Extending the concept for personal cars at toll booths is obvious, to allow completion of the location-tracking/easy-payment/criminal-fact-finding/intelligence-gathering system for this medium of mobility.
In 1-line of DoD-speak, the ITSO offers is a writer-reader security scheme, in which an applet on the SIM talks unto backend transaction server over a messaging channel that is independent of the transmission channel's security. The rest of the spec is classical business rules and end-end protocol management, dressed up in standards-speak.
However, the security concept has the same design lineable as S/MIME, the ISO committes draft of NSAs MSP, SET, etc. And, concerning smartcards, the security mdoel in practice derives from SAM in the local trusted device, supporting the SIM in your mobile instrument - the phone, the ticket, the passport - any proxy for you - the compliance/intelligence target.
The muscle applet cannot support such schemes: its offers a classical "dumb" cardedge, which is a bound slave crypto boundary supporting content-oriented security protocols implemented elsewhere.
What do we do to update muscle applets for the new world of "content management" security?
For the embedded linux-based phones, running pcsc-lite, we need the architecture to evolve so the applet can cooperate with other applets directly on the ICC. the muscle applet needs to evolve into a SAM like design, exporting interfaces allowing certain other applets (possibly on a seperate SIM) to gain access in support of application-oriented, end-end, content-management schemes, such as DRM, Office2003, ITSO, RFIDs, etc, etc.
Peter.
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
