Knowledge Management for Business Processes This page intentionally left blank Knowledge-based Software Engineering ' 27 T. Welzer et al. (Eds.) IOS Press, 2002 Early Experience of a Dynamic Application Downloading Platform for Multi-Application Smart Cards Eikazu NIWANO' Masayuki HATANAKA' Junko HASHIMOTO' Shuichiro YAMAMOTO NTT Information Sharing Platform Laboratories, 3–9–11, Midori-cho Musashino-shi, Tokyo 180–8585 Japan NTT Data, 1–21–2, Shinkawa Chuo-ku, Tokyo 104–0033 Japan Abstract. The demand for multi-application smart card platform has been increasing in various business sectors recently. When it comes to the actual implementation of the platform, however, network-based dynamic downloading in a CI (Card Issuer)- SP (Service Provider) separated environment has not made much progress. This paper proposes our multi-application smart card platform that uses licensing and policy management technologies to enable CI and SP to reflect their own business policy flexibly via network. It also describes a prototype implementation, and early evaluation from the point of business sector as well as the application download performance. With these evaluations, we will show the proposed technology is applicable to various business domains and it can be of practical use. 1. Introduction In the 25 years since smart cards were first proposed, they have become steadily more widespread. Domestic card market in Japan rose to 26.5 million cards (including 8 million 1C telephone cards) in 1999 and 44.7 million cards (including 11 million 1C cards) in 2000. Sales are expected to double to 86.2 million (including 15 million 1C telephone cards) in 2001. Card demand worldwide is expected to increase from 1.4 billion cards in 1999 and 1.8 billion in 2000 to 3 billion in 2003. A feature of smart cards is their use for personal authentication and carrying secure information. This puts smart cards in high demand as a key device for providing secure services in our network society. To make it easy to adapt cards to different types of services, a mechanism (information sharing platform for smart cards) is required that allows the network and cards to work together smoothly. This enables secure card issue, operation, and application download after the cards are issued. Although progress is being made on this concept, we do not yet have a smart card platform that supports application download after the card has been issued in a practical manner. In this paper, we present the cost-sharing smart card model that provide dynamic application download on a smart card. Next section describes the existing smart card platforms. Then Section 3 explains the cost-sharing smart card model and Section 4 gives a prototype implementation issues. Section 5 discusses experiences and effectiveness of the proposals and performance considerations. Section 6 describes the related researches. Finally, Section 7 summarizes and presents future work. 128 E. Niwano et al. /A Dynamic Application Downloading Platform 2. Smart Card Platform For worldwide standardization, MasterCard-driven MULTOS [1] and Visa-driven VOP (Visa Open Platform) [2] are the two major international standardization organizations. GP (Global Platform) [3] or the extended version of VisaCard's VOP is also being discussed in the international organizations for standardization. 2.1 VOP/GP (VISA Open Platform/Global Platform) VOP (VISA Open Platform) is a platform that VisaCard camp designed for the operation management of JavaCard-based multi-application smart cards. To promote the widespread use of the multi-application smart cards across business fields, GP is working on the standardization of infrastructures for card issuance and maintenance, application maintenance, terminals, and AP download after card issuance (post-issuance loading). Visa International has transferred a license of the VOP specifications to GP so that GP can maintain the specifications and use them for the development and promotion of the cards. GP is promoting standardization of online AP download and token-based operation right management, but it does not take card memory domain management into consideration. There are no practical GP applications yet. 2.2 MULTOS/MAOSCO Platform MULTOS is a platform that Mondex/MasterCard camps designed for the operation management of multi-application smart cards. This Cl-driven card management architecture places a Registration and Certification Center (RC) at the top of the hierarchy that authenticates cards and card applications and CI starts AP downloading after being delegated from an AP service provider (SP). MULTOS defines operation rules for card issuance management but not for online AP download yet. With regard to card memory domain management, MULTOS defines the whole domain space management and it does not define the details about memory management for each AP. MULTOS adopts token- based operation right management for its standard. This platform, however, takes no considerations about authenticating SP. The reason is that MAOSCO Ltd. basically controls all the card management in accordance with the company policy. 