Contenu connexe
Similaire à Comprion Tech Day 2009 Dev App Scws (20)
Comprion Tech Day 2009 Dev App Scws
- 1. Making Mobility
More Secure…
Developing real-world
smart card web server
applications
Dr. Vladimir Nagin
Cellnetrix
Managing Director
Cellnetrix R&D Center
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 1 • 19/6/2009
- 2. Contents
Smart Card Web Server technology from a developer point of view
SIM Application toolkit vs. Smart card web server workflow
Typical SCWS procedures and processes
Conclusion
Cellnetrix
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 2 • 19/6/2009
- 3. Some facts about the company
• 2006. Cellnetrix was established as an R&D company focused on the
software development for smart cards complying with modern requirements
for convergence, network connectivity and interoperability
• 2007. In order to address global market demands Cellnetrix opened an office
in Hamburg, Germany. Company gets an international status with the
headquarter based in Germany and R&D center located in Russia
• 2007. After successful completion of several smart card development
projects the company concentrated on solutions which help to make wireless
mobility safer and more secure
• 2008 . Today Cellnetrix delivers to its customers secure software solutions
targeted for various mobile networks such as GSM, UMTS or CDMA, as well
as WLAN and the Internet and provides professional services for mobile
operators, service providers, smart card and software vendors
Cellnetrix
Software and services provided by Cellnetrix are based on open
technologies and standards such as OMA, ETSI, 3GPP, ISO, Global platform
and active use of Java technologies.
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 3 • 19/6/2009
- 4. Cellnetrix competence domains
cellSIM
Software for smart cards and
secure devices based on Java
Card 2.2.1/2.2.2 UICC platform
cellOTA cellApps
Over-the-Air management Value-added
services for (U)SIM and applications development
R-UIM enhancing mobile trust
Cellnetrix
and security
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 4 • 19/6/2009
- 5. Smart card web server and related technologies
Dynamic SIM toolkit
Smart card web server
WAP 2.0
Mobile optimized html/xhtml
Different dynamic portal
technologies will coexist in the
nearest future. Smart card web
Cellnetrix
server has a chance to become a
major on-device portal
WM/Symbian/J2ME on-device portals
technology owing to operator
ownership and control.
2003 2005 2007 2009
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 5 • 19/6/2009
- 6. Smart Card Web Server: developer point of view
From a developer point of view Smart Card Web Server is seen as a HTTP 1.1
server with extended functionality such as:
•Chunked encoding;
•Keep-alive connection;
•Cache management;
•Pipelining;
•Authentication;
•Servlet support.
And available via http://127.0.0.1:3516/ to the outer world;
Physically 2 layers can be used to access the server:
1. using ISO7816 and BIP;
2. via USB-IC and Ethernet Emulation Layer in (U)SIM card itself
Cellnetrix
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 6 • 19/6/2009
- 7. SCWS Architecture Overview
A servlet is a way to generate the
dynamic content.
It is a Java Card applet registered
to the SCWS and mapped to one or
several URIs
Static content
Dynamic content (U)SIM Toolkit A standardized JavaCard API
( servlets ) Applets (ETSI TS 102 588 Release 7) is
provided
Administrative
Servlets are triggered by SCWS
commands
what is similar to SIM toolkit event
Java SCWS API Toolkit API processor
concept
HTTP Web Server
Java VM &JRE TLS layer
TCP/IP
BIP
EEM Native resources File System
T=0
Cellnetrix
USB-IC
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 7 • 19/6/2009
- 8. CAT/USAT Applications Development Workflow
IDE with java level Development and Unit
*.java files
simulation Testing
Compilation and
conversion
Testing with handset
emulator
*.cap / *.ijc
Card level simulator
converted files
physical JC 2.2
Download to a
APDU-based tests
card
Cellnetrix
Physical (U)SIM Testing with
card real handsets
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 8 • 19/6/2009
- 9. SCWS Applications Development Workflow
IDE with java level Development and Unit
Static data *.java files
simulation Testing
Compilation and
Upload to the physical card via Admin session
conversion
Testing with Internet
browsers
(IE,Firefox,Opera)
Testing with handset
emulator
*.cap / *.ijc
converted files Card level simulator
(JC 2.2 case) Application level testing
(HTTP,…)
Download to a
physical card
APDU-level
testing
Transport level
testing
Cellnetrix
Physical (U)SIM Testing with
card real handsets
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 9 • 19/6/2009
- 10. Protocol stack for BIP-based SCWS implementation
cd Protocol Stack
OSI Layers Web Brow ser BIP Proxy SCWS
7: APP 7: HTTP 7: HTTP 7: HTTP 7: HTTP
6: PRES 6: MIME 6: MIME 6: MIME 6: MIME
5: SESS 4,5: TCP 4,5: TCP 4,5: BIP 4,5: BIP
4: TRANSP
3: NET 3: IP 3: IP 1,2,3: ISO 7816 1,2,3: ISO 7816
(T=0 or T=1) (T=0 or T=1)
2: LINK 1,2: Ethernet 1,2: Ethernet
Cellnetrix
1: PHY
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 10 • 19/6/2009
- 11. SCWS Registration
SCWS usually makes itself available
after receiving Terminal Profile from the
handset
ad SCWS Operation
Terminal profile
«loop» Other initialization
BIP supported?
