The MIFARE® classic family, developed by NXP Semiconductors is the pioneer and front runner in contactless smart card ICs operating in the 13.56 MHz frequency range with read/write capability. MIFARE® is a trademark of NXP Semiconductors. MIFARE complies with ISO14443 A, which is used in more than 80% of all contactless smart cards today. The technology is embodied in both cards and card reader devices. MIFARE cards are being used in an increasingly broad range of applications (including transport ticketing, access control, e-payment, road tolling, and loyalty applications). MIFARE Standard (or Classic) cards employ a proprietary high-level protocol with a proprietary security protocol for authentication and ciphering. MIFARE® technology has become a standard for memory devices with key-protected memory sectors. One example for a published product specification of MIFARE® technology is the data sheet “MIFARE® Standard Card IC MF1 IC S50—Functional Specification” (1998). MIFARE® technology is also discussed in: Klaus Finkenzeller, “RFID Handbuch”, HANSER, 3rd edition (2002).
The MIFARE Classic cards are fundamentally just memory storage devices, where the memory is divided into sectors and blocks with simple security mechanisms for access control. Each device has a unique serial number. Anticollision is provided so that several cards in the field may be selected and operated in sequence.
The MIFARE Standard 1k offers about 768 bytes of data storage, split into 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 byte); each sector is protected by two different keys, called A and B. They can be programmed for operations like reading, writing, increasing value blocks, etc. The last block of each sector is called “trailer”, which contains two secret keys (A and B) and programmable access conditions for each block in this sector. In order to support multi-application with key hierarchy an individual set of two keys (A and B) per sector (per application) is provided.
The memory organization of a MIFARE Standard 1k card is shown in FIG. 1. The 1024×8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. The first data block (block 0) of the first sector (sector 0) is the manufacturer block. It contains the IC manufacturer data. Due to security and system requirements this block is write protected after having been programmed by the IC manufacturer at production. The manufacturer block is shown in detail in FIG. 2.
Now referring again to FIG. 1 all sectors of the memory contain 3 blocks of 16 bytes for storing data (except sector 0 which contains only two data blocks and the read-only manufacturer block). These data blocks can be configured by the access bits as read/write blocks for e.g. contactless access control or value blocks for e.g. electronic purse applications, where additional commands like increment and decrement for direct control of the stored value are provided. The value blocks have a fixed data format which permits error detection and correction and a backup management. An authentication command has to be carried out before any memory operation in order to allow further commands.
Each sector of the memory further has it own sector trailer (see FIG. 3) containing the secret keys A and B (optional), which return logical “0”s when read and the access conditions for the four blocks of that sector, which are stored in bytes 6 . . . 9. The access bits also specify the type (read/write or value) of the data blocks. If key B is not needed, the last 6 bytes of block 3 can be used as data bytes.
MIFARE ICs are typically connected to a coil with a few turns and then embedded in plastic to form a passive contactless smart card. No battery is needed since the IC is supplied with energy from the field. When the card is positioned in the proximity of the reader antenna, the high speed RF communication interface allows to transmit data with 106 kBit/s. The typical operating distance of a MIFARE memory device is up to 100 mm (depending on antenna geometry). A typical ticketing transaction needs less than 100 ms (including backup management).
SmartMX (Memory eXtension) is a family of smart cards that have been designed by NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options. Key applications are e-government, banking/finance, mobile communications and advanced public transportation.
The ability to run the MIFARE protocol concurrently with other contactless transmission protocols implemented by the User Operating System enables the combination of new services and existing applications based on MIFARE (e.g. ticketing) on a single Dual Interface controller based smart card. SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure. The contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols. SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security. SmartMX incorporates a range of security features to counter measure side channel attacks like DPA, SPA etc. A true anticollision method (acc. ISO/IEC 14443-3), enables multiple cards to be handled simultaneously.
It should be noted that the emulation of MIFARE Classic cards is not only restricted to SmartMX cards, but there may also exist other present or future smartcards being able to emulate MIFARE Classic cards.
It should further be noted that the invention is not restricted to MIFARE technology, but also applies to other memory devices, particularly those that comprise a plurality of memory sectors wherein the sectors are protected against unauthorized access by sector keys.
Recently, mobile communication devices have been developed which contain memory devices having unique memory device identifications, like MIFARE devices, either being configured as MIFARE Classic cards or as MIFARE emulation devices like SmartMX cards. These mobile communication devices comprise e.g. mobile phones with Near Field Communication (NFC) capabilities, but are not limited to mobile phones.
