Increasingly, mobile devices, such as mobile phones, are being equipped with a secure element in the hardware of the phone which communicates with client applications on the phone, for example, for purposes of authentication. Currently, secure elements are found primarily in Near Field Communication (NFC)-enabled mobile phones. Such secure elements may be, for example, tamper-resistant integrated circuit (IC) chips capable of securely hosting applications and their confidential and cryptographic data. Secure elements may also be subscriber identity module (SIM)-card based. Thus, there may be a client application on the mobile phone and a secure element that is a physical IC chip, or that is SIM card-based, in the phone. Currently, communications originating from the client application and the secure element are not typically encrypted.
A simple example involving such a mobile phone may involve a user purchasing goods in a retail establishment with the user's NFC-enabled mobile phone. An authentication process on the user's mobile phone may confirm a communication between the client application on the phone that performs payment and the secure element (e.g., an NFC chip). As noted, such communications within the user's mobile phone are not currently encrypted. Moreover, there is currently no known solution that can provide payload encryption, non-repudiation and integrity checks for messages exchanged between the mobile application and the secure element without storing private keys or other secret keys in the mobile application which are consequently vulnerable, for example, to “sniffing” tools.
There is a current need for methods and systems for secure communications between a client application on a mobile device, such as a mobile phone, and a secure element, such as an NFC chip, on the mobile device that does not involve storing secret keys on the client application.