Comprion Tech Day 2009 Dev App Scws

Cellnetrix

© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 1 • 19/6/2009

Developing real-world

smart card web server

applications

Dr. Vladimir Nagin

Managing Director

Cellnetrix R&D Center

Making Mobility

More Secure…

Cellnetrix

Contents


Smart Card Web Server technology from a developer point of view

SIM Application toolkit vs. Smart card web server workflow

Typical SCWS procedures and processes

Conclusion

Cellnetrix


Some facts about the company

• 2006. Cellnetrix was established as an R&D company focused on the software development for smart cards complying with modern requirements for convergence, network connectivity and interoperability

• 2007. In order to address global market demands Cellnetrix opened an office in Hamburg, Germany. Company gets an international status with the headquarter based in Germany and R&D center located in Russia

• 2007. After successful completion of several smart card development projects the company concentrated on solutions which help to make wireless mobility safer and more secure

• 2008 . Today Cellnetrix delivers to its customers secure software solutions targeted for various mobile networks such as GSM, UMTS or CDMA, as well as WLAN and the Internet and provides professional services for mobile operators, service providers, smart card and software vendors

Software and services provided by Cellnetrix are based on open

technologies and standards such as OMA, ETSI, 3GPP, ISO, Global platform

and active use of Java technologies.

Cellnetrix


Cellnetrix competence domains

Software for smart cards and

secure devices based on Java

Card 2.2.1/2.2.2 UICC platform

Value-added

applications development

enhancing mobile trust

and security

cellApps

Over-the-Air management

services for (U)SIM and

R-UIM

cellSIM

cellOTA

Cellnetrix


Smart card web server and related technologies

Dynamic SIM toolkit

Smart card web server

WAP 2.0

Mobile optimized html/xhtml

WM/Symbian/J2ME on-device portals

2003 2005 2007 2009

Different dynamic portal

technologies will coexist in the

nearest future. Smart card web

server has a chance to become a

major on-device portal

technology owing to operator

ownership and control.

Cellnetrix

Smart Card Web Server: developer point of view


From a developer point of view Smart Card Web Server is seen as a HTTP 1.1

server with extended functionality such as:

•Chunked encoding;

•Keep-alive connection;

•Cache management;

•Pipelining;

•Authentication;

•Servlet support.

And available via http://127.0.0.1:3516/ to the outer world;

Physically 2 layers can be used to access the server:

1. using ISO7816 and BIP;

2. via USB-IC and Ethernet Emulation Layer in (U)SIM card itself

http://127.0.0.1:3516/

Cellnetrix

SCWS Architecture Overview


Static content

Administrative

commands

processorJava SCWS API

Java VM &JRE

Native resources

T=0

BIP

HTTP Web Server

(U)SIM Toolkit

Applets

Toolkit API

Dynamic content

( servlets )

TCP/IP

EEM

USB-IC

TLS layer

A servlet is a way to generate the

dynamic content.

It is a Java Card applet registered

to the SCWS and mapped to one or

several URIs

A standardized JavaCard API

(ETSI TS 102 588 Release 7) is

provided

Servlets are triggered by SCWS

what is similar to SIM toolkit event

concept

File System

Cellnetrix

CAT/USAT Applications Development Workflow


*.java files

*.cap / *.ijc

converted files

Co

mp

ilatio

n a

nd

co

nvers

ion

Do

wn

load

to a

ph

ysic

al J

C 2

.2

card

Testing with

real handsets

IDE with java level

simulation

Development and Unit

Testing

Card level simulator

Physical (U)SIM

card

Testing with handset

emulator

APDU-based tests

Cellnetrix

SCWS Applications Development Workflow


*.java files

*.cap / *.ijc

converted files

(JC 2.2 case)

Co

mp

ilatio

n a

nd

co

nvers

ion

Do

wn

load

to a

ph

ysic

al c

ard

Testing with

real handsets

IDE with java level

simulation

Development and Unit

Testing

Card level simulator

Physical (U)SIM

card

Testing with Internet

browsers

(IE,Firefox,Opera)

Testing with handset

emulator

Static data

Up

load

to th

e p

hysic

al c

ard

via

Ad

min

sessio

n

Application level testing

(HTTP,…)

