WO2009147548A2 - Method for storing nfc applications in a secure memory device - Google Patents

Method for storing nfc applications in a secure memory device Download PDF

Info

Publication number
WO2009147548A2
WO2009147548A2 PCT/IB2009/052005 IB2009052005W WO2009147548A2 WO 2009147548 A2 WO2009147548 A2 WO 2009147548A2 IB 2009052005 W IB2009052005 W IB 2009052005W WO 2009147548 A2 WO2009147548 A2 WO 2009147548A2
Authority
WO
WIPO (PCT)
Prior art keywords
memory device
secure memory
memory portion
nfc
security level
Prior art date
Application number
PCT/IB2009/052005
Other languages
French (fr)
Other versions
WO2009147548A3 (en
Inventor
Alexandre Corda
Original Assignee
Nxp B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nxp B.V. filed Critical Nxp B.V.
Publication of WO2009147548A2 publication Critical patent/WO2009147548A2/en
Publication of WO2009147548A3 publication Critical patent/WO2009147548A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks

Definitions

  • the invention relates to a method for storing NFC applications in a secure memory device.
  • the invention further relates to a computer program product directly loadable into the memory of a secure memory device having its own computational power.
  • the invention further relates to a secure memory device with an arithmetic- logic unit and a memory.
  • the invention further relates to a mobile communication device, preferably an NFC mobile phone.
  • MIF ARE® classic family developed by NXP Semiconductors is the pioneer and front runner in contactless smart card ICs operating in the 13.56 MHz frequency range with read/write capability.
  • MIF ARE® is a trademark of NXP Semiconductors.
  • MIFARE complies with ISO 14443 A, which is used in more than 80% of all contactless smart cards today. The technology is embodied in both cards and card reader devices.
  • MIFARE cards are being used in an increasingly broad range of applications (including transport ticketing, access control, e-payment, road tolling, and loyalty applications).
  • MIFARE Standard (or Classic) cards employ a proprietary high-level protocol with a proprietary security protocol for authentication and ciphering.
  • MIFARE® technology has become a standard for memory devices with key-protected memory sectors.
  • MIFARE® Standard Card IC MFl IC S50 - Functional Specification (1998) which is herein incorporated by reference.
  • MIFARE® technology is also discussed in: Klaus Finkenzeller, "RFID Handbuch", HANSER, 4 th edition (2006).
  • the MIFARE Classic cards are fundamentally just memory storage devices, where the memory is divided into sectors and blocks with simple security mechanisms for access control. Each device has a unique serial number. Anticollision is provided so that several cards in the field may be selected and operated in sequence.
  • the MIFARE Standard Ik offers about 768 bytes of data storage, split into 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 bytes); each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc..
  • the last block of each sector is called “trailer", which contains two secret keys (A and B) and programmable access conditions for each block in this sector.
  • a and B secret keys
  • programmable access conditions for each block in this sector.
  • the memory organization of a MIFARE Standard Ik card is shown in Fig. 1.
  • the 1024 X 8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each.
  • the first data block (block 0) of the first sector (sector 0) is the manufacturer block which is shown in detail in Fig. 2. It contains the serial number of the MIFARE card that has a length of four bytes (bytes 0 to 3), a check byte (byte 4) and eleven bytes of IC manufacturer data (bytes 5 to 15).
  • the serial number is sometimes called MIFARE User IDentification (MUID) and is a unique number. Due to security and system requirements the manufacturer block is write protected after having been programmed by the IC manufacturer at production.
  • MUID MIFARE User IDentification
  • MIFARE allows to change the serial number during operation of the MIFARE card, which is particularly useful for MIFARE emulation cards like SmartMX cards.
  • SmartMX Memory extension
  • NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options.
  • Key applications are e- government, banking / finance, mobile communications and advanced public transportation.
  • SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure.
  • the contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols.
  • SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security.
  • JCOP is an IBM® implementation of the Java Card 2.2.1 and Global Platform 2.1.1 basic specifications.
  • JCOP handles different applications which are called applets, e.g. credit card applications. JCOP provides authentication and encryption mechanisms. SmartMX incorporates a range of security features to counter measure side channel attacks like DPA, SPA etc.. A true anticollision method (ace. ISO/IEC 14443-3), enables multiple cards to be handled simultaneously. It should be noted that the emulation of MIFARE Classic cards is not only restricted to SmartMX cards, but there may also exist other present or future smartcards being able to emulate MIFARE Classic cards.
  • SmartMX cards contain smart cards like SmartMX cards.
  • These mobile communication devices comprise e.g. mobile phones with Near Field Communication (NFC) capabilities, but are not limited to mobile phones.
  • NFC Near Field Communication
  • Mobile NFC Near Field Communication
  • the mobile phone with a hardware-based secure identity token can provide the ideal environment for NFC applications.
  • the UICC can replace the physical card thus optimising costs for the Service Provider, and offering users a more convenient service.
  • Various different entities are involved in the Mobile NFC ecosystem. These are defined below: • Customer - uses the mobile device for mobile communications and
  • Mobile NFC services The customer subscribes to an MNO and uses Mobile NFC services.
  • MNO Mobile Network Operator
  • OTA Over The Air
  • SP Service Provider
  • Customer e.g. banks, public transport companies, loyalty programs owners etc.
  • TSM Trusted Service Manager
  • the Trusted Service Manager provides a single point of contact for the Service Providers to access their customer base through the MNOs and manage the secure download and life-cycle management of the Mobile NFC application on behalf of the Service Providers.
  • the TSM can be managed by one MNO, a consortium of MNOs, or by independent Trusted Third Parties.
  • the number of operating TSMs in one market will depend on the national market needs and circumstances.
  • NFC mobile phones equipped with smart cards such as SmartMX cards that comprise JCOP functionality and emulated MIFARE functionality are more and more used for ticketing, access controls, coupons, payment cards and so on.
  • the main focus of these NFC mobile phones is the Over the Air (OTA) service provisioning of the above mentioned applications.
  • Said applications are issued by service providers. When a service provider wants to install a new service (ticketing, access control and so on), he has two options:
  • a method for storing NFC applications in a secure memory device having its own computational power such as a smart card, preferably a SmartMX card, which secure memory device comprises a first memory portion configured as an emulated MIFARE memory, offering a first security level, and a second memory portion accessible by means of authentication and optionally being encrypted, which second memory portion offers a second security level which is higher than the first security level, wherein the method comprises analyzing whether the first or the second security level is assigned to the NFC application and, depending on the results of this analysis, storing the NFC application either in the first memory portion by applying data write steps in compliance with the MIFARE standard or in the second memory portion by handling authentication routines necessary for gaining write access to said second memory portion and carrying out the write operation.
  • a computer program product according to the invention is directly loadable into the memory of a secure memory device having its own computational power, comprising software code portions for performing the steps of a method according to the invention, when said product is run on the secure memory device.
  • a secure memory device comprises an arithmetic- logic unit and a memory and processes the computer program product according to the above paragraph.
  • a mobile communication device preferably an NFC mobile phone is provided being equipped with a secure memory device according to the above paragraph.
  • the characteristic features according to the invention provide the advantage that a user who wants to make use of the various different security levels provided in the secure memory device does not need to have specific knowledge of how to gain access to the different memory portions. This is particularly important when the secure memory device is operated under a highly sophisticated operating system like JCOP.
  • Fig. 1 shows the memory organization of a MIFARE Standard Ik EEPROM.
  • Fig. 2 shows the manufacturer block of a MIFARE memory.
  • Fig. 3 shows the sector trailer of a sector of MIFARE memory.
  • Fig. 4 shows a schematic diagram of a telecommunication system including a mobile communication device with a smart card configured as a SmartMX card. DESCRIPTION OF EMBODIMENTS