3. Cost-sharing Smart Card Model Figure 1 Entity model The common smart card platform needs to allow various services, such as public, billing, E. Niwano et al. /A Dynamic Application Downloading Platform 129 and transportation services, to coexist on the same smart card. It is necessary to separate SPs and card issuer (CI) to put multiple services together on the same card. The free memory domain of the smart card can be rented to the third-party SP. We call this concept as cost-sharing smart card model. It has the RC to ensure smart CIs and SPs. As CIs and SPs are independently defined, card holder (CH) can use best suitable applications of SPs by selecting candidate services allowed by the CI. The business relationship among players of the cost-sharing model is as follows. CIs make the card memory rental contract with service providers to load their applications. Thus, CI can collect fees for card management and operation cost from SPs and also CHs. As Figure 1 shows, the cost-sharing smart card model includes CI, SP, RC, and CH. CI issues smart cards and provides rental spaces on smart cards for SPs. SPs provide smart card applications for CHs. RC established to register CI, Card, SP and applications. CHs use smart card applications provided by SPs. CHs should download applications securely onto the smart cards before using them. SPs should have delegated rights to use memory spaces of smart cards from CI. CI and SPs are certificated each other by RC. 4. Prototyping 4.1 Functions As shown in Figure 2, 6 functions are supported to SP operator menu. They are Card Issuer Management, Card Holder Management, Application Management, Policy Management, Billing Management and Audit Trail Management. The card issuer management is used to record CIs who provide rental card spaces. The card holder management is used CHs who uses APs provided by the SP. The application management is used to manage downloadable applications. The billing management is provided to see billing information at time of downloading. The audit trail management is provided to keep logs of transactions. The Policy Management menu is provided to change operation policy such as card operation.The same kinds of menus are provided to CI and CH. Figure 2. Operator menu of service providers 4.2 High Performance Java Card By extending JavaVM reference [4] , we have developed "Sapphire" [5] JavaVM that runs on an ELWISE card that was also developed by NTT as the world's first smart card having 1MB of nonvolatile flash memory. The JavaCards now available in the market have the upper limit of 32Kbyte memory capacity and downloadable applications are limited in number even though the Cards are 130 E. Niwano et al. /A Dynamic Application Downloading Platform called multi-application smart cards. When we want to implement Card Manager that provides a wide range of functions such as multi-application management or AP online download, the cards requires 20Kbyte memory space at least. If we download the Card Manager onto the currently available JavaCards, the number of APs and the size of the Applications become small. Therefore we need to have a smart card having larger memory space like Sapphire. The Sapphire is designed to resolve these issues, providing a large 1 Mbyte of flash memory capacity implemented on an ELWISE card. The ELWISE is a contact-type multi-purpose smart card. Equipped with special circuitry capable of handling multiple encryption schemes and a large nonvolatile memory (more than ten times the size of conventional card memories), the card can be used for a wide range of services such as electronic payments, multimedia data communications, and medical applications. The card allows a number of conventional single-purpose card applications to be integrated into a single ELWISE card. 4.3 System Configuration Figure 3. System configuration The prototype system consists of smart cards, terminals and servers as shown in Figure 3. The card manager, CM, is developed on JavaCard VM. The remote reader, RR, is developed on terminal. CI server and SP server communicate smart cards via the remote reader. The CM was implemented on the smart cards to communicate with the servers for card management. The functions include CM status management, AP management including download function, policy management, security management, transaction management, PIN management, and shared information (profile) management. The RR is installed on the terminal. RR sends and receives APDU messages between the servers and Open Card Framework (OCF) on smart cards. OCF is a standard set of Java packages and classes independent of smart card OSs and terminals. The RC server issues a certificate electronically to an AP provided by SP. In this prototype, we issued it offline. The CI and SP servers are developed using layered architecture. The IFmanager and card communication manager ( CCM) provide the interface between E. Niwano et al. / A Dynamic Application Downloading Platform 131 user terminal and server. The CCM refers to card profile information to identify types of JavaCards being used, and controls communications depending on the card type. The SP processes license requests while CI issues licenses. For the AP download license, SP sends the download request to CI whenever SP needs it. In respect to renting a card space (tenant management), we created the space for applications required at time of download. The CI and SP servers manage cards and applications. The CI and SP IF Server provide the interface between operator and server. HTTP is used for Web terminal interface including CH, SP and CI. JavaRMI is used for the communications between the CI and SP servers and between the servers and terminals. JDBC is used for database communications. 