Is "SIM Toolkit" possible to support on the freerunner?
Helge Hafting
helge.hafting at hist.no
Wed Mar 25 14:04:25 CET 2009
Joerg Reisenweber wrote:
> Am Di 24. März 2009 schrieb Michael 'Mickey' Lauer:
>> Technically, SIM toolkit support is possible with the Calypso.
>>
>> I have commented previously about this, so please look my older posts
>> up; In a nutshell, STK is a heavy cross-layer spec, so adding it would
>> need quit some thought.
>>
>> FSO will not work on it, but appreciate patches.
>>
>
> My vote: don't implement STK, or at least disable it by default.
> I don't like my SIM to do any "program execution"
I don't believe the choice is yours to make.
The SIM card contains a (small) microprocessor, and the telco is able to
update its software at will.
You have full control over the ARM processor that runs Linux, and full
control over how it interacts with the SIM card. But not what goes on in
the SIM card itself.
The "SIM card part" of STK is in that card already.
The part I would like to have is mostly a communication layer. To be
useful, a STK app (like that banking stuff) need to:
* alert you, possibly with a ringtone
* display text/icons stored in the program or receiced from the bank
* collect input (in this case, a PIN code) to send back to the bank.
The SIM card processor have only two channels of communication - it can
deal with the telco, and it can communicate with the ARM processor
through the gsm modem. It can't access the display on its own.
The part of STK that I'd like to see is just a communication layer.
Probably a part of the framework that listen to requests from STK, and
spawns a "STK app" when needed. Very similiar to how it already listens
for SMS messages, and launch the message reader when something comes in.
This only need to display stuff and play sound, present input fields and
send the input back to the SIM card program.
I don't see such a STK app "taking control of the phone" or "lock it
down". If I have to write it myself it'll be open source, so you can see
what it do. And all it will be is a GUI+soundplayer for software already
running on the SIM card. It'll be able to open a window asking for
input - that's it! In particular, it won't need to access the filesystem
so there is very little potential for "damage". And of course - you
won't have to use an STK app - similiar to how you can choose to not use
the phone's sms capability. (You can delete the SMS app if you hate
messaging, the same will be possible with a STK app.)
This sort of thing can only lock down proprietary phones _because_ you
don't control the host processor software. On the freerunner you do. A
proprietary phone can have a music player that won't start unless it
receives a paid activation code from the telco. On the freerunner, you
install whatever music player you like. Most likely one without
artifical limitations. And so on for everything else this device can do.
The way I see it, STK is optional stuff. I didn't have to use this
banking app, but I'll make things easier for me if I do. I'd be able to
do internet banking from any computer, without having to install
one-time certificates.
Of course the telco _can_ install a hostile program in the SIM card, but
they can do that anyway - they just don't get a GUI for it right now. If
STK pops up something you don't like, you'll be able to close the window
on a freerunner :-)
Helge Hafting
More information about the community
mailing list