Share

Related Links

  • Thales
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Signify moves 2FA onto Android smartphones and tablets
    Signify has enabled its software token two-factor authentication (2FA) service as an Android app, making the company one of the first to extend 2FA to the Google smartphone platform. The Android app joins similar apps available for the BlackBerry, iPhone and iPad platforms.
  • Firm develops non-jailbreak iPhone unlock solution
    A small US firm called CutYourSim has developed an iPhone unlocking solution that appears to be the first to avoid having to jailbreak smartphone handsets.
  • iPhone cracking competition criticised by three-time winner
    The simmering row between security experts and white hat hackers over so-called cracking contests has boiled over, with the organisers of the Pwn2Own competition – which opens on 9 March in Vancouver – defending their role in the industry.
  • Global Security Challenge winner taps cloud computing for expansion
    As reported last week, the 5th Global Security Challenge was won by two companies – mPedigree and iWebGate – the former of which is a social enterprise start-up from Ghana that allows consumers and patients to verify the authenticity of their medicines by sending a free text message to the number on their drug wrapper. Infosecurity caught up with Bright Simons, the director of the company, on how the $200,000 award from the US DoD will assist his firm.
  • Six people charged in £4.5 million-plus UK cellco fraud
    UK cellcos have always been hit by fraud from multiple angles, largely because of the hefty subsidies they apply to handsets, as well as the ability of criminals to set up international calling shops using fraudulently obtained SIM cards. But now the City of London police have arrested 11 people in a £4.5 million fraud.

Top 5 Stories

News

Thales develops on-SIM mobile wallet authentication and encryption technology

17 August 2011

Thales has developed what it claims is the industry's first cryptographic technology capable of running in the memory of a cellular phone's SIM card, meaning that the secure m-wallet function can operate wholly on the SIM card, interacting with secure servers across cellular data channels.

According to Steve Brunswick, a security strategy manager with the firm's e-security division, taking this approach means that the m-wallet function can operate independently of the handset and can be used in several devices, rather than being locked to a single device as many m-wallet-enabled mobile features currently are.

The bottom line with the technology, he told Infosecurity, is that cellcos and their users – as well as operators of the m-wallet system – do not need to worry about the underlying transport technology and its security, as the SIM card is doing the spade work on the security front.

“You can't rely on your communications device or the operating system to be completely secure. With this technology, the SIM card becomes the secure authenticator for m-wallet and other secure applications”, he explained.

Brunswick went on to say that the SIM card m-payment technology makes the process of developing payment applications simpler,more efficient and more secure, with the interactions between the SIM card and the secure servers of the financial institution taking place over-the-air (OTA).

Today’s mobile payments issuers, says Thales, have to use multiple core cryptographic function calls to build the data needed to issue a payment application and to create the secure messages required to personalise the mobile phone with the application on an OTA basis.

This approach, the firm adds, can be lengthy, inefficient, and less secure as it can potentially expose sensitive data.

Brunswick says that the new card and phone personalisation software developed by Thales is based on the industry standard specifications for secure messaging developed and published by GlobalPlatform.

So who will adopt the technology?

According to Brunswick, few banks and financial institutions manufacture the smart card chipsets that go into today's debit and credit cards, so it is likely that the technology will be integrated by existing specialist card manufacturers, who will also develop and produce the technology for integration in cellular SIM cards.

The move also means that it will – in theory at least – be possible to slot in an enabled SIM into almost any cellular handset - and not just the latest smartphone - and authenticate m-wallet transactions from the mobile, using OTA transmissions.

 

This article is featured in:
Data Loss  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×