ESTONIAN INFORMATION TECHNOLOGY COLLEGE

Indrek Ots

THE USE OF SMART CARDS ON MOBILE DEVICES IN A PLATFORM INDEPENDENT MANNER

Diploma thesis

Supervisor: K. Kuhi Consultant: I. Rokk, J.Arwald

Tallinn 2011 AUTORIDEKLARATSIOON

Deklareerin, et käesolev diplomitöö, mis on minu iseseisva töö tulemus, on esitatud Eesti

Infotehnoloogia Kolledžile lõpudiplomi taotlemiseks Infosüsteemide arendamise erialal. Diplomitöö alusel ei ole varem eriala lõpudiplomit taotletud.

Autor I. Ots ...... (allkiri ja kuupäev)

Töö vastab kehtivatele nõuetele

Juhendaja K. Kuhi ...... (allkiri ja kuupäev) Table of Contents Glossary...... 5 Introduction...... 6 Description of the problem...... 6 Problem background...... 7 Goal of the thesis...... 8 Starting conditions...... 8 Investigation of the problem...... 8 Structure of the thesis...... 9 1 Analysis of mobile platforms...... 10 1.1 Android...... 11 1.1.1 Possible solutions using Android...... 11 1.1.2 Current market share...... 13 1.1.3 Future prospects...... 13 1.2 Apple iOS...... 14 1.2.1 Apple iOS devices and NFC support...... 14 1.2.2 SQL keystore...... 15 1.3 7...... 15 1.3.1 Current market share and future prospects...... 15 1.3.2 Solutions for creating platform independent on ...... 16 1.3.3 Windows Phone 7 smart card support...... 16 1.4 Java ME...... 17 1.4.1 Possible solution...... 17 1.4.2 Current presence in the market...... 17 1.4.3 Future prospects...... 18 1.5 ...... 18 1.5.1 Possible solutions...... 18 1.5.2 Market share and future prospects...... 19

3 1.6 MeeGo...... 19 1.6.1 MeeGo and NFC...... 19 1.6.2 Cross-platform solutions on MeeGo...... 20 1.6.3 Present and future...... 20 1.7 ...... 20 1.7.1 Cross-platform application development on Maemo...... 21 1.7.2 Future prospects...... 21 1.8 Blackberry OS...... 21 1.8.1 Cross platform application development...... 22 1.8.2 Current market share and future prospects...... 22 1.9 HP webOS...... 22 1.9.1 Application development...... 23 1.9.2 Market share and potential future...... 23 1.10 Web technologies...... 23 1.11 Analysis result...... 24 2 Proposal of possible solutions...... 27 3 The chosen solution...... 29 3.1 RhoMobile...... 29 3.2 ...... 30 3.3 Justification of choice...... 30 4 Description of the development environment...... 31 5 The Development process and design documentation...... 32 5.1 Application architecture...... 33 5.2 Drawbacks of the solution...... 36 5.3 Latency tests...... 36 5.3.1 Expected outcome...... 36 5.3.2 Testing process...... 36 5.3.3 Test results...... 37 5.4 Downsides of cross-platform tools...... 38 6 Summary...... 39

4 Glossary Abbreviation Definition ADT Android Development Tools APDU Application Protocol Data Unit API Application Programming Interface GPL General Public License GPS Global Positioning System IP Protocol ISO International Organization of Standardization Java ME Java Micro Edition Java SE Java Standard Edition JSON JavaScript Object Notation NFC Near Field Communication OEM Original Equipment Manufacturer OS SDK Software Development Kit SIM Subscriber Identity Module VM Virtual Machine W3C World Wide Web Consortiu

5 Introduction

In some situations web applications require a higher level of . A way to achieve this is using smart cards which can enhance the security of a web application. This concept has been used on desktop computers for many years now. Non-mobile devices have the room for extra peripherals such as smart card readers. In addition they do not suffer from the lack of computing power as mobile devices do. Furthermore the desktop operating system market is somewhat established, meaning that there are only a few big contenders – Windows, Apple Macintosh and various distributions. (NetMarketShare, 2011) On the other hand the operating system market is more scattered. This makes it difficult to develop a unified method of accessing a local smart card and using it as a means of authentication on a mobile device.

Description of the problem

Currently service providers will have to provide platform specific software to enable smart card use over an IP based network. Developing an application for each mobile platform is not cost effective because it requires managing different sets of software and possibly having a

6 greater number of developers in the team.

To reduce the costs the software on mobile platforms should be platform agnostic. The web should be used as a platform if possible. This would create a situation where the end user is not required to have pre-installed platform specific software on the mobile device. Additionally the service provider can follow the “write once, run anywhere” principle.

Problem background

In eastern Stockholm a new urban district - Stockholm Royal Seaport - is being developed. There, modern architecture and environmental thinking is being combined, creating a new vibrant district for sustainable living, business and recreation. The building started in 2010 and is expected to finish in 2025 (Stockholm Royal Seaport, 2011).

Electric vehicles are an alternative to vehicles which use fossil fuels. But it comes at a cost. Charging an electrical vehicle takes several hours. (Sam Abuelsamid, 2008) Therefore a good choice is to place charging stations at parking lots. Just like with regular filling stations, the end user has to pay for the service. Ericsson Research has proposed the following solution. A convenient method is to use mobile payments implemented with near field communication (NFC). The end user uses his/her mobile device to activate the transaction which then has to be digitally signed. This is the part where the use of smart cards on a mobile platform come into play. If it were possible to access local smart cards on a mobile device from a browser based web application then it would save resources on developing an application for each and every mobile platform out there. In addition, the end user does not have to worry about the software his/her mobile device is required to have.

Mobile payments using near field communication is not a brand new technology. NFC has been around for years. It was approved by the International Organization for Standardization and ECMA International in 2004 (ISO, 2004) (ECMA, 2004). Google reckons wireless transactions, enabled by the coming wave of Android outfitted with near-field communication technology, could turn into a serious business for the company (Jenna Wortham, 2011). Apple plans to introduce NFC technology in it’s devices (Olga Kharif,

7 2011). An Estonian company Codeborne has proposed a design how to use the Estonian mobile-ID with NFC as a means of providing a service in Estonia. (Codebourne, 2011) Lastly NFC is already widely used in Japan. (Splashphone, 2007)

Smart cards are not new to mobile devices as well. SIM cards have been used to authenticate the client terminal on the mobile operator network. However using a SIM card as a means of authentication to a web application requires cooperation with a mobile network operator. Smart cards can be deployed on mobile devices in a form of a microSD card as well. software development kits (SDK) provide an application programming interface to access these smart cards. (Google Code, 2011) (MSDN, 2001) But this is all platform specific. To this day there is no proposed standard which addresses the issue of platform agnostic smart card access on mobile platforms.

Goal of the thesis

The goal of this thesis is to implement a working proof of concept consisting of a smart card embedded on a microSD card and a platform independent mobile application which can communicate with the local smart card. Ways of implementing cross-platform mobile applications are to be investigated. In addition a description of the shortcomings of the proposed solution are given.

Starting conditions

A working prototype of an electrical vehicle charging pillar has been implemented by Ericsson Research. It works in conjunction with an Android powered Sony Ericsson Xperia X10 which has a custom made smart card application on board. The smart card is in a form of a microSD card. To be more specific it is a Giesecke & Devrient Mobile Security Card. (Giesecke & Devrient, 2011) Therefore the mobile device that will be used for the initial proof on concept in this thesis must have a microSD card slot.

Investigation of the problem

Smart cards are not new to mobile devices. For example the Giesecke & Devrient mobile

8 security card was first announced in 2008. (Mobile NFC, 2008) To be fair, SIM card is a smart card as well but it will not be covered in the scope of the thesis because the use of SIM cards require cooperation with mobile network operators.

There is nothing new about implementing a platform independent mobile application. It has been possible with Java ME for many years now. (Oracle, 2011) Additionally there are frameworks for smartphones which allow developers to develop a mobile application once and port it to many platforms with ease. A good example is RhoMo. (RhoMobile, 2011)

As for combining smart cards on mobile devices and platform independent application development then a new field of research has been created. According to the author the act of implementing a method for platform independent smart card access on a mobile platform has not been investigated or implemented as of yet.

Structure of the thesis

The following is a brief description how the thesis is structured. Firstly popular mobile platforms are investigated. Their features and drawbacks are investigated. This research should help to select a plausible platform which can host the initial proof of concept solution.

Based on the analysis a working proof of concept is implemented in the practical part of the thesis. Its design is described and documented. Additionally a report on possible drawbacks is given.

9 1 Analysis of mobile platforms

In the following chapter the author investigates the capabilities and features of the most popular mobile platforms available in the market today. The focus is on finding a practical platform which can be used for implementing a proof of concept platform independent smart card application. Because of time limitations only one platform is chosen for the proof of concept.

Methods and means of implementing a platform agnostic application on each platform are given. The final decision is influenced by the availability of the platform as well as by the sustainability and future prospects. For that reason market shares are covered and future predictions and roadmaps are looked at.

The chosen platform must have the capability of handling smart cards and for the initial proof of concept application to be as successful as possible the platform should be widely available and used. The platform must run on devices which have an easily accessible microSD card slot. That is because a Giesecke & Devrient Mobile Security Card is used.

