The present invention relates to a method for loading data and/or a secured application in an NFC (Near Field Communication) system or chipset comprising an NFC interface circuit.
NFC technology is currently developed by an industrial consortium grouped under the name Forum NFC (http://www.nfc-forum.org). NFC technology is derived from RFID (Radio Frequency Identification) technology and uses NFC components having several operating modes, i.e. a “Reader” Mode, a “card emulation” mode, and a “device” mode (also referred to as “device-to-device” mode). In the “reader” mode, the NFC component operates like a conventional RFID reader to read- or write-access an RFID chip (chip card or contactless tag). It emits a magnetic field, sends data by modulating the amplitude of the magnetic field and receives data by load modulation and inductive coupling. In the “emulation” mode, described by the patent EP 1 327 222 in the name of the applicant, the NFC component operates passively like a transponder to dialogue with another reader and to be seen by the other reader as an RFID chip. The component does not emit any magnetic field, receives data by demodulating a magnetic field emitted by the other reader and sends data by modulating the impedance of its antenna circuit (load modulation). In the “device” mode, the component must pair with another NFC component that is in the same operating mode, and each NFC component in turn goes into a passive state (without field emission) for receiving data and into an active state (with field emission) for sending data.
In addition to these three operating modes (other operating modes could be designed in the future), an NFC component can implement several contactless communication protocols and is for example capable of exchanging data according to the ISO 14443-A protocol, the ISO 14443-B protocol, the ISO 15693 protocol, etc. Each protocol defines a frequency of emission of the magnetic field, a modulation method for modulating the amplitude of the magnetic field to send data in active mode, and a load modulation by inductive coupling method to send data in passive mode. Therefore, an NFC component is a multimode and multi-protocol device. The applicant markets for example an NFC component under the name “MicroRead”.
Due to its extended communication capacities, an NFC component is intended to be integrated into portable devices such as cellular telephones or PDAs (Personal Digital Assistant). As a result, an NFC chipset of the type represented in FIG. 1 is produced, i.e. a chipset comprising an NFC component (referenced “NFCR1”) and at least one first host processor HP1. “Host processor” means any integrated circuit comprising a microprocessor or a microcontroller and which is connected to a port of the NFC component. In many applications, the NFC chipset also comprises a second host processor HP2, and sometimes a third HP3.
The first host processor HP1 is the main processor of the device into which the NFC component is embedded, while the second host processor HP2 is a secure circuit. The host processor HP1 is generally a non-secured processor, for example the baseband circuit (or radiotelephone circuit) of a mobile telephone. The host processor HP2 is for example a SIM card (i.e. the microcontroller present in a SIM card). Other host processors can be provided particularly for applications providing services other than communication services, such as banking services enabling the NFC chipset to be used as a means of payment.
Therefore, the resources of the NFC component are made available to the processors HP1, HP2 to enable them to manage contactless applications. Such applications are shown in FIG. 2 that represents a mobile telephone 30 equipped with the NFC chipset in FIG. 1. The following can be distinguished:
1) applications of AP1 type: the NFC component of the mobile telephone 30 is in reader mode to read or write a contactless integrated circuit CLCT. The mobile telephone is in this case used like an RFID reader. This type of application can be free of charge and consist for example in reading advertising data inserted into an advertisement of a bus shelter. The application can also be payable and consist for example in reading information reserved for subscribers. The program of the application AP1 is preferably held and executed by the processor HP1 if the service is free of charge or will preferably be held and executed by the processor HP2 if it is payable as it requires an identification of the subscriber. Thus, as shown in FIG. 1, an application AP1 can be processed by the processor HP1 or the processor HP2.
2) applications of AP2 type: the NFC component of the telephone 30 is in card emulation mode to be read by conventional RD readers in payment or payable access control applications (payment machine, entrance to the subway, etc.). The mobile telephone 30 is then used like a chip card. The program of the application AP2 is preferably held and executed by the secure processor HP2, as represented in FIG. 1, as the access to the service requires an identification of the subscriber.
3) applications of AP3 type: the NFC component of the telephone 30 is in “device” mode and dialogues with another device, for example a reader embedded into another mobile telephone 31 or a computer 32. This type of application is generally free of charge and enables data packets to be transferred from one device to another (particularly point-to-point file transfer). The program of the application AP3 is preferably held and executed by the non-secure processor HP1, as shown in FIG. 1, which has a computing power greater than the secure processor HP2 if the latter is a SIM card processor.
FIG. 3 schematically represents the architecture of an NFC component. The component comprises an interface circuit CLINT for contactless data sending/receiving, equipped with an antenna circuit ACT, the hard-wired communication interfaces INT1, INT2, INT3 connected to the interface circuit CLINT, and a controller NFCC. The interface INT1 is connected to the host processor HP1, the interface INT2 is connected to the host processor HP2, and the interface INT3 is connected to the host processor HP3. All these components form an NFC chipset.
