NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MUSCLE Smartcard Development> 2004-q1

RE: [Muscle] Wireless Wallet - Already in Korea

From: Scott Guthery (sgutherymobile-mind.com)
Date: Thu Mar 11 2004 - 06:26:10 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, Bettina

The difference is not in the hardware but in the use of it. The use of the SIM forces you to trust the SIM manufacturer (for its security) and the telecom operator (for its management).

Did you know, for example, that the telecom operator can load an applet into the SIM that can read PIN protected files even when the PIN has not been entered? This is because of a backdoor in the smart card operating system provided by the smart card manufacturers that lets the Java Virtual Machine access files without access control checking.

It is because of behavior like this that folks are calling into question their trust of the SIM manufacturers and the telecom operators.

I know in Europe you tend to turn control of your trust relationships over to the government so perhaps this behavior is does not bother you. In other parts of the world individuals wish to keep that control to themselves. When they say that it requires a PIN entry to read a file they expect that that instruction will be honored.

Cheers, Scott

        -----Original Message-----
        From: Bettina Martelli [mailto:martellitrustcenter.de]
        Sent: Thu 3/11/2004 4:21 AM
        To: musclelists.musclecard.com
        Cc:
        Subject: Re: [Muscle] Wireless Wallet - Already in Korea

        Hello, list!

        Anders Rundgren schrieb:

>>>>I say it one more time: The smart ID card is dead and gone.
>>>>It is beyond repair.
        ....
>
> Mobile phones have already reached critical mass since at
> least 5 years back and are replaced at a high frequency
> soon making such devices prime candidates for housing
> "virtual cards" allowing both governments and banks to
> co-exist.

        I really don't understand this contraposition between
        smart cards and mobile phones as "virtual" cards.
        In each mobile phone there is a "real" smart card inside,
        the SIM. Insofar a mobile phone ist just equivalent to
        card + reader + some logic + modem.
        The smard cards manufacturers also produce the SIMs.
        The chips are the same. The market is the same.
        Where is the difference?

        Cheers Bettina Martelli

        --
        Dr. Bettina Martelli, Development, TC TrustCenter AG
        Sonninstraße 24-28, D-20097 Hamburg, Germany
        Tel: +49 (0)40 / 80 80 26-0 Fax: +49 (0)40 / 80 80 26-126
        _______________________________________________
        Muscle mailing list
        Musclelists.musclecard.com
        http://lists.musclecard.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]