After last year’s push for a phone based on SavaJe (a “small” Java SE technology made for PDAs and mobile phones), the big buzz at this year’s JavaOne will be that Sun is buying SavaJe’s technology, opening the world of mobile phones to mainstream Java SE technology. At the same time, we are working hard […]
JavaOne update
Either I did not wear my glasses last time I looked, or Sun added more sessions to JavaOne. It seems that this next instance of the conference could be a bit interesting. Among the new things, there are technical sessions: One by Sun and Nokia, about JSR-177, entitled What to do with APDU? This is […]
Things are moving …
It seems that things are moving a bit these days. Java Card experts and salespeople have been talking about deploying applications from several issuers on a single card. Last year, I made a desperate call at JavaOne, talking about white card schemes, even though I was starting to get tired of not going anywhere. But […]
Cards are OK, but is Chip & PIN OK ?
A significant part of my job is to evaluate the security of smart cards, in particular in the banking sector. The level of security achieved in today’s card is definitely quite good, and getting a PIN out of a banking smart card remains a very difficult task. Nevertheless, the latest paper of Cambridge’s research lab […]
DRM and Java Card
The DRM world, at least for its music part, is shaking on its grounds, with today’s memo from Steve Jobs. Jobs argues in there that music sold on Internet should be DRM-free, and his main argument is interesting: record companies are selling 90% of their music on DRM-free CD’s, so why bother protecting the rest? […]
JC101-4C: A basic password manager
UPDATED (07/01/08): Fixed compilation bugs. UPDATED (20/12/11): Fixed the “public” thing. In this first installment, we will focus on the data structure that will contain the sensitive data, as well as the identifiers. We’ll first look at the basic design, and then we’ll consider the implementation.
The Java Card Forum is 10 years old
The Java Card Forum was officially founded 10 years ago (in February 1997), and its initial members were Schlumberger, Gemplus, and Bull CP8. This creation was a formal move, since the first meeting only happened 2 months later. Nevertheless, this first move started the work on Java Card in all three companies, and also showed […]
Small details
Every time that a Java Card specification comes out, I like to think that it is a good specification, and in particular that it provides complete information for developers. We have tried hard, but the completeness remains hard to reach. Not that the spec is bad, which is not true. The Java Card Forum has […]
Java Card RMI is useless
When we first presented GemXpresso in 1997, it was made by a bunch of (Gemplus) researchers. We were all very happy, because it was a very nice card, and because it was very simple to program, thanks to Remote Method Invocation (RMI), which freed us from these damn APDU’s. It was possible to generate automatically […]
Should a card initiate transactions ?
In the current smart card application models, the card always acts as a server, and it responds to solicitations from the card terminal. This has many advantages: for instance, the terminal can put the card in “sleep” mode when it does not need it. Some may say that the SIM Toolkit framework is an exception […]