10 1.1 Android

Android is a software stack for mobile devices that includes an operating system, middleware, and key applications. It was initially released in 2008. (Google Code, 2011) Since then it has gained much popularity. (T. Virki, S. Carew, 2011)

1.1.1 Possible solutions using Android

It is possible to create a Java applet which can access a local smart card on devices which run Java SE. As of Java 1.6 it is possible to communicate with any smart card using the javax.smartcardio packages. (Oracle, 2011) The Belgium e-ID infrastructure makes use of Java applets. (Google Code, 2011) Since the Belgium e-ID Applet can run both with or without e-ID middleware installed, it puts minimal requirements on the client browser environment. This is exactly what this thesis tries to accomplish but instead of desktop computers mobile devices are used.

The Android SDK provides the tools and necessary to begin developing applications on the Android platform using the Java programming language. (Android Developers, 2011) Unfortunately the Dalvik Virtual Machine which is used on the Android platform uses a different instruction set than desktop Java virtual machines do. (Netmite, 2007) (Josh Fruhlinger, 2010) Therefore the bytecode generated for Android applications is different form Java SE applications(Dan Bornstein, 2008) This means that it is not possible to approach the problem of the thesis the same way as it is done in Belgium. Dalvik VM does not fully support Java SE nor Java ME class library. (Scott Delap, 2007) For this reason it is not possible to make use of the javax.smartcardio packages to access the local smart card. Applets are out of the question as well, mainly because they make use of javax.swing or java.awt packages which are present in Java SE libraries. (Josh Fletcher, 2010)

As stated before the Dalvik VM does not directly support Java ME. Despite that there are emulators which can run Java ME applications on the Android platform. (Simon Judge,

11 2008) As a side note LG did implement an Android phone with Java ME support. (Simon Judge, 2009) Using Java ME is beneficial because it is supported by multiple handset manufacturers. One of the goals of the thesis is to create a smart card application which could run on as many platforms as possible. Java ME enables to target a big portion of the market. Unfortunately the extra step of requiring an emulator for every Android device might put a lot of end users off in the author's opinion.

J2Android is a tool, which converts Java ME MIDlet applications into the dex bytecode files that run on the Dalvik VM. The applications are apparently modified in the process to better match up with the target device's screen size and soft keyboard features. (Josh Fruhlinger, 2010) In that case it is possible to accomplish the cross-platform paradigm stated before without requiring a Java Micro Edition emulator on board of the Android device.

Java FX is a Java platform for delivering rich Internet applications. In it’s initial release in 2008 at the annual JavaOne conference it was shown to run on the Android platform. At that time there were no shipping devices running Android. An Android emulator was used to demo the Java FX technology on the Android platform. Sun Microsystems worked with the Android community to host the Java FX runtime on top of Android. (Sun, 2008) As it turns out it was a one time thing. Java FX has not gained any significant popularity and the Android platform has not taken up Java FX. At first it was pushed as a way to get Java across an array of devices including mobile platforms. In theory this is a good concept but Java developers did not see a need for it. (Dion Almaer, 2008) (Dustin Marx, 2010) In conclusion Java FX is not a viable choice for the Android platform. At the moment it is at version 1.3 and the official Java FX roadmap suggests that a public beta for version 2.0 is planned by the end of the first half of 2011. (Oracle, 2010)

Another angle to approach the problem is to look at the web browsers for the Android platform. There are plenty of them out there. (G. Mies, B. W. Hopkins, 2010) The ones that raise the most interest are the ones which allow to extend their functionality via browser add- ons. These ones include Mobile also known as Fennec and the Dolphin browser. (, 2011) (Dolphin HD, 2011) It might be possible to develop a browser plug-in which

12 can access the local smart card located on the Android device. There is still a question if it is possible for the developer to get outside the sandbox of the browser. It is worth noting that Fennec is an open source project. This means it is possible to implement an additional feature to Fennec which allows to get access to the smart card. At the moment Fennec is supported on Android and Maemo. (Mozilla, 2011) Dolphin is currently only supported on the Android platform. (Dolphin HD, 2011)

1.1.2 Current market share

Android has gained popularity very rapidly. As an operating system Android grew 888.8% in 2010 and is now in the number two position worldwide with 22.4% of the smartphone marketshare. Its fourth quarter sales were driven by broad availability of devices from companies like HTC, Samsung and Motorola. (Sarah Perez, 2011) (Jacqui Cheng, 2011) (Christy Pettey, 2011) Q1 numbers of 2011 are expected to show the continuous growth. In 2009 Android had a market share of about 4% but in the next year it grew almost tenfold in the number of shipped devices. (Christy Pettey, 2011)

1.1.3 Future prospects

There is certainly a strong potential for Android to shape the future of . Android’s strength comes from its openness. The Android SDK is open source and the Apache and GPL licenses governing Android itself allow any handset manufacturer to use and modify it. This allows Android to shape the future of mobile computing by making it available to any hardware manufacturer that desires to use it. This means that Android is likely to be the OS of choice for future mobile computing hardware. (Michael Dorf, 2010)

Another Android strength is in it’s development kit. Application developers can use Java or even C/C++ to write their applications. These languages are the three most popular computer programming languages today. (Langpop, 2011) (TIOBE Software, 2011) This allows developers to write applications for Android using languages they already know and use. Additionally, it allows them to use the tools they are already using such as the Eclipse IDE. In the console gaming industry the available games determines the popularity of the console.

13 The same can be said about smartphones and its applications. Although the Google Android Marketplace is not the biggest in terms of the number of available applications it has grown rapidly in 2010. In the beginning of 2011 the leader of application distributions environments is the Apple App Store with about 350000 downloadable applications. (Apple, 2011) In addition the Google Android Marketplace is still less profitable than the Apple App Store. In average the revenue per application on Android is 17.5 times lower then what can be seen today on iOS. (Mauro Dalu, 2011) But if the current trend continues the situation is going to change in favor of Android in the coming years. The openness of Android is the key to success.

In March 2011 launched it’s own Android App Store. (Amber Taylor, 2011) It is not clear yet how this is going to affect the Android ecosystem but this leads to one of the downsides we can see in Android - platform fragmentation. There are different devices with different hardware capabilities and screen resolutions in the Android ecosystem. This makes it difficult for developers to provide a unified application experience across all devices. Additionally we can see handset manufacturers modifying the version of Android their providing with the device. For example HTC is using their own HTC Sense instead of the default Android user interface. The same goes for Samsung, Sony-Ericsson and others. (Michael Dorf, 2010) We can see a lot more control over the platform on iOS and even on Windows Phone 7. (XDA Developers, 2010)

1.2 Apple iOS

Although iOS is a relatively popular platform it is not going to find any practical use in this thesis. Mainly because none of the shipping devices with iOS on board do not have a microSD card slot which is needed for the Giesecke & Devrient microSD smart card. (Sarah Perez, 2011)

1.2.1 Apple iOS devices and NFC support

This is remotly related to this thesis but more timely within the context of the Stockholm Royal Seaport project. As with other Apple devices there are a lot of rumors around the next

14 iPhone to have near field communication support. (Elizabeth Woyke, 2011) (Olga Kharif, 2011) Until we have not seen an actual device it is not wise to make any premature decisions about the usage of iOS devices for this thesis or for the project in general. Additionally it should be kept in mind that there’s no smart card support and none of the rumors are claiming for it to happen.

1.2.2 SQL keystore

For devices with no physical smart card capabilities it is possible to implement the smart card functionality in software. Certainly it would not be as secure as physical smart cards, mainly because the private key is not being stored on a separate non-accessible physical medium. But if needed the smart card functionality can be implemented using a database and storing the smart card functionality into database tables. (Anders Rundgren, 2008) Overall, this is not the topic of this thesis and therefore is not covered thoroughly.

1.3 Windows Phone 7

Windows Phone 7 is a successor to the enterprise aimed Windows Mobile series of operation systems. The reason Windows Mobile is not covered in this thesis is that it is being phased out and is being superseded by the newer Windows Phone 7. Although some features of Windows Mobile are mentioned which the newer Windows Phone 7 does not have at it’s current version. (J. Perlow, S. Raymond, 2009)

1.3.1 Current market share and future prospects

Windows Phone 7 has been struggling to catch on since it’s initial release in Q4 of 2010. (Daniel Ruby, 2011) (Alex Wilhelm, 2011) It is still a relatively new platform and with the alliance formed between Microsoft and the Windows Phone 7 market share might start to climb more rapidly in the following years. (BBC, 2011)

15 1.3.2 Solutions for creating platform independent software on Windows Phone 7

Native application development on the Windows Phone 7 platform is accomplished using Silverlight. (MSDN, 2011) If cross-platform solutions are required then one can use PhoneGap or Rhodes mobile application development frameworks. (RhoMobile, 2011) (PhoneGap, 2011) Besides Windows Phone 7 they support other popular mobile platforms such as iOS and Android.

In contrast with the older Windows Mobile, Windows Phone 7 does not have Java ME support. (MSDN, 2010) On Windows Mobile a sensible way to develop cross-platform applications was using . (NOKIA, 2010) This support has been removed in the new smartphone platform as well.

