A Novel Consumer-Centric Card Management Architecture and Potential Security Issues

International audienceMulti-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture

A cooperative cellular and broadcast conditional access system for Pay-TV systems

This is the author's accepted manuscript. The final published article is available from the link below. Copyright @ 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.The lack of interoperability between Pay-TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay-TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay-TV systems. As a result, this paper presents the Mobile Conditional Access System (MICAS) as an end-to-end access control solution for Pay-TV systems. It incorporates the mobile and broadcasting systems and provides a platform whereby service providers can effectively interact with their customers, personalize their services and adopt appropriate security measurements. This would result in the decrease of operating expenses and increase of customers' satisfaction in the system. The paper provides an overview of state-of-the-art conditional access solutions followed by detailed description of design, reference model implementation and analysis of possible MICAS security architectures.Strategy & Technology (S&T) Lt

SYSTEM AND METHOD FOR AUTHENTICATION USING MOBILE DEVICE

The methods and system disclosed in present disclosure is to perform authentication of a user device before provisioning card details in a digital wallet. In present disclosure, user taps user device on mobile device, upon tapping interaction data is sent to user device. The user device further generates cryptogram using interaction data and credentials of user device. The cryptogram generated is sent to server computer, which verifies whether card details can be provisioned by sending token request to token service computer which further sends authentication request to authentication server system. The authentication server system authenticates received cryptogram and generates validation result either to be successful or to be a failure. The validation result is sent to token service system which in turn sends token response to server computer. Further, server computer decides whether to provision and store the card details and the token received based on token response. Finally, result of provisioning is updated to the user through the mobile device. Hence, the method and the system of the present disclosure eases the provisioning process for cardholders by removing the need to manually enter card details or take a photo of the card and provides assurance that the genuine card is in the possession of individual initiating the provisioning request

Near Field Communication Applications

Near Field Communication (NFC) is a short-range, low power contactless communication between NFC-enabled devices that are held in the closed proximity to each other. NFC technology has been moving rapidly from its initial application areas of mobile payment services and contactless ticketing to the diversity of new areas. Three specific NFC tags highlighted in the thesis have different structures in terms of memory, security and usage in different applications. NFC information tags exploit the data exchange format NDEF standardized by NFC Forum. NFC applications are rapidly stepping into novel and diverse application areas. Often they are deployed in combination with different devices and systems through their integrability and adaptability features. The diverse application areas where NFC tags and cards are used cover smart posters, contactless ticketing, keys and access control, library services, entertainment services, social network services, education, location based services, work force and retail management and healthcare. In designing different NFC applications, it is necessary to take into consideration different design issues such as to choosing the NFC tools and devices according to the technical requirements of the application, considering especially the memory, security and price factors as well as their relation to the purpose and usage of the final product. The security aspect of the NFC tags is remarkably important in selecting the proper NFC device. The race between hackers attacking and breaking the security systems of programmable high level products and manufacturers to produce reliable secure systems and products seems to never end. This has proven to be case, for example, for trying MIFARE Ultralight and DESFire MF3ICD40 tags. An important consideration of studying the different applications of NFC tags and cards during the thesis work was to understand the ubiquitous character of NFC technology.Lähitunnistus yhteys tekniikka (NFC) on lyhyen tähtäimen, pienitehoinen, kontaktiton yhteydenpito NFC yhteensopivien laitteiden välillä, jossa laitteet pidetään toistensä välittömässä läheisyydessä tiedon siirtämiseksi niiden välillä. NFC-teknologia on siirtynyt nopeasti sen alkuperäisiltä toimialueilta eli mobiili maksupalvelujen ja kontaktittomien lippujen sovellusalueilta moninaisille uusille alueille. Kolmella NFC tagillä, joita on käsitelty tässä tutkielmassa, on muistin, turvallisuuden ja käytön kannalta erilaisiä rakenteita, joita käytetään eri sovelluksissa. NFC-tagit käyttävät tiedonvälityksessä NFC Forumin standardoimaa NDEF-tiedonvaihtoformaattia. NFC sovellukset esiintyvät yhä enenevässä määrin nopeasti kehyttyvillä, uudenlaisilla ja monipuolisilla sovellusalueilla, usein yhdessä eri laitteiden ja järjestelmien kanssa. NFC on käytettävissä erinäisten laitteiden kanssa erilaisissa järjestelmäympäristöissä. Monipuoliset sovellusalueet, joissa muun muassa NFC-tagejä ja -kortteja käytetään sisältävät seuraavanlaisia sovelluksia: älykkäät julisteet, kontaktittomat liput, avaimet ja pääsynvalvonta, kirjastopalvelut, viihdepalvelut, sosiaalisen verkoston palvelut, kasvatukseen ja koulutukseen liittyvät palvelut, sijaintiperustaiset palvelut, työvoiman ja vähittäiskaupan hallinto-palvelut ja terveyspalvelut. Erilaisten NFC-sovelluksien suunnittelussa on väistämätöntä ottaa erilaisia suunnitteluasioita huomioon kuten valita NFC-työkalut ja laitteet sovelluksen teknisten vaatimusten mukaan. Erilaiset tärkeät tekijät kuten muisti, tietoturvallisuusominaisuudet ja hinta ja niiden kaikkien toimivuus lopputuotteen kannalta on otettava huomioon. Tietoturvallisuusnäkökohta on erityisen tärkeä oikean NFC laitteen valitsemisessa, sillä käynnissä on loputon kilpajuoksu hakkerien, jotka yrittävät rikkoa ohjelmoitavien korkeatasoisten laitteiden ja tuotteiden tietoturvajärjestelmiä, ja valmistajien, jotka pyrkivät tuottamaan luotettavia varmoja järjestelmiä, välillä. Tietoturvariskiin liittyviä ongelmia on löydetty esimerkiksi MIFARE Ultralight ja DESFire MF3ICD40 tageista. Tärkeä havainto, joka saatiin erilaisten NFC sovelluksien tutkimisesta, oli oivaltaa NFCteknologian potentiaalinen kaikkialle ulottuva, yleiskäyttöinen luonne

