multi-application in smart card-based devices christophe colas, ccolas@ingenico.fr chief software...

Multi-Application in Smart Card-based

DevicesChristophe Colas, ccolas@ingenico.fr

Chief Software ArchitectAugust 2002

2

Smart Card Systems

Card Personalization / Issuance

Back-end Systems

Card Accepting Devices

Post-Issuance Transactions (1)

Post-Issuance Transactions (2)

Smart Card

3

Smart Card Systems (2)3 Types of Processing Units

Smart CardCard Accepting Devices (CADs)Back-end Systems

Complete Application split into these Processing Units

4

GlobalPlatform Key Focus Portability and Management of Applications

across Smart Cards (Card Committee) Smart Card Management System (System

Committee) Smart Card + Back-end Systems

Portability and Management of Application across CADs (Device Committee)

The remainder is strongly application specific…

5

Smart Card Systems and GP

Card Personalization / Issuance

Back-end Systems

Card Accepting Devices

Post-Issuance Transactions (1)

Post-Issuance Transactions (2)

Smart Card

6

CAD Issues

More and more Variety of Devices e.g. User Interface, Communication

Devices are getting more ComplexMultiplication of Development for

Different Types of PlatformsLonger Certification Process

7

GlobalPlatform Device Objectives

Reduce Development and Certification Cost

Preserve Application Software Investments Offer independence from Hardware

providers Enable easy addition of new services to

final customers Facilitate secure remote maintenance in

multi-application environment

8

GlobalPlatform Device Committee Deliverables

GlobalPlatform Device Framework (GPDF) 2.0For Device Application DevelopmentProvides Application Architecture and

APIsBased on Java technology

Application Installation and Security

9

GlobalPlatform Device Framework

Based on STIP Technology Minimum Java Runtime Definition Basic Programming Pattern Basic Platform Service Definition

e.g. smart card slot API, cryptography API, data storage API

Multi-Application Environment Designed for Secure-based transactions

Application Firewalling Controlled Access to Device Resources

10

Application Portability Full Portability of a Complete Device

Application for Different Types of Devices is impossible! e.g. User Interface or communication means are

too much different Is possible only

Portability of a module of the Application across several Types of Devices (the Invariant)

Horizontal Interoperability GPDF CLC Concept

Portability of the complete application for a given sets of device types

Vertical Interoperability e.g. STIP EFT/POS Profile

11

GPDF Application Architecture

Application split intoPlatform and Environment-independent

moduleKernel of the application with Device AbstractionContains Application Logic, which is Invariant to

the Device and Environment= Core Logic Component (CLC)Portable across all Types of Devices (e.g. GSM

phones, PDAs, EFT/POS terminals, Set-top boxes, …)

Platform and Environment ModuleCustomize the Kernel

to the Device To the Environment (e.g. country, local rules, …)

Mainly for User Interface and Communications

12

GPDF 2.0 ArchitectureBusiness Logic Layer

Core Logic Layer

EnvironmentLayer

STIP Technology Core Framework

BasicDevice

Services

GPDF

Platform

CLCModule

UserInterface

Communi-cation

…

Dev

ice

Ap

plic

atio

n

EventEngine

Storage

Crypto-graphy

Smart CardReader

…

Java Virtual MachineOther

Technologies

Device AbstractionServices

13

Device Application Secure Provisioning

Distribution Format Security at the Distribution Level

Authenticity and Integrity Association with Platform Service Access

Rights

Work in progress with GlobalPlatform and STIP Draft in Fall 2002

14

Ingenico Commitment To Open Technologies

Since 1998, Ingenico is working on standardization of open and interoperable technologies and focused at first on terminal environment

Founding member and active participation in consortiums

Java Environment Development for Secure Devices with small memory footprint

FINREAD EmbeddedFINREAD

15

Ingenico Products New 32-bit Terminal Family supporting

Open Platform Technologies Open Platform components

Embedded JVM supporting JEFF ISO Standard

JEFF is a highly optimized Java executable format for embedded systems to reduce memory footprint

STIP 2.1, GPDF 2.0 and FINREAD INGEODE

INGEnico Open Development Environment

16

Thank you!Any questions?

ccolas@ingenico.fr

Ingenico’s payment solution for the 21th century !

Ingenico’s payment solution for the 21th century !