  • Fig. 4 shows a schematic diagram of a telecommunication system in accordance with the above referenced white book of the GSM Association (GSMA) about an eco-system for Mobile NFC (Near Field Communication) services.
  • the telecommunication system comprises a service provider 1 , a trusted service manager 2 and a mobile communication device 3. It should be observed that the numbers of service providers 1, trusted service managers 2 and mobile communication devices 3 are in no way limited.
  • a user 4 of the mobile communication device 3 can electronically communicate (arrow 5) with the service provider 1 either by means of his mobile communication device 3 via the Over-the-Air (OTA) services provided by a mobile network operator, particularly via Short Message
  • OTA Over-the-Air
  • SMS Short Message Service
  • Communication between the user 4 and the service provider 1 comprises for instance ordering of NFC services like tickets etc.
  • the trusted service manager 2 communicates with the mobile communication device 3 via an Over-The-Air service of a mobile network operator, e.g. Short Message Service.
  • the service provider 1 communicates with the trusted service manager 2 via a computer network, such as the Internet, wherein the preferred data transmission protocol is HTTPS.
  • the mobile communication device 3 may e.g. be configured as a NFC mobile phone.
  • the mobile communication device 3 comprises a processor (not shown in the drawing) for executing software being internally stored in the mobile communication device 3.
  • the software comprises an operating system for carrying out and managing all functions of the mobile communication device 3.
  • the mobile communication device 3 is equipped with a secure memory device 6 with enhanced security features that comprises its own computational power and has multiple interface options.
  • the secure memory device 6 is configured as a SmartMX smart card which comprises encryption coprocessors and a Java operating systems, particularly JCOP.
  • the secure memory device 6 will be explained in more detail below.
  • the mobile communication device 3 further comprises a trusted service client 8 which in the present embodiment of the invention is a software module being contained in the general software of the mobile communication device 3.
  • the trusted service client 8 is controlled by the trusted service manager 2 and has the ability to manage NFC applications in the secure memory device 6.
  • Managing NFC applications comprises installing, updating and de-installing NFC applications. NFC applications are for instance tickets, coupons, access controls, e-purse functions, etc. which have to be handled with different levels of security.
  • the secure memory device 6 provides different security levels for storing said NFC applications.
  • the secure memory device 6 comprises a first memory portion 6A offering a first security level SLl.
  • the secure memory device 6 further comprises a second memory portion 6B offering a second security level SL2 which is higher than the first security level SLl.
  • the secure memory device 6 comprises a third memory portion 6C offering a third security level SL3 which is the highest one.
  • the first memory portion 6A of the secure memory device 6 is configured as an emulated MIFARE device. Access to its contents is granted by keys as has been explained in the introduction of this document. Data are written into the first memory portion 6A and read out from it according to the general MIFARE specifications.
  • This first memory portion 6A is particularly useful for storing NFC applications that do not represent very high monetary values, such as a ticket TKl, a transport pass TRl, or an e-purse EPl that represents a monetary value of less than e.g. 100 €.
  • MIFARE applications MIF are e.g. issued by the service provider 1 and are transmitted to the trusted service manager 2.
  • the trusted service manager 2 transmits the MIFARE application MIF via the over the air Interface (OTA) of a mobile network operator to the trusted service client 8 in the mobile communication device 3.
  • OTA air Interface
  • the trusted service client 8 manages installation of the MIFARE applications MIF in the first memory portion 6A of the secure memory device 6.
  • the contents of the first memory portion 6A of the secure memory device 6 can be read by standard MIFARE readers 7.
  • the configuration of the third memory portion 6C of the secure memory device 6 is based on a Java operating system, particularly JCOP, and offers highest security by providing authentication, symmetric and asymmetric encryption features.
  • JCOP Java operating system
  • CARDlets which are specifically customer- tailored software modules and are based on the JCOP operating system. Consequently, any party intending to make use of these features must have an in depth knowledge of both JCOP and CARDlet programming. For instance, if a service provider 1, e.g.
  • a ticket provider wants to send a ticket to be stored in the third memory portion 6C of the secure memory device 6, he cannot simply transfer the ticket itself to the secure memory device 6, but he has to send a specific CARDlet Cl with its own ticket management inside in order to cope with the specific security features of the third memory portion 6C.
  • the service provider 1 himself has to develop this specific CARDlet Cl.
  • the third memory portion 6C is mainly used by credit card providers who have the manpower and resources for developing their customer-tailored credit card application CARDlets C2, C3.
  • customer tailored CARDlets Cx are sent from an issuing service provider 1 to the trusted service manager 2.
  • the trusted service manager 2 transmits the customer tailored CARDlets Cx via the over the air interface (OTA) of a mobile network operator to the trusted service client 8 in the mobile communication device 3.
  • the trusted service client 8 installs the CARDlets Cx in the third memory portion 6C of the secure memory device 6.
  • OTA over the air interface
  • the trusted service client 8 installs the CARDlets Cx in the third memory portion 6C of the secure memory device 6.
  • the configuration of the second memory portion 6B of the secure memory device 6 is such that it also offers highest security by providing authentication, symmetric and asymmetric encryption features. These features are also based on a Java operating system, particularly JCOP. However, in contrast to the configuration of the third memory portion 6C, a user gets access to all these security features without the necessity for having specific knowledge about JCOP and CARDlet programming. Rather, according to the present invention there is a specific management CARDlet Ml provided in the secure memory device 6 that manages all installation routines and deals with the particulars of high-level security.
  • a service provider 1 who wants to send an NFC application APP to the secure memory device 6 only has to send this application APP together with a security criterion SC to the trusted service manager 2. It should be emphasized, that beyond knowing the security criterion SC the service provider 1 does not have to have knowledge of how to deal with the high-level security features like authentication, symmetric and asymmetric encryption, and particularly does not need to know anything about JCOP and CARDlet programming.
  • the security criterion SC is e.g. either a code for the desired security level SLl, SL2, SL3, or a specific value that can be checked by the trusted service manager 2 in respect of predefined conditions. For instance, the trusted service manager 2 checks incoming e- purse applications whether they have a monetary value of e.g. less than 100 €. If this condition is met, then the trusted service manager 2 will e.g. assign the security level SLl to this e-purse application, otherwise he will assign the higher security level SL2 to this e-purse application.
  • the trusted service client 8 hands the NFC application APP together with the assigned security level SLx over to the specific management CARD let Ml in the secure memory device 6.
  • the specific management CARDlet Ml analyses which security level SLx is assigned to the NFC application APP. If the first security level SLl is assigned to the NFC application APP then the specific management CARDlet Ml will store the NFC application APP in the first memory portion 6A in accordance with the standard MIFARE specifications.
  • the specific management CARDlet Ml will handle all necessary encryption and/or authentication steps in order to get write access to the second memory portion 6B of the secure memory device 6 and will store the NFC application APP in the second memory portion 6B. It should be mentioned that the specific management CARDlet Ml has implemented all necessary information and procedures for handling encryption and/or authentication in respect of the second memory portion 6B, but has no information to access the third memory portion 6C of the secure memory device 6.
  • a specific reading CARDlet Rl is provided which has read access to both the first memory portion 6A and the second memory portion 6B, such that it retrieves MIFARE applications from the first memory portion 6A and transmits them to the MIFARE reader 7 and - provided that authentication with reader 9 was successful - retrieves NFC applications from the second memory portion 6B and transmits them to the reader 9.

