The debate will influence the design of future handsets and determine who ultimately profits from extended, secure handset storage.

The crux of the argument is whether to add memory by squeezing more into the existing subscriber identity module (SIM) card — a common feature of GSM phones in Europe — or opting for a second handset slot to accommodate removable flash cards.

A third scenario, which sources last week called less likely, sees removable cards with bulked-up security features and expanded memory replacing SIM cards altogether.

For telecommunications operators, SIMs provide the benefit of a direct link to subscribers. Telecom service providers thus seek to control the evolution of SIM cards, leveraging the modules to strengthen relationships with content owners and customers.

However, mobile-handset leaders such as Nokia, impatient with the slow growth of mobile commerce and hoping to spur the development of multimedia markets, seek a second slot for removable cards that would allow content owners and handset users to skip the telecom middleman when providing and accessing content.

As chip vendors and card makers take sides in the fight, new approaches are being floated for adding crypto functions to handsets as well as expanding the units' memory capacity.

The MultiMediaCard Association, which promotes a removable flash memory card called MMC, is pitching its newly defined SecureMMC, which taps smart-card technology to jack up handset security features. The Public Key Infrastructure (PKI)-based high-storage-capacity format, the specs for which are slated to be finalized this summer, will store private keys and integrate an encryption system in hardware in a tamper-resistant module, according to MMC Association chairman Yves Leonard.

Meanwhile, Emblaze Semiconductor (Kfar Saba, Israel) last week announced a partnership with M-Systems to develop embedded security for next-generation multimedia processors targeting the mobile market. Since the architecture is configured to store private keys and crypto features in a protected area of the silicon, the application processor could decrypt and decode multimedia content on the same hardware. That would prevent exposure of decrypted data to other handset components.

"Coupling decrypting and decoding is the key" for tighter handset security, said Dror Gill, CTO at Emblaze Semiconductor. Working with M-Systems, the chip company promises to offer digital rights management (DRM), secure transactions for mobile commerce and VPN-like connections for network wireless access.

SIM card proponents are skeptical of alternative crypto solutions. "Security remains the domain of the SIM card; it's proven, and operators trust it," said Bettina Kuhrt, mobile-communications marketing manager for Philips Semiconductors' identification business.

Nicolas Chalvin, product manager at smart-card vendor Gemplus, said the company's "first objective is to help operators." He said telecom providers are already migrating to higher-capacity SIMs, citing Telecom Italia Mobile's recent adoption of the 1-Mbyte SuperSIM format, developed by Oberthur Card Systems and STMicroelectronics.

SIM is the logical place for capacity additions, added Gemplus technical manager Didier Tournier, because "today, SIM is the only standardized handset component that looks after personal secrets stored in memory."

Oberthur and ST claim their 1-Mbyte format can accommodate MMS, audio or video downloads as well as such basic SIM functions as storing subscriber authentication information and optional private data.

Allen Nogee, senior analyst for In-Stat/MDR, ceded the argument "that currently the SIM card already hosts security, and most removable flash cards don't." But he said he's "opposed to having the SIM card contain more than phone access security and maybe some contact numbers, because that is the purpose of the card. Files like multimedia shouldn't be stored on the SIM card, since the SIM is not meant to be easily removed." Indeed, on some handsets the card can't be removed at all.

Removable cards for media storage are designed with the assumption that consumers will use multiple cards. But "SIM cards are designed for one [card] per phone number; multiple cards per number would defeat the security of the card," Nogee said.

MMC proponents call SecureMMC a clear choice for higher-speed, higher-density applications. SIM cards typically pack 16 to 128 kbytes of flash or E2PROM; MMCs provide up to 256 Mbytes of flash.

"SIMs are 0.8 mm high, which makes it physically impossible to have much memory," said MMC's Leonard, who heads the mobile-business segment of Samsung Semiconductors Europe. Even the 1 Mbyte of the SuperSIM, he contended, is "not enough for data-intensive applications."

Another SIM limitation is slow bus speed, Leonard said. The current SIM interface maxes out at 100 kbits/second, compared with 416 Mbits/s for MMC, he said.

But Gemplus' Chalvin said that 2-Mbyte SIM cards are feasible in the current form factor and that 20-Mbyte SIM cards, while requiring a dual-component architecture (security processor and NAND flash), are a couple of years away.

SIM card vendors are also addressing the format's slow data bus rate, said Gemplus' Tournier. A card capable of 400 kbits/s is coming soon, he said, and acceleration to 5 Mbits/s is in the works.

By: DocMemory
Copyright © 2023 CST, Inc. All Rights Reserved