OSGi World Congress Presentation Template
Download
Report
Transcript OSGi World Congress Presentation Template
Gemplus and OSGI
Benjamin Maury
10.23.03
Gemplus Introduction
World Leader for Smart Card Solutions
Smart Solutions in Telecommunications
Beyond the SIM with applications and Over the Air Platform
Trusted Solutions for finance and security
Banking: differentiated services
Retail: customer loyalty
ID and Security: Government and Enterprise
Security expertise delivered by Business Development Group
Digital Security
Operating Systems
Technology-driven business
What is the Gemplus Automotive Approach?
Leverage our telecom and security expertise in automotive
market :
Provide more flexibility to the SIM Card
Ensuring end to end security in Electronic Control Unit Software
Download
Enabling Multi services Token for services personalization
Requirements for services life cycle flexibility and security
OSGI Lite Implementation
J2ME
API
JC API
Language
Java subset
VM
JCVM
CLDC API
J2SE
J2EE
P4
...
CDC
P3
P2
...
CLDC
MIDP
Java Card
API
CDC API
Java
JVM
KVM
OSGI
API
Gemplus and Java
More than 50% of our products are Java compliant
Migration from proprietary platform towards open platform
As a smart card leader we have to be the first at the
standardization level
JSR 177 – Secure the Java Mobile Environment with security
services coming from SIM Card
Why OSGI for the next Java Card Platform?
Next Generation smart cards will require dynamic service
management
Need for OSGI lite in order to have a flexible way to manage
application
Need for adapting Performance and Hardware constraints due
to the small smart card environment
Gemplus is proposing an OSGI framework for the next Java
Card platform
Our light OSGI Implementation
Implements only the Core OSGI Features (possibly a subset)
KVM-like java platform Development for smart card
Communication is provided by an embedded TCP/IP stack
For smart card first but possible extension to small foot print
environment
OSGI Security Approach
Our OSGi Security approach
Open environment means more risk exposure and more security
requirements
Objective is to have an end to end security chain from
development to application use
The security level is always given by the weakest element
So far, usage of Global Platform to manage our open platform
Our products are based on Global Platform and have a security validated by
EAL5+ (Evaluation Assurance Level) Certification
OSGi Security scheme remains open and has to be defined by
OSGi solution integrators
Java is Open but Possibly Secured
Java and security
Code download post-issuance
Multi-application
Applet / platform separation
Risks
Non Verified Application (Trojan horses)
Problems of trust and rights delegation
Enforcement of chain trust
Risk assessment to evaluate the vulnerability
Identity of each involved party can be checked (authentication)
Answer to Integrity and Confidentiality of data Needs
Secure the Java Virtual Machine
End to end Security Services
GSM/GPRS,
UMTS
Shops
Application
Server
Multi-application
Post-issuance
capabilities
Signature and
encryption of
application
Internet
Complete security chain to reach high security level
Parallel can be made with the Automotive World
GSM/GPRS,
UMTS
Dealers
Application
Server
Multi-application
Post-issuance
capabilities
Signature and
encryption of
application
Internet
WLAN
The same requirements exist for the automotive market
Conclusion
OSGi is a candidate for New Generation Java Card
management framework
OSGI brings flexibility but great care has to be taken concerning
the complete security chain
Gemplus has an end to end security expertise and has
experimented an OSGI lite implementation
Questions?
[email protected]