SIM could spell the end for smartcards

Secure SIM cards could spell the end of smartcards, according to wireless security experts.

The mobile phone can function as a smartcard reader and the SIM, which contains the user's digital certificate, can act as an authentication token. PKI requires users to authenticate themselves with a digital certificate to obtain the secret key needed to unscramble encrypted messages. Speaking to silicon.com, Timo Laaksonen, VP of wireless PKI vendor SmartTrust, said the mobile phone is ideal to use as a payment device because it can be added to most existing systems: "The wireless platform allows integration with other technologies, unlike smart cards which need a separate reader. Mobile phones can be used for transactions across digital TV, PCs or PDAs," he said. Specialists claim users are more likely to adapt smartcard technology through a familiar device. SIM cards can already be embedded with cryptographic co-processor technology, which uses PKI, but uptake has been slow because of the cost of making secure SIM cards. Laaksonen said: "Installing the digital certificate inside the SIM has been seen as a costly technology. Once the operators realise its potential, it will become cheaper. Operators can then begin to issue the certificates themselves." John Ryan, CEO of PKI vendor Entrust, said the noticeable lack of smartcard deployment could be blamed on PC manufacturers: "PC hardware makers are yet to introduce a smartcard reader which works well both with the hardware and users. Mobile phones are ideal readers from the user's point of view as the device is already familiar," he said. Simon Morgan, VP of the American Biometric Company, a smartcard and biomteric reader manufacturer, said secure SIM technology is not ready yet: "I do see the mobile device acting out many of the functions of the smartcard in the future, but the infrastructure is just not available yet."