A mobile trusted computing architecture for a near field communication ecosystem.
ABSTRACT Near Field Communication (NFC) is a wireless communication technology to transfer data over distances of up to 10 cm. With this technology, a mobile device is capable of emulating smartcards for access, payment or loyalty. The benefits of a mobile device with NFC over an ordinary smartcard are the interaction and network capabilities of such a device. Thus there is the possibility to distributed smartcard applications through a data link to a mobile device, instead of issuing physical cards. The goal of this paper is to present a platform to securely manage smartcard applications in such NFC devices. Issuing of application in NFC devices is different in several stages compared to ordinary smartcards. With regard to security, there are different processes to be protected and new attack scenarios. In this paper functional aspects of such an architecture and the rolls of the instances participating are discussed. Although NFC allows a smooth interaction for the consumer, the infrastructure behind the scene is complex and requires the cooperation on different levels to ensure interoperability and of a thriving contactless scheme to be deployed. According to the concept, three different prototypes have been implemented to remotely manage the smartcard applications.
- [show abstract] [hide abstract]
ABSTRACT: The instance of the platform manger (PM) also referred to as trusted service manager (TSM) is vital for the Near Field Communication (NFC) ecosystem. Instead of issuing physical cards, the platform manager distributes the smartcard applications to the NFC devices over a wireless network. Therefore the platform manager has to meet high security standards like those of an ordinary smartcard issuer, producing, personalizing and distributing smartcards. As the applications are loaded post-issuing, the certification of these applications, like credit cards, is not yet possible. But front up a certification of the PM as well as the process is needed, to ensure availability and integrity of the service. This is the base requirement for the certification of the distributed applets. The first necessary step for a fruitful protection profile is a risk analysis of the infrastructure and components involved from a security point of view, which is provided to the readers of this paper.Near Field Communication, International Workshop on. 02/2009;