UICC serv er registration
PROFILE_DONWLOAD
[yes]
End
Cellnetrix
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 11 • 19/6/2009
- 12. SCWS Registration
ad UICC Serv er Registration
The operation is executed for each configured request handler.
Usually, if we need to handle N simulatneous requests on M ports,
that will require N*M HTTP request handlers each occupying one
BIP channel.
Listen port State
number
HTTP Request
Handler
Max number of channels used? Initialize corresponding
Issue OPEN CHANNEL in
request handler w ith the
UICC Serv er Mode
BIP channel ID
Start
[yes]
Cellnetrix
BIP channel attrs
End
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 12 • 19/6/2009
- 13. SCWS Operation
ad SCWS Operation
Channel status change
BIP channel ID valid?
processing
CHANNEL_STATUS
[yes]
End
BIP channel HTTP Request
attrs Handler
Inbound data processing
BIP channel ID valid?
DATA_AVAILABLE
[yes]
End
Cellnetrix
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 13 • 19/6/2009
- 14. BIP Channel States
sm BIP Channel States
This state chart shows possible states and transitions for BIP
channels operated in UICC server mode.
TCP in CLOSED state Server socket opens TCP in LISTEN state
BIP
channel
SCWS closes connection
Initial requested
TCP handshake successful
SCWS closes connection Client closes connection
Cellnetrix
Error TCP in ESTABLISHED
Error happens state
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 14 • 19/6/2009
- 15. Typical SCWS design
cd SCWS
SCWS ov er BIP
One for each request to
be served concurrently
HTTP Request Handler
BIP Ev ent Dispatcher I/O Buffer Handler State Channel State
«delegate»
BIP
«trace» Request Processing
API «delegate»
HTTP Request Sink Request Processing
Request Data «delegate»
«trace» Processor
«trace» «delegate»
Content Provider
«delegate» URL Trigger
HTTP Response
«trace»
Source
Response Data «delegate»
«trace»
HTTP Helpers Serv ice Registry
List of Content Inv oker
Prov iders
«delegate» URL Trigger
Content Provider
Cellnetrix
AIAPI
URL Trigger
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 15 • 19/6/2009
- 16. Conclusion
SCWS technology has a chance to become a major on-device portal
solution in the upcoming years if some of main problems are solved:
Lack of mobile handsets with SCWS support
Despite the strong market demands there are only a few commercial handsets which support SCWS
functionality
Interoperability problems
First trials show that there are some interoperability problems with SCWS handset appearing on the
market. There are no automated test suites available to test SCWS implementation both on card and
handset side.
Expensive roll-out
All (U)SIM cards should be exchanged to support new functionality. If SCWS is implemented over TCP
performance requirements for (U)SIM cards are higher.
Migration path from Dynamic SIM toolkit to SCWS based services
Currently available mobile services based on Dynamic SIM toolkit might be migrated onto SCWS
Cellnetrix
platform. Major SIM toolkit commands such as Setup Call, Send SMS or USSD must be supported.
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 16 • 19/6/2009
- 17. Conclusion….
Thank you for your attention!
We’re pleased to answer your questions!
Cellnetrix R&D Center
Yablonevaya alleya, 313a,
Zelenograd, Moscow, Russia, 124482
Tel . +7(495) 944-66-90
Fax. +7(495) 536-57-63
Cellnetrix GmbH
Holstenkamp 54,
D-22525 Hamburg, Germany
Tel. + 49 40 891 062
Fax.+ 49 40 891 064
Cellnetrix
Email:
Web: http://www.cellnetrix.com
© Cellnetrix 2009 • Developing real-world smart card web server applications • English • 17 • 19/6/2009