1.3.3 Windows Phone 7 smart card support

In this thesis a Giesecke & Devrient microSD security card is used as a smart card. Unlike iOS devices some of the currently shipping Windows Phone 7 devices such as the Samsung Focus have an existing microSD card slot. (Samsung, 2011) However there are a few issues. It turns out that Microsoft had never intended to have user replaceable storage on its Windows Phone 7 devices. (Sascha Segan, 2010) (Chris Ziegler, 2010) Therefore device manufacturers use a non-replacable microSD card. In essence it is a regular microSD card which is hidden in the mobile device. One might think why even bother using a microSD card then. If non-replaceable and non-user-accessible storage is a requirement then soldered- on chips seem like the best solution. Often times companies merely need to swap out cards to offer different stock keeping units of their product with different capacities. Using non-user- accessible microSD cards gives OEMs more flexibility. (Sascha Segan, 2010) Devices such as the HTC Mozart and HTC 7 Trophy have a non-user-accessible microSD card which is hidden from the end-user’s reach. It is possible to access the microSD card but it requires disassembling the device. (Surur, 2010)

Microsoft has advised not to change the microSD card on devices where it is easily

16 accessible. (Microsoft, 2010) The reason is that the device might not work properly if the microSD card is swapped. In this thesis an easy access to microSD card slots is required. Coupled with the fact that smart card support has been removed from Windows Phone 7 does not make the successor of Windows Mobile a very attractive platform in the context of this thesis. (Brandon Miniman, 2009)

1.4 Java ME

Java Micro Edition is a Java platform for embedded devices. It is a subset of Java SE.

1.4.1 Possible solution

Java ME has the capability to access local smart cards. Introduced with the Java Specification Request 177, the Security and Trust Services API (SATSA) optional packages provides APIs for communication with security elements, as well as security APIs for the management of digital signatures, digital certificates, and cryptographic operations. (Enrique Ortiz, 2005) The API supports Application Protocol Data Unit (APDU) and Java Card 2.2 JCRMI protocols. A Java MIDlet can be created which could perform all the requested functions, starting with getting access to the local smart card, using it to digitally sign a message and send it to a web server.

How can the distribution of the application be made transparent to the end user? Java applets are out of the question because they are not supported on Java Micro Edition (see detailed discussion in chapter 1.1.1). Java Web Start is a technology developed by Sun Microsystems which allows users to start Java applications directly from the Internet using a . Unlike Java applets, applications deployed with Java Web Start do not run inside the web browser. Java Web Start ensures that always the latest version of the application is deployed. (Oracle) This makes it easy for the service provider to manage the versions their clients are using.

1.4.2 Current presence in the market

The so called feature phones still dominate the mobile handset market with over three

17 quarters of the market share. (TMCnet, 2011) Most of the devices have support for Java ME. (Christian Ziberg, 2010) For a mobile application developer this is an ideal market with millions of potential customers. Frankly, it seems that the smartphone platforms get all the attention nowadays.

1.4.3 Future prospects

It is difficult to predict the future of Java ME. The sheer number of Java ME enabled devices will probably keep the platform going in the coming years. Oracle, the current owner of Java technology, is going to release some updates to Java ME in the first half of 2011 according to their Mobile Java Products roadmap. (Oracle) Although there are a lot more devices that support Java ME than what we today know as smartphones, there are not as many applications available as on prime smartphone platforms such as iOS or Android. (TMCnet, 2011) For developers the choice of platform is primarily based on commercial and not technical reasons. The amount of users is large but the users do not buy the device for it’s applications in the author's opinion. Feature phones are primarily used for calling and messaging. From a developer’s perspective of view an attractive platform is the one where the time-to-market for applications is low. This can be achieved with application stores. The Android Marketplace and the Apple App Store are good examples. A study conducted by Vision Mobile in 2010 showed that only 4% of Java ME applications find their way to users via application stores. Whereas the same number for Android and iOS was 53% and 76% respectively. (Vision, 2010)

1.5 Symbian

The Symbian platform, originally developed by Symbian Ltd. which was later acquired by Nokia, is an operating system designed for smartphones. (Sindre Lia, 2010)

1.5.1 Possible solutions

PhoneGap, a mobile application development framework, has support for Symbian. It has support for other popular platforms as well. Hence it is a viable choice for implementing a

18 platform independent smart card solution.

Symbian supports Java ME. (Nokia, 2010) Therefore it is possible to use Java to develop cross-platform applications. Using the Security and Trust Services API for Java ME it is possible to access a local smart card on a mobile device. (Enrique Ortiz, 2005)

1.5.2 Market share and future prospects

According to 2010 numbers Symbian holds about one third of the world’s smartphone market share which is more than any other platform has achieved. To put it into perspective in Q4 of 2010 31 million Symbian phones were sold which is almost twice as many sold with iOS. However with the rapid growth of the Android platform it has been predicted that in a few years time Symbian will be overtaken by Android. (Marc Flores, 2010) (L. Dignan, A. Nusca, R. King, 2010) (Lawrence Coburn, 2011)

Nokia has announced that they are planning to sell 150 million additional Symbian devices in the coming years. If this is taken into account then Symbian is not dead yet although it will probably be overshadowed by Nokia’s primary smartphone strategy which is Windows Phone 7 and Symbian is going to share the same fate as Maemo and MeeGo do. (S. Manimaraa, 2011)

1.6 MeeGo

MeeGo is the offspring of intertwining ’s Mobiln OS and Nokia’s Maemo platform. It targets netbooks, entry-level desktops, handheld computing and communications devices, in- vehicle infotainment devices, connected TVs, and media phones.(MeeGo, 2011)

1.6.1 MeeGo and NFC

Although NFC is not the topic of this thesis, it is relevant in the context of the Stockholm Royal Seaport project. In the Mobile World Congress 2011 in Barcelona Tieto, the leading IT service company in Northern Europe, and INSIDE Secure, a leader in semiconductor solutions for secure transactions and digital identity, demonstrated an NFC solution on the

19 MeeGo platform. (Globalsmart, 2011)

1.6.2 Cross-platform solutions on MeeGo

Qt SDK and C++ is used for native application development on MeeGo. (MeeGo, 2011) With Qt it is possible to develop and port applications between Symbian 3, Maemo and MeeGo. (Phil B, 2011)

1.6.3 Present and future

Today it is possible to get MeeGo running on a device although it originally shipped with Maemo 5 as it’s default operating system. (MeeGo, 2011) (Nokia, 2011) Other than that there are not many shipping MeeGo devices currently in the market. For example one can find the WeTab tablet which is based on MeeGo. (WeTab, 2011)

At first it was speculated that the first MeeGo device from Nokia will be the . (Phil B, 2011) Later news came that this plan will be dropped and now there are rumors the first MeeGo device will be the Nokia N950 which is the successor to the N900 Maemo device. (Bella, 2011) (GSM Arena, 2011)

After Nokia and Microsoft announced a partnership in February of 2011 the potential future of MeeGo turned unclear. Nokia’s CEO stated that they will not discontinue the development of MeeGo but they’re primary smartphone strategy is Windows Phone 7. Nokia still plans to release a MeeGo device in year 2011. (Kevin C. Tofel, 2011) (Nokia, 2011) Considering what happened to Maemo, MeeGo might share the same fate. (Steve O'Hear, 2011)

1.7 Maemo

The Maemo platform is the core software stack that runs on mobile devices such as the Nokia N900. (Maemo) It is being developed by the Maemo community and is supported and used by Nokia.

20 1.7.1 Cross-platform application development on Maemo

Native applicaitons on the Maemo platform are developed using the Maemo SDK and C/C+ +. In this thesis methods of cross-platform development on mobile devices are investigated. If Java is the desired platform for accomplishing cross-platform compatibility then the Jailmo project should be looked into. Officially Java is not supported on the Maemo platform. (Nokia, 2009) However Jalimo is a project to maintain a full featured free Java-like stack for mobile Linux-based devices. (Evolvis, 2010) Unfortunately it does not support the latest release of Maemo which is Maemo 5. Only Maemo 3 and 4 are supported by Jailmo. (Evolvis, 2009) (Nokia, 2009)

In previous chapters of this thesis PhoneGap, an open source mobile application development framework, has been mentioned several times. As it turns out PhoneGap has been ported on Maemo as well. (Mikko Ohtamaa, 2009) Although it has been a community effort and is not officially supported by PhoneGap, it should be noted that with a little bit of work it is possible to port an open source framework to other platforms as well.

1.7.2 Future prospects

Maemo’s future was questioned when Intel and Nokia announced in the 2010 Mobile World Congress to join forces to merge and Maemo to form a new operating system called MeeGo. (Chloe Albanesius, 2010) Maemo can now be considered dead. (James Holland, 2010) Although the community is alive and active we probably won’t be seeing any devices shipping from Nokia. However Nokia is not the only manufacturer to make use of the Maemo platform. (Zach Epstein, 2009) (Maemo Team, 2009) All in all, Maemo is transitioning to MeeGo as time moves on. (Chloe Albanesius, 2010)

1.8 Blackberry OS

Blackberry OS is a mobile operating system which is used on the Blackberry devices developed by a Canadian company Research in Motion.

21 1.8.1 Cross platform application development

Native applications on the Blackberry OS are developed in Java. Blackberry is compatible with Java ME as well but native APIs provide better integration. (R. Virkus, 2009) Not like iOS and Windows Phone 7 devices, Blackberry devices have an existing microSD card slot which can be used with the Giesecke & Devrient mobile security card. (RIM)

PhoneGap, a mobile applicaton development framework, has support for the Blackberry OS as well as many other platforms.

In conclusion if Blackberry is chosen as a platform for the initial proof on concept then there are two possible solutions - Java ME or PhoneGap.

1.8.2 Current market share and future prospects

As with many other device manufacturers and platforms, Blackberry is losing market share percentage points because of the rise of Android. (Raven Lovecraft, 2011) (Mark Raby, 2011) Blackberry is behind Apple, Nokia and Android in the worldwide market but in some local markets the same trend does not reflect. (Canalys, 2011) For example in the United Kingdom Blackberry outshines almost every other manufacturer in the smartphone market. (Rik Henderson, 2011)

As other smartphone platforms have gained consumer popularity, the Blackberry seems to be looked at as a corporate device. (Nicole Lee, 2011) That is probably because of it’s enterprise features such as the push service and integrated . (Voltage) Without a growing consumer attention the platform can not compete against iOS and Android.

