Reusing Tested Technology from the Banking World

The financial services industry has long used smart card technology as a way of deploying and managing new programs (applets) on the tiny microprocessors inside credit cards. Highly secure and certified cryptography ensures safe deployment of new applets on existing platforms, and firewalls guarantee privacy between applets.

This established technology is exactly what is needed to provide proper security in smart meters. And by good fortune it seamlessly facilitates the addition of new telecare and smart energy services to smart meters, manages software updates and ensures privacy.

There are three existing technologies which can be reused:

Secure Microcontrollers

Secure microcontrollers are used in SIM cards, smart cards and pay-TV access cards. They include tamper-resistance features aimed at stopping hackers from copying or changing code and data. There are a significant number of known attacks against conventional microcontrollers – which we should expect hackers will try to use against smart meter systems. Secure micros are the first vital line of defence.

GlobalPlatform

There must be a means of securely installing, personalising and managing the life cycle of software that runs on the secure microcontrollers. GlobalPlatform is an industry standard that allow multiple application programs (applets), from multiple vendors, to be deployed on secure microcontrollers. Thus a single secure micro can perform several different functions.

Project Hydra uses GlobalPlatform to dynamically and securely deploy software for value-added services onto smart meters.

Java Card

The name “Java Card” suggests we are talking about a physical card – perhaps a smart card or something. But in fact, “Java Card” is a term used to describe a software platform which is most common used on smart cards.

Java Card is a sub-set of the Java programming language, commonly used with secure microcontrollers and GlobalPlatform. Its design provides a secure environment for applications that run on devices with very limited memory and processing capabilities. Multiple small programs – called applets – can be deployed on a single secure microcontroller, and new ones can be added to it even after it has been deployed in the field. The Java Card platform ensures that data belonging to one applet cannot be accessed by any other applet.

Applets written in the Java programming language can be executed securely on smart cards (or smart meter systems!) from different vendors. This offers the prospect of applets running on any smart meter.