Russel:
1) Global Platform is only about getting applications onto the card. It doesn't say anything about what they do once they are successfully installed so Java Card's file system backdoor would, I suspect, be regarded as "out of scope" by GlobalPlatform folks.
2) Yes, a SIM applet that accesses the backdoor must have the telecom operator's crypto-blessing and be given explicit access to the backdoor by the operator. But isn't this just the point. The telecom operator can, by loading such an applet, perform an end-run around the wishes of (and promises made to) the subscriber.
Just a note on the Turbo device - accessory inserted into the phone between
SIM and phone. You can develop and deploy SIM Tookit applications freely
without operator. It has several security oriented features - protected memory,
encrypted file system. More on http://www.bladox.com
I can image it as a base to connect some zigbee chip or whatever wireless to provide wallet
(controlled by user via the mobile phone interface).
3- Data management and administration is more complex and more expensive. Rather than just updating data in a file, I have to get all the data out of an applet, delete the applet, reinstall the applet and then personalize it with the backed up data. The security that is used to backup the data must of course be provided by the application programmer.
A file system is not just an artifact of computing history. It has
proven to be a useful concept. Language-based, application-centric
approaches to data storage (Smalltalk, Lisp, Mainsail, Oberon, etc.)
have done less well on the test of time.
Yes, turbo comes with slot for mmc card and has encrypted file system, so data
can be stored securely on the card while application can be removed.
Pavel
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
