Eric Vétillard's Cardis2010 Slides

39
Where is our smart card AppStore? Eric Vétillard Cardis 2010

Transcript of Eric Vétillard's Cardis2010 Slides

Page 1: Eric Vétillard's Cardis2010 Slides

Where is our

smart card

AppStore?

Eric Vétillard

Cardis 2010

Page 2: Eric Vétillard's Cardis2010 Slides

SIM Toolkit

Menus & interactions

from the SIM card

Page 3: Eric Vétillard's Cardis2010 Slides

Java Card 1.0

Platform interoperability

Application portability

But …

Applications are scripts

Page 4: Eric Vétillard's Cardis2010 Slides

Java Card 2.1

Full-blown applications

Multi-application cards

Binary interoperability

But …

APDUs

Page 5: Eric Vétillard's Cardis2010 Slides

Java Card 2.2

RMI

Hiding the low-level protocol

But …

not universal

Page 6: Eric Vétillard's Cardis2010 Slides

Smart Card

Web Server

Based on standard protocols

HTTP, TLS, …

But …

Still APDUs

Many limitations

Page 7: Eric Vétillard's Cardis2010 Slides

Java Card 3.0

Full blown Web Server

TCP/IP based

Ultimate

(2010)

Page 8: Eric Vétillard's Cardis2010 Slides

OpenPlatform 2.0.1’

Interoperable card management

But …

One actor ?

Page 9: Eric Vétillard's Cardis2010 Slides

GlobalPlatform 2.1

Supports multiple providers/roles

But …

not very SIM-oriented

Page 10: Eric Vétillard's Cardis2010 Slides

GlobalPlatform 2.2

SIM-oriented

Full UICC profile,

Supports NFC

But …

APDU

Page 11: Eric Vétillard's Cardis2010 Slides

GlobalPlatform 3.0

Fully IP-based

Supports SCWS

Ultimate

(2010)

Page 12: Eric Vétillard's Cardis2010 Slides

Impressive

• Open

• Interoperable

• Multi-application

• High-level protocols

• Standard protocols

• Full IP support

• Interoperable app management

• Multiple providers

• Works on UICC

• Manages Web servers

Page 13: Eric Vétillard's Cardis2010 Slides

But …

Page 14: Eric Vétillard's Cardis2010 Slides

Who cares ?

Page 15: Eric Vétillard's Cardis2010 Slides

Open

Not everybody cares about that

No Java Card in China

Proprietary frameworks

Operators are “big enough”

Page 16: Eric Vétillard's Cardis2010 Slides

Interoperable

Yes, we all like that

But … we don’t get it easily

Functional interop takes years

No security interop (yet)

Page 17: Eric Vétillard's Cardis2010 Slides

Multi-application

Few people really care

Applications are often tightly linked

( Some use cases in the SIM area )

Page 18: Eric Vétillard's Cardis2010 Slides

Multi-provider

Nobody cares

In fact, it is mostly annoying

Before NFC, no multi-provider cards

It may still kill NFC

Page 19: Eric Vétillard's Cardis2010 Slides

High-level protocols

Only developers care

Who cares about developers?

Page 20: Eric Vétillard's Cardis2010 Slides

Standard Protocols

Standard? Not on cards!

Handset vendors are slow to react

SCWS support ?

USB SIM interface ?

Page 21: Eric Vétillard's Cardis2010 Slides

Why?

Page 22: Eric Vétillard's Cardis2010 Slides

Cards are TokensProgrammable tokens

but still tokens

Page 23: Eric Vétillard's Cardis2010 Slides

Wait !!

Page 24: Eric Vétillard's Cardis2010 Slides

SIM cards !!

SIM cards are more than tokens

For the benefit of a single operator

Losing value in a connected world

Nice biz model (20th century)

Page 25: Eric Vétillard's Cardis2010 Slides

NFC !!

NFC supports multiple providers

Have you seen NFC deployments ?

Have you seen NFC biz models ??

Back to the brand, plus revenues

Page 26: Eric Vétillard's Cardis2010 Slides

No Future ?

Page 27: Eric Vétillard's Cardis2010 Slides

Assets ?

Secure

Small

Cheap

Manageable

Personalizable

= Personal

= Trusted

= Here

Page 28: Eric Vétillard's Cardis2010 Slides

Environment ?

Cloud

Interconnection,

all data accessible

Identity?

Mobile

Here and Now

Generative, Interactive

Page 29: Eric Vétillard's Cardis2010 Slides

Me

You

Here

Page 30: Eric Vétillard's Cardis2010 Slides

Soooo what ??

(some) research issues

Page 31: Eric Vétillard's Cardis2010 Slides

Open Card Platforms

The technology is there (almost)

Page 32: Eric Vétillard's Cardis2010 Slides

Leveraging Locality

Page 33: Eric Vétillard's Cardis2010 Slides

Think at the System Level

Page 34: Eric Vétillard's Cardis2010 Slides

Think at the Human Level

Page 35: Eric Vétillard's Cardis2010 Slides

Getting to Trust

Page 36: Eric Vétillard's Cardis2010 Slides

Where is my App Store?

Most likely, it will not come

Smart cards are in the

infrastructure

Smart cards are lacking …

Page 37: Eric Vétillard's Cardis2010 Slides

Where is my App Store?

Page 38: Eric Vétillard's Cardis2010 Slides

Thank you!

Page 39: Eric Vétillard's Cardis2010 Slides

For more information

• Sources of inspiration

– Usual suspects: Bruce, Ross, and friends

– More industrial: Ajit Jaokar, Umair Haque

– Compiled: http://javacard.vetilles.com

• Image credits from Flickrculdesac par Gabba Gabba Hey! iconwall by liquidx

appstoreiphone by Lee Bennett fuzzyball by andymangold

androidmarket by Fragments of Eternity

neons_night by an untrained eye mom_child_trust by Isobel T

neons_toss by Neato Coolville Lightbulb by jamie hladky