Cards get smarter
Tomorrow's versions will act like personal Web servers
The next generation of smart cards are moving away from being stand-alone proprietary devices and will act more like full-fledged data servers, if talks given at this year's JavaOne conference in San Francisco are any indication.
Although they will still be as thin as credit cards, the next generation of cards should be able to stage and run a variety of fairly sophisticated transactions, said Eric V'tillard, chief technology officer at Trusted Labs, a security consulting firm.
Physically, the cards have advanced considerably in the past few years, said Seth Meltzer, an Internal Revenue Service technology specialist who is also a manager of the Federal Smart Card Project Managers Group (www.smart.gov).
The new cards have 1M or more of ROM, which could store an operating system. The cards also have a few hundred kilobytes of flash memory, which could store programs. Some even have RAM for scratch space.
And unlike memory cards, smart cards have simple processors so they can execute basic programs and serve data to their hosts.
With all these capabilities, smart-card platform designers are looking to stage card operations in more systematic ways.
Sun Microsystems is shaping its next-generation Java Card specification, Version 3, to a server-programmer model, said Saqid Ahmad, Sun's engineering lead for the Java Card platform. The cards will be able to serve data, small applications and authentication tokens to their hosts. And they will communicate via TCP/IP.
The software for Java Cards will be a subset of the Java Platform, Enterprise Edition and will be able to run servlets, which dynamically assemble content on the fly.
The advances are good news for developers because it gives them a vendor-neutral platform to which they can write, said Laurent Lagosanto, a researcher for smart-card provider Gemalto. 'What we had in the '90s was proprietary systems,' he said.
Fellow Gemalto researcher Jean-Jacques Vandewalle demonstrated how a smart-card application that stores personal contact information could take advantage of the enhanced architecture. Although the application is stored on a smart card, it can be opened in a Web browser running on the PC reading the smart card. It allows the user to display and edit all of his or her contacts.
The card also uses Really Simple Syndication feeds to draw content from the Internet and combine it with material on the card itself.
'The new Web application mode allows you to extend your Web server functionality,' Vandewalle said. 'The card acts as a regular node on the network.'