With the release of Java Card 3.0, it seems that we have finally reached the end of the road to Bandol (Sun’s internal codename for that release), and we are starting to go down another road, which has not yet been named.
As this blog’s title becomes obsolete, I thought that I would seize this opportunity to widen a little bit its scope. You may have noticed in the recent weeks some posts that have little to do with smart cards, such as the one on Android security. Well, these posts are actually related to Java Card 3, because we are here talking about competing/complementary technologies (we still haven’t found out). As I strongly feel that Java Card 3 can only be a success if it finds interesting and valuable use cases, it becomes very important to include some discussions about the security of personal technologies.
The personal aspect is also a direct consequence of one of my strong beliefs. Security can be very good at protecting individual end-users, and it can help companies trust their users and partners. This enables very interesting business models, because trust is paramount in setting up business relationships. On the opposite, when security is used against the end users, we get to things like the Sony rootkit fiasco. This does not mean that DRM is bad, or that DRM should not be around; it simply means that using rootkit-based DRM is bad, and that DRM should be used in other ways, which also take in consideration the interests of the end-user (we’ll get back to that in another post). So, our focus in terms of security should be the end-user: not because the end-user wants it, but because the personal security of the end-user is an enbler of sound business relationships.
Despite all these changes, Java Card will remain at the heart of this blog, and long-term efforts like the tutorial will continue. And of course, the URL does not change, and it will still include javacard in it.