First a bit about Telenor R&I and Telenor.
SIM a widespread technology. Present in all GSM phones. 2.4 billion 2007, more than 3billion today. A SIM card is a small CPU and memory. It is the secure part of the phone system. it is tamper resistant. An application stored in SIM can not be taken out of there. Thre main groups of cardss. Current sim . UICC (global platform. java card 2.x, UICC glboal paltform, java card 3.x).
- Current and future SIM: Today, limited memory, single application.
- Nexte gen SIM (green card): Browser ineraction, NFC, USB interface to the phone (faster than today´s 9.6 kbps). This enables all kinds of bandwidth using stuff inside the card. Can have multiple keys. The sim card can be dividedn into multiple security domains. The ISD (Issuer security domain) is the operator´s stuff. Can contain SIM part, WIB and applications. Master key for the SIM card. Can have several secondary security domains (SSD), have separate keys, but can also have several applications. The primary key can be used to install and remove ful SSDs, but they can not be changed.
Some example applications:
- Credit cards
Question about Telenor´s role: We may be a content provider, the main business will be to enable this service for other. A kind of rental model. That it at least the most probable model being considered by GSMA.
Smart card web server - SCWS.
Allows browser in phones to access services on local SIM card though special URLs. Can run MIDLets running on the card. APDU commands over JSR 177. Don´t know if it will be done, it is technically possible.
- Near Field communication (contactless smart card). Used today for metro ticketing systems, some credit cards. We (Telenor) would like to combine the NFC thingy with applications running on the SIM card. Separate NFC controller on smart card, NFC hw on phone.
How to do provisioning:
- Do it in factories before the card is sent to the custoomer
- Can use OTA (Over the Air) protool to send the thing using SMS or something.
Plug for wireless future from the audience.
UICC is well connected:
- Physcal environemnt, java on phone, SCSW (end user), and the network.
The java card:
- Familiar programming langauge
- Ineteroperable apps etwen manufatureres
- Secure (secure stuff)
- CC EAL 4+ certified (some certification thingy)
- java card 2.1. API
Service providers, network operatores, handset vendors, trusted service managers (TSMs). Some kind of trusted third party is necessary.
Even more future cards
- In essence the the cards become full computers.
Question: How will the keys be managed? Well, you need an agreement with TSMs.