150 likes | 531 Views
Gemplus and OSGI Benjamin Maury 10.23.03 Gemplus Introduction World Leader for Smart Card Solutions Smart Solutions in Telecommunications Beyond the SIM with applications and Over the Air Platform Trusted Solutions for finance and security Banking: differentiated services
E N D
Gemplus and OSGIBenjamin Maury 10.23.03
Gemplus Introduction • World Leader for Smart Card Solutions • Smart Solutions in Telecommunications • Beyond the SIM with applications and Over the Air Platform • Trusted Solutions for finance and security • Banking: differentiated services • Retail: customer loyalty • ID and Security: Government and Enterprise • Security expertise delivered by Business Development Group • Digital Security • Operating Systems • Technology-driven business
What is the Gemplus Automotive Approach? • Leverage our telecom and security expertise in automotive market : • Provide more flexibility to the SIM Card • Ensuring end to end security in Electronic Control Unit Software Download • Enabling Multi services Token for services personalization • Requirements for services life cycle flexibility and security
J2ME Java Card J2SE J2EE CLDC CDC MIDP P3 P4 P2 API Language VM API . . . . . . API CDC API CLDC API JC API Java subset Java JVM KVM JCVM OSGI
Gemplus and Java • More than 50% of our products are Java compliant • Migration from proprietary platform towards open platform • As a smart card leader we have to be the first at the standardization level • JSR 177 – Secure the Java Mobile Environment with security services coming from SIM Card
Why OSGI for the next Java Card Platform? • Next Generation smart cards will require dynamic service management • Need for OSGI lite in order to have a flexible way to manage application • Need for adapting Performance and Hardware constraints due to the small smart card environment • Gemplus is proposing an OSGI framework for the next Java Card platform
Our light OSGI Implementation • Implements only the Core OSGI Features (possibly a subset) • KVM-like java platform Development for smart card • Communication is provided by an embedded TCP/IP stack • For smart card first but possible extension to small foot print environment
Our OSGi Security approach • Open environment means more risk exposure and more security requirements • Objective is to have an end to end security chain from development to application use • The security level is always given by the weakest element • So far, usage of Global Platform to manage our open platform • Our products are based on Global Platformand have a security validated by EAL5+ (Evaluation Assurance Level) Certification • OSGi Security scheme remains open and has to be defined by OSGi solution integrators
Java is Open but Possibly Secured • Java and security • Code download post-issuance • Multi-application • Applet / platform separation • Risks • Non Verified Application (Trojan horses) • Problems of trust and rights delegation • Enforcement of chain trust • Risk assessment to evaluate the vulnerability • Identity of each involved party can be checked (authentication) • Answer to Integrity and Confidentiality of data Needs • Secure the Java Virtual Machine
End to end Security Services GSM/GPRS, UMTS Shops Application Server • Multi-application • Post-issuance capabilities • Signature and encryption of application Internet Complete security chain to reach high security level
Parallel can be made with the Automotive World GSM/GPRS, UMTS Dealers Application Server • Multi-application • Post-issuance capabilities • Signature and encryption of application Internet WLAN The same requirements exist for the automotive market
Conclusion • OSGi is a candidate for New Generation Java Card management framework • OSGI brings flexibility but great care has to be taken concerning the complete security chain • Gemplus has an end to end security expertise and has experimented an OSGI lite implementation
Questions? benjamin.maury@gemplus.com