Where is our

smart card

AppStore?

Eric Vétillard

Cardis 2010

SIM Toolkit

Menus & interactions

from the SIM card

Java Card 1.0

Platform interoperability

Application portability

But …

Applications are scripts

Java Card 2.1

Full-blown applications

Multi-application cards

Binary interoperability

…

But …

APDUs

Java Card 2.2

RMI

Hiding the low-level protocol

But …

not universal

Smart Card

Web Server

Based on standard protocols

HTTP, TLS, …

But …

Still APDUs

Many limitations

Java Card 3.0

Full blown Web Server

TCP/IP based

Ultimate

(2010)

OpenPlatform 2.0.1’

Interoperable card management

But …

One actor ?

GlobalPlatform 2.1

Supports multiple providers/roles

But …

not very SIM-oriented

GlobalPlatform 2.2

SIM-oriented

Full UICC profile,

Supports NFC

But …

APDU

GlobalPlatform 3.0

Fully IP-based

Supports SCWS

Ultimate

(2010)

Impressive

• Open

• Interoperable

• Multi-application

• High-level protocols

• Standard protocols

• Full IP support

• Interoperable app management

• Multiple providers

• Works on UICC

• Manages Web servers

But …

Who cares ?

Open

Not everybody cares about that

No Java Card in China

Proprietary frameworks

Operators are “big enough”

Interoperable

Yes, we all like that

But … we don’t get it easily

Functional interop takes years

No security interop (yet)

Multi-application

Few people really care

Applications are often tightly linked

( Some use cases in the SIM area )

Multi-provider

Nobody cares

In fact, it is mostly annoying

Before NFC, no multi-provider cards

It may still kill NFC

High-level protocols

Only developers care

Who cares about developers?

Standard Protocols

Standard? Not on cards!

Handset vendors are slow to react

SCWS support ?

USB SIM interface ?

Why?

Cards are TokensProgrammable tokens

but still tokens

Wait !!

SIM cards !!

SIM cards are more than tokens

For the benefit of a single operator

Losing value in a connected world

Nice biz model (20th century)

NFC !!

NFC supports multiple providers

Have you seen NFC deployments ?

Have you seen NFC biz models ??

Back to the brand, plus revenues

No Future ?

Assets ?

Secure

Small

Cheap

Manageable

Personalizable

= Personal

= Trusted

= Here

Environment ?

Cloud

Interconnection,

all data accessible

Identity?

Mobile

Here and Now

Generative, Interactive

Me

You

Here

Soooo what ??

(some) research issues

Open Card Platforms

The technology is there (almost)

Leveraging Locality

Think at the System Level

Think at the Human Level

Getting to Trust

Where is my App Store?

Most likely, it will not come

Smart cards are in the

infrastructure

Smart cards are lacking …

Where is my App Store?

Thank you!

For more information

• Sources of inspiration

– Usual suspects: Bruce, Ross, and friends

– More industrial: Ajit Jaokar, Umair Haque

– Compiled: http://javacard.vetilles.com

• Image credits from Flickrculdesac par Gabba Gabba Hey! iconwall by liquidx

appstoreiphone by Lee Bennett fuzzyball by andymangold

androidmarket by Fragments of Eternity

neons_night by an untrained eye mom_child_trust by Isobel T

neons_toss by Neato Coolville Lightbulb by jamie hladky