1.9 HP webOS

WebOS is a mobile operating system initially developed by which was later acquired by Hewlett-Packard.

22 1.9.1 Application development

WebOS applications are developed using standard web technologies such as HTML, CSS and Javascript. (Palm) It is similar to PhoneGap in a sense that the same web standards are used to develop cross platform mobile applications. It should be mentioned that WebOS is supported by PhoneGap as well. Therefore webOS has potential for being a decent and friendly platform for cross-platform software.

1.9.2 Market share and potential future

WebOS is definitely the smallest in number of users and market share covered in this thesis. To put it into perspective in the US market there are roughly 2,5 times more Symbian users as there are webOS users and that is saying a lot because Nokia has always struggled in the North American market. (Derek Kessler, 2010) In the worldwide scale webOS is so small that it does not even have one per cent of the smartphone market.(Matthew Miller, 2010) The reason webOS is investigated in this thesis is because of Hewlett-Packard acquiring Palm. (Rene Ritchie, 2010) This deal might give a push to the growth of webOS. HP plans to start shipping webOS on notebooks with a dual boot configuration with Windows in 2012. (Josh Smith, 2011) This move might get the word out to consumers and developers which in turn creates interest in the webOS smartphones.

The trouble with webOS is that none of the shipping webOS devices have an accessible microSD card on board. For that reason webOS can not be used in the implementation part of this thesis. (GSM Arena, 2011)

1.10Web technologies

An ideal way to implement a multi-platform approach to the current problem is to use the web as a platform. Unfortunately in most cases it is not possible to access a device’s local resources from a web application without any platform specific software. For it to be possible, mobile browsers should implement extra functionality. For example the W3C Geolocation API allows to get information from the iPhone’s GPS. That is possible because

23 Safari which is the default browser on iOS has implemented the standard. (CSS Ninja, 2009) (Veera Sundar, 2009) (Herbert Law, 2009) (W3C, 2010) This of course raises security concerns which in the author's opinion puts a full support on all the available browsers off.

Using web technologies to develop mobile applications allows developers to implement an application which can be accessed via the mobile browser. This saves time and resources on developing a platform specific application for each and every platform. There are a handful on mobile frameworks which allow developers to build a native applications using only web technologies. These include PhoneGap, RhoMobile and Appcelerator Titanium. (Appcelerator, 2011) (RhoMobile, 2011) (PhoneGap, 2011) Although they do not give full access to the hardware via the mobile browser it is still a better solution than implementing a platform specific application for every platform.

1.11 Analysis result

Because of time limitations only one platform is chosen to illustrate a proof of concept solution. The platform is chosen amongst the previously covered mobile operating systems. Because a Giesecke & Devrient microSD mobile security card is used as a smart card of choice for this thesis, the chosen platform is required, above all, to be able to handle local smart cards. Another critical limitation arises – the chosen platform must have a range of supported devices which have a microSD card slot on board. Without it there is no method of utilizing the Giesecke & Devrient microSD mobile security card.

In addition to technical limitations commercial adoption is being looked at as well. The platform should be fairly popular. This is rather subjective. Market share can be measured with percentage points but the speed of growth is taken into account as well. Therefore the platform with the biggest market share might not be the one that gets picked as a possible candidate for hosting the proof of concept smart card application. Instead a platform that has shown rapid growth in previous years might be chosen. For the initial prototype to be as successful as possible the smart card application should have a wide audience of potential users. Thus future prospects of the platform are taken into consideration. Furthermore the

24 more users the platform has the easier it is to find technical support if any is needed.

Taking into account the limitations and requirements, few platforms can be ruled out without much deliberation. To begin with, the Apple iOS devices do not have any removable storage. In other words there is no microSD card slot on Apple devices. Thus they do not offer any practical value to the thesis. The same can be said about HP webOS and it's devices. With Phone 7 it is a little bit different story. The initial shipping Windows Phone 7 devices had an user accessible microSD card slot but it's use was discouraged by the manufacturers and by Microsoft as well. The devices that started shipping a little after the initial release of Windows Phone 7 had a non-user-accessible microSD card slot hidden in the device. Although for the sake of making a prototype it is possible to dismantle the mobile device to get physical access to the card slot but if the practical value of this act is taken into consideration then one can see that this idea does not hold up in the commercial world. In the author's opinion the end user is probably never going to disassemble the device to get access to the card slot. Incidentally Windows Phone 7 does not have support for smart cards as well. All in all the three platforms – Apple iOS, HP webOS and Microsoft Windows Phone 7 are definitely not going to find a part in the practical part of the thesis.

This leaves six more platforms to be considered. The Symbian platform is definitely the worldwide market leader in smartphones. Additionally it has support for smart cards and in most cases the devices used by Symbian have a microSD card slot on board. According to the requirements and limitations stated previously this looks like a clear platform of choice. Nevertheless the partnership between Nokia and Microsoft does not look very good for the future of Symbian. The same goes for Maemo and MeeGo as well. To be clear, Maemo was superseded by MeeGo and it's disuse in the thesis is not brought about the Nokia-Microsoft alliance.

Blackberry devices are known for their corporate capabilities, therefore it should be a good playing ground for smart cards. The author has decided not to make use of this platform. Although it is a relatively popular platform, it's market share is not evenly distributed across the world. In other words, for example in Estonia and the neighboring countries it's use is

25 significantly smaller than for instance in the United States. Additionally the platform is relatively unpopular among developers as well compared to Android and iOS for example. This can be roughly measured with the number of available applications.

Next in the line is Java ME. This platform can be found on almost all low end mobile devices. Among all the covered mobile platforms Java ME has definitely the highest number of users around the world. With the Security and Trust Services API it is possible to access local smart cards. Similarly to Symbian it seems that Java ME looks like a possible candidate for the developing of the initial proof of concept.

Android has gained a lot of popularity in recent years and continues to grow in number of users. It's popularity among developers is high as well. Comparing the Android Marketplace and the Apple App Store, the biggest mobile application store, we can see that Android is not far behind. Java ME lacks a centralized application distribution system which greatly reduces the time-to-market for applications. In the author's opinion this is a requirement for a modern mobile operating system and it makes the platform more attractive to developers. Android clearly has an advantage over Java ME in this field. Additionally smart card access is supported on the Android platform and most of the Android devices have an user-accessible microSD card slot available.

In the current electrical vehicle charging proof of concept solution developed by Ericsson Research an Android device is used for authentication and digital signing of the transaction. This means that some of the work might be already done and the use of Android might save time in the end. All things considered the author has decided to solve the problem of the thesis using the Android platform.

26 2 Proposal of possible solutions

A platform can hold more than one plausible solution. In this chapter the possible solutions for implementing a smart card application on the Android platform are proposed. First of all, the Mozilla project has developed a version of Firefox for mobile devices – Fennec. Currently it is supported on the Android platform and on Maemo as well. It is an open source project which means it is possible to extend it's features if needed. What's more, Firefox mobile supports a plug-in architecture just like it's desktop counterpart. This means it is possible to develop a plug-in which can communicate with the local smart card. (Mozilla, 2011) (Mozilla, 2011)

There is one potential downside to this solution. It might be that it is impossible to get out of the sandbox of the browser. If this is the case then the proposed solution does not solve the problem of the thesis. But if it turns out not to be a problem then this solution accomplishes two goals. Firstly, the end user can use the browser to navigate to a web page which requires smart card authentication and can proceed with the authentication within the browser. That being said, it should be noted that the required plug-in must be installed by the end user. Secondly this solution accomplishes platform independence. Although, as previously mentioned, Fennec is currently supported only on two platforms – Android and Maemo,

27 therefore the solution can be ported only on these platforms and not on any others. (Mozilla, 2011)

Another potential solution is to use the PhoneGap mobile application development framework. It allows developers to write their applications in standard web technologies such as HTML, CSS and Javascript. These applications can be ported across a variety of platforms. At the moment PhoneGap supports 6 different mobile operating systems. (PhoneGap, 2011) Using PhoneGap it is possible to access mobile device's local resources such as the camera and the via Javascript. Unfortunately PhoneGap does not support accessing local smart cards. Therefore this part has to be implemented in this thesis.

The downside to this solution is that for every platform a specific plug-in has to be developed which translates Javascript calls to native calls. The plug-in serves no other purpose than being a bridge between the application logic written in Javascript and the smart card. In theory if PhoneGap supported smart cards then developers should only worry about the application logic. In the scope of this thesis PhoneGap accomplishes only one goal – allowing to implement platform independent smart card applications.

28 3 The chosen solution

The author has decided to use PhoneGap to implement a proof of concept platform independent smart card application. It was chosen over Firefox Mobile mainly because with PhoneGap it is possible to cover more mobile platforms. Also there is a possibility that it might not be possible to escape the sandbox of the Fennec browser. As time is limited the author has decided to choose a method which looks more promising.

Besides PhoneGap other cross-platform mobile application development frameworks exist as well. To understand why was PhoneGap chosen a brief overview of the competitors is given.

3.1 RhoMobile

RhoMobile uses the Ruby programming language to build native cross-platform mobile applications. Supported platforms include the following: Apple iOS, Android, Windows Mobile and Blackberry. Unlike PhoneGap, RhoMobile applications are compiled to native bits. (RhoMobile) It is an open source framework which is extendable if needed. (StackOverflow, 2010)

29 3.2 Titanium

Titanium, an open source mobile application development framework, is similar to RhoMobile in a sense that the code is compiled to native bits but for application development Javascritp, HTML and CSS is used. Titanium has support for Apple iOS, Android and Blackberry. It is extendable to suit the needs of a specific platform.

