Post on 14-Jul-2015
Where is our
smart card
AppStore?
Eric Vétillard
Cardis 2010
SIM Toolkit
Menus & interactions
from the SIM card
Java Card 1.0
Platform interoperability
Application portability
But …
Applications are scripts
Java Card 2.1
Full-blown applications
Multi-application cards
Binary interoperability
…
But …
APDUs
Java Card 2.2
RMI
Hiding the low-level protocol
But …
not universal
Smart Card
Web Server
Based on standard protocols
HTTP, TLS, …
But …
Still APDUs
Many limitations
Java Card 3.0
Full blown Web Server
TCP/IP based
Ultimate
(2010)
OpenPlatform 2.0.1’
Interoperable card management
But …
One actor ?
GlobalPlatform 2.1
Supports multiple providers/roles
But …
not very SIM-oriented
GlobalPlatform 2.2
SIM-oriented
Full UICC profile,
Supports NFC
But …
APDU
GlobalPlatform 3.0
Fully IP-based
Supports SCWS
Ultimate
(2010)
Impressive
• Open
• Interoperable
• Multi-application
• High-level protocols
• Standard protocols
• Full IP support
• Interoperable app management
• Multiple providers
• Works on UICC
• Manages Web servers
But …
Who cares ?
Open
Not everybody cares about that
No Java Card in China
Proprietary frameworks
Operators are “big enough”
Interoperable
Yes, we all like that
But … we don’t get it easily
Functional interop takes years
No security interop (yet)
Multi-application
Few people really care
Applications are often tightly linked
( Some use cases in the SIM area )
Multi-provider
Nobody cares
In fact, it is mostly annoying
Before NFC, no multi-provider cards
It may still kill NFC
High-level protocols
Only developers care
Who cares about developers?
Standard Protocols
Standard? Not on cards!
Handset vendors are slow to react
SCWS support ?
USB SIM interface ?
Why?
Cards are TokensProgrammable tokens
but still tokens
Wait !!
SIM cards !!
SIM cards are more than tokens
For the benefit of a single operator
Losing value in a connected world
Nice biz model (20th century)
NFC !!
NFC supports multiple providers
Have you seen NFC deployments ?
Have you seen NFC biz models ??
Back to the brand, plus revenues
No Future ?
Assets ?
Secure
Small
Cheap
Manageable
Personalizable
= Personal
= Trusted
= Here
Environment ?
Cloud
Interconnection,
all data accessible
Identity?
Mobile
Here and Now
Generative, Interactive
Me
You
Here
Soooo what ??
(some) research issues
Open Card Platforms
The technology is there (almost)
Leveraging Locality
Think at the System Level
Think at the Human Level
Getting to Trust
Where is my App Store?
Most likely, it will not come
Smart cards are in the
infrastructure
Smart cards are lacking …
Where is my App Store?
Thank you!
For more information
• Sources of inspiration
– Usual suspects: Bruce, Ross, and friends
– More industrial: Ajit Jaokar, Umair Haque
– Compiled: http://javacard.vetilles.com
• Image credits from Flickrculdesac par Gabba Gabba Hey! iconwall by liquidx
appstoreiphone by Lee Bennett fuzzyball by andymangold
androidmarket by Fragments of Eternity
neons_night by an untrained eye mom_child_trust by Isobel T
neons_toss by Neato Coolville Lightbulb by jamie hladky