There are mobile communication devices known which contain memory devices having unique memory device identifications, e.g. the MIFARE® classic family, developed by NXP Semiconductors, a contactless smart card IC operating in the 13.56 MHz frequency range with read/write capability. Recently, secure memory elements have been developed which are memory devices providing enhanced security features, particularly for the use in mobile phones and other mobile communication devices with Near Field Communication (NFC) capabilities. Said secure memory elements are also known as “Smard Cards”. One of the leading representatives of these secure memory elements is the SmartMX (Memory eXtension) smart card family that has been designed by NXP Semiconductors for high-security smart card applications requiring highly reliable solutions, with or without multiple interface options. Key applications are e-government, banking/finance, mobile communications and advanced public transportation. SmartMX architecture combines coprocessors for RSA, ECC, DES and AES and enables implementation of operating systems including Java Open Platform and MULTOS. The ability of SmartMX cards to run the MIFARE protocol concurrently with other contactless transmission protocols implemented by the User Operating System enables the combination of new services and existing applications based on MIFARE (e.g. ticketing) on a single Dual Interface controller based smart card. SmartMX cards are able to emulate MIFARE Classic devices and thereby makes this interface compatible with any installed MIFARE Classic infrastructure. The contactless interface can be used to communicate via any protocol, particularly the MIFARE protocol and self defined contactless transmission protocols. SmartMX enables the easy implementation of state-of-the-art operating systems and open platform solutions including JCOP (the Java Card Operating System) and offers an optimized feature set together with the highest levels of security.
In February 2007 the GSM Association (GSMA) published a white paper outlining operator community guidance for the eco-system parties involved in the development of Mobile NFC (Near Field Communication) services. Mobile NFC is defined as the combination of contactless services with mobile telephony, based on NFC technology. The mobile phone with a hardware-based secure identity token (the UICC) can provide the ideal environment for NFC applications. The UICC can replace the physical card thus optimising costs for the Service Provider, and offering users a more convenient service. Various different entities are involved in the Mobile NFC ecosystem. These are defined below:                Customer—uses the mobile device for mobile communications and Mobile NFC services. The customer subscribes to an MNO and uses Mobile NFC services.        Mobile Network Operator (MNO)—provides the full range mobile services to the Customer, particularly provides UICC and NFC terminals plus Over The Air (OTA) transport services.        Service Provider (SP)—provides contactless services to the Customer (SPs are e.g. banks, public transport companies, loyalty programs owners etc.).        Retailer/Merchant—service dependent, e.g. operates a NFC capable Point of Sales (POS) terminal.        Trusted Service Manager (TSM)—securely distributes and manages the Service Providers' services to the MNO customer base.        Handset, NFC Chipset and UICC Manufacturer—produce Mobile NFC/Communication devices and the associated UICC hardware.        Reader Manufacturer—produces NFC reader devices.        Application developer—designs and develops the Mobile NFC applications.        Standardisation Bodies and Industry Fora—develop a global standard for NFC, enabling interoperability, backward compatibility and future development of NFC applications and services.        
One of the key findings in said white paper is that Mobile NFC will be successful provided that the Mobile NFC ecosystem is steady, providing value for all entities within it; and is efficient, by introducing a new role of the Trusted Service Manager.
The role of the Trusted Service Manager (TSM) is to:                Provide the single point of contact for the Service Providers to access their customer base through the MNOs.        Manage the secure download and life-cycle management of the Mobile NFC application on behalf of the Service Providers.        
The TSM does not participate in the transaction stage of the service, thus ensuring that the Service Providers' existing business models are not disrupted. Depending on the national market needs and situations, the TSM can be managed by one MNO, a consortium of MNOs, or by independent Trusted Third Parties. The number of operating TSMs in one market will depend on the national market needs and circumstances.
Service Providers like banks, public transport companies, loyalty programs owners etc. provide contactless services to their subscribed customers who use these services in their mobile communication devices, e.g. NFC mobile phones. Contactless services comprise e.g. the provision of transport passes, cinema tickets, coupons, etc. which can be subsumed by the generic terms “applications” and “services”. In the following description the term “application” will be used in a broad sense that comprises all contactless services and applications and particularly NFC services and applications.
A customer buys applications from Service Providers for instance by ordering them from the website of a Service Provider. In the course of the purchasing procedure the customer inputs a unique identification number of his/her mobile communication device, e.g. the telephone number of a NFC mobile phone, so that the Service Provider knows unambiguously where to send the application. The Service Provider transmits the purchased application to the customer's mobile communication device via a Trusted Service Manager which securely distributes and manages the Service Provider's applications and transmits them to the mobile communication device.
When the applications are received by the mobile communication device they are stored in a secure memory element of the mobile communication device and can be consumed by the customer by positioning the mobile communication device within the range of transmission of a reading device which reads and processes the application in an appropriate manner, e.g. by giving the user access to an entrance of a concert hall.
The present invention applies to a Mobile NFC ecosystem with Trusted Service Manager (TSM) as disclosed in the above referenced GSMA white book. Particularly, it takes into account the specific role of the TSM which acts as the single point of contact for the Service Providers to access their customer base through the MNOs and manages the secure download and life-cycle management of the Mobile NFC application on behalf of the Service Provider. However, while the GSMA white book defines the role of the TSM in theory, for successful applications in practice there are still a couple of obstacles and problems to overcome. The issue that has to be addressed by the present invention is that it would be desirable for a customer to share or resell applications being stored in his mobile communication device with other people like friends or relatives. While from a technical point of view this sharing or reselling of applications could be done directly by sending an application from one mobile communication device to another (by using Bluetooth, NFC, WIFI and so on) such a direct sharing would pose the following problems in the context of the concept of Trusted Service Managers. The first problem with sharing/reselling of an application is that this application which has been provided by a Service Provider (and maybe is still owned by it) might be specific to one particular customer or his/her mobile communication device, respectively, and therefore will not work on other mobile communication devices. The second problem to overcome for sharing/reselling of applications is that both the Service Provider and the Trusted Service Manager must be aware of the sharing/reselling of applications they are in charge of. The Service Provider (particularly, if it is still the owner of the application) must grant the right to the customer to do so. It has also been taken into account that a Service Provider should have the technical possibility to charge the customer for sharing/reselling an application.