Multi-Application in Smart Card-based Devices

1
Multi-Application in Smart Card-based Devices

• Christophe Colas, ccolas_at_ingenico.frChief
  Software ArchitectAugust 2002

2
Smart Card Systems
Back-end Systems
Card Personalization / Issuance
Smart Card
Post-Issuance Transactions (2)
Post-Issuance Transactions (1)
Card Accepting Devices
3
Smart Card Systems (2)

• 3 Types of Processing Units
• Smart Card
• Card Accepting Devices (CADs)
• Back-end Systems
• ? Complete Application split into these
• Processing Units

4
GlobalPlatform Key Focus

• Portability and Management of Applications across
  Smart Cards (Card Committee)
• Smart Card Management System (System Committee)
• Smart Card Back-end Systems
• Portability and Management of Application across
  CADs (Device Committee)
• The remainder is strongly application specific

5
Smart Card Systems and GP
Back-end Systems
Card Personalization / Issuance
Smart Card
Post-Issuance Transactions (2)
Post-Issuance Transactions (1)
Card Accepting Devices
6
CAD Issues

• More and more Variety of Devices
• e.g. User Interface, Communication
• Devices are getting more Complex
• Multiplication of Development for Different
  Types of Platforms
• Longer Certification Process

7
GlobalPlatform Device Objectives

• Reduce Development and Certification Cost
• Preserve Application Software Investments
• Offer independence from Hardware providers
• Enable easy addition of new services to final
  customers
• Facilitate secure remote maintenance in
  multi-application environment

8
GlobalPlatform Device Committee Deliverables

• GlobalPlatform Device Framework (GPDF) 2.0
• For Device Application Development
• Provides Application Architecture and APIs
• Based on Java technology
• Application Installation and Security

9
GlobalPlatform Device Framework

• Based on STIP Technology
• Minimum Java Runtime Definition
• Basic Programming Pattern
• Basic Platform Service Definition
• e.g. smart card slot API, cryptography API, data
  storage API
• Multi-Application Environment
• Designed for Secure-based transactions
• Application Firewalling
• Controlled Access to Device Resources

10
Application Portability

• Full Portability of a Complete Device Application
  for Different Types of Devices is impossible!
• e.g. User Interface or communication means are
  too much different
• Is possible only
• Portability of a module of the Application across
  several Types of Devices (the Invariant)
• Horizontal Interoperability
• GPDF CLC Concept
• Portability of the complete application for a
  given sets of device types
• Vertical Interoperability
• e.g. STIP EFT/POS Profile

11
GPDF Application Architecture

• Application split into
• Platform and Environment-independent module
• Kernel of the application with Device Abstraction
• Contains Application Logic, which is Invariant to
  the Device and Environment
• Core Logic Component (CLC)
• Portable across all Types of Devices (e.g. GSM
  phones, PDAs, EFT/POS terminals, Set-top boxes,
  )
• Platform and Environment Module
• Customize the Kernel
• to the Device
• To the Environment (e.g. country, local rules, )
• Mainly for User Interface and Communications

12
GPDF 2.0 Architecture
Business Logic Layer
Core Logic Layer
CLC Module
Environment Layer
Device Application
GPDF
User Interface
Communi- cation

Storage
Smart Card Reader
Basic Device Services
Device Abstraction Services
Crypto- graphy

STIP Technology Core
Framework
Other Technologies
Event Engine
Java Virtual Machine
Platform
13
Device Application Secure Provisioning

• Distribution Format
• Security at the Distribution Level
• Authenticity and Integrity
• Association with Platform Service Access Rights
• Work in progress with GlobalPlatform and STIP
• Draft in Fall 2002

14
Ingenico Commitment To Open Technologies

• Since 1998, Ingenico is working on
  standardization of open and interoperable
  technologies and focused at first on terminal
  environment
• Founding member and active participation in
  consortiums
• Java Environment Development for Secure Devices
  with small memory footprint

Embedded FINREAD
FINREAD
15
Ingenico Products

• New 32-bit Terminal Family supporting Open
  Platform Technologies
• Open Platform components
• Embedded JVM supporting JEFF ISO Standard
• JEFF is a highly optimized Java executable format
  for embedded systems to reduce memory footprint
• STIP 2.1, GPDF 2.0 and FINREAD
• INGEODE
• INGEnico Open Development Environment

16
Ingenicos payment solution for the 21th century !
Thank you! Any questions? ccolas_at_ingenico.fr