3.3 Justification of choice

PhoneGap was, as implied previously, chosen mainly because it supports a greater number of platforms than it's competitors. If a need arises to implement the proof of concept application on a platform other than Android then there are plenty to choose from.

30 4 Description of the development environment

The platform has been chosen and a potential solution has been selected. To start the implementation part a development environment has to be set up. The following is a brief overview of the development environment that was used in this thesis.

A 32bit Ubuntu 11.04 (Lucid Lynx) was used as an operating system. For Android development the de facto standard IDE is Eclipse. It is possible to use any other IDE if preferred but Google has provided an Eclipse plug-in which allows for easier project creation and application debugging. Eclipse Helios 3.6.2 was used in the context of this thesis. A Sony Ericsson Xperia Arc mobile device with Android version 2.3.2 on board was used for application development and testing. MSC SmartcardService for Android was used to access a Giesecke & Devrient Mobile Security Card. PhoneGap version 0.9.4 was later added to the environment to accomplish platform independence. A full manual on how to set up the development environment is included in the appendix.

31 5 The Development process and design documentation

After the development environment had been set up it was time to start experimenting with Android and the smart card. At first for learning purposes a native Android smart card application was created. Upon having received successful APDU response messages from the smart card it was time to add the PhoneGap layer to the implementation. This required the addition of the PhoneGap library to the Java build path.

To test the process of implementing an Android PhoneGap plug-in a small application was developed which accomplished the following. A Javascript function was able to call native Java method which returned a result of a simple mathematical expression. The arguments were passed in from the Javascript function. Then a Javascript callback function was executed which printed the result on to an HTML page.

The next logical step was to merge the basic ideas of the two different applications together. The end result was a PhoneGap application with an Android plug-in which allowed to access a local smart card on the mobile device. The application logic was written in Javascript and smart card access was implemented with a PhoneGap plug-in written in Java. Illustration 1 depicts the result.

32 Illustration 1: Application Architecture

In theory if PhoneGap's API had smart card support for every platform it supported then it would be relatively easy to develop cross-platform smart card applications. Unfortunately this is not the case. The biggest challenge is to create a unified interface which the platform specific plug-ins should implement. This requires extensive knowledge on smart card access on each platform.

5.1 Application architecture

Illustration 2 depicts the class diagram of the implemented PhoneGap Android plug-in. AndroidSmartCardService interface is exposed to PhoneGap and it's methods can be called via Javascript. The parameters are passed via a JSON array.

All PhoneGap plug-ins must extend the Plugin class. It has a method execute() which is called by PhoneGap. Plug-in implementation class has to override it to extend it's functionality. It gets passed the operation's name and a JSON array of arguments. This request gets processed and an appropriate method is called. The result is returned back to a Javascript callback method in a form of a JSON array. It should be noted that the return value does not have to be a JSON array. For example the isCardPresent() method returns a boolean.

33 Illustration 2: Class Diagram

Table 1 gives an overview of the Javascript smart card API which exposes the AndroidSmartCardService interface to Javascript code.

The underlying implementation of platform specific smart card plug-ins may vary depending on the platform but if the interface that is exposed to Javascript is left unchanged then the smart card application can be described as platform independent. PhoneGap plug-ins should only serve one purpose which is to access the local smart card. The business logic has to be implemented in Javascript.

34 Table 1: Smart Card Javascript API Function name Parameters Description getReaders() successCallback, Returns an array of all the failureCallback available smart cards. In most cases it consists of only one. SuccessCallback is a callback which is called when the funcion is successful. If an error is encountered failureCallback is called. transmit() reader, Transmits an APDU command to byteArray, the smart card. Reader specifies successCallback, which card to use and byteArray failureCallback is the APDU command represented in a form of a string array. Each element is a byte in hexadecimal format. The return value is an array consisting the response APDU. SuccessCallback and failureCallback correspond to the parameters that are passed to the getReaders function. isCardPresent() reader, Return value is true if a card with successCallback, the specified name is found. failureCallback SuccessCallback and failureCallback correspond to the parameters that are passed to the getReaders function.

35 5.2 Drawbacks of the solution

This solution is not perfect in a sense that it's native counterpart outperforms the platform independent solution in many ways. Theoretical platform independence comes at a cost. The following is an overview and description of the drawbacks this implementation possesses.

To begin with, the application logic is written in Javascript which is wrapped in the PhoneGap framework and Javascript function calls are translated to native Java calls. In theory this should introduce a slight level of overhead.

5.3 Latency tests

To test how much latency PhoneGap introduces to the application design, latency tests were performed.

5.3.1 Expected outcome

Given the fact that PhoneGap adds an extra wrapper layer to the application architecture the testing is expected to show that a platform independent application performs slower than it's native counterpart.

5.3.2 Testing process

A series of APDU commands are sent to the smart card. The command will always stay the same. This is performed with a native Android smart card application and with an Android PhoneGap smart card application. Multiple test are to be conducted to reduce the factor of random chance. The duration of the tests are compared to determine the result. The command APDU is described in table 2.

36 Table 2: Test APDU Structure Field name Value Description CLA 0x90 Instruction class. INS 0xde Instruction code. P1 - Parameter 1 P2 - Parameter 2 Lc field 0x00 Number of bytes in the data field. No data is being sent with this APDU Data field - No data is being used in this APDU command. Le field 0x04 Maximum number of bytes expected in the response command.

5.3.3 Test results

The outcome of the test was exactly as initially expected. The added wrapper layer introduced a growth in latency. Table 3 shows the test results. Each test result shows how long it took to send and receive 1000 APDU commands in milliseconds. The average count of APDU commands sent and received per second has been reduced approximately 33 per cent by adding the extra wrapper layer.

Table 3: Latency Test Results Test 1 2 3 4 5 Average Standard number deviation Native 77139ms 77053ms 76924ms 77458ms 77297ms 77174,2m 186.6ms application s PhoneGap 114562ms 115970ms 115198ms 116592ms 114859ms 115436ms 745.1ms application

37 5.4 Downsides of cross-platform tools

Cross-platform development tools are supposed to make the developers life easier. They allow to write once and run the application on any platform. This way developers do not have to learn new APIs for each platform. This is all good and speeds up the development process and saves resources. (StackOverflow, 2010)

This situations should be looked at the end-user’s perspective as well. What the end users wants is a working piece of software. They do not care if the application was implemented with cross-platform frameworks or not. They care for the end result. And if it is the case where cross-platform tools can not provide as good of a user experience as native applications can then the use might not be justified if there's competition on the market. (StackOverflow, 2010)

38 6 Summary

In this thesis two goals were set out to be accomplished. First of them being how to access smart cards on a mobile platform in a platform independent manner and secondly how to distribute platform independent software to the mobile end user in a transparent way. The second goal turned out to be impossible at the current state of technology mainly because of browser limitations and operating system level security. Therefore it was removed from the scope of this thesis and all the focus was on how to accomplish platform independence.

Most of the mainstream consumer mobile platforms were investigated. Their features and drawbacks were looked at. Additionally platform market share was investigated to determine its future potential as a mobile platform. After much deliberation the Android platform was chosen to host the initial proof of concept platform independent smart card application.

To accomplish the set goal, PhoneGap mobile application development framework was used which allows to use standard web technologies to develop mobile applications. It was chosen over other similar frameworks because it has support for a bigger number of platforms.

In theory platform independence was accomplished but the solution still requires an additional platform specific plug-in for every platform. The application logic is separated

39 from the plug-in. In this case the plug-in was implemented for the Android platform. In theory, if the plug-ins on each and every platform implemented the same interface then the application logic can stay the same and can be ported across a wide variety of mobile operating systems.

Currently PhoneGap does not have support for smart cards on mobile platforms. PhoneGap is an open source project. If the changes could be pushed to the upstream project then in theory developers are only required to implement the application logic and do not have to worry about the communication with the smart card. This requires a platform specific plug-in to be implemented for each and every platform.

Kiipkaartide kasutamine mobiilsetes seadmetes platvormist sõltumatul viisil

Diplomitöö

Indrek Ots

Antud diplomitöös üritati lahendada kahte probleemi. Esiteks kuidas luua mobiilsest platvormist sõltumatu kiipkaardi rakendus ja teiseks kuidas seda rakendust levitada lõppkasutajale nähtamatul viisil. Töö algusfaasis selgus, et viimast eesmärki ei ole praeguse tehnoloogia taseme juures võimalik teostada kuna see tekitab palju turvariske ning operatsioonisüsteem ei luba ilma kasutaja nõusolekuta antud eesmärki täita. Samuti ei ole seda ka võimalik saavutada veebilehitseja kaudu. Seega keskenduti selle diplomitöö raames ainult esimesele väljatoodud probleemile.

Uuriti populaarsemaid mobiilseadmete operatsioonisüsteeme ning selgitati välja nende tugevad ja nõrgad küljed, mis on seotud kiipkaardile ligipääsemisega. Samuti uuriti platvormide turuosa ja tuleviku potentsiaali, et selgitada välja millistele platvormidele on kasulik tulevikus loodud rakenduse tugi luua. Antud diplomitöö raames valiti prototüüprakenduse jaoks Android platvorm.

