01 March 2017
Visit EBAday.com

GlobalPlatform releases mobile security mechanism

20 June 2012  |  1499 views  |  0 Source: GlobalPlatform

GlobalPlatform, the organization which standardizes the management of applications on secure chip technology, has released its Secure Element (SE) Access Control (AC) security mechanism, which prevents unauthorized applications residing in a mobile device communicating with an SE.

The technical specification has been developed to ensure that legitimate secure mobile services are not denied access to the SE due to malicious third parties.

High value mobile applications, such as banking and ticketing, rely on an application residing in a mobile wallet and its counterpart application - which stores sensitive information - residing in the SE. To successfully and efficiently deliver services to end-users the wallet requires immediate connection to the SE. This link, therefore, needs to be restricted to authorized and approved parties.

"Failure to restrict access to the SE communication channel could result in a fake wallet application popping up during a SE-based transaction that could send the wrong, or too many, commands to the SE," explains Christophe Colas, GlobalPlatform Device Committee Chair and Marketing Director at Trusted Logic Mobility (an affiliate of Gemalto). "This would result in 'denial of service' attacks or personal identification number (PIN) blocking, and a secure application being unable to perform as required."

The document released by GlobalPlatform, which will be of particular interest to SE and handset manufacturers as well as SE issuers, specifies how the access policy is stored in the SE and how it can be accessed and used by the device. The policy will be enforced within the device operating system.

Christophe continues: "GlobalPlatform responds to market requirements and recognizes the need to offer a standard in particular to support current NFC deployments. GlobalPlatform Specifications already detail how several parties can independently and securely manage their activity on a SE. This recent enhancement ensures that once applications are deployed they will not be compromised by malicious attacks which aim to disrupt service delivery. Furthermore, additional activities are ongoing in GlobalPlatform to complement the end-to-end security of the SE and mobile wallet thankss to its work to standardize the Trusted Execution Environment."

GlobalPlatform is also advancing its SE compliance program, which was endorsed by EMVCo - the EMV® standards body collectively owned by American Express, JCB, MasterCard and Visa - earlier this year. 

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comhttp://www.financialcrimerisk.fiserv.com/aml?r=finextravisit dh.com

Top topics

Most viewed Most shared
Starling releases Open API, talks up marketplace modelStarling releases Open API, talks up marke...
8731 views comments | 19 tweets | 18 linkedin
Barclaycard strikes new wearable deals for contactless jewellery and watchesBarclaycard strikes new wearable deals for...
7963 views comments | 17 tweets | 15 linkedin
In wake of Cloudflare bug, Starling advises customers to change passwordsIn wake of Cloudflare bug, Starling advise...
7346 views comments | 7 tweets | 12 linkedin
Bank of America first to launch Zelle P2P paymentsBank of America first to launch Zelle P2P...
7182 views comments | 12 tweets | 10 linkedin
Kaspersky records uptick in financial phishing and banking malwareKaspersky records uptick in financial phis...
6793 views comments | 6 tweets | 8 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job