Abstract

A method for storing NFC applications (APP) in a secure memory device (6) having its own computational power, such as a smart card, preferably a SmartMX card, which secure memory device (6) comprises a first memory portion (6A) configured as an emulated MIFARE memory, offering a first security level (SLl), and a second memory portion (6B) accessible by means of authentication and optionally being encrypted, which second memory portion (6B) offers a second security level (SL2) which is higher than the first security level (SLl), wherein the method comprises analyzing whether the first or the second security level (SLl, SL2) is assigned to the NFC application (APP) and, depending on the results of this analysis, storing the NFC application (APP) either in the first memory portion (6A) by applying data write steps in compliance with the MIFARE standard or in the second memory portion (6B) by handling authentication routines necessary for gaining write access to said second memory portion (6B) and carrying out the write operation.

Description

Method for storing NFC applications in a secure memory device
FIELD OF THE INVENTION
The invention relates to a method for storing NFC applications in a secure memory device.
The invention further relates to a computer program product directly loadable into the memory of a secure memory device having its own computational power. The invention further relates to a secure memory device with an arithmetic- logic unit and a memory.
The invention further relates to a mobile communication device, preferably an NFC mobile phone.
BACKGROUND OF THE INVENTION
The MIF ARE® classic family, developed by NXP Semiconductors is the pioneer and front runner in contactless smart card ICs operating in the 13.56 MHz frequency range with read/write capability. MIF ARE® is a trademark of NXP Semiconductors. MIFARE complies with ISO 14443 A, which is used in more than 80% of all contactless smart cards today. The technology is embodied in both cards and card reader devices. MIFARE cards are being used in an increasingly broad range of applications (including transport ticketing, access control, e-payment, road tolling, and loyalty applications). MIFARE Standard (or Classic) cards employ a proprietary high-level protocol with a proprietary security protocol for authentication and ciphering. MIFARE® technology has become a standard for memory devices with key-protected memory sectors. One example for a published product specification of MIFARE® technology is the data sheet "MIFARE® Standard Card IC MFl IC S50 - Functional Specification" (1998) which is herein incorporated by reference. MIFARE® technology is also discussed in: Klaus Finkenzeller, "RFID Handbuch", HANSER, 4th edition (2006). The MIFARE Classic cards are fundamentally just memory storage devices, where the memory is divided into sectors and blocks with simple security mechanisms for access control. Each device has a unique serial number. Anticollision is provided so that several cards in the field may be selected and operated in sequence. The MIFARE Standard Ik offers about 768 bytes of data storage, split into 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 bytes); each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc.. The last block of each sector is called "trailer", which contains two secret keys (A and B) and programmable access conditions for each block in this sector. In order to support multi-application with key hierarchy, an individual set of two keys (A and B) per sector (per application) is provided.
The memory organization of a MIFARE Standard Ik card is shown in Fig. 1. The 1024 X 8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. The first data block (block 0) of the first sector (sector 0) is the manufacturer block which is shown in detail in Fig. 2. It contains the serial number of the MIFARE card that has a length of four bytes (bytes 0 to 3), a check byte (byte 4) and eleven bytes of IC manufacturer data (bytes 5 to 15). The serial number is sometimes called MIFARE User IDentification (MUID) and is a unique number. Due to security and system requirements the manufacturer block is write protected after having been programmed by the IC manufacturer at production.
However, the MIFARE specification allows to change the serial number during operation of the MIFARE card, which is particularly useful for MIFARE emulation cards like SmartMX cards.
SmartMX (Memory extension) is a family of smart cards that have been designed by NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options. Key applications are e- government, banking / finance, mobile communications and advanced public transportation.
The ability to run the MIFARE protocol concurrently with other contactless transmission protocols implemented by the User Operating System enables the combination of new services and existing applications based on MIFARE (e.g. ticketing) on a single Dual Interface controller based smart card. SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure. The contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols. SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security. JCOP is an IBM® implementation of the Java Card 2.2.1 and Global Platform 2.1.1 basic specifications. JCOP handles different applications which are called applets, e.g. credit card applications. JCOP provides authentication and encryption mechanisms. SmartMX incorporates a range of security features to counter measure side channel attacks like DPA, SPA etc.. A true anticollision method (ace. ISO/IEC 14443-3), enables multiple cards to be handled simultaneously. It should be noted that the emulation of MIFARE Classic cards is not only restricted to SmartMX cards, but there may also exist other present or future smartcards being able to emulate MIFARE Classic cards.
Recently, mobile communication devices have been developed which contain smart cards like SmartMX cards. These mobile communication devices comprise e.g. mobile phones with Near Field Communication (NFC) capabilities, but are not limited to mobile phones.
In February 2007 the GSM Assocation (GSMA) published a white paper outlining operator community guidance for the eco-system parties involved in the development of Mobile NFC (Near Field Communication) services. Mobile NFC is defined as the combination of contactless services with mobile telephony, based on NFC technology. The mobile phone with a hardware-based secure identity token (the UICC) can provide the ideal environment for NFC applications. The UICC can replace the physical card thus optimising costs for the Service Provider, and offering users a more convenient service. Various different entities are involved in the Mobile NFC ecosystem. These are defined below: • Customer - uses the mobile device for mobile communications and
Mobile NFC services. The customer subscribes to an MNO and uses Mobile NFC services.
• Mobile Network Operator (MNO) - provides the full range mobile services to the Customer, particularly provides UICC and NFC terminals plus Over The Air (OTA) transport services.
• Service Provider (SP) - provides contactless services to the Customer (SPs are e.g. banks, public transport companies, loyalty programs owners etc.).
• Trusted Service Manager (TSM) - securely distributes and manages the Service Providers' services to the MNO customer base.
