The document discusses secure elements in mobile phones which provide security and confidentiality for mobile transactions. A secure element is isolated in the phone's operating system and hardware, and can only be accessed by authorized programs after entering a PIN. Current implementations of secure elements include being embedded in phones, located on SIM cards, or using removable secure element cards. The document proposes solutions for incorporating secure elements in phone memory, SIM cards, or external SD cards to enable encrypted transactions using protocols like NFC, SMS, and HTTPS.
1. Secure Element
The component in a mobile phone providing the security and
confidentiality required to support various business models (m-gov, mpayment, m-commerce, m-security, etc.) in this environment, is referred
to as a Secure Element (SE).
The Secure Element is isolated in
the phone’s operating system and
hardware and can only be
accessed by authorized programs.
Another layer of security is
provided by requiring you to enter
a PIN before accessing the Secure
Element
to
transmit
your
m-credentials during transactions.
2. Motivation for Secure Elements
Necessary for several Applications:
- Payment
- Ticketing
- Government
- Secure Authentication
- ….
Because it is considered:
- Trusted
- Secure
3. Current Secure Element Implementations
– Embedded in Mobile Phone
– SIM Based
– Removeable Secure Element (SD Card)
7. Our Solution
Secure Element in:
1) Phone ‘s memory with a specialized
App for
iOS, Android, BlackBerry, Windows
Phone
2) SIM card as JavaCard, SIM Application
Toolkit Applet for all mobile phones.
3) External, removeable, SD card with a
specialized App for
Android, BlackBerry, Windows Phone.
Transactions over
- NFC
- SMS (encrypted),
- HTTP, HTTPS
8. Secure Element in the SIM
- JavaCard (SIM Application Toolkit ) applet in the SIM
- User Interface as:
- SIM Toolkit Menu
or
- Smart Card Web Server (SCWS)
- Transaction based upon
- Encrypted SMS (ETSI 03.48)
- BIP (HTTP)
9. Secure Element in Phone’s Memory/SD
- App installed in the phone
(android, iOS, BlackBerry, Windows Phone, etc)
- User Interface in the App
- Transaction (based upon the phone’s features) via:
- Encrypted SMS
- HTTPS
- NFC