Sep 09 2010
FractalizeR’s Shield Suite: Smartcard protection applets sources & services
The Shield Suite is a softwares & sources pack for serious GSM developers, that need to quickly put a new GSM product to the market without having to learn for a long time how to protect the software with smartcards.
The pack includes:
- Protection applet with sources (*.java). Applet is modular and allows to separately modify secure session protocol and applet commands. Data communication works in this way: secured session is initiated and then all commands going to/from applet are encrypted and digitally signed.
- Eclipse development environment, presetup to develop applets
- Application (with Delphi sources) to test applet protocol stability under stress load
- Delphi source (class) to work with applet using secure protocol
- The software to do mass card programming (several cards can be programmed at the same time, multithreaded). Binary version without sources, customized for customer demands (only small additions/changes are fulfilled for free).
- FractalizeR’s SmartCard API (Delphi class library) to send commands to card and receive replies. With sources.
- Initiate / terminate secure session
- Easy customization, commented source code
- Card blocking mechanism (if someone makes any attempt to communicate card and sends malformed data stream to card – card stops responding to commands until next update)
- Several commands (like NOP, hello, encrypt, md5 etc) to provide an example on how to extend applet and tune it to your needs.
- Average simple command execution time inside secure session – 150-200ms on Gemalto TOP cards.
- Permanent serial number & limited data storage (stored inside permanent applet, that is written to card only once).
Softwares and applet can be tested on cards provided by customer to exclude not supported features. Small modifications – free. Consulations – free.
Conditions: No passing or reselling provided materials. No passing or reselling solutions, based on provided materials. Per-team licensing (the license to use the sources is granted to purchasing team and all their products. Any new team should purchase another license). Time needed to prepare sources – 2-4 weeks starting from receiving card samples the sources are targeted by.
Warranties: Unique secure session protocol with a possibility to easily increase protection complexity. Algorithms can be changed by customer in order to be unknown to the outsiders and FractalizeR himself. Although no “unhackable” warranty is provided (spit on anyone, who even dares to guarantee things like this), but the solution is strong enough.
Skills needed: basic Java knowledge to be able to modify applet and add command handling you need (consultations provided). Delphi knowledge to integrate protection sources.