In February 2007 the GSM Assocation (GSMA) published a white paper outlining operator community guidance for the eco-system parties involved in the development of Mobile NFC (Near Field Communication) services. Mobile NFC is defined as the combination of contactless services with mobile telephony, based on NFC technology. The mobile phone with a hardware-based secure identity token (the UICC) can provide the ideal environment for NFC applications. The UICC can replace the physical card thus optimising costs for the Service Provider, and offering users a more convenient service.
Various different entities are involved in the Mobile NFC ecosystem. These are defined below:                Customer—uses the mobile device for mobile communications and Mobile NFC services. The customer subscribes to an MNO and uses Mobile NFC services.        Mobile Network Operator (MNO)—provides the full range mobile services to the Customer, particularly provides UICC and NFC terminals plus Over The Air (OTA) transport services.        Service Provider (SP)—provides contactless services to the Customer (SPs are e.g. banks, public transport companies, loyalty programs owners etc.).        Retailer/Merchant—service dependent, e.g. operates a NFC capable Point of Sales (POS) terminal.        Trusted Service Manager (TSM)—securely distributes and manages the Service Providers' services to the MNO customer base.        Handset, NFC Chipset and UICC Manufacturer—produce Mobile NFC/Communication devices and the associated UICC hardware.        Reader Manufacturer—produces NFC reader devices.        Application developer—designs and develops the Mobile NFC applications.        Standardisation Bodies and Industry Fora—develop a global standard for NFC, enabling interoperability, backward compatibility and future development of NFC applications and services.        
One of the key findings in said white paper is that Mobile NFC will be successful provided that the Mobile NFC ecosystem is steady, providing value for all entities within it; and is efficient, by introducing a new role of the Trusted Service Manager.
The role of the Trusted Service Manager (TSM) is to:                Provide the single point of contact for the Service Providers to access their customer base through the MNOs.        Manage the secure download and life-cycle management of the Mobile NFC application on behalf of the Service Providers.        
The TSM does not participate in the transaction stage of the service, thus ensuring that the Service Providers' existing business models are not disrupted. Depending on the national market needs and situations, the TSM can be managed by one MNO, a consortium of MNOs, or by independent Trusted Third Parties. The number of operating TSMs in one market will depend on the national market needs and circumstances.
The present inventions applies to a Mobile NFC ecosystem with Trusted Service Manager (TSM) as disclosed in the above referenced GSMA white book. Particularly, it takes into account the specific role of the TSM which acts as the single point of contact for the Service Providers to access their customer base through the MNOs and manages the secure download and life-cycle management of the Mobile NFC application on behalf of the Service Provider. However, while the GSMA whitebook defines the role of the TSM in theory, for successful applications in practice there are still a couple of issues to be considered. For instance, when Service Providers intend to provide applications, particularly MIFARE applications (ticket issue, access control, coupon issue etc.) they prefer to transmit the application by SMS via the over-the-air (OTA) services of a Mobile Network Operator (MNO) to an NFC capable mobile phone being equipped with a memory device that comprises a plurality of key-protected memory sectors, particularly a MIFARE memory. In the NFC mobile phone the application has to be extracted from the SMS and has to be written either into (arbitrary) free memory sectors or into predefined sectors of a memory device that is specifically allocated to that particular application.
While the approach that the TSM is the only instance that controls the memory devices in mobile communication devices, particularly NFC mobile phones, brings about many advantages it has nevertheless also weak points. One of them is the fact that neither the Mobile Network Operator nor the Service Providers have full knowledge of what applications and services are installed in the mobile communication devices. When such a mobile communication device is reported as lost or stolen, the customer (who is the user and/or owner of this mobile communication device) wants to stop all applications and services (i.e. underground yearly pass, credit card and so on) installed in his device to hinder abuse of these services. In order to do this the customer has two choices: to contact his Mobile Network Operator and/or to contact all the Services Providers which have delivered the services and applications.
When being informed about a lost or stolen mobile communication device the Mobile Network Operator can discard the installed services on the mobile communication device but has no clue on how to stop the customer's registrations associated with the installed services.
When the customer intends to contact the Service Providers without having his mobile communication device at hand it could be difficult for him to remember what services have been installed and who are the Service Providers of these services.