Embodiments of the present invention relate to the installation and the execution of a secure application in a portable device of the mobile telephone type or equivalent.
Embodiments of the present also relate to, but not exclusively, NFC (Near Field Communication) technology as well as architectures of NFC devices or NFC chipsets, that is to say sets of chips having at least one NFC component.
NFC technology is currently being developed by an industrial consortium grouped under the name “NFC Forum” (http://www.nfc-forum.org). NFC is derived from RFID (Radio Frequency Identification) technology and uses NFC controllers having several functioning modes, in particular a “Reader Mode,” a “Card emulation” mode, and a “peer-to-peer” mode.
Important developments were made these past few years to integrate an NFC controller within portable objects of the mobile telephone type or equivalent (for example, Personal Digital Assistants (PDAs) equipped with a mobile telephone function). This integration in particular aims to endow such portable objects with a payment or access control (subway, bus, or the like) application, and other NFC technology applications such as reading tags or contactless electronic cards.
FIG. 1 shows an NFC device of the handheld device HD type, such as a mobile telephone, a PDA, or the like. The device HD includes an NFC controller termed NFCC and at least one host processor HP1, HP2 linked to the controller NFCC by a bus BS1, for example, of the Single Wire Protocol SWP type. A host processor HP2 may be an integrated circuit card designated Universal Integrated Circuit Card UICC, for example of the Subscriber Identity Module SIM card type. A host processor HP1 may also be the baseband processor of a mobile telephone (that is, the processor in charge of telephonic communications). In this case, the host processor HP1 can be connected to the controller NFCC by way of an asynchronous link BS2 managed by Universal Asynchronous Receiver Transiter UART ports. The processor HP2 may also be directly linked to the processor HP1 by a bus BS3 of the type ISO 7816.
The resources of the controller NFCC are put at the disposition of the host processor HP1 to allow it to manage contactless applications RAPi, CAPi. The controller NFCC includes a host controller HC and a contactless interface CLF (“Contactless Front End Interface”) equipped with an antenna coil AC1. In practice, the host controller HC and the interface CLF may be formed on a same semiconductor chip, such as the MicroRead® chip commercialized by the applicant, or be formed on two distinct chips, such as the chips “PicoRead® Microcontroller” and “PicoRead® RF Interface” commercialized by the applicant.
The interface CLF of the controller NFCC may generally function according to several RF technologies, for example “Type A” such as defined by ISO/IEC 14443 parts 2, 3, and 4; “Type B” such as defined by ISO/IEC 14443-2 with a standard framing such as defined by ISO/IEC 14443-3; “Type F” such as defined by ISO 18092 in passive mode at 212 and 424 ko/s (kilo octets per second); or by the Japanese Industrial standard JIS X 6319-4. Each RF technology, or contactless communication protocol, defines a frequency of emission of the magnetic field, a method of modulating the magnetic field to transmit data in active mode, a method of load modulation to transmit data in passive mode, a method of coding data, a data frame format, and the like.
Application examples of the NFC device are shown in FIG. 2, which shows a handheld device HD equipped with the NFC device of FIG. 1, the device HD here having the form of a mobile telephone. Reader applications RAP and card applications CAP are distinguished below.
Reader Applications (RAP)
The controller NFCC functions like an NFC reader to conduct a transaction with a contactless integrated circuit CIC. A reader application RAPi is executed by the host processor HP1 (FIG. 1). The latter places the interface CLF in an active functioning mode where it emits a magnetic field FLD, sends data by modulation of the magnetic field, and receives data by load modulation and inductive coupling. This type of application may be free (for example reading a tag present at a bus stop containing the bus time schedule) and be executed by a non-secure processor. The host processor HP1 may, in this case, be the baseband processor of the mobile telephone. If it is a payment application, the host processor executing the application is preferably a secure processor, for example a SIM card processor, because the access to the services requires an identification/authentication of the subscriber.
Card Applications (CAP)
The functioning principle of the card emulation mode is described by European patent EP 1 327 222 (see also U.S. Pat. No. 7,098,770) in the name of the applicant. A card application CAPi is executed by the host processor HP1 (FIG. 1). The latter places the controller NFCC in a passive functioning mode and with the controller NFCC forms the equivalent of a contactless integrated circuit, which is seen by a reader RD as a contactless card. Thus, the controller NFCC does not emit a magnetic field, receives data by demodulating a magnetic field FLD emitted by the reader RD, and emits data by modulating the impedance of its antenna circuit AC1 (load modulation). The considered applications are generally payment or paying access control (payment terminal, subway entrance, or the like) applications. The handheld device HD is therefore used in this case like a chipcard. This type of application is generally secure and the host processor HP1, HP2 executing the application program is thus a secure processor, for example a SIM card processor, comprising cryptographic functions for the authentication of the user and/or the authentication of the portable device with respect to a transaction terminal.
Diverse NFC device architectures dedicated to telephony have been envisaged, some using the SIM card processor to manage the NFC applications and others providing a second secure processor. These two solutions may also be combined.
Due in particular to the large number of stakeholders and the complexity of relations between them, the implementation of a secure application in an NFC device raises difficulties that impede the commercial development of secure NFC applications. Indeed, the portable device, the secure processor, and the controller NFCC are produced by different manufacturers. The secure processor (SIM card) is generally given to the final user by a mobile network operator, after security information such as identifiers, secret keys, and certificates related to the user have been received. The portable device may be supplied to the final user by the mobile network operator or by another entity. The application is done by a software developer. If payment transactions are to be performed, the application is certified by a certification organization linked to a bank organization. A software component of an application, commonly called an “applet,” is installed in a secure manner in the host secure processor and personalized with identification data of the user and of the portable device and with encryption keys specific to the application and to the user. The user is also referenced in a secure manner with a bank organization. A payment transaction also requires the intervention of a payment terminal produced by yet another manufacturer, and which also much be certified by a certification organization. The user of the payment terminal, a shopkeeper, must also be referenced in a secure manner with a bank organization. The mobile network operators are generally reticent to render the functions and security data of SIM cards accessible to others, such as suppliers of secure applications or of card payment services. It therefore results that the installation, requiring an authentication of the user, of an application in a portable device raises numerous difficulties. These difficulties appear each time an application must be installed, in particular in a secure processor of the portable device, and in particular when a user changes portable devices (mobile telephones) and must re-install the applications previously installed in an old portable device.
Moreover, faced with a small number of available applications, the manufacturers of mobile telephones do not see any benefit in increasing the prices of their telephones by integrating therein NFC controllers and, if necessary, supplementary secure processors.
It is therefore desired to have an NFC application deployment architecture that does not require the contribution of mobile network operators, all while offering a level of security compatible with payment and paying access control services. It is also desired that this architecture does not require the implementation of a centralized trusted server to ensure the management (emission, control, revocation) of secret data attributed to each mobile device for each application. It is also desired that each NFC application installed in a portable device is not attached to a particular portable device, but may be easily activated in another portable device. It is also desired that the supplier of an application may easily give the user access to the application, by minimizing the intervention of the user, and this without having to require the intervention of the mobile network operator or other entities.