Back to home
 



Secured Upgradeability

Secured Upgradeability (SU) is Gemplus's answer to the growing concern expressed by mobile network operators (MNO) over the upgradeability of Java Card™ smart cards. It enables the functional behavior of products already on the field to be enhanced or modified securely. This functionality, already available on GemXplore Generations, provides MNOs with the means to remotely extend the functionalities of the (U)SIM or Java Card™ applications of their customers, reducing the need for expensive card renewal operations.

This approach enables some interesting improvements:

  • Upgrade management permits upgrades to be loaded, that can be activated, deactivated or deleted one by one or all at once at the desired time. The deletion of an upgrade makes the card recover its exact previous behaviour and memory space.
  • Upgrades can themselves be upgraded enabling the operator to provide new services step by step
  • Upgrades can be used to improve functional behavior of applications and the Java Card™ operating system itself .

To achieve this, Gemplus associated two technologies:

  • The transposition of the Java™ binary compatibility concept onto Java Card™ technology
  • Secured data loading based on Global Platform mechanisms

Java™ binary compatibility
The transposed binary compatibility concept on the Java Card™ class loading ensures the structural correctness of a loaded upgrade enhancing a feature. Structurally unformed or illegal classes in the customer context are rejected and the integrity of the smart card is preserved. Upgrades are pure compliant Java Card™ code that can be coded by any Java Card™ developer, and the analysis is then performed by the smartcard itself. Once the upgrade is loaded, the execution of the code is dynamically derived into the new code execution.

Secured data loading
The upgrades are secured by an original 4 steps and 2 actors scheme complying with GP security requirements.

  • The compiled code constituting the upgrade is signed by a Data Authentication Pattern (DAP) that guarantees and authenticates the consistency and its owner. The DAP calculation is provided by Gemplus Services.
  • The signed upgrade is transported in the standard way used by the MNO to transport data to its smartcards with its own security scheme: OTA, BIP, MMS, or SCP01/02 infrastructures. Thus the transported upgrade benefits from the existing security already mastered by the MNO and no new infrastructure has to be deployed.
  • The card verifies the DAP validity, checks the file integrity and allows the upgrade to be loaded.
  • The execution of the upgrade can be differed by an activation mechanism laying on the exact same principle as upgradeability.

  

The interest of this scheme is that the transportation of the upgrade is secured by the MNO's already deployed infrastructure. The card itself ensures the right to upgrade, thanks to Gemplus's cryptographic abilities.

This technology is already deployed on GemXplore Generations smartcards.