It should be mentioned that the Trusted Service Manager provides a single point of contact for the Service Providers to access their customer base through the MNOs and manage the secure download and life-cycle management of the Mobile NFC application on behalf of the Service Providers. Depending on the national market needs and situations, the TSM can be managed by one MNO, a consortium of MNOs, or by independent Trusted Third Parties. The number of operating TSMs in one market will depend on the national market needs and circumstances. NFC mobile phones equipped with smart cards such as SmartMX cards that comprise JCOP functionality and emulated MIFARE functionality are more and more used for ticketing, access controls, coupons, payment cards and so on. The main focus of these NFC mobile phones is the Over the Air (OTA) service provisioning of the above mentioned applications. Said applications are issued by service providers. When a service provider wants to install a new service (ticketing, access control and so on), he has two options:
• He uses the MIFARE part of the smart card which is an easy-to-access technology, but provides only a basic level of security.
• He uses the JCOP part which offers a high level of security but requires a high level of special knowledge to deal with. Hence, there is still a need to provide easier yet very secure access to smart cards like SmartMX cards relieving the service provider from requiring special skills and knowledge about JCOP to use the very secure JCOP part of the smart cards.
OBJECT AND SUMMARY OF THE INVENTION It is an object of the invention to provide a method of the type defined in the opening paragraph and a device of the type defined in the second paragraph, in which the disadvantages defined above are avoided.
In order to achieve the object defined above, with a method according to the invention characteristic features are provided so that a method according to the invention can be characterized in the way defined below, that is:
A method for storing NFC applications in a secure memory device having its own computational power, such as a smart card, preferably a SmartMX card, which secure memory device comprises a first memory portion configured as an emulated MIFARE memory, offering a first security level, and a second memory portion accessible by means of authentication and optionally being encrypted, which second memory portion offers a second security level which is higher than the first security level, wherein the method comprises analyzing whether the first or the second security level is assigned to the NFC application and, depending on the results of this analysis, storing the NFC application either in the first memory portion by applying data write steps in compliance with the MIFARE standard or in the second memory portion by handling authentication routines necessary for gaining write access to said second memory portion and carrying out the write operation.
In order to achieve the object defined above, with a computer program product according to the invention characteristic features are provided so that a computer program product according to the invention is directly loadable into the memory of a secure memory device having its own computational power, comprising software code portions for performing the steps of a method according to the invention, when said product is run on the secure memory device.
In order to achieve the object defined above, a secure memory device according to the invention comprises an arithmetic- logic unit and a memory and processes the computer program product according to the above paragraph.
In order to achieve the object defined above a mobile communication device, preferably an NFC mobile phone is provided being equipped with a secure memory device according to the above paragraph. The characteristic features according to the invention provide the advantage that a user who wants to make use of the various different security levels provided in the secure memory device does not need to have specific knowledge of how to gain access to the different memory portions. This is particularly important when the secure memory device is operated under a highly sophisticated operating system like JCOP. The aspects defined above and further aspects of the invention are apparent from the exemplary embodiment to be described hereinafter and are explained with reference to this exemplary embodiment.
BRIEF DESCRIPTION OF THE DRAWINGS The invention will be described in more detail hereinafter with reference to an exemplary embodiment. However, the invention is not limited to this exemplary embodiment.
Fig. 1 shows the memory organization of a MIFARE Standard Ik EEPROM. Fig. 2 shows the manufacturer block of a MIFARE memory. Fig. 3 shows the sector trailer of a sector of MIFARE memory.
Fig. 4 shows a schematic diagram of a telecommunication system including a mobile communication device with a smart card configured as a SmartMX card. DESCRIPTION OF EMBODIMENTS
Fig. 4 shows a schematic diagram of a telecommunication system in accordance with the above referenced white book of the GSM Association (GSMA) about an eco-system for Mobile NFC (Near Field Communication) services. The telecommunication system comprises a service provider 1 , a trusted service manager 2 and a mobile communication device 3. It should be observed that the numbers of service providers 1, trusted service managers 2 and mobile communication devices 3 are in no way limited. A user 4 of the mobile communication device 3 can electronically communicate (arrow 5) with the service provider 1 either by means of his mobile communication device 3 via the Over-the-Air (OTA) services provided by a mobile network operator, particularly via Short Message
Service (SMS) services, and/or via a computer network. Communication between the user 4 and the service provider 1 comprises for instance ordering of NFC services like tickets etc. The trusted service manager 2 communicates with the mobile communication device 3 via an Over-The-Air service of a mobile network operator, e.g. Short Message Service.
The service provider 1 communicates with the trusted service manager 2 via a computer network, such as the Internet, wherein the preferred data transmission protocol is HTTPS.
The mobile communication device 3 may e.g. be configured as a NFC mobile phone. The mobile communication device 3 comprises a processor (not shown in the drawing) for executing software being internally stored in the mobile communication device 3. The software comprises an operating system for carrying out and managing all functions of the mobile communication device 3.
The mobile communication device 3 is equipped with a secure memory device 6 with enhanced security features that comprises its own computational power and has multiple interface options. The secure memory device 6 is configured as a SmartMX smart card which comprises encryption coprocessors and a Java operating systems, particularly JCOP. The secure memory device 6 will be explained in more detail below. The mobile communication device 3 further comprises a trusted service client 8 which in the present embodiment of the invention is a software module being contained in the general software of the mobile communication device 3. The trusted service client 8 is controlled by the trusted service manager 2 and has the ability to manage NFC applications in the secure memory device 6. Managing NFC applications comprises installing, updating and de-installing NFC applications. NFC applications are for instance tickets, coupons, access controls, e-purse functions, etc. which have to be handled with different levels of security.