4.4 Example of download sequence CH-GUI Card SP CI Request DL Request Card Profile Card Profile SAC Processing License Install Data Executable Load File Response Response Request License License Update Data Check Hot List Issue License Figure 4. Application download sequence Figure 4 shows an example of the download sequence. First, CH sends a download request to SP, then SP server and CM start using an asymmetric cryptography (RSA) to authenticate the CH. After the authentication, the session key is generated to be used for all the encryption process within the same session. This security transaction processing is called as SAC. Next, SP requests CI to delegate a license on the AP download for the CH, CI sends it to the SP. At this point the AP download license is issued. In the course of this process, CI checks hot list and confirms that the CH is valid. SP and AP are checked by the licenses issued by RC. Now, SP starts downloading the card application onto a smart card with the download license and RC-issued application registration certificate. By confirming the validity of the download license, CM starts downloading the AP. The on-card transaction management copes with network failure and ensures secure download. In case of all the download process finishes successfully, CM sends success response to SP. Then SP response it to the CH via terminal, and update billing data by using a billing management function to pay CI for the rents of CI card memory domain as a download fee. 132 E. Niwano et al. / A Dynamic Application Downloading Platform 4.5 Operation Management SPs and CIs can remotely manage their applications and information on smart cards independently. CIs also can lock a smart card when it is lost or unauthorized access comes in. These kinds of erroneous smart cards are managed by a hot list. By using policy operation rules, it can be changed dynamically after a smart card issuance. Examples of policy rules are as follows. Exl) If valid( SP_Id) then issue_license( SP_Id). Ex2) If invalid( Card_Id, Hot_ list) then refuse( Card_Id). This kind of policy rules are simple but useful tool to describe card management operations. CI manages all the information of issued smart cards and CHs. It also manages downloadable applications and the relationship between smart cards and applications. Secure transaction between CHs and SPs are necessary to provide. No unauthorized access, tampering and data leakage are allowed. It is necessary to get back to a normal operation when communications and any other types of errors occur. 5. Early experiences In this chapter we will report on the opinion evaluations of the proposed technology. 5.1 Responses in the demonstrations We have received excellent responses in the demonstrations as the first prototype achieved secure online AP download in a CI-SP separated environment. For example, NTT and Gemplus jointly participated [61 in "Cartes2000", the world's largest smart card exhibition held in Paris from October 24th through 26th 2000, where we received an excellent response. "Le Monde", a French newspaper wrote an article about our prototype system entitled "our dream of making the smart card our next generation computer" in their November 6th issue [7] . In the article, Mr. Michel Alberganti commented, "Our long awaited dream may not come true tomorrow, but it is just around the comer that the piles of plastic cards and coins stuffed into our wallets will be totally replaced by ONE smart card". The respondents also shared the same view that the market for multi-application will be 2 to 4 years ahead of us. This shows the progressiveness of our proposal. With regard to multi-application, most of the respondents said it difficult to coexist with public and private smart card APs. For example, medical APs may be difficult to coexist with public transportation families. Although we must pay attention to such skeptical opinions on general-purpose multi-application smart cards, such opinions also depend on situation. For example, Japanese government plans to deliver national identification smart card and provide its memory domain to private sector applications. In this case, it is highly expected secure AP download and management functions. 5.2 Accepted as the Japanese multi-application smart card standard NICSS (the Next generation Ic Card System group) [8] is working on the standardization mainly for public sectors in Japan. In case of administrative smart cards, it is important to reduce production cost by mass production with common smart card platform. Therefore, NICSS standardized the first draft specification including the cost-sharing model in April 2001 based on our proposal. The model is called as the NICSS framework. This shows the usefulness of our technologies. E. Niwano et al. / A Dynamic Application Downloading Platform 133 The Ministry of Economy, Trade and Industry (METI) of Japan started "The IT-City research project" based on the NICSS framework from January 2002 [9] . By re-designing the prototype and integrating the function of outsourcing memory domain management, we have developed the product version [10][11] . And it has already been applied to the 14 cities all over Japan. 