Check out the new USENIX Web site.

4 SmartCards for Service Personalization

A smartcard is a plastic card with an embedded microprocessor and memory which allows it to store data and execute code. The main concerns about smartcard include data confidentiality, secure authentication and high computing mobility (due to its small and convenient size). The current limits are restricted memory (up to 32Kb).

Current types of smartcards are based on either a file system [ref 9], a small SQL-based database [ref 10], or a virtual machine based operating system such as the JavaCard [ref 11]. This last type of smartcards allows service downloading and is well-adapted for the development and deployment of new applications. Development and integration of services in such a JavaCard can be full object-oriented, hence the integration in distributed systems is made easier. Therefore we have chosen the Gemplus GemXpresso JavaCard, which provides full object-oriented design and programming model [ref 12].

4.1 Current Applications for Mobile Users

As far as network access is concerned, the SIM card [ref 13] is certainly today the most widespread smartcard. SIM cards allow mobile users to access the GSM network [ref 14]. Upon entering a PIN code, user is identified and authenticated, and access is granted whatever the GSM terminal used. Moreover, the SIM card is used to store and provide users and terminals data such as personal address books and small interactive applications [ref 15].

More recently, smartcards which support public-key algorithms are being deployed to provide Internet security to users [ref 16]. These type of cards generate the private and public keys on their own. The public key can then be exported as a certificate (e.g., X500), while the private key will never be released outside of the card.

4.2 Limits of Current Network-Oriented SmartCards

Current smartcard applications allow terminal personalization. When the card is inserted, an anonymous terminal can become a personalized terminal. However, this personalization capability is still not widely used. Main smartcards concern is limited to security.

Smartcards provide data storage, but currently only the file and directory structures for binary data is deployed. This reduces the role of the card as a simple binary data server and therefore such a card cannot act in a full co-operation within architectures of open terminals, networks, systems and services.

The naming approach applied to the smartcards makes them more adapted to distributed environments. A naming environment provides to the terminal all personalized information with a better interface than a file system. Powerful searches and referral entries make easier the integration of such a smartcard into distributed systems.

4.3 Benefits for Mobile Users

PNDS extends users' mobility because the part of users' personal and private information is easily and securely carried-on from terminal to terminal. The benefits for mobile users are at least threefold.

[Section 5] [Table of contents]