Global Platform does not control the behaviour of the applet, once it is downloaded. That is the function of the security domains, established by the applet's management entities. GP may correctly project (and/or dynamically RECONFIGURE) the domain's privilege model on the Javacard/COS SIM, but the GP technology itself does not constrain the model.
In contrast, Telco management will do set whatever covert access policy their licensing authority requires. Covert, Over the air access to critical operating parameters will never be removed from the regulators licensing rules. While US Users may have high expectations concerning these issues, it doesnt mean their expectations are being satisifed, or the new Secret Intelligence Tribunals dont have the means to "flip the switch" on demand, for ANY target using G7-sourced phone technology. Amercian firms are good at selling to pre-generated expectations of rights: bait and switch.
If we take a less devisive, but parallel case in the tethered world, FIPS 140-1 level 4-certified crypto units are known to faciliate firmware RECONFIGURATION, despite the assurnace of "FIPS mode". Private keys _have_ been released, using (intentional) trapdoors that ... flip the mode! Security design certifications such as FIPS 140-1 mean nothing: national infastructure policy is what it is, and its not going to get nicer any time soon. There was a (happenstance, valid) commercial need to open the particular box. It was therefore opened. Several million dollars of business keying material assets were thus "recovered" .
>From: Dr Russel Winder <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: MUSCLE_List <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: RE: [Muscle] Wireless Wallet - Already in Korea
>Date: Thu, 11 Mar 2004 18:38:53 +0000
>
>Scott,
>
>I wonder if there is more to this that at first might appear and that
>there isn't such a clear backdoor? I cannot imagine the GlobalPlatform
>people allowing such obvious backdoors. Also it is not in the network
>operators' interest to have such clear backdoors if they want to sell
>secure application space on their SIMs which is a must for their future
>business models.
>
>All the TS 102 226 stuff is dealt with using Secured Packets (TS 102
>224) which requires a cryptographically supported authentication
>system. So the access domain packet is happening in a secure
>authenticated transaction which gives a point at which an access has to
>prove itself before being able to get at the filestore. To say more at
>the moment would be to speculate -- I definitely need to investigate
>this further.
>
>Of course the UICC store is not the sensible place for any Java and Java
>Card applications to store information -- for Java Card or Java
>applications on a (U)SIM maintaining data objects within the application
>is the only really sensible secure system. Aha here is a design for a
>useful SIM-based application -- a secure data store...
>
>
>On Thu, 2004-03-11 at 17:07, Scott Guthery wrote:
>
> > Since the backdoor is mandated by the SIM standards, it is true of all
> > standards-compliant Java Card SIMs.
> >
> > ETSI TS 102 226 states:
> >
> > "The access rights granted to an application and defined in the access
> > domain parameter shall be independent
> > from the access rights granted at the UICC/Terminal interface.
> >
> > NOTE: This implies in particular that the status of a secret code
> > (e.g. disabled PIN1, blocked PIN2, etc.)
> > at the UICC/Terminal interface does not affect the access rights granted
> > to an application.
> >
> > If an application with Access Domain Parameter 'FF' (i.e. No Access to
> > the File System) tries to access a
> > file the framework shall throw an exception.
> >
> > If an application has Access Domain Parameter '00' (i.e. Full Access to
> > the File System), all actions can
> > be performed on a file except the ones with NEVER access condition."
> >
> > As you point out this may not be true of non-standards compliant SIMs
> > but I suspect there are few of those in use.
> >
> > You can imagine the surprise of a subscriber when PIN-protected data
> > shows up on the screen courtesy of a Java applet and the subscriber
> > knows that they haven't entered their PIN.
>
>--
>Russel.
>====================================================================
>Dr Russel Winder, Chief Technology Officer Tel: +44 20 8680 8712
>OneEighty Software Ltd Fax: +44 20 8680 8453
>Cygnet House, 12-14 Sydenham Road [EMAIL PROTECTED]
>Croydon, Surrey CR9 2ET, UK http://www.180sw.com
><< signature.asc >>
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.musclecard.com/mailman/listinfo/muscle
