Posts Tagged ‘UICC’
SIM Alliance agrees on specification for secure element access API
Written by NFC Admin Donnerstag, 8 Dezember 2011 10:18
The SIMalliance, an industry forum of smart card manufacturers and technology providers, agreed on a common API which allows a developer to access the secure element such as the UICC form an application running on the phone.
GSMA recommends Standard for UICC Secure Element Access Control
Written by NFC Admin Donnerstag, 1 Dezember 2011 12:59
The GSMA has published the latest releases of its technical NFC documents (version 2). With these documents the GSMA underlines its strong support for UICC (SIM card) based NFC services.
The handset API requirements document focuses on APIs that enable mobile apps to directly access secure NFC applications on the UICC. An example for this function: A mobile phone user wants to have a look into his mobile train tickets stored in the UICC. The transport app must be able to read the ticket information via API from the UICC.
Since malware could misuse this API to run denial of service attacks on UICC application (eg send wrong PIN codes to payment application and thus lock down the application) the access to this API must be secured in a way that only legitimate mobile apps may access specific secure UICC applications. Eg a payment app may only talk to the UICC payment application but must not be able to access a transport application on the very same UICC.
In feature phones with J2ME support this API is well defined in JSR177. But Android is so far not supporting direct UICC access for mobile apps. Therefore OEMs/ODMs have to integrate proprietary SW components into their Android variant for UICC based NFC support.
GSMA and a growing number of its members strongly favor and support existing standards to avoid fragmentation of UICC APIs and its access control mechanisms: The UICC itself will store a list of credentials and thus control which mobile app may access a specific UICC NFC application.
- NFC Phones
- NFC Stickers