APDU-level

testing

Transport level

testing

Cellnetrix

Protocol stack for BIP-based SCWS implementation


cd Protocol Stack

OSI Layers Web Browser BIP Proxy SCWS

1: PHY

2: LINK

3: NET

4: TRANSP

5: SESS

6: PRES

7: APP

1,2: Ethernet

3: IP

4,5: TCP

6: MIME

7: HTTP

1,2: Ethernet

3: IP

4,5: TCP

6: MIME

7: HTTP

1,2,3: ISO 7816

(T=0 or T=1)

4,5: BIP

6: MIME

7: HTTP

1,2,3: ISO 7816

(T=0 or T=1)

4,5: BIP

6: MIME

7: HTTP

Cellnetrix

SCWS Registration


ad SCWS Operation

PROFILE_DONWLOAD

«loop»

UICC serv er registrationBIP supported?

Terminal profile

Other initialization

End

[yes]

SCWS usually makes itself available

after receiving Terminal Profile from the

handset

Cellnetrix

SCWS Registration


ad UICC Serv er Registration

Start

Issue OPEN CHANNEL in

UICC Serv er Mode

Max number of channels used?

End

Listen port

number

HTTP Request

Handler

Initialize corresponding

request handler with the

BIP channel ID

The operation is executed for each configured request handler.

Usually, if we need to handle N simulatneous requests on M ports,

that will require N*M HTTP request handlers each occupying one

BIP channel.

BIP channel attrs

State

[yes]

Cellnetrix

SCWS Operation


ad SCWS Operation

CHANNEL_STATUS

DATA_AVAILABLE

BIP channel ID valid?Channel status change

processing

HTTP Request

Handler

BIP channel

attrs

End

BIP channel ID valid?Inbound data processing

End

[yes]

[yes]

Cellnetrix

BIP Channel States


sm BIP Channel States

Initial

TCP in CLOSED state TCP in LISTEN state

TCP in ESTABLISHED

state

Error

This state chart shows possible states and transitions for BIP

channels operated in UICC server mode.

SCWS closes connection

SCWS closes connection

Error happens

Client closes connection

TCP handshake successful

Server socket opensBIP

channel

requested

Cellnetrix

Typical SCWS design


cd SCWS

SCWS ov er BIP

BIP

Request Processing

AIAPI

URL Trigger

HTTP Request Handler

Request Data

Response Data

Content Provider

URL Trigger

I/O Buffer Channel StateBIP Ev ent Dispatcher

HTTP Request Sink

One for each request to

be served concurrently

Processor

HTTP Response

Source

Handler State

Serv ice Registry

URL Trigger

Content Provider

List of Content

Prov iders

Request Processing

API

Inv oker

HTTP Helpers

«delegate»

«trace»

«trace»

«delegate»

«trace»

«trace»

«delegate»

«delegate»

«delegate»

«delegate»

«trace»

«delegate»

Cellnetrix

Conclusion


Lack of mobile handsets with SCWS support

Despite the strong market demands there are only a few commercial handsets which support SCWS functionality

Interoperability problems

First trials show that there are some interoperability problems with SCWS handset appearing on the market. There are no automated test suites available to test SCWS implementation both on card and handset side.

Expensive roll-out

All (U)SIM cards should be exchanged to support new functionality. If SCWS is implemented over TCP performance requirements for (U)SIM cards are higher.

Migration path from Dynamic SIM toolkit to SCWS based services

Currently available mobile services based on Dynamic SIM toolkit might be migrated onto SCWS platform. Major SIM toolkit commands such as Setup Call, Send SMS or USSD must be supported.

SCWS technology has a chance to become a major on-device portal

solution in the upcoming years if some of main problems are solved:

Cellnetrix


Conclusion….

Thank you for your attention!

We’re pleased to answer your questions!

Cellnetrix R&D Center

Yablonevaya alleya, 313a,

Zelenograd, Moscow, Russia, 124482

Tel . +7(495) 944-66-90

Fax. +7(495) 536-57-63

Cellnetrix GmbHHolstenkamp 54,

D-22525 Hamburg, Germany

Tel. + 49 40 891 062

Fax.+ 49 40 891 064

Email:

Web: http://www.cellnetrix.com

http://www.cellnetrix.com/

Comprion Tech Day 2009 Dev App Scws

Documents

Transcript of Comprion Tech Day 2009 Dev App Scws