FractalizeR's Smartcard Shield Suite: smartcard protection developer SDK
FractalizeR's Smartcard Shield Suite:
Smartcard Shield Suite is a softwares & sources pack for serious GSM developers, that need to quickly put a new GSM product to the market without having to learn for a long time how to protect the software with smartcards.
The pack includes:
- Protection applet with sources (*.java). Applet is modular and allows to separately modify secure session protocol and applet commands. Data communication works in this way: secured session is initiated and then all commands going to/from applet are encrypted and digitally signed.
- Eclipse development environment, presetup to develop applets
- Application (with Delphi sources) to test applet protocol stability under stress load
- Delphi source to work with applet using secure protocol
- The software to do mass card programming (several cards can be programmed at the same time, multithreaded). Binary version without sources, customized for customer demands.
- FractalizeR's SmartCard API (Delphi class library) to send commands to card and receive replies. With sources.
- Initiate / terminate secure session
- Easy customization, commented source code
- Card blocking mechanism (if someone makes any attempt to communicate card and sends malformed data stream to card - card stops responding to commands until next update)
- Several commands (like NOP, hello, encrypt, md5 etc) to provide an example on how to extend applet and tune it to your needs.
- Average simple command execution time inside secure session - 150-200ms on Gemalto TOP cards.
- Permanent serial number & permanent data storage (a storage that persists through card upgrades)
Softwares and applet can be tested on cards provided by customer to verify supported features.
No passing or reselling provided materials. No passing or reselling protection solutions, based on provided materials. Per-team licensing (the license to use the sources is granted to purchasing team and all their products. Any new team should purchase another license). Time needed to prepare sources - 2-4 weeks starting from receiving card samples the sources are targeted by.
Unique secure session protocol with a possibility to easily increase protection complexity. Algorithms are easy customizable and should be changed by customer in order to be unknown to the outsiders. Although no "unhackable" warranty is provided (spit on anyone, who dares to guarantee things like this), but the solution is strong enough.
Basic Java knowledge to be able to modify applet and add command handling you need (consultations provided). Delphi knowledge to integrate protection sources.