2012/9/27 Martin Paljak <mar...@martinpaljak.net> > On Sat, Sep 22, 2012 at 1:41 PM, Andreas Jellinghaus > <andr...@ionisiert.de> wrote: > >> In my mind keys could optionally contain application-oriented ACL > telling > >> which > >> applications they trust so that even if you install a "bad" App, it > would > >> for > >> example not be able to use your bank or eID-key in the background. > > > > > > I must admit I don't know how many apps are managed and seperated. given > the > > restricted resources a smart > > card has, I assume there is a master key that creates contain of specific > > sizes/dimensions/... and the app is > > loaded into such a container, limiting it and reserving the unallocated > > space for further applications/containers? > > > > Is there a standard on doing this, or is it all JCOP magic under NDA? > > Are you referring to GlobalPlatform? That's public, with docs and API > references (when applicable) available on globalplatform.org. >
I thought JCOP had more commands than GlobalPlattform, e.g. to manage card specific settings (e.g. change the ATR and communication settings). > I bet there are probably vendors who tweak/amend/change/molest the > spec, but the general principles should be there and followed by many > vendors. > > There is an interesting thing called Trusted Execution Environment > that might come to existence some time in the future, called TEE: > > > http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf > > But for a mobile solutions and experiences, I think the time now is as > good as pre-CCID for smart card readers: wild-wild-west and with a > *much* tougher competition situation. Who needs standards if you have > an iPhone :) > > Martin >
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
