Flash cards seek a slot in mobile expansion bid
By Junko Yoshida
EE Times
April 05, 2004 (4:52 PM EDT)
PARIS — As the mobile industry gears up for multimedia applications on cell phones, service providers and handset makers are scrapping over the best format for handset memory expansion to accommodate the new apps.
The debate will influence the design of future handsets and determine who ultimately profits from extended, secure handset storage.
The crux of the argument is whether to add memory by squeezing more into the existing subscriber identity module (SIM) card — a common feature of GSM phones in Europe — or opting for a second handset slot to accommodate removable flash cards.
A third scenario, which sources last week called less likely, sees removable cards with bulked-up security features and expanded memory replacing SIM cards altogether.
For telecommunications operators, SIMs provide the benefit of a direct link to subscribers. Telecom service providers thus seek to control the evolution of SIM cards, leveraging the modules to strengthen relationships with content owners and customers.
However, mobile-handset leaders such as Nokia, impatient with the slow growth of mobile commerce and hoping to spur the development of multimedia markets, seek a second slot for removable cards that would allow content owners and handset users to skip the telecom middleman when providing and accessing content.
As chip vendors and card makers take sides in the fight, new approaches are being floated for adding crypto functions to handsets as well as expanding the units' memory capacity.
The MultiMediaCard Association, which promotes a removable flash memory card called MMC, is pitching its newly defined SecureMMC, which taps smart-card technology to jack up handset security features. The Public Key Infrastructure (PKI)-based high-storage-capacity format, the specs for which are slated to be finalized this summer, will store private keys and integrate an encryption system in hardware in a tamper-resistant module, according to MMC Association chairman Yves Leonard.
Meanwhile, Emblaze Semiconductor (Kfar Saba, Israel) last week announced a partnership with M-Systems to develop embedded security for next-generation multimedia processors targeting the mobile market. Since the architecture is configured to store private keys and crypto features in a protected area of the silicon, the application processor could decrypt and decode multimedia content on the same hardware. That would prevent exposure of decrypted data to other handset components.
"Coupling decrypting and decoding is the key" for tighter handset security, said Dror Gill, CTO at Emblaze Semiconductor. Working with M-Systems, the chip company promises to offer digital rights management (DRM), secure transactions for mobile commerce and VPN-like connections for network wireless access.
SIM card proponents are skeptical of alternative crypto solutions. "Security remains the domain of the SIM card; it's proven, and operators trust it," said Bettina Kuhrt, mobile-communications marketing manager for Philips Semiconductors' identification business.
Nicolas Chalvin, product manager at smart-card vendor Gemplus, said the company's "first objective is to help operators." He said telecom providers are already migrating to higher-capacity SIMs, citing Telecom Italia Mobile's recent adoption of the 1-Mbyte SuperSIM format, developed by Oberthur Card Systems and STMicroelectronics.
SIM is the logical place for capacity additions, added Gemplus technical manager Didier Tournier, because "today, SIM is the only standardized handset component that looks after personal secrets stored in memory."
Oberthur and ST claim their 1-Mbyte format can accommodate MMS, audio or video downloads as well as such basic SIM functions as storing subscriber authentication information and optional private data.
Allen Nogee, senior analyst for In-Stat/MDR, ceded the argument "that currently the SIM card already hosts security, and most removable flash cards don't." But he said he's "opposed to having the SIM card contain more than phone access security and maybe some contact numbers, because that is the purpose of the card. Files like multimedia shouldn't be stored on the SIM card, since the SIM is not meant to be easily removed." Indeed, on some handsets the card can't be removed at all.
Removable cards for media storage are designed with the assumption that consumers will use multiple cards. But "SIM cards are designed for one [card] per phone number; multiple cards per number would defeat the security of the card," Nogee said.
MMC proponents call SecureMMC a clear choice for higher-speed, higher-density applications. SIM cards typically pack 16 to 128 kbytes of flash or E2PROM; MMCs provide up to 256 Mbytes of flash.
"SIMs are 0.8 mm high, which makes it physically impossible to have much memory," said MMC's Leonard, who heads the mobile-business segment of Samsung Semiconductors Europe. Even the 1 Mbyte of the SuperSIM, he contended, is "not enough for data-intensive applications."
Another SIM limitation is slow bus speed, Leonard said. The current SIM interface maxes out at 100 kbits/second, compared with 416 Mbits/s for MMC, he said.
But Gemplus' Chalvin said that 2-Mbyte SIM cards are feasible in the current form factor and that 20-Mbyte SIM cards, while requiring a dual-component architecture (security processor and NAND flash), are a couple of years away.
SIM card vendors are also addressing the format's slow data bus rate, said Gemplus' Tournier. A card capable of 400 kbits/s is coming soon, he said, and acceleration to 5 Mbits/s is in the works.
Who benefits?
Perhaps more influential in the final outcome than the technical comparisons, Leonard said, are the discussions about who stands to gain from which technology. "For handset manufacturers, the removable flash card slot allows for flexible product offerings based on end users' requirements for data-intensive applications," he said. By leaving memory size up to the consumer, "a removable flash can offer a good solution both for end users and retailers, as handset vendors can keep the bill of material for the handset pretty low."
Users may also value the freedom to use the same content on different host systems — phones, computers, TVs and printers. "This can be done with a removable flash card without impacting the functionality of the mobile phone," said Leonard. "But if you remove your SIM, you can't use your phone."
"The SIM industry is at a crossroads," said Nicolas Prawitz, segment-marketing manager for the telecommunications and smart-card business unit of Renesas Technology Europe. Prawitz laid out three possible scenarios for the mobile industry: more secure flash memory is replicated in the SIM; SIMs remain a handset mainstay but consumers also adopt removable memory card storage; or "the SIM is removed, and a flash card with security features takes over."
The third scenario is unlikely, Prawitz said; he expects peaceful coexistence between SIMs and flash cards.
So does Rainer Spielberg, vice president and general manager for Infineon Flash GmbH & Co. KG, (Dresden, Germany), a joint venture of Infineon Technologies AG and Saifun Semiconductors. SIM cards and SecureMMC "address two different, decoupled markets," he said. Unlike SIMs, "SecureMMC is not owned by a network operator, so that it allows any content provider to offer additional services."
If next-generation handsets indeed have slots both for SIM and removable memory, will those formats likely operate independently or be securely linked?
"Our job," said Gemplus marketing manager Cecil Dupoint, "is to keep the operators present in that second [removable-memory] slot so they can generate revenue on the removable flash card." Gemplus thus advocates a secure authentication bridge between the cards.
Sources close to the MMC Association said its technical subcommittee will consider secure card links when it meets next week in Seoul, South Korea.