5.3 Applicability As mentioned above, IT-City project of Japanese government accepted the cost sharing model based on our proposal. This shows the applicability of the proposal to the administrative sector as well as private sectors, because smart card applications of IT- Cities include private sectors such as service points and digital money. 5.4 Flexibility As the market analysis results revealed that the heeds vary among business sectors. Therefore, it is necessary to extend and customize basic functions with policy rules. The high evaluation of the cost sharing and policy control indicates the possibilities of establishing a new card business by realizing flexible communications between CI and SP using policy control mechanism. The proposed policy rules can be used to manage licenses and execute transactions on licenses. By maintaining these licensing and policy management via network, the rules of access and execution control required for card operation can be changed dynamically. This mechanism allows CI and SP to independently establish their policy and licensing operations so that their smart card business scheme becomes feasible. 5.5 Performance improvement To put this technology into practical use, improving the performance is an issue. In the prototype system we implemented on card CM and security functions by using Java code. It is necessary to translate these codes into native codes to improve performance. Actually speaking in the commercial version of system we implemented them in native code. 6. Related technologies 6.1 Multi AP smart card platform Although MULTOS adopts a very strict framework based on the Registration and Authentication Center as the core to authenticate every entity, it only starts discussing the online AP download. VOP and NICSS, on the other hand, are recommending architecture that allows CI to delegate authority to SPs for AP download. There are, however, some issues to solve. VOP only provides static authority delegation. NICSS only standardize cost-sharing reference models. We have developed the policy and licensing technologies to enhance VOP/NICSS platform technology and provided a mechanism of dynamic operation right control among various entities 6.2 Card management system The Card Management System ( CMS) and Application Management System (AMS) are 134 E. Niwano et aI. / A Dynamic Application Downloading Platform now having important roles to control evolving APs on huge number of smart cards. Many internet based smart card researches has been proposed. They treated smart cards as a server. Guthery et al. [I2] proposed the way to treat Java card as a mobile Web server. Rees et al. [I3] proposed a WebCard can be seen as an internet node. Vandewalle et al. proposed JC-RMI to give the remote object invocation interface for applets on a smart card. The GemXpresso RAD tool' 141 generates a Java Card proxy from the card applet interface, and the proxy communicates with the card applet with APDUs. Thus the client AP can use the proxy as the card applet. Rohs et al. [I5] proposed the JiniCard provides smartcard middleware to retrieve smart card services over the internet. When a JiniCard is plugged somewhere, the JiniCard explore determines the capabilities of the card, then Jini registers the card and provides lookup services through Java interfaces. As its services are automatically registered, the JiniCard become available over the network thanks to Jini services. Lorphelin [17] proposed the smartX framework to download new smart card APs on various terminals. The smartX engine is installed on the target terminals. The smartX applications are described in SML(Smart Markup Language). For example, SML provides <Apdu> tag to describe APDU command. SmartX terminal applications are developed by two blocks: the AP process and the AP protocol. The AP protocol is described in the SML dictionary and is card-specific. The AP process encapsulates the AP logic and compiled into Java applet. As the card-specific block is downloaded if necessary, this can be minimize the AP downloading time. Chan et al. [I8] proposed the Java Card Web Servlet ( JCWS) to provide a seamless access interface between a Web browser and a JavaCard. The JavaCard is viewed as a repository of Web-enabled object, HTML pages, data objects, and JavaCard Applets. Urien et al. [1] proposed an internet smart card, @Card, works as an internet node including a web server and a trusted proxy. @Card has been implemented in a JavaCard and runs internet client and server AP. They also developed SmartTP looks like a TCP and connects smart agents located in both smart cards and terminals. Bergner et al. [20] proposed a mechanism for connecting small devices to CORBA services. The architecture consists of smart card event broker on a smart card and a smartcard proxy in a terminal. The smart card proxy includes a proxy event broker and applet proxies. The smart card event broker and the proxy event broker communicates each other. Urien [121] have realized an experimental XML script parser on smart cards. The XML script parser is invoked from an embedded web server. It can have access to all embedded resource4s and manage connections to remote servers. Donsez et al. [22] proposed a JMS-SOAP based platform to connect multi-AP smart cards, and both to discover smart card services and requests for services. JMS is a Java based specification of Message Oriented Middleware ( MOM ). A SOAP proxy provides the facilities that allow distributed clients to discover and use the services on a smart card. These approaches differ from ours in that they provide the middleware connecting applications in the distributed environment and smart cards. It is also possible to combine these approach and ours. For example, our CM can be extended to have these distributed facilities. 