40 Et saavutada platvormist sõltumatus otsustati kasutata PhoneGap raamistiku, mis lubab kasutada veebitehnoloogiaid, et kirjutada mobiilseid rakendusi. Antud raamistik valiti teiste sarnaste seast kuna PhoneGap toetab rohkem mobiilseid platvorme kui konkurendid. Tulemus ei ole täielikult operatsioonisüsteemist sõltumatu. Iga platvormi jaoks tuleb luua pistikprogramm mis suhtleb kiipkaardi ja platvormist sõltumatu rakendusega.

Diplomitöö raames loodi pistikprogramm Android platvormi jaoks. Äriloogika ja suhtlus kiipkaardiga on eraldatud. Kui pistikprogramm vastab liidesele, mida kiipkaardi rakendus kasutab siis teoorias on võimalik kasutada sama kiipkaardi rakendust teistel platvormidel eeldusega, et vastavale platvormile on loodud platvormi spetsiifiline pistikprogramm.

Hetke seisuga ei toeta PhoneGap raamistik ligipääsu kiipkaartidele. Siinkohal tuleks mainida, et PhoneGap raamistiku lähtekood on avatud. Kui tehtud muudatused jõuaksid raamistiku baasversiooni, siis teoreetiliselt on saavutatud platvormist sõltumatus.

41 Bibliography NetMarketShare, 2011: NetMarketShare. (14.05.11) Operating System Market Share, 2011, [http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8d] Stockholm Royal Seaport, 2011: . (02.03.11) Stockholm Royal Seaport, 2011, [http://www.isohttp://www.stockholmroyalseaport.com/.org/iso/search.htm? qt=18092&searchSubmit=Search&sort=rel&type=simple&published=on] Sam Abuelsamid, 2008: Sam Abuelsamid. (14.05.11) Charging a Tesla roadster from household outlet could take 30 hours!, 2008, [http://green.autoblog.com/2008/07/06/charging-a-tesla-roadster-from-household-outlet- could-take-30-ho/] ISO, 2004: . (03.03.11) ISO/IEC 18092:2004, 2004, [http://www.iso.org/iso/search.htm? qt=18092&searchSubmit=Search&sort=rel&type=simple&published=on] ECMA, 2004: . (03.03.11) Standard ECMA-340, 2004, [http://www.ecma- international.org/publications/standards/Ecma-340.htm] Jenna Wortham, 2011: Jenna Wortham. (03.03.11) Google’s Schmidt Sees Payments as a Big Business, 2011, [http://bits.blogs.nytimes.com/2011/02/15/googles-schmidt-sees- payments-as-a-big-business/] Olga Kharif, 2011: Olga Kharif. (03.03.11) Apple Plans Service That Lets IPhone Users Pay With Handsets, 2011, [http://www.bloomberg.com/news/2011-01-25/apple-plans-service- that-lets--users-pay-with-handsets.html] Codebourne, 2011: Codebourne. (26.02.11) Mobile-ID payments, 2011, [http://blog.codeborne.com/2011/01/mobile-id-payments.html] Splashphone, 2007: Splashphone. (05.03.11) Latest Near Field Communication (NFC) Development in Japan, 2007, [http://www.slashphone.com/70/6644.html] Google Code, 2011: Google. (15.03.11) Google Projects for Android, 2011, [http://code.google.com/android/] MSDN, 2001: Microsoft. (14.05.11) Smart Card Application Development, 2001,

42 [http://msdn.microsoft.com/en-us/library/ms926469.aspx] Giesecke & Devrient, 2011: Giesecke & Devrient. (14.05.11) Secure microSD Cards, 2011, [http://www.gi- de.com/en/products_and_solutions/products/secure_microsd/product_details_4992.jsp] Mobile NFC, 2008: MobileNfc. (05.03.11) G&D announces mobile security card, 2008, [http://www.mobilenfc.eu/sitenews/GD_announces_mobile_secur.html] Oracle, 2011: Oracle. () Package javax.smartcardio, 2011, [http://download.oracle.com/javase/6/docs/jre/api/security/smartcardio/spec/javax/smartca rdio/package-summary.html] RhoMobile, 2011: Rhomobile. (20.03.11) RhoMobile, 2011, [http://rhomobile.com/] T. Virki, S. Carew, 2011: Tarmo Virki; Sinead Carew. (15.03.11) Google topples Nokia from smartphones top spot, 2011, [http://uk.reuters.com/article/2011/01/31/oukin-uk-google- nokia-idUKTRE70U1YT20110131] Android Developers, 2011: Google. (16.03.11) What is Android?, 2011, [http://developer.android.com/guide/basics/what-is-android.html] Netmite, 2007: Netmite. (12.04.11) Bytecode for the Dalvik VM, 2007, [http://www.netmite.com/android/mydroid/dalvik/docs/dalvik-bytecode.html] Josh Fruhlinger, 2010: Josh Fruhlinger. (11.04.11) J2Android hopes you don't know that Android is Java-based, 2010, [http://www.javaworld.com/community/node/4170] Dan Bornstein, 2008: Dan Bornstein. (11.04.11) Dalvik VM Internals, 2008, [http://sites.google.com/site/io/dalvik-vm-internals] Scott Delap, 2007: Scott Delap. (15.04.11) Google's Android SDK Bypasses Java ME in Favor of Apache Harmony, 2007, [http://www.infoq.com/news/2007/11/android-java] Josh Fletcher, 2010: Josh Fletcher. (15.04.11) AWT vs Swing, 2010, [http://edn.embarcadero.com/article/26970] Simon Judge, 2008: Simon Judge. (15.04.11) Java ME on Android, 2008, [http://mobilephonedevelopment.com/archives/707] Simon Judge, 2009: Simon Judge. (15.04.11) LG’s Java ME on Android, 2009, [http://www.mobilephonedevelopment.com/archives/934] Sun, 2008: Sun Microsystems. (02.04.11) JavaFX on Android, 2008,

43 [http://www.youtube.com/watch?v=BtUX-GS36o8] Dion Almaer, 2008: Dion Almaer. (02.04.11) Sun is bleeding; More engineers leave as JavaFX is pimpedJava, 2008, [http://almaer.com/blog/sun-is-bleeding-more-engineers- leave-as-javafx-is-pimped] Dustin Marx, 2010: Dustin Marx. (04.04.11) The Continuing Struggles of JavaFX, 2010, [http://www.javaworld.com/community/node/4703] Oracle, 2010: Oracle. () JavaFX 2.0 Roadmap, 2010, [http://javafx.com/roadmap/] G. Mies, B. W. Hopkins, 2010: Ginny Mies; Brent W. Hopkins. (16.04.11) Battle of the Android Browsers, 2010, [http://www.pcworld.com/article/206278/battle_of_the_android_browsers.html] Mozilla, 2011: Mozilla. (16.04.11) Thunderbird & Mobile Add-ons, 2011, [https://addons.mozilla.org/en-US/developers/docs/how-to/thunderbird-mobile] Dolphin HD, 2011: Dolphin Browser. (15.04.11) Dolphin Browser, 2011, [http://www.dolphin-browser.com/products/] Sarah Perez, 2011: Sarah Perez. (12.05.11) Android Market Share Numbers Questioned, 2011, [http://www.readwriteweb.com/archives/android_market_share_numbers_questioned.php] Jacqui Cheng, 2011: Jacqui Cheng. (11.05.11) Android tops everyone in 2010 market share; 2011 may be different, 2011, [http://arstechnica.com/gadgets/news/2011/01/android-beats- nokia-apple-rim-in-2010-but-firm-warns-about-2011.ars] Christy Pettey, 2011: Christy Pettey. (04.004.11) Worldwide Mobile Device Sales to End Users Reached 1.6B Units in 2010, 2011, [[http://www.gartner.com/it/page.jsp? id=1543014]] Michael Dorf, 2010: Michael Dorf. (21.04.11) Is Android the Future of Mobile Computing?, 2010, [http://www.learncomputer.com/android-future-mobile-computing/] Langpop, 2011: langpop. (15.05.11) Programming Language Popularity, 2011, [http://langpop.com/] TIOBE Software, 2011: TIOBE Software. (01.05.11) TIOBE Programming Community Index for May 2011, 2011, [http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html]

44 Apple, 2011: Apple. (29.04.11) Apple’s App Store Downloads Top 10 Billion, 2011, [http://www.apple.com/pr/library/2011/01/22appstore.html] Mauro Dalu, 2011: Mauro Dalu. (29.04.11) Android Marketplace Revenue Figures: Impressive Growth… or is it?, 2011, [http://surgeworksmobile.com/iphone/android- marketplace-revenue-figures-impressive-growth-or-is-it] Amber Taylor, 2011: Amber Taylor. (15.05.2011) Introducing the Amazon Appstore for Android, 2011, [http://www.amazonappstoredev.com/2011/03/introducing-the-amazon- appstore-for-android.html] XDA Developers, 2010: XDA developers. (29.04.11) Windows Phone 7 - Hardware Requirements, 2010, [http://forum.xda-developers.com/showthread.php?t=649909] Elizabeth Woyke, 2011: Elizabeth Woyke. (29.04.11) Source: iPhone 5 May Have NFC Contactless Capability, 2011, [http://blogs.forbes.com/elizabethwoyke/2011/03/17/source- apple-iphone-5-may-have-nfc-contactless-capability/] Anders Rundgren, 2008: Anders Rundgren, Using SQL Databases as Universal Keystores, 2008 J. Perlow, S. Raymond, 2009: Jason Perlow; Scott Raymond. (15.02.11) In Smartphone Wars, Darwinism Triumphs Over Intelligent Design, 2009, [http://www.zdnet.com/blog/perlow/in-smartphone-wars-darwinism-triumphs-over- intelligent-design/11516] Daniel Ruby, 2011: Daniel Ruby. (04.04.11) Windows Phone 7 Outnumbered by… Windows 98?, 2011, [http://insights.chitika.com/2011/windows-phone-7-outnumbered-by-windows- 98/] Alex Wilhelm, 2011: Alex Wilhelm. (18.04.11) WP7 seeing slow market growth? Not according to our numbers, 2011, [http://thenextweb.com/microsoft/2011/01/13/wp7- seeing-slow-market-growth-not-according-ot-our-numbers/] BBC, 2011: BBC. (16.04.11) Nokia and Microsoft form partnership, 2011, [http://www.bbc.co.uk/news/business-12427680] MSDN, 2011: Microsoft. (03.05.11) Application Platform Overview for Windows Phone, 2011, [http://msdn.microsoft.com/en-us/library/ff402531(v=vs.92).aspx] PhoneGap, 2011: PhoneGap. (28.03.11) PhoneGap, 2011, [http://www.phonegap.com/]

