Internet Applications Development

IC-XCard (SmartCard) Control

IC-XCard Control for SmartCards is a set of custom controls that enable Internet (and Intranet) applications to easily access microprocessor and memory SmartCards. The controls are designed to provide safeguarded data exchange over the Internet without requiring low level I/O or protocol knowledge. SmartCard low level API functions are simplified to control member functions configured by the control properties. The data access control provides the connection point between your application and the SmartCard data.

Security

The HealthData ActiveX IC-XCard Control uses 128byte encryption for all Internet data exchange to ensure privacy of the SmartCard data. Public key cryptography is a system in which keys or passwords to encrypt/decrypt are generated in pairs. One password is public and one is private. Anyone can encrypt messages with the public key (password); however only the private key is able to decrypted the information. Therefore: only the client server which generated the password pair can decrypt the data.

How do these compare to Java cards?

IC-XCard Control was specifically written to address the problem of carrying health information on a SmartCard and transferring this information securely over the Internet. The application was prototyped for the TB Net project; however IC-Xcard control can be used for information of any nature.

There are Java cards currently being developed. These cards appear to target, and have large a huge application, in the telephone and banking industries. Their primary focus is on encrypted electronic signatures, not data storage of a medical record nature. The cards are projected to cost more than the standard memory card, they in fact appear to use the most expensive SmartCard available, and their capacity is reduced since the Java Virtual Machine code must be stored on the card. A special version of the JAVA API was created just for these cards. The cards do not appear to be as upwardly compatible since future Java releases require card and controlling software upgrades. The ActiveX cards use less expensive memory cards with the data protected by the 128byte encryption key.

These JAVA cards are not compatible with the JAVA API in Internet Explorer or Netscape therefore, they are not intended to work via the Internet. While these cards do implement a fully open system of programming and card usage, they are NOT Internet read/writable. There are ways to work around this problem, however that would involve linking the Java VM from the browser to the Java VM on the card which would involve ActiveX. This would likewise defeat the platform independence of the Java card, it's only selling point. Please see our Java Versus ActiveX page for a more detailed explanation of why the two are not the same and the weaknesses of both.