7. Conclusion In this paper, we have proposed a smart card information platform and analyzed the effectiveness based on the prototype system. Through field trials, we will continue to discuss and evaluate the applications to the administrative sector, and establish a framework of offering the applications to a wide rage [...]... 1999 [4] Schreiber, Guus, et al KNOWLEDGE ENGINEERING AND MANAGEMENT The MIT Press, 1999 [5] The MIT Process Handbook Project: http://ccs.mit.edu/ph Knowledge-based Software Engineering T Welzeretal (Eds.) IOS Press, 2002 1 45 A Discussion on Aggregation Constraint for Business Process Modeling in an Example of Building Construction SeiyaAMAN3, Toshifumi KAI5, Masaaki HASHIMOTO1, YoshiakiTEGOSHI2, Toyohiko... Institute of Technology, 680–4 Kawazu, lizuka, 820– 850 2 Japan 2 Hiroshima Institute of Technology, 2–1–1 Miake, Saeki-ku, Hiroshima, 731 51 43 Japan 3 Fujitsu F1P Corporation, Time 24 Bldg., 2– 45 Aomi, Koto-ku, Tokyo, 1 35 8686 Japan 4 Kyushu Sangyo University, Fukuoka, 813- 850 3 Japan Matsushita Electric Works, Ltd, 1048 Kadoma, Kadoma-shi, Osaka, 57 1–8686 Japan 5 Abstract With the goal of developing a usable... bottle-glass industry, International Journal of Production Economics, Vol 64, No 1-3, pp 11–19, 2000  154 Knowledge-based Software Engineering T Welzer et al (Eds.) IOS Press 2002 Using Mobile Devices for Personalized Information Kimmo Salmenjoki, Riku Jantti Department of Computer Science University of Vaasa Box 700 651 00 Vaasa Finland Abstract The introduction and extensive usage of Internet and Intranet in... Proceedings of the Third Joint Conference on Knowledge-Based Software Engineering, IOS Press, pp 299–302,1998 [3] Business Process Society of Building Construction, Business Process Primer of Building Construction (in Japanese), Syoukoku Company, Tokyo, 1994 [4] T Sayou The Management of Building Construction (in Japanese), Kashima Publishing, Tokyo 1992 [5] S Uchida The Building Construction (in Japanese),... 2140 pp 83–94, 2001 Knowledge-based Software Engineering 137 T Welzer et al (Eds.) IOS Press, 2002 Building Business Application Development Environment With Multi-Grain-Size Repository Koichi TERAI, Masahiko SAWAI, Naoki SUGIURA, Noriaki IZUMI and Takahira YAMAGUCHI {terai, sawai, sugiura, izumi, yamaguti}@ks.cs.inf.shizuoka.ac.jp Dept Computer Science, Shizuoka University 3 -5- 1, Johoku, Hamamatu,... Report of Information Processing Society of Japan, Vol 2000, No 45, pp.43–48,2000 [7] J.M Smith and D.C.P Smith, Database Abstractions: Aggregation, Communications of the ACM, Vol 20, No 6, pp 4 05 413,1977 [8] J.M Smith and D.C.P Smith, Database Abstractions: Aggregation and Generalization, ACM Transactions on Database Systems, Vol 2, No 2, pp 1 05 133, 1977 [9] J Rumbaugh, M Blaha, W Premerlani, F Eddy and... Transactions on Database Systems, Vol 2, No 2, pp 1 05 133, 1977 [9] J Rumbaugh, M Blaha, W Premerlani, F Eddy and W Lorensen, Object-Oriented Modeling and Design, Prentice-Hall, p 50 0, 1991 5 Aman et al /A Discussion on Aggregation Constraint 153 [10] Object Management Group, Inc., OMG Unified Modeling Language Specification, Version 1.4, 2001 [11] C.L Pape, Constraint Propagation for Ordering, Abstraction and... satisfying all the constraint conditions is impractical as mentioned 152 5 Aman et al /A Discussion on Aggregation Constraint above However, it would be valuable for our study that some of the additional constraint conditions are taken into account of the automatic generation The constraint condition 'Continuous work of the same party5 specifies a set of full-day aggregated processes It means that the... discusses the role of personification in web based services In section 4, possible data integration architectures are discussed In section 5 we focus on combining the previous data K Salmenjoki and R Jantti / Using Mobile Devices for Personalized Information 155 integration patterns with mobile services Finally, section 6 concludes the paper with overall solutions for system integration and interoperability... aggregation to the primitive processes, as shown in Fig .5 The aggregation assembling iron reinforcing bars iron reinforcing bars worker Crane truck assembling frame Frame worker covering with concrete Concrete worker Concrete mixer Fig 4 Model of resource occupancy Primitive processes 148 S Aman et al /A Discussion on Aggregation Constraint Fig 5 Aggreisrtion of primitive processes, constraint is described . Knowledge Management for Business Processes This page intentionally left blank Knowledge-based Software Engineering ' 27 T. Welzer et al. (Eds.) IOS Press, 2002 Early Experience . in Attali, I., and Jensen, T. Eds.: E-smart 2001, LNCS 2140. pp 83–94, 2001. Knowledge-based Software Engineering 137 T. Welzer et al. (Eds.) IOS Press, 2002 Building Business Application. use. 1. Introduction In the 25 years since smart cards were first proposed, they have become steadily more widespread. Domestic card market in Japan rose to 26 .5 million cards (including