Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Gemplus and OSGI Benjamin Maury 10.23.03 Gemplus Introduction World Leader for Smart Card Solutions Smart Solutions in Telecommunications Beyond the SIM with applications and Over the Air Platform Trusted Solutions for finance and security Banking: differentiated services Retail: customer loyalty ID and Security: Government and Enterprise Security expertise delivered by Business Development Group Digital Security Operating Systems Technology-driven business What is the Gemplus Automotive Approach? Leverage our telecom and security expertise in automotive market : Provide more flexibility to the SIM Card Ensuring end to end security in Electronic Control Unit Software Download Enabling Multi services Token for services personalization Requirements for services life cycle flexibility and security OSGI Lite Implementation J2ME API JC API Language Java subset VM JCVM CLDC API J2SE J2EE P4 ... CDC P3 P2 ... CLDC MIDP Java Card API CDC API Java JVM KVM OSGI API Gemplus and Java More than 50% of our products are Java compliant Migration from proprietary platform towards open platform As a smart card leader we have to be the first at the standardization level JSR 177 – Secure the Java Mobile Environment with security services coming from SIM Card Why OSGI for the next Java Card Platform? Next Generation smart cards will require dynamic service management Need for OSGI lite in order to have a flexible way to manage application Need for adapting Performance and Hardware constraints due to the small smart card environment Gemplus is proposing an OSGI framework for the next Java Card platform Our light OSGI Implementation Implements only the Core OSGI Features (possibly a subset) KVM-like java platform Development for smart card Communication is provided by an embedded TCP/IP stack For smart card first but possible extension to small foot print environment OSGI Security Approach Our OSGi Security approach Open environment means more risk exposure and more security requirements Objective is to have an end to end security chain from development to application use The security level is always given by the weakest element So far, usage of Global Platform to manage our open platform Our products are based on Global Platform and have a security validated by EAL5+ (Evaluation Assurance Level) Certification OSGi Security scheme remains open and has to be defined by OSGi solution integrators Java is Open but Possibly Secured Java and security Code download post-issuance Multi-application Applet / platform separation Risks Non Verified Application (Trojan horses) Problems of trust and rights delegation Enforcement of chain trust Risk assessment to evaluate the vulnerability Identity of each involved party can be checked (authentication) Answer to Integrity and Confidentiality of data Needs Secure the Java Virtual Machine End to end Security Services GSM/GPRS, UMTS Shops Application Server Multi-application Post-issuance capabilities Signature and encryption of application Internet Complete security chain to reach high security level Parallel can be made with the Automotive World GSM/GPRS, UMTS Dealers Application Server Multi-application Post-issuance capabilities Signature and encryption of application Internet WLAN The same requirements exist for the automotive market Conclusion OSGi is a candidate for New Generation Java Card management framework OSGI brings flexibility but great care has to be taken concerning the complete security chain Gemplus has an end to end security expertise and has experimented an OSGI lite implementation Questions? [email protected]