45 MSDN, 2010: Microsoft. (19.04.11) Windows Phone 7 Compatiblity, 2010, [http://social.msdn.microsoft.com/Forums/en/windowsphone7series/thread/b2e59dc6- de3c-4ffd-8161-4d992dac425d] NOKIA, 2010: Nokia. (19.04.11) Support for Windows CE and Windows Mobile, 2010, [http://developer.qt.nokia.com/wiki/Support_for_Windows_CE_and_Windows_Mobile] Samsung, 2011: Samsung. (15.05.2011) Samsung Focus™ Windows Smartphone, 2011, [http://www.samsung.com/us/support/owners/product/SGH-I917ZKAATT] Sascha Segan, 2010: Sascha Segan. (19.04.11) Win Phone 7 Ditches Multitasking, Memory Cards, 2010, [http://www.pcmag.com/article2/0,2817,2361377,00.asp] Chris Ziegler, 2010: Chris Ziegler. (20.04.11) Windows Phone 7's microSD mess: the full story, 2010, [http://www.engadget.com/2010/11/17/windows-phone-7s-microsd-mess-the- full-story-and-how-nokia-ca/] Surur, 2010: Surur. (20.04.11) HTC 7 Trophy MicroSD card uncovered, 2010, [http://wmpoweruser.com/htc-7-trophy-microsd-card-uncovered/] Microsoft, 2010: Microsoft. (14.04.11) Windows Phone 7 Secure Digital Card Limitations, 2010, [http://support.microsoft.com/kb/2450831] Brandon Miniman, 2009: Brandon Miniman. (03.05.11) Windows Mobile 7: Fifteen New Details, 2009, [http://pocketnow.com/thought/windows-mobile-7-fifteen-new-details] Enrique Ortiz, 2005: Enrique Ortiz. (03.05.11) The Security and Trust Services API for J2ME, 2005, [http://developers.sun.com/mobility/apis/articles/satsa1/] Oracle: Oracle. (03.05.11) Java SE Desktop Technologies, , [http://www.oracle.com/technetwork/java/javase/javawebstart/index.html] TMCnet, 2011: TMCnet. (03.05.11) ABI Research Releases Feature Phone Report, 2011, [http://europe.tmcnet.com/news/2011/03/23/5396274.htm] Christian Ziberg, 2010: Christian Zibreg. (03.05.11) Net Applications: iPhone has five times the use of Android, 2010, [http://www.geek.com/articles/mobile/net- applications-the-iphone-is-five-times-more-used-for-mobile-web-than-android-2010062/] Vision, 2010: Vision Mobile, Mobile Developer Economics 2010 and Beyond, 2010 Sindre Lia, 2010: Sindre Lia. (04.05.11) Interview with Jonas Geust, Nokia VP, 2010, [http://www.infosyncworld.com/news/n/11070.html]

46 Nokia, 2010: Nokia. (04.05.11) Java Runtime 2.1 Beta for Symbian, 2010, [http://betalabs.nokia.com/apps/java-runtime-2-1-beta-for-symbian] Marc Flores, 2010: Marc Flores. (12.04.11) Android creeping up on Symbian in worldwide market share, 2010, [http://www.intomobile.com/2010/11/10/android-creeping-up-on- symbian-in-worldwide-market-share/] L. Dignan, A. Nusca, R. King, 2010: Larry Dignan; Andrew Nusca; Rachel King. (12.04.11) Android to catch Symbian for global market share lead, says Gartner, 2010, [http://www.zdnet.com/blog/btl/android-to-catch-symbian-for-global-market-share-lead- says-gartner/39040] Lawrence Coburn, 2011: Lawrence Coburn. (02.05.11) Symbian’s Huge Market Share Looks to be in Play, 2011, [http://thenextweb.com/location/2011/02/08/symbian%E2%80%99s- huge-market-share-looks-to-be-in-play/] S. Manimaraa, 2011: S.Manimaraa. (11.04.11) Nokia’s Windows Phone,Symbian’s Future – Questions and Answers, 2011, [http://www.symbiandreams.com/mobile- technology/news/nokias-windows-phonesymbians-future-questions-and-answers/] MeeGo, 2011: MeeGo. (11.04.11) About MeeGo, 2011, [https://meego.com/about] Globalsmart, 2011: Globalsmart. (11.04.11) Tieto and Inside Secure bring NFC to MeeGo, 2011, [http://www.globalsmart.com/Tieto_and_Inside_Secure_bring_NFC_to_MeeGo] Phil B, 2011: Phil B. (17.04.11) Nokia N9 Launch: MeeGo Smartphone Set For Shipping This Year, 2011, [http://noknok.tv/2011/02/11/nokia-n9-launch--smartphone-set- for-shipping-this-year/] Nokia, 2011: Nokia. (17.04.11) Nokia N900 Technical Specifications, 2011, [http://maemo.nokia.com/n900/specifications/] WeTab, 2011: WeTab. (17.04.11) WeTab Product Details, 2011, [http://wetab.mobi/en/product/] Bella, 2011: Bella. (16.04.11) Nokia drops first MeeGo phone, 2011, [http://www.nokiaphones.net/nokia-drops-first-meego-phone/] GSM Arena, 2011: GSM Arena. (28.03.11) Nokia's MeeGo device will be called N950, will be out this year, 2011, [http://www.gsmarena.com/nokias_meego_device_will_be_called_n950_will_be_out_this

47 _year-news-2372.php] Kevin C. Tofel, 2011: Kevin C. Tofel. (28.03.11) With Nokia Dating Microsoft, Intel Was Just Stood Up, 2011, [http://gigaom.com/mobile/with-nokia-dating-microsoft-intel-was- just-stood-up/] Steve O'Hear, 2011: Steve O'Hear. (21.04.11) Is Nokia’s first MeeGo device DOA? Here’s what we know, 2011, [http://eu.techcrunch.com/2011/02/09/is-nokias-first-meego-device- doa-heres-what-we-know/] Maemo: Maemo, Maemo Software Platform, Nokia, 2009: Nokia. (15.04.11) Getting Started With Java on Maemo, 2009, [http://wiki.forum.nokia.com/index.php/Getting_started_with_Java_on_Maemo] Evolvis, 2010: Evolvis. (15.04.11) Project Jailmo, 2010, [https://evolvis.org/plugins/mediawiki/wiki/jalimo/index.php/Jalimo] Evolvis, 2009: Evolvis. (15.04.11) Project Jailmo Maemo, 2009, [https://evolvis.org/plugins/mediawiki/wiki/jalimo/index.php/Maemo] Mikko Ohtamaa, 2009: Mikko Ohtamaa. (15.04.11) PhoneGap ported on N900 (Maemo), 2009, [http://blog.mfabrik.com/2009/11/24/phonegap-ported-on-n900-maemo/] Chloe Albanesius, 2010: Chloe Albanesius. (15.04.11) Intel, Nokia Merge Moblin, Maemo OSes, 2010, [http://www.pcmag.com/article2/0,2817,2359259,00.asp] James Holland, 2010: James Holland. (15.04.11) Nokia Maemo is dead. Long live MeeGo!, 2010, [http://www.electricpig.co.uk/2010/02/15/nokia-maemo-is-dead-long-live-meego/] Zach Epstein, 2009: Zach Epstein. (15.04.11) First non-Nokia Maemo device announced: Optima OP5-E, 2009, [http://www.bgr.com/2009/07/16/first-non-nokia-maemo-device- announced-optima-op5-e/] Maemo Team, 2009: Maemo Team. (15.04.11) Maemo 5 alpha on BeagleBoard, 2009, [http://maemoteam.wordpress.com/2009/03/31/video-maemo-5-alpha-on-beagleboard/] R. Virkus, 2009: R. Virkus; R. Gülle; T. Rouffineau; M. Shuqair; A. Repty; B. Bartels, Don’t Panic: Mobile Developer’s Guide tothe Galaxy, 2009 RIM: RIM. (25.04.11) About using a smart card with your device, , [http://docs.blackberry.com/en/smartphone_users/deliverables/18577/About_smart_cards_ 50_666350_11.jsp]

