Weitere Kapitel dieses Buchs durch Wischen aufrufen
Mobile Network Operators’ (MNOs) role as keystone players in the smartphone business ecosystem is challenged by other actors and technologies that could reduce the importance of the Universal Integrated Circuit Card (UICC, aka the SIM card). Modern UICC are Java Cards that include a Global Platform conformant Secure Element currently under the MNOs control. We argue that there is an opportunity in the smartphone business ecosystem to offer easy access for customers and service providers to the Secure Element on the UICC for storing data and for installing and executing applications with high demands for security. The MNOs could let the customers own and manage their private Global Platform specified Supplementary Security Domain on the Secure Element, thereby enabling new business models for services using this asset. We have designed and implemented SecurePlay, a client side, proxy based “lightweight” Trusted Service Manager (TSM) prototype and have successfully used it to manage Secure Elements on UICC in the Telenor operated mobile phone network in Norway. SecurePlay is a novel technical approach to management of the Secure Element, which allows operators to cost efficiently enable end-user ownership and operation of their own private security. A proof-of-concept prototype of the proxy based TSM is presented and business aspects are discussed.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Evjemo, B., Akselsen, S., Slettemeås, D., Munch-Ellingsen, A., Andersen, A., & Karlsen, R. (2014). “I expect smart services!”: User feedback on NFC based services addressing everyday routines. Mobility and Smart Cities, Mobility IoT.
Alimi, V., & Pasquet, M. (2009). Post-distribution provisioning and personalization of a payment application on a UICC-based secure element. Proceedings of the 4th international conference on availability, reliability and security (ARES 2009).
Reveilhac, M., & Pasquet, M. (2009). Promising secure element alternatives for NFC technology. Proceedings of 1st international workshop on near field communication, pp. 75–80.
Asif, S. Z. (2010). Next generation mobile communications ecosystem: Technology management for mobile communications. Wiley.
Sun Microsystems. (2006). Java Card, version 2.2.2. Specifications, Sun Microsystems, Inc.
GlobalPlatform. (2006). GlobalPlatform, version 2.2. Specifications, GlobalPlatform.
Gemalto. (2008). The role of the TSM. The Review, p. 7.
Common Criteria. (2012). Common criteria for information technology security evaluation, version 3.1, revision 4. International Standard ISO/IEC 15408, Common Criteria.
Leopold, H., Campbell, A., Hutchison, D., & Singer, N. (1992). Towards a integrated quality of service architecture (QOS-A) for distributed multimedia communications. In A. Danthine & O. Spaniol (Eds.), High Performance Networking, IV, Proceedings of the IFIP TC6/WG6.4 4th international conference on high performance networking, IFIP Transactions, vol. C-14, pp. 169–182, Liège, Belgium, Elsevier Science B. V.
ISO/IEC. (2013). Identification cards—integrated circuit cards—part 4: Organization, security and commands for interchange. Published Standard ISO/IEC 7816-4:2013, ISO/IEC.
SIM Alliance. (2013). Open Mobile API specification, v2.04. Specifications, SIM Alliance.
NFC Forum. (2007). Near field communication and the NFC forum: The keys to truly interoperable communications. White paper, NFC Forum.
ETSI. (2010). Smart cards; uicc—contactless front-end (clf) interface; host controller interface (hci), release 11. Technical Specification TS 102 622, ETSI.
OSPT Alliance. (2012). Cipurse specification, version 2.0. Specification, The Open Standard for Public Transport Alliance.
Benyó, B. (2009). Business process analysis of NFC-based services. In IEEE International Conference on Computational Cybernetics (ICCC 2009), pp. 75–79. IEEE.
Juntunen, A., Luukkainen, S., & Tuunainen, V. K. (2010). Deploying NFC technology for mobile ticketing services: Identification of critical business model issues. Ninth international conference on mobile business and ninth global mobility roundtable (ICMB-GMR 2010).
Bouwman, H., Vos, H., & Haaker, T. (Eds). (2008). Mobile service innovation and business models. Springer.
Osterwalder, A., & Pigneur, Y. (2010). Business model generation: A handbook for visionaries, game changers, and challengers. Wiley.
GlobalPlatform. (2011). The trusted execution environment: Delivering enhanced security at a lower cost to the mobile market. White paper, GlobalPlatform.
Urien, P., & Piramuthu, S. (2013). Towards a secure cloud of secure elements: Concepts and experiments with NFC mobiles. In G. C. Fox & W. W. Smari (Eds.), International Conference on Collaboration Technologies and Systems (CTS’13), pp. 166–173, San Diego, CA, USA, IEEE.
Pourghomi, P., & Ghinea, G. (2012). Managing NFC payment applications through cloud computing. International conference for internet technology and secured transactions, pp. 772–777.
- Customer Managed Security Domain on Mobile Network Operators’ SIM Cards: Opportunities to Enable New Business Models
- Springer Berlin Heidelberg