Monday, 8 September 2008

Of JavaCard 3.0 and things to come

Heuze's blog on smart card tech (especially development and standardisation) has a post discussing JavaCard 3.0. Among other things, he suggests that multithreading in smart cards might be useful, but I'm not sure that multithreading is a desirable (if even workable) feature for a smart card OS. Smart cards are currently only required to cheaply and securely store data, and this functionality determines the on-card resources and application environment. If new technology came out which allowed very inexpensive extension of card resources (e.g. 20+ MHz CPU, 500+ KB RAM) then a whole range of new options would appear.

A killer app would be where the smart card serves as the consumer's PC-in-a-wallet, carrying all their personal details, their cryptographic identification data (logon and authentication) as well as personal preferences and settings for configuring client services (web sites, etc). This data would be accessable via a standardised framework, independent of the system or service used by the client. Of course, this raises the spectre of standardisation again...

Extending this idea to m-commerce follows naturally: secure, transparent, over-the-air/contactless access to your securely stored personal data in your mobile device is something that would be attractive to consumers.