US 2012/0130838 A1 describes a method for personalizing secure elements in mobile devices, which is incorporated herein by reference. Furthermore, US 2012/0130838 A1 contains, in the section “Background”, a description of the background of the present disclosure, which is repeated herein for the sake of completeness.
Single functional cards have been successfully used in enclosed environments such as transportation systems. One example of such single functional cards is MIFARE that has been selected as the most successful contactless smart card technology. MIFARE is the perfect solution for applications like loyalty and vending cards, road tolling, city cards, access control and gaming.
However, single functional card applications are deployed in enclosed systems, which are difficult to be expanded into other areas such as e-commerce (electronic commerce) and m-commerce (mobile commerce) because stored values and transaction information are stored in data storage of each tag that is protected by a set of keys. The nature of the tag is that the keys need to be delivered to the card for authentication before any data can be accessed during a transaction. This constraint makes systems using such technology difficult to be expanded to an open environment such as the Internet for e-commerce and/or wireless networks for m-commerce as the delivery of keys over a public domain network causes security concerns.
In general, a smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor card contains volatile memory and microprocessor components. Smart cards may also provide strong security authentication for single sign-on (SSO) within large organizations. The benefits of smart cards are directly related to the volume of information and applications that are programmed for use on a card. A single contact/contactless smart card can be programmed with multiple banking credentials, medical entitlement, driver's license/public transport entitlement, loyalty programs and club memberships to name just a few. Multi-factor and proximity authentication can and has been embedded into smart cards to increase the security of all services on the card.
Contactless smart cards that do not require physical contact between card and reader are becoming increasingly popular for payment and ticketing applications such as mass transit and highway tolls. Such Near Field Communication (NFC) between a contactless smart card and a reader presents significant business opportunities when used in NFC-enabled mobile phones for applications such as payment, transport ticketing, loyalty, physical access control, and other exciting new services.
To support this fast evolving business environment, several entities including financial institutions, manufacturers of various NFC-enabled mobile phones and software developers, in addition to mobile network operators (MNO), become involved in the NFC mobile ecosystem. By nature of their individual roles, these players need to communicate with each other and exchange messages in a reliable and interoperable way.
One of the concerns in the NFC mobile ecosystem is its security in an open network. Thus there is a need to provide techniques to personalize a secure element in a contactless smart card or an NFC-enabled mobile device so that such a device is so secured and personalized when it comes to financial applications or secure transactions. With a personalized secure element in an NFC-enabled mobile device, various applications or services, such as electronic purse or payments, can be realized.
Generally speaking, the personalization of applications on a secure element requires the following steps to be performed:
1) Initial Secure Element (SE) keys are injected into the secure element.
2) An application is loaded into the secure element.
3) The application is personalized by loading credentials (e.g. keys) into the secure element.
Step 1 is typically done in a secure environment by a so-called Secure Element (SE) pre-personalizer or Operating System (OS) pre-personalizer. The SE keys injected in step 1 are usually die-individual in order to discourage potential attackers. This also adds complexity to the personalization process, mainly because of transmission of keys to the TSM.
Step 2 can be done in a secure environment by the SE pre-personalizer, or by a so-called Trusted Service Manager (TSM) in the field using the initial SE keys (or keys that were loaded into the SE using these initial SE Keys). A TSM provides a collection of services which help service providers to securely distribute and manage contactless services for their customers using the networks of mobile operators.
Step 3 is typically done by a TSM in the field using the initial SE Keys (or keys that were loaded into the SE using these initial SE Keys). The credentials are tied to a specific user. Thus, the credentials are linked to, or embed, personal data of said specific user. Services supporting the pre-provisioned SE are typically online transactions, for example payment transactions. In such transactions, the service provider needs to verify whether the link to a user has already been established.
Conventional methods for personalizing secure elements have the drawback that many steps and actors are involved. As a result of this complexity, personalizing applications on secure elements is an expensive process.