OSGi World Congress Presentation Template

Download Report

Transcript OSGi World Congress Presentation Template

Gemplus and OSGI
Benjamin Maury
10.23.03
Gemplus Introduction
 World Leader for Smart Card Solutions
 Smart Solutions in Telecommunications
 Beyond the SIM with applications and Over the Air Platform
 Trusted Solutions for finance and security
 Banking: differentiated services
 Retail: customer loyalty
 ID and Security: Government and Enterprise
 Security expertise delivered by Business Development Group
 Digital Security
 Operating Systems
 Technology-driven business
What is the Gemplus Automotive Approach?


Leverage our telecom and security expertise in automotive
market :

Provide more flexibility to the SIM Card

Ensuring end to end security in Electronic Control Unit Software
Download

Enabling Multi services Token for services personalization
Requirements for services life cycle flexibility and security
OSGI Lite Implementation
J2ME
API
JC API
Language
Java subset
VM
JCVM
CLDC API
J2SE
J2EE
P4
...
CDC
P3
P2
...
CLDC
MIDP
Java Card
API
CDC API
Java
JVM
KVM
OSGI
API
Gemplus and Java
 More than 50% of our products are Java compliant
 Migration from proprietary platform towards open platform
 As a smart card leader we have to be the first at the
standardization level
 JSR 177 – Secure the Java Mobile Environment with security
services coming from SIM Card
Why OSGI for the next Java Card Platform?
 Next Generation smart cards will require dynamic service
management
 Need for OSGI lite in order to have a flexible way to manage
application
 Need for adapting Performance and Hardware constraints due
to the small smart card environment
 Gemplus is proposing an OSGI framework for the next Java
Card platform
Our light OSGI Implementation
 Implements only the Core OSGI Features (possibly a subset)
 KVM-like java platform Development for smart card
 Communication is provided by an embedded TCP/IP stack
 For smart card first but possible extension to small foot print
environment
OSGI Security Approach
Our OSGi Security approach
 Open environment means more risk exposure and more security
requirements
 Objective is to have an end to end security chain from
development to application use
 The security level is always given by the weakest element
 So far, usage of Global Platform to manage our open platform
 Our products are based on Global Platform and have a security validated by
EAL5+ (Evaluation Assurance Level) Certification
 OSGi Security scheme remains open and has to be defined by
OSGi solution integrators
Java is Open but Possibly Secured
 Java and security
 Code download post-issuance
 Multi-application
 Applet / platform separation

Risks
 Non Verified Application (Trojan horses)
 Problems of trust and rights delegation
 Enforcement of chain trust




Risk assessment to evaluate the vulnerability
Identity of each involved party can be checked (authentication)
Answer to Integrity and Confidentiality of data Needs
Secure the Java Virtual Machine
End to end Security Services
GSM/GPRS,
UMTS
Shops
Application
Server
Multi-application
Post-issuance
capabilities
Signature and
encryption of
application
Internet
Complete security chain to reach high security level
Parallel can be made with the Automotive World
GSM/GPRS,
UMTS
Dealers
Application
Server
Multi-application
Post-issuance
capabilities
Signature and
encryption of
application
Internet
WLAN
The same requirements exist for the automotive market
Conclusion
 OSGi is a candidate for New Generation Java Card
management framework
 OSGI brings flexibility but great care has to be taken concerning
the complete security chain
 Gemplus has an end to end security expertise and has
experimented an OSGI lite implementation
Questions?
[email protected]