Thales develops on-SIM mobile wallet authentication and encryption technology

According to Steve Brunswick, a security strategy manager with the firm's e-security division, taking this approach means that the m-wallet function can operate independently of the handset and can be used in several devices, rather than being locked to a single device as many m-wallet-enabled mobile features currently are.

The bottom line with the technology, he told Infosecurity, is that cellcos and their users – as well as operators of the m-wallet system – do not need to worry about the underlying transport technology and its security, as the SIM card is doing the spade work on the security front.

“You can't rely on your communications device or the operating system to be completely secure. With this technology, the SIM card becomes the secure authenticator for m-wallet and other secure applications”, he explained.

Brunswick went on to say that the SIM card m-payment technology makes the process of developing payment applications simpler,more efficient and more secure, with the interactions between the SIM card and the secure servers of the financial institution taking place over-the-air (OTA).

Today’s mobile payments issuers, says Thales, have to use multiple core cryptographic function calls to build the data needed to issue a payment application and to create the secure messages required to personalise the mobile phone with the application on an OTA basis.

This approach, the firm adds, can be lengthy, inefficient, and less secure as it can potentially expose sensitive data.

Brunswick says that the new card and phone personalisation software developed by Thales is based on the industry standard specifications for secure messaging developed and published by GlobalPlatform.

So who will adopt the technology?

According to Brunswick, few banks and financial institutions manufacture the smart card chipsets that go into today's debit and credit cards, so it is likely that the technology will be integrated by existing specialist card manufacturers, who will also develop and produce the technology for integration in cellular SIM cards.

The move also means that it will – in theory at least – be possible to slot in an enabled SIM into almost any cellular handset - and not just the latest smartphone - and authenticate m-wallet transactions from the mobile, using OTA transmissions.


What’s hot on Infosecurity Magazine?