In the AP2-type applications, it is however necessary to be able to identify the chipset and/or its owner with a high level of security. Now, one of the host processors (for example HP2), i.e. the SIM card of the mobile telephone, enables the user to be identified with the mobile telephony operator with a high level of security. For this purpose, the SIM card is supplied and customized by the operator. Therefore, it is difficult to envisage introducing into the SIM card other data or applications enabling the implementation of services provided by other entities, such as banks or transport service providers for example. It is therefore necessary to provide another secured host processor in the chipset. Providing a second detachable SIM-type card customized by the service provider has disadvantages in terms of space requirement and current consumption. Furthermore, if the user wishes to access services other than those offered by the service provider having supplied the SIM card, it is difficult to envisage using the same SIM card as the application needed to implement the service will be difficult to certify. The user will therefore have to obtain another card and change the card inserted into the chipset each time he/she wishes to access other services. Providing a non-detachable secured host processor in an NFC chipset also raises difficulties as to the procedure of customizing the host processor needed to establish secured communications between the host processor and the external environment of the chipset, either through a mobile telecommunication network, or through the contactless link offered by the NFC component.
It is thus desirable to enable a chipset to access services provided by different entities with a level of security equivalent to that offered by a SIM card.
Thus, in one embodiment, a method is provided for securely loading data into a first secured host processor of an NFC system comprising an NFC interface circuit for sending and receiving data, to access a service.
According one embodiment, the method comprises steps of: generating a secret data, transmitting the secret data to the first host processor through a secured link, ciphering data to be loaded into the first host processor using a public key of the first host processor, and transmitting the ciphered data to the NFC system for the first host processor which deciphers the data using a private key corresponding to the public key of the first host processor.
According to one embodiment, the method comprises steps of ciphering data to be loaded into the first host processor using the secret data, before being transmitted to the host processor, and deciphering the ciphered data by the host processor, using the secret data.
According to one embodiment, the method comprises prior steps of authenticating the NFC system and the operator generating the secret data.
According to one embodiment, the authentication of the NFC system and of the operator is performed by a service provider supplying the data to be loaded into the host processor, by checking certificates with a trusted certificate authority.
According to one embodiment, the method comprises a prior step of determining the recipient NFC system of the secret data from the identity of a user of the NFC system.
According to one embodiment, the secret data is transmitted in signed form by the operator having generated the secret data, and the signature is checked by a service provider supplying the data to be loaded into the first host processor.
According to one embodiment, the data to be loaded are transmitted in ciphered form to the NFC system through a mobile telephone network, and through a basic mobile telephone circuit.
According to one embodiment, the data to be loaded are transmitted in ciphered form to the NFC system through a contactless-reading integrated circuit card communicating with the NFC interface circuit.
According to one embodiment, the secured link between the operator and the host processor is produced through a second secured host processor of the NFC system.
According to one embodiment, the establishment of the secured communication link between the first host processor and the operator comprises steps of: authenticating the NFC system by a trusted certificate authority, generating a session key, ciphering the session key using a public key of the first host processor, transmitting the ciphered session key to the first host processor, and deciphering the session key by the first host processor using a private key corresponding to the public key of the first host processor, the session key then being used to cipher data transmitted between the first host processor and the operator.
According to one embodiment, the session key is generated by a second secured host processor of the NFC system.
According to one embodiment, the method comprises initial steps of the first host processor receiving a certificate of authenticity, a secured communication link being established with the operator after the certificate of authenticity has been checked and only if the certificate is valid.
According to one embodiment, the method comprises steps of exchanging secret data between a controller connected to the NFC interface circuit, the first host processor and a third non-secured host processor of the NFC system, a communication link between the controller, and the first and third host processors being established only after the secret data have been checked and only if the checking reveals no errors.
According to one embodiment, the method comprises initial steps of transmitting to the first host processor a unique identifier associated with a certificate of authenticity, which are stored by the first host processor.
According to one embodiment, the method comprises steps of checking that the secret data received by the host processor corresponds to the secret data generated, the ciphered data being not transmitted if the checking reveals an error.
According to another embodiment, there is provided an NFC system comprising a first secured host processor connected to an NFC interface circuit sending and receiving data, to access a service.
According to one embodiment, the first host processor is configured to: receive a secret data in a secured manner, receive ciphered data, and decipher the data received using a private key corresponding to the public key of the first host processor.
According to one embodiment, the host processor is configured to decipher the data received using the secret data.
According to one embodiment, the system comprises a basic mobile telephone circuit configured to receive in ciphered form the data to be loaded and transmit them to the first host processor.
According to one embodiment, the NFC interface is configured to receive the data to be loaded in ciphered form, transmitted by a contactless-reading integrated circuit card, and transmit them to the host processor.
According to one embodiment, the system comprises a second secured host processor capable of being connected in a secured manner to the operator, and configured to generate a session key, cipher the session key using a public key of the first host processor, and transmit the ciphered session key to the first host processor, the first host processor being configured to decipher the session key using a private key corresponding to the public key of the first host processor, the session key then being used to cipher data transmitted between the first and the second host processor.
According to one embodiment, the system comprises a controller connected to the NFC interface circuit, and the first host processor, the controller and a third non-secured host processor are configured to exchange secret data, a communication link between the controller, the first and the third host processor being established only after the secret data have been checked and only if the checking reveals no errors.
According to one embodiment, the host processor is configured to receive and store during a customization phase a unique identifier of the NFC system associated with a certificate of authenticity.
According to another embodiment, a mobile telephone is provided comprising an NFC system as defined above.