Share

Related Links

  • Thales
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

Thales develops on-SIM mobile wallet authentication and encryption technology

17 August 2011

Thales has developed what it claims is the industry's first cryptographic technology capable of running in the memory of a cellular phone's SIM card, meaning that the secure m-wallet function can operate wholly on the SIM card, interacting with secure servers across cellular data channels.

According to Steve Brunswick, a security strategy manager with the firm's e-security division, taking this approach means that the m-wallet function can operate independently of the handset and can be used in several devices, rather than being locked to a single device as many m-wallet-enabled mobile features currently are.

The bottom line with the technology, he told Infosecurity, is that cellcos and their users – as well as operators of the m-wallet system – do not need to worry about the underlying transport technology and its security, as the SIM card is doing the spade work on the security front.

“You can't rely on your communications device or the operating system to be completely secure. With this technology, the SIM card becomes the secure authenticator for m-wallet and other secure applications”, he explained.

Brunswick went on to say that the SIM card m-payment technology makes the process of developing payment applications simpler,more efficient and more secure, with the interactions between the SIM card and the secure servers of the financial institution taking place over-the-air (OTA).

Today’s mobile payments issuers, says Thales, have to use multiple core cryptographic function calls to build the data needed to issue a payment application and to create the secure messages required to personalise the mobile phone with the application on an OTA basis.

This approach, the firm adds, can be lengthy, inefficient, and less secure as it can potentially expose sensitive data.

Brunswick says that the new card and phone personalisation software developed by Thales is based on the industry standard specifications for secure messaging developed and published by GlobalPlatform.

So who will adopt the technology?

According to Brunswick, few banks and financial institutions manufacture the smart card chipsets that go into today's debit and credit cards, so it is likely that the technology will be integrated by existing specialist card manufacturers, who will also develop and produce the technology for integration in cellular SIM cards.

The move also means that it will – in theory at least – be possible to slot in an enabled SIM into almost any cellular handset - and not just the latest smartphone - and authenticate m-wallet transactions from the mobile, using OTA transmissions.

 

This article is featured in:
Data Loss  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×