network may be controlled by different, and hostile, parties. We discuss the security ramifications of these “splits ” in trust, showing that they are fundamental to a proper understanding of the security of systems that include smart cards. 1