According to the present invention, the secure memory device 6 provides different security levels for storing said NFC applications. Strictly speaking, the secure memory device 6 comprises a first memory portion 6A offering a first security level SLl. The secure memory device 6 further comprises a second memory portion 6B offering a second security level SL2 which is higher than the first security level SLl. Finally, the secure memory device 6 comprises a third memory portion 6C offering a third security level SL3 which is the highest one. The first memory portion 6A of the secure memory device 6 is configured as an emulated MIFARE device. Access to its contents is granted by keys as has been explained in the introduction of this document. Data are written into the first memory portion 6A and read out from it according to the general MIFARE specifications. There is neither encryption nor authentication provided, but the advantage of this standard MIFARE configuration is that its access procedures can easily be handled. This first memory portion 6A is particularly useful for storing NFC applications that do not represent very high monetary values, such as a ticket TKl, a transport pass TRl, or an e-purse EPl that represents a monetary value of less than e.g. 100 €. MIFARE applications MIF are e.g. issued by the service provider 1 and are transmitted to the trusted service manager 2. The trusted service manager 2 transmits the MIFARE application MIF via the over the air Interface (OTA) of a mobile network operator to the trusted service client 8 in the mobile communication device 3. The trusted service client 8 manages installation of the MIFARE applications MIF in the first memory portion 6A of the secure memory device 6. The contents of the first memory portion 6A of the secure memory device 6 can be read by standard MIFARE readers 7. The configuration of the third memory portion 6C of the secure memory device 6 is based on a Java operating system, particularly JCOP, and offers highest security by providing authentication, symmetric and asymmetric encryption features. However, these features can only be used by means of so-called CARDlets which are specifically customer- tailored software modules and are based on the JCOP operating system. Consequently, any party intending to make use of these features must have an in depth knowledge of both JCOP and CARDlet programming. For instance, if a service provider 1, e.g. a ticket provider, wants to send a ticket to be stored in the third memory portion 6C of the secure memory device 6, he cannot simply transfer the ticket itself to the secure memory device 6, but he has to send a specific CARDlet Cl with its own ticket management inside in order to cope with the specific security features of the third memory portion 6C. The service provider 1 himself has to develop this specific CARDlet Cl. Due to the complexity of CARDlet programming, the third memory portion 6C is mainly used by credit card providers who have the manpower and resources for developing their customer-tailored credit card application CARDlets C2, C3. Generally, customer tailored CARDlets Cx are sent from an issuing service provider 1 to the trusted service manager 2. The trusted service manager 2 transmits the customer tailored CARDlets Cx via the over the air interface (OTA) of a mobile network operator to the trusted service client 8 in the mobile communication device 3. The trusted service client 8 installs the CARDlets Cx in the third memory portion 6C of the secure memory device 6. It should be noticed, that the described configuration of the third memory portion 6C is already state of the art and there are readers 9 existing being adapted to read the contents of the third memory portion 6C of the secure memory device 6. The readers 9 have to be programmed for carrying out authentication handling procedures AUT-3.
According to the present invention, the configuration of the second memory portion 6B of the secure memory device 6 is such that it also offers highest security by providing authentication, symmetric and asymmetric encryption features. These features are also based on a Java operating system, particularly JCOP. However, in contrast to the configuration of the third memory portion 6C, a user gets access to all these security features without the necessity for having specific knowledge about JCOP and CARDlet programming. Rather, according to the present invention there is a specific management CARDlet Ml provided in the secure memory device 6 that manages all installation routines and deals with the particulars of high-level security. This means that according to the present invention a service provider 1 who wants to send an NFC application APP to the secure memory device 6 only has to send this application APP together with a security criterion SC to the trusted service manager 2. It should be emphasized, that beyond knowing the security criterion SC the service provider 1 does not have to have knowledge of how to deal with the high-level security features like authentication, symmetric and asymmetric encryption, and particularly does not need to know anything about JCOP and CARDlet programming.
The security criterion SC is e.g. either a code for the desired security level SLl, SL2, SL3, or a specific value that can be checked by the trusted service manager 2 in respect of predefined conditions. For instance, the trusted service manager 2 checks incoming e- purse applications whether they have a monetary value of e.g. less than 100 €. If this condition is met, then the trusted service manager 2 will e.g. assign the security level SLl to this e-purse application, otherwise he will assign the higher security level SL2 to this e-purse application.
Next, the trusted service manager 2 transmits the NFC application APP together with the assigned security level SLx (x = 1 or 2) via the over the air interface OTA of a mobile network operator to the trusted service client 8 residing in the mobile communication device 3. The trusted service client 8 hands the NFC application APP together with the assigned security level SLx over to the specific management CARD let Ml in the secure memory device 6. The specific management CARDlet Ml analyses which security level SLx is assigned to the NFC application APP. If the first security level SLl is assigned to the NFC application APP then the specific management CARDlet Ml will store the NFC application APP in the first memory portion 6A in accordance with the standard MIFARE specifications.
If the second security level SL2 is assigned to the NFC application APP then the specific management CARDlet Ml will handle all necessary encryption and/or authentication steps in order to get write access to the second memory portion 6B of the secure memory device 6 and will store the NFC application APP in the second memory portion 6B. It should be mentioned that the specific management CARDlet Ml has implemented all necessary information and procedures for handling encryption and/or authentication in respect of the second memory portion 6B, but has no information to access the third memory portion 6C of the secure memory device 6.
In order to enable MIFARE reader 7 or reader 9 which is adapted for carrying out authentication AUT-2, a specific reading CARDlet Rl is provided which has read access to both the first memory portion 6A and the second memory portion 6B, such that it retrieves MIFARE applications from the first memory portion 6A and transmits them to the MIFARE reader 7 and - provided that authentication with reader 9 was successful - retrieves NFC applications from the second memory portion 6B and transmits them to the reader 9.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps other than those listed in a claim. The indefinite article "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. In the device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

