It seems that this year’s Java Card offering at e-Smart was fairly small, so the Java Card session had to be extended to include more topics. One of the presentations, from Gemalto, was about the plug-and-play authentication product.

This is not new, and it has been around for a while. Plug and play has been unreachable for smart cards for a long time, and it basically remains unreachable for classical smart cards. But if you include a USB interface and embed your card in a form factor that can be directly plugged into a USB port (i.e., a USB key), then you can pretend to be something else, and in particular, a USB mass storage device. This allows auto-run to be activated, so the required driver and software can be directly loaded into the PC. Here we are: plug-and-play!

This is very nice for Gemalto’s target market, which relies on a single application, loaded on the smart card (a network authentication application). However, the products I like are open, and this one isn’t. Gemalto may be offering an open version of their product, but I am not sure about the application model. It is fairly complex, at it requires at least a PC application and a card application. The card application is naturally a Web server, which is now natural. However, the PC side is more complex, in particular if you want to deal with all the security issues that are inherent to today’s PCs. In particular, including some measures that ensure to a certain extent that the PC is not compromised is very difficult. Here, we simply need some specialized middleware that deals with that. Something must exist, and I will try to find it, because it has interesting possible interactions with Java Card 3. If you know about something like that, please send a comment or a note.


  • lexdabear wrote:

    What kind of middleware do you mean?

  • I just mean that I don’t want to write myself all the software that runs on the PC. I am OK to write the applicative layer, that talks to the card applications, but I don’t want to write the low-level stuff: this low-level stuff is the middleware that I would like to get.

    I am being cautious here, because it could sound like the next RMI fiasco. However, I would like to see something like that, at least as R&D.

Leave a Reply

Your email is never shared.Required fields are marked *