Skip to main content

Interoperability and Security for Open Platforms

Objective

ISOP1 proposes solutions to overcome the handicaps of the Smart Card Industry to converge to a common development open platform starting from: Javacard, Multos from MasterCard and Smart Card for Windows. The interoperability will be achieved by defining high level's encapsulating different multi-application operating systems. This standard architecture involves protection profiles, tools and proof of properties. Partners like Visa UK, Mondex, Europay will participate for requirements, definition and support for pilots (ISOP2). The tasks are Co-ordination and interface with Eurosmart and security agencies (SCSSI, BSI, GISA), analysis of the market to define the business models according to the security requirements of three leading industries (Banking, PayT, GSM), architecture for Interoperability, security models and protection profiles, development of tools and APIs for a demonstrator as proof of concept.

Objectives:
The ISOP1 project will propose solutions to allow the Smart Card Industry to converge to a common development platform starting from the different existing ones : open platform environment such as JavaCard, Multos from MasterCard and Smart Card for Windows. The project will demonstrate the interoperability of open platform by defining an architecture for interoperability at high level, through API's encapsulating different multi-application operating systems. Associated to this standard architecture is the necessity for a common view on security through protection profiles and for tools enabling easy development and proof of properties. As proof of concept the solutions will be validated by a complete set of demonstrators (Smart Card, terminals and software tools). Strategic market players like Visa International, Visa UK, Mondex and Europay will participate for requirements, definition and support for pilots.

Work description:
The work will be co-ordinated and interfaced with the Eurosmart and security agencies (SCSSI, BSI, GISA) for the evaluation of the Protection Profiles. The project will be promoted through protection profiles and a formal model of the architecture. The market will be analysed to define the business model according to the security needs and requirements of the three leading industrial sectors: Banking, PayTV, GSM. The architecture for interoperability will also be defined (Java Card, Multos, Smart Cards for Windows) and critical components for interoperability will be identified and analysed.
Security models and protection profiles will also be defined. The different models (Banking, GSM and PayTV) imply different requirements and needs in terms of security. From this analysis, it will be possible to extract a common view on the level of security (security requirements, security targets and certification procedures). For each business model, a protection profile will be produced to synthesise this analysis and to define the security requirements. Those protection profiles will be the deliverables of this important phase. Tools and APIs will be specified and developed for a secure open platform demonstrators and a demonstrator for "proof of concept" will validate the consistency of the specifications and deliverables that are the outcomes of the project.

Funding Scheme

CSC - Cost-sharing contracts

Coordinator

CP8
Address
36-38 Rue De La Princesse
78430 Louveciennes
France

Participants (5)

AXALTO SA
France
Address
Avenue Jean Jaures 50
92120 Montrouge
GEMPLUS
France
Address
Parc D'activite De Gemenos Avenue Du Pic De Bretagne
13420 Gemenos
GIESECKE & DEVRIENT GMBH
Germany
Address
Prinzregentenstrasse 159
81677 Muenchen
OBERTHUR CARD SYSTEMS SA
France
Address
102, Boulevard Malesherbes
75017 Paris
TELELOGIC TECHNOLOGIES TOULOUSE S.A.
France
Address
150 Rue Nicolas Vauquelin, Immeuble Europolis
31100 Toulouse