CLAIMS:
1. A method for storing NFC applications (APP) in a secure memory device (6) having its own computational power, such as a smart card, preferably a SmartMX card, which secure memory device (6) comprises a first memory portion (6A) configured as an emulated MIFARE memory, offering a first security level (SLl), and a second memory portion (6B) accessible by means of authentication and optionally being encrypted, which second memory portion (6B) offers a second security level (SL2) which is higher than the first security level (SLl), wherein the method comprises analyzing whether the first or the second security level (SLl, SL2) is assigned to the NFC application (APP) and, depending on the results of this analysis, storing the NFC application (APP) either in the first memory portion (6A) by applying data write steps in compliance with the MIFARE standard or in the second memory portion (6B) by handling authentication routines necessary for gaining write access to said second memory portion (6B) and carrying out the write operation.
2. The method as claimed in claim 1, wherein the secure memory device (6) is operated by means of a Java operating system, preferably JCOP.
3. A computer program product being directly loadable into the memory of a secure memory device (6) having its own computational power, comprising software code portions for performing the steps of a method according to claim 1 or 2, when said product is run on the secure memory device (6).
4. A computer program product as claimed in claim 3, wherein the computer program product is stored on a computer readable medium or is downloadable via a data connection from a remote server.
5. A computer program product as claimed in claim 3, being designed to run under a Java operating system, particularly JCOP.
6. A secure memory device (6) with an arithmetic- logic unit and a memory, wherein the secure memory device (6) is adapted to process the computer program product as claimed in claim 3.
7. The secure memory device (6) as claimed in claim 6, being configured as a smart card, preferably a SmartMX card.
8. A mobile communication device (3) comprising the secure memory device (6) as claimed in claim 7.
9. The mobile communication device (3) as claimed in claim 8, being configured as an NFC mobile phone.
PCT/IB2009/052005 2008-05-27 2009-05-14 Method for storing nfc applications in a secure memory device WO2009147548A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP08290481.4 2008-05-27
EP08290481 2008-05-27

Publications (2)

Publication Number Publication Date
WO2009147548A2 true WO2009147548A2 (en) 2009-12-10
WO2009147548A3 WO2009147548A3 (en) 2010-01-28

Family

ID=41328543

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/052005 WO2009147548A2 (en) 2008-05-27 2009-05-14 Method for storing nfc applications in a secure memory device

Country Status (1)