48 Raven Lovecraft, 2011: Raven Lovecraft. (25.04.11) Android market share topples Blackberry, 2011, [http://www.tgdaily.com/mobility-brief/54462-android-market-share- topples-blackberry] Mark Raby, 2011: Mark Raby. (25.04.11) Blackberry market share plummets, Android skyrockets, 2011, [http://www.tgdaily.com/mobility-brief/53435-blackberry-market-share- plummets-android-skyrockets] Canalys, 2011: Canalys. (25.04.11) http://www.canalys.com/pr/2011/r2011013.html, 2011, [http://www.canalys.com/pr/2011/r2011013.html] Rik Henderson, 2011: Rik Henderson. (29.04.11) iOS massively outshines Android in Europe - but BlackBerry clings on in UK, 2011, [http://www.pocket-lint.com/news/38347/ios- massively-outshines-android-europe] Nicole Lee, 2011: Nicole Lee. (29.04.11) The 411: The future of BlackBerry, 2011, [http://www.cnet.com/8301-17918_1-20032122-85.html] Voltage: Voltage. (29.04.11) Voltage SecureMail™ for BlackBerry, , [http://www.voltage.com/products/blackberry.htm] Palm: Palm; HP. (29.04.11) Overview of HP webOS, , [https://developer.palm.com/content/resources/develop/overview_of_webos/overview_of_ .html#c20162] Derek Kessler, 2010: Derek Kessler. (29.04.11) webOS marketshare sinks to 1.3%, 2010, [http://www.precentral.net/webos-marketshare-sinks-1-3] Matthew Miller, 2010: Matthew Miller. (30.04.11) Google Android smacks down Windows Mobile in latest Gartner data, 2010, [http://www.zdnet.com/blog/cell-phones/google- android-smacks-down-windows-mobile-in-latest-gartner-data/3829] Rene Ritchie, 2010: Rene Ritchie. (30.04.11) HP acquires Palm for $1.2 billion, webOS to accelerate, 2010, [http://www.tipb.com/2010/04/28/hp-acquires-palm-12-billion-webos- accelerate/] Josh Smith, 2011: Josh Smith. (30.04.11) HP Notebooks to Dual Boot WebOS and Windows in 2012, 2011, [http://notebooks.com/2011/03/09/hp-notebooks-to-dual-boot-webos-and- windows-in-2012/] CSS Ninja, 2009: The CSS Ninja. (21.04.11) Accessing the GPS in iPhone Safari, 2009,

49 [http://www.thecssninja.com/javascript/geolocation-iphone] Veera Sundar, 2009: Veera Sundar. (10.04.11) Coming up in HTML 5 – Geolocation API Support in browsers, 2009, [http://veerasundar.com/blog/2009/06/coming-up-in-html5- geolocation--support-in-browsers/] Herbert Law, 2009: Herbert Law. (23.04.11) GPS? don’t forget the HTML5 GeoLocation API, 2009, [http://myrecap.wordpress.com/2009/09/27/gps-dont-forget-the-html5- geolocation-api/] W3C, 2010: W3C. (02.05.11) Geolocation API Specification, 2010, [http://dev.w3.org/geo/api/spec-source.html] Appcelerator, 2011: Appcelerator. (22.03.11) Appcelerator, 2011, [http://www.appcelerator.com/] RhoMobile: RhoMobile. (21.04.11) Rhodes Supported Operating Systems, , [http://docs.rhomobile.com/rhodes/introduction] StackOverflow, 2010: StackOverflow community. (02.05.11) Is Titanium appcelerator worth it for developing camera based application, 2010, [http://stackoverflow.com/questions/4072239/is-titanium-appcelerator-worth-it-for- developing-camera-based-application-on-ipad]

50 Appendix

Development Environment Set up Manual The following instructions apply to Ubuntu 11.04 Lucid Lynx 32bit.

Prerequisites • Java 6 JDK

• Eclipse Helios 3.6.2

• An Android device with Android version 2.3.2

Step 1 - Downloading the Android SDK starter package The starter package contains only the core SDK tools which allow you to get the rest of the required APIs. A version for Linux can be obtained at the following URL http://developer.android.com/sdk/index.html. Unpack the .tgz archive to a safe location on your hard drive.

Step 2 - Installing the Android Development Tools plug-in for Eclipse IDE Use the Update Manager feature of your Eclipse installation to install the latest revision of ADT on your development computer.

1. Launch Eclipse

2. Help -> Install New Software

3. Click “Add” in the top right corner

4. In the “Add Repository” dialog window enter “ADT Plugin” in the name field and https://dl-ssl.google.com/android/eclipse/ in the location field. Then click OK.

5. In the Available Software dialog, select the checkbox next to Developer Tools and click Next.

51 6. In the next window, you'll see a list of the tools to be downloaded. Click Next.

7. Read and accept the license agreements, then click Finish.

8. Finally, restart Eclipse

Configuring ADT plugin for Eclipse IDE The next step is to modify your ADT preferences in Eclipse to point to the Android SDK directory.

1. Select Window -> Preferences.

2. Select Android from the left panel.

3. Set the SDK location to the previously downloaded SDK directory.

4. Click Apply, then OK.

Step 3 - Downloading APIs In the SDK directory open the tools folder. Execute android to launch the Android SDK and AVD Manager. This opens a graphical GUI. From the left select Available packages and search for “SDK Platform Android 2.3.1, API 9, revision 2 (Obsolete)”. The reason we do not want to download the latest 2.3.3 API is because in the Sony Ericsson Xperia Arc handset has Android 2.3.2 installed which does not support the latest APIs from Google. The latest SDK tools and SDK Platform-tools are required as well. Documentation is optional.

Step 4 - Setting up the Androd device for development To be able to debug the application on the device, the following additional steps should be executed.

1. Declare your application as "debuggable" in your Android Manifest. In the AndroidManifest.xml file, add android:debuggable="true" to the

52 element.

2. Turn on "USB Debugging" on your device. On the device, go to the home screen, press MENU, select Applications > Development, then enable USB debugging (This may vary depending on the version of Android and the manufacturer of the device).

3. Setting up the system to detect the device. For Ubuntu systems you need to Log in as root and create the following file:

/etc/udev/rules.d/51-android.rules

4. Add the following line to the created file

SUBSYSTEM=="", SYSFS{idVendor}=="", MODE="0666"

5. Insert the USB vendor id. For Sony Ericsson devices it is 0fce. The full list of USB vendor id’s can be found here http://developer.android.com/guide/developing/device.html.

6. Execute:

chmod a+r /etc/udev/rules.d/51-android.rules

7. Computer needs to be rebooted for the next step to be successful.

8. To verify if the device is properly set up, connect the device with the computer and run the following command in the platform-tools folder which can be found in the Android SDK directory.

adb devices

You should see a device name listed as a “device”.

53 Example output:

List of devices attached

4342354131434D333330 device

Now the device is connected and it can be used for debugging.

Setting up the Android Development environment to access local smart cards

Google has proposed two different ways to access smart cards on Android. First of them being bit more complex and requiring flashing the Android device and the second one being quite easy to achieve.

The one covered in this thesis is the one which does not require reflashing the Android device with a modified and recompiled version of Android. MSC SmartcardService enables any Android phone with SD card slot to use SmartCard API without flashing the system or the phone.

To do so android.smartcard.jar should be added to the project’s build path. It can be found at http://code.google.com/p/seek-for-android/wiki/MscSmartcardService

Test smart card with MSC SmartcardService • Download the MSC SmartcardService form http://code.google.com/p/seek-for- android/wiki/MscSmartcardService

• Insert the smart card into the microSD card slot. Note, the MSC SmartcardService will only support the Giesecke & Devrient Mobile Security Card. Connect the device to the Ubuntu system with a USB cable.

• Execute

adb install MSC_SmartcardService.apk

54 (adb can be found in the /platform-tools directory in the Android SDK).

• execute

adb install SmartcardSample.apk

• On the device, run the SmartcardSample application and see the APDU communication.

Note: must be added to AndroidManifest.xml

55 PhoneGap installion This manual presumes you have Android SDK installed and configured and you are using Eclipse IDE 3.4+

1. Download PhoneGap from http://phonegap.googlecode.com/files/phonegap- 0.9.4.zip.

2. Extract the contents of the archive to the Android SDK directory.

3. Launch Eclipse IDE and start a new Android project (File -> New -> Android Project)

4. In the root directory of the project create to following directories: • /libs • /assets/www

5. Copy phonegap.js from your PhoneGap download to /assets/www

6. Copy phonegap.jar from your PhoneGap download to /libs

7. Add the phonegap.jar file to the project’s build path. To do that right click on the project’s root directory and select properties. Fom the left side menu select Java build path. In the libraries tab select ‘Add JARs’. Find phonegap.jar, select it and press OK. Press OK again to close the properties window.

8. Make a few adjustments to the project's main Java file found in the src folder. The class extends Activity. Change the class’s extend to DroidGap. Replace the setContentView()line with the follwing

super.loadUrl("file:///android_asset/www/index.html");

9. Add import com.phonegap.*;

10.Open the AndroidManifest.xml with a text editor.

11.Add the following to the activity tag in AndroidManifest

android:configChanges="orientation|keyboardHidden"

56 12.Add the following permissions after the opening manifest tag in AndroidManifest.xml. The following permissions can be found at http://www.phonegap.com/start#android as well for easy copy and pasting.

13.Create an index.html in /assets/www and add the following content. PhoneGap

Hello World

14.Now run the project on an emulator or an actual device to see if everything got set up correctly.

58 Application Screenshots

Illustration 3: Application Home Screen Illustration 4: Response APDU

Applicaiton home screen is shown on illustration 3. On illustration 4 one can see the result of selecting the “Get Profile Info” option from the menu. It is a response APDU in hexadecimal format. Bytes are separated with commas.

59 Picture of a Giesecke & Devrient Mobile Security Card

During the process of the this thesis a Giesecke & Devrient Mobile Security Card was used as a smart card. It can be seen on illustration 5. It is essentially a microSD storage card with added smart card functionality.

Illustration 5: Giesecke & Devrient Mobile Security Card

60