Linuxnet.com - MUSCLE - Linux Smart Card Development


	MUSCLE - Movement for the Use of Smart Cards in a Linux Environment. MUSCLE is a project to coordinate the development of smart cards and applications under Linux. The purpose is to develop a set of compliant drivers, API's, and a resource manager for various smart cards and readers for the GNU environment. Sourc e code is now distributed by this site that supports the Schlumbeger Reflex 60 line of reader and all ISO-7816-4 compliant smart cards. I would like to see a Linux resource manager for smart cards and other cryptographic tokens such as Ibuttons or SecureI d. A good standpoint for this is the PC/SC specifications written for Microsoft OS.
	HISTORY The traditional magnetic stripe card has become a necessity for every day life. It is used to obtain money from ATMs, as a regular credit (or debit) card, and even as identification. The magnetic stripe works by encoding an identifier on a magnetic tape in a manner similar to a computer writing information onto a floppy disk. The card passes its information to the reader and the reader verifies that the information exists on the reader side. This method, though powerful, has proved to be insecure in many instances since a one way authentication method is used. Magnetic stripe cards are easy to reproduce fraudulently, and many use no form of encryption on their identifier. Cards without PIN numbers can be used by anyone and card numbers can be passed out over the phone making purchasing fraud simple. Since a smart card uses multi directional interaction between the card and the reader, true authentication of identity can be met in a more secure way than the traditional magnetic stripe card. The cardholder's identity is held on the card via a secret key. The smart card achieves this capability using a small built in computer (the smart chip). This computer allows the card to interact with the card reader, not just pass information to it. Unlike magnetic cards, this identifier cannot leave the card so there is never an issue of 'sniffing' someone else's identifier. Historically, smart cards have been used as 'purse' or stored value cards. Such cards had little functionality and performed only minor computing tasks such as increasing or decreasing the stored value on the card. More recent smart cards such as the Schlumberger Cryptoflex card, however, contain a smart chip that has roughly the same computing power as the 1970's Radio Shack TRS-80 Model 1 Personal Computer and perform cryptographic functions such as key and certificate verification, encryption, and random number generation. Others, such as the Schlumberger Multiflex cards, have more general functionality. The Cyberflex card, for example, runs Java programs on the card.

	These modern smart cards are currently used in Europe and Asia as a normal credit card, ATM card, pay phone calling card or for vending machines with greatly increased security. Smart card use in the U.S. is currently hindered by the relatively high cost of replacing both the card and reader infrastructure. The multiple uses as well as the vast reduction in fraud, however, are beginning to outweigh the cost factor, and smart cards will surely be part of our daily lives in the next few years.