Country Link
WO (1) WO2009147548A2 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7954716B2 (en) 2005-02-22 2011-06-07 Tyfone, Inc. Electronic transaction card powered by mobile device
US7961101B2 (en) * 2008-08-08 2011-06-14 Tyfone, Inc. Small RFID card with integrated inductive element
US7991158B2 (en) 2006-12-13 2011-08-02 Tyfone, Inc. Secure messaging
WO2011103684A1 (en) * 2010-02-26 2011-09-01 Research In Motion Limited Near-field communication (nfc) system providing mobile wireless communications device operations based upon timing and sequence of nfc sensor communication and related methods
EP2388733A1 (en) * 2010-05-21 2011-11-23 Cardag Deutschland GmbH Electronic data transfer device with a security module
US20120159149A1 (en) * 2010-12-20 2012-06-21 Philippe Martin Methods, systems, and computer readable media for designating a security level for a communications link between wireless devices
US8231061B2 (en) 2009-02-24 2012-07-31 Tyfone, Inc Contactless device with miniaturized antenna
US8451122B2 (en) 2008-08-08 2013-05-28 Tyfone, Inc. Smartcard performance enhancement circuits and systems
JP2013539895A (en) * 2011-09-16 2013-10-28 グーグル・インコーポレーテッド Secure application directory
US8670709B2 (en) 2010-02-26 2014-03-11 Blackberry Limited Near-field communication (NFC) system providing mobile wireless communications device operations based upon timing and sequence of NFC sensor communication and related methods
WO2016126367A1 (en) * 2015-02-03 2016-08-11 Qualcomm Incorporated Security protocols for unified near field communication infrastructures
US9741027B2 (en) 2007-12-14 2017-08-22 Tyfone, Inc. Memory card based contactless devices
WO2018090201A1 (en) * 2016-11-15 2018-05-24 华为技术有限公司 Secure processor chip and terminal device
CN109104712A (en) * 2018-07-17 2018-12-28 葫芦岛智多多科技有限责任公司 A kind of wireless charging encryption system and its encryption method based on NFC function
EP2620919B1 (en) * 2012-01-26 2022-01-05 SimonsVoss Technologies GmbH Locking system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030182569A1 (en) * 2002-03-13 2003-09-25 Natsume Matsuzaki Secure device
US20040139021A1 (en) * 2002-10-07 2004-07-15 Visa International Service Association Method and system for facilitating data access and management on a secure token
WO2006069194A2 (en) * 2004-12-21 2006-06-29 Sandisk Corporation Memory system with versatile content control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030182569A1 (en) * 2002-03-13 2003-09-25 Natsume Matsuzaki Secure device
US20040139021A1 (en) * 2002-10-07 2004-07-15 Visa International Service Association Method and system for facilitating data access and management on a secure token
WO2006069194A2 (en) * 2004-12-21 2006-06-29 Sandisk Corporation Memory system with versatile content control