Mobile applications approaches using near field communication support

Nowadays, the society is constantly evolving technologically and new products and technologies appears every day. These technologies allow the well-being of societies and their populations. Mobile gadgets evolution, mainly the smartphones, has always been at the forefront, everyday new devices appear and with them, more recent technologies. These technologies provide a better quality of life of everybody who uses them. People need to have at their disposal a whole array of new features that make their life increasingly more easily. The use of gadgets to simplify the day-to-day is growing and for this people use all disposal types of devices, such as computers, laptops, file servers, smartphones, tablets, and among of others. With the need to use all these devices a problem appears, the data synchronization and a way to simplify the usage of smartphones. What is the advantage of having so much technology available if we need to concern about the interoperability between all devices? There are some solutions to overcome these problems, but most often the advantage brought by these technologies has associated some setup configurations and time is money. Near field communication (NFC) appeared in 2004 but only now has gained the market dominance and visibility, everybody wants to have a NFC based solution, like Google, Apple, Microsoft and other IT giants. NFC is the best solution to overcome some problems like, file synchronization, content sharing, pairing devices, and launch applications without user interaction. NFC arises as a technology that was forgotten, but it has everything to win in every global solutions and markets. In this dissertation two based solutions are presented, an application to transfer money using NFC and an application launcher. Both solutions are an innovation in market because there are nothing like these. A prototype of each application was build and tested. NFC Launcher is already in Android Market. NFC Launcher and Credit Transfer were built, evaluated and are ready for use

Context-aware multi-factor authentication

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaAuthentication systems, as available today, are inappropriate for the requirements of ubiquitous, heterogeneous and large scale distributed systems. Some important limitations are: (i) the use of weak or rigid authentication factors as principal’s identity proofs, (ii) non flexibility to combine different authentication modes for dynamic and context-aware interaction criteria, (iii) not being extensible models to integrate new or emergent pervasive authentication factors and (iv) difficulty to manage the coexistence of multi-factor authentication proofs in a unified single sign-on solution. The objective of this dissertation is the design, implementation and experimental evaluation of a platform supporting multi-factor authentication services, as a contribution to overcome the above limitations. The devised platform will provide a uniform and flexible authentication base for multi-factor authentication requirements and context-aware authentication modes for ubiquitous applications and services. The main contribution is focused on the design and implementation of an extensible authentication framework model, integrating classic as well as new pervasive authentication factors that can be composed for different context-aware dynamic requirements. Flexibility criteria are addressed by the establishment of a unified authentication back-end, supporting authentication modes as defined processes and rules expressed in a SAML based declarative markup language. The authentication base supports an extended single sign-on system that can be dynamically tailored for multi-factor authentication policies, considering large scale distributed applications and according with ubiquitous interaction needs

Near Field Communication: From theory to practice

This book provides the technical essentials, state-of-the-art knowledge, business ecosystem and standards of Near Field Communication (NFC)by NFC Lab - Istanbul research centre which conducts intense research on NFC technology. In this book, the authors present the contemporary research on all aspects of NFC, addressing related security aspects as well as information on various business models. In addition, the book provides comprehensive information a designer needs to design an NFC project, an analyzer needs to analyze requirements of a new NFC based system, and a programmer needs to implement an application. Furthermore, the authors introduce the technical and administrative issues related to NFC technology, standards, and global stakeholders. It also offers comprehensive information as well as use case studies for each NFC operating mode to give the usage idea behind each operating mode thoroughly. Examples of NFC application development are provided using Java technology, and security considerations are discussed in detail. Key Features: Offers a complete understanding of the NFC technology, including standards, technical essentials, operating modes, application development with Java, security and privacy, business ecosystem analysis Provides analysis, design as well as development guidance for professionals from administrative and technical perspectives Discusses methods, techniques and modelling support including UML are demonstrated with real cases Contains case studies such as payment, ticketing, social networking and remote shopping This book will be an invaluable guide for business and ecosystem analysts, project managers, mobile commerce consultants, system and application developers, mobile developers and practitioners. It will also be of interest to researchers, software engineers, computer scientists, information technology specialists including students and graduates.Publisher's Versio