Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-77c89778f8-m8s7h Total loading time: 0 Render date: 2024-07-25T00:56:04.844Z Has data issue: false hasContentIssue false

6 - The Secure Element

from Part II - Technology

Published online by Cambridge University Press:  05 December 2014

Mike Hendry
Get access

Summary

Requirements

We have seen in Chapters 1 and 2 that the defining characteristic of NFC is the way transactions are initiated: by tapping an NFC-enabled phone to another device.

Often only very minimal data are exchanged during this phase of the transaction: a URL, for example. This is not likely to be sensitive from a security point of view, and the subsequent phases of the transaction can be protected to the extent required by the website, by using web technology (SSL/TLS or IPSec).

In other cases (for access control, payment or loyalty applications, for example) the phone will send information to the other device that is critical to the working of the application and is regarded as sensitive from a security point of view (the unique access control token ID, payment card number or personal details). The level of sensitivity varies: for example, a low-value prepaid balance or loyalty number should be protected but not to the same extent as bank account access credentials, e-commerce certificates or health records.

A smartphone is a relatively open environment: new programs can be downloaded to it, data can be stored in the phone memory and accessed by those programs; many operations can take place in the background, without the knowledge of the phone user. Applications that need greater security therefore make use of a combination of hardware and firmware that can be used to store programs and data securely. We will see in Chapter 10 that it is nearly always best to provide these security functions using a separate microcontroller chip or card with its own memory and cryptographic processing capability. This is called the Secure Element (SE).

Type
Chapter
Information
Near Field Communications Technology and Applications , pp. 58 - 72
Publisher: Cambridge University Press
Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Verma, S., Transport for London, speech at Open Mobile Summit, London, May 2012
ISO 15408: Common Criteria for Information Security, V3.1, September 2012. See
(U)SIM Java Card Platform Protection Profile: Basic and SCWS Configurations, June 2010,
Mobile NFC Applications Validation Process, V2.1, AFSCM, Paris, November 2011
Damour, C., Al Rhomri, S., The NFC Security Quiz, FIME, Paris, June 2013Google Scholar
SD Specifications Part 1 Physical Layer Simplified Specification Version 4.10, , January 2013
Product Brief SLE 97400SE/SD, Infineon Technologies, January 2013
Oberthur Technologies’ NFC embedded Secure Element equips the newly released Samsung GALAXY S4, Press release from Oberthur Technologies, June 2013
SD Specifications Part A1 Advanced Security SD Extension Simplified Specification, V2.0, , May 2010
SD Specifications Part 1 NFC (Near Field Communication) Interface Simplified Addendum Version 1.00, , June 2013
Near Field Communication Wired Interface (NFC-WI), 2nd edn, ECMA, Geneva, June 2012
TS 102 622: Technical Specification Smart Cards; UICC – Contactless Front-end (CLF) interface; Host Controller Interface (HCI) V7.0.0, ETSI, Sophia Antipolis, February 2008
NFC Controller Interface (NCI) Specification, V1.0, NFC Forum, November 2012
NFC Secure Element Stepping Stones, V1.0, SIMAlliance, July 2013
GlobalPlatform Device; Secure Element Remote Application Management, V1.0, GlobalPlatform, May 2011

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

  • The Secure Element
  • Mike Hendry
  • Book: Near Field Communications Technology and Applications
  • Online publication: 05 December 2014
  • Chapter DOI: https://doi.org/10.1017/CBO9781107446854.008
Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

  • The Secure Element
  • Mike Hendry
  • Book: Near Field Communications Technology and Applications
  • Online publication: 05 December 2014
  • Chapter DOI: https://doi.org/10.1017/CBO9781107446854.008
Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

  • The Secure Element
  • Mike Hendry
  • Book: Near Field Communications Technology and Applications
  • Online publication: 05 December 2014
  • Chapter DOI: https://doi.org/10.1017/CBO9781107446854.008
Available formats
×