Cited By (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8136732B2 (en) 2005-02-22 2012-03-20 Tyfone, Inc. Electronic transaction card with contactless interface
US9092708B1 (en) 2005-02-22 2015-07-28 Tyfone, Inc. Wearable device with time-varying magnetic field
US9004361B2 (en) 2005-02-22 2015-04-14 Tyfone, Inc. Wearable device transaction system
US11720777B2 (en) 2005-02-22 2023-08-08 Icashe, Inc. Mobile phone with magnetic card emulation
US10185909B2 (en) 2005-02-22 2019-01-22 Tyfone, Inc. Wearable device with current carrying conductor to produce time-varying magnetic field
US11436461B2 (en) 2005-02-22 2022-09-06 Kepler Computing Inc. Mobile phone with magnetic card emulation
US11270174B2 (en) 2005-02-22 2022-03-08 Icashe, Inc. Mobile phone with magnetic card emulation
US10803370B2 (en) 2005-02-22 2020-10-13 Tyfone, Inc. Provisioning wearable device with current carrying conductor to produce time-varying magnetic field
US8083145B2 (en) 2005-02-22 2011-12-27 Tyfone, Inc. Provisioning an add-on apparatus with smartcard circuity for enabling transactions
US9202156B2 (en) 2005-02-22 2015-12-01 Tyfone, Inc. Mobile device with time-varying magnetic field
US7954717B2 (en) 2005-02-22 2011-06-07 Tyfone, Inc. Provisioning electronic transaction card in mobile device
US7954715B2 (en) 2005-02-22 2011-06-07 Tyfone, Inc. Mobile device with transaction card in add-on slot
US8091786B2 (en) 2005-02-22 2012-01-10 Tyfone, Inc. Add-on card with smartcard circuitry powered by a mobile device
US7954716B2 (en) 2005-02-22 2011-06-07 Tyfone, Inc. Electronic transaction card powered by mobile device
US8408463B2 (en) 2005-02-22 2013-04-02 Tyfone, Inc. Mobile device add-on apparatus for financial transactions
US9715649B2 (en) 2005-02-22 2017-07-25 Tyfone, Inc. Device with current carrying conductor to produce time-varying magnetic field
US8474718B2 (en) 2005-02-22 2013-07-02 Tyfone, Inc. Method for provisioning an apparatus connected contactless to a mobile device
US9626611B2 (en) 2005-02-22 2017-04-18 Tyfone, Inc. Provisioning mobile device with time-varying magnetic field
US8573494B2 (en) 2005-02-22 2013-11-05 Tyfone, Inc. Apparatus for secure financial transactions
US9251453B1 (en) 2005-02-22 2016-02-02 Tyfone, Inc. Wearable device with time-varying magnetic field and single transaction account numbers
US9208423B1 (en) 2005-02-22 2015-12-08 Tyfone, Inc. Mobile device with time-varying magnetic field and single transaction account numbers
US7991158B2 (en) 2006-12-13 2011-08-02 Tyfone, Inc. Secure messaging
US9741027B2 (en) 2007-12-14 2017-08-22 Tyfone, Inc. Memory card based contactless devices
US8410936B2 (en) 2008-08-08 2013-04-02 Tyfone, Inc. Contactless card that receives power from host device
US10949726B2 (en) 2008-08-08 2021-03-16 Icashe, Inc. Mobile phone with NFC apparatus that does not rely on power derived from an interrogating RF field
US8937549B2 (en) 2008-08-08 2015-01-20 Tyfone, Inc. Enhanced integrated circuit with smartcard controller
US9117152B2 (en) 2008-08-08 2015-08-25 Tyfone, Inc. 13.56 MHz enhancement circuit for smartmx smartcard controller
US9122965B2 (en) 2008-08-08 2015-09-01 Tyfone, Inc. 13.56 MHz enhancement circuit for smartcard controller
US8866614B2 (en) 2008-08-08 2014-10-21 Tyfone, Inc. Active circuit for RFID
US8814053B2 (en) 2008-08-08 2014-08-26 Tyfone, Inc. Mobile payment device with small inductive device powered by a host device
US7961101B2 (en) * 2008-08-08 2011-06-14 Tyfone, Inc. Small RFID card with integrated inductive element
US9390359B2 (en) 2008-08-08 2016-07-12 Tyfone, Inc. Mobile device with a contactless smartcard device and active load modulation
US11694053B2 (en) 2008-08-08 2023-07-04 Icashe, Inc. Method and apparatus for transmitting data via NFC for mobile applications including mobile payments and ticketing
US9483722B2 (en) 2008-08-08 2016-11-01 Tyfone, Inc. Amplifier and transmission solution for 13.56MHz radio coupled to smartcard controller
US9489608B2 (en) 2008-08-08 2016-11-08 Tyfone, Inc. Amplifier and transmission solution for 13.56MHz radio coupled to smartmx smartcard controller
US8072331B2 (en) 2008-08-08 2011-12-06 Tyfone, Inc. Mobile payment device
US10607129B2 (en) 2008-08-08 2020-03-31 Tyfone, Inc. Sideband generating NFC apparatus to mimic load modulation
US8451122B2 (en) 2008-08-08 2013-05-28 Tyfone, Inc. Smartcard performance enhancement circuits and systems
US10318855B2 (en) 2008-08-08 2019-06-11 Tyfone, Inc. Computing device with NFC and active load modulation for mass transit ticketing
US9904887B2 (en) 2008-08-08 2018-02-27 Tyfone, Inc. Computing device with NFC and active load modulation
US8231061B2 (en) 2009-02-24 2012-07-31 Tyfone, Inc Contactless device with miniaturized antenna
US8670709B2 (en) 2010-02-26 2014-03-11 Blackberry Limited Near-field communication (NFC) system providing mobile wireless communications device operations based upon timing and sequence of NFC sensor communication and related methods
WO2011103684A1 (en) * 2010-02-26 2011-09-01 Research In Motion Limited Near-field communication (nfc) system providing mobile wireless communications device operations based upon timing and sequence of nfc sensor communication and related methods
EP2388733A1 (en) * 2010-05-21 2011-11-23 Cardag Deutschland GmbH Electronic data transfer device with a security module
US20120159149A1 (en) * 2010-12-20 2012-06-21 Philippe Martin Methods, systems, and computer readable media for designating a security level for a communications link between wireless devices
US8943306B2 (en) * 2010-12-20 2015-01-27 Mastercard International Incorporated Methods, systems, and computer readable media for designating a security level for a communications link between wireless devices
JP2013539895A (en) * 2011-09-16 2013-10-28 グーグル・インコーポレーテッド Secure application directory
EP2620919B1 (en) * 2012-01-26 2022-01-05 SimonsVoss Technologies GmbH Locking system
CN107113553A (en) * 2015-02-03 2017-08-29 高通股份有限公司 The security protocol of unified near-field communication architecture
US9497573B2 (en) 2015-02-03 2016-11-15 Qualcomm Incorporated Security protocols for unified near field communication infrastructures
CN107113553B (en) * 2015-02-03 2018-12-18 高通股份有限公司 Device, method and server for unified near-field communication architecture
WO2016126367A1 (en) * 2015-02-03 2016-08-11 Qualcomm Incorporated Security protocols for unified near field communication infrastructures
US11126753B2 (en) 2016-11-15 2021-09-21 Huawei Technologies Co., Ltd. Secure processor chip and terminal device
WO2018090201A1 (en) * 2016-11-15 2018-05-24 华为技术有限公司 Secure processor chip and terminal device
CN109104712B (en) * 2018-07-17 2021-04-30 北京神州安付科技股份有限公司 Wireless recharging encryption system based on NFC function and encryption method thereof
CN109104712A (en) * 2018-07-17 2018-12-28 葫芦岛智多多科技有限责任公司 A kind of wireless charging encryption system and its encryption method based on NFC function

Also Published As

Publication number Publication date
WO2009147548A3 (en) 2010-01-28

Similar Documents

Publication Publication Date Title
EP2255340B1 (en) Method and devices for installing and retrieving linked mifare applications
WO2009147548A2 (en) Method for storing nfc applications in a secure memory device
US8391837B2 (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
EP2206067B1 (en) Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications
US9607192B2 (en) MIFARE push
EP2297707B1 (en) Method of accessing applications in a secure mobile environment
US8811971B2 (en) Mobile communication device and method for disabling applications
EP2195794B1 (en) Trusted service manager managing reports of lost or stolen mobile communication devices
RU2602788C2 (en) Multi-issuer architecture of safety element section for nfc supporting devices
EP2048594A1 (en) Method for communication, communication device and secure processor
EP2048591B1 (en) Method for communication, communication device and secure processor
EP2174481B1 (en) Method, server and mobile communication device for managing unique memory device identifications
US9016561B2 (en) Method, server and mobile communication device for managing unique memory device identifications
Nieto HCE-oriented payments vs. SE-oriented payments. Security Issues

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09757900

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09757900

Country of ref document: EP

Kind code of ref document: A2