Integrated Security Platform for Mobile Applications

Abstract: This report describes our concept, design and current implementation of theIntegrated Security Platform for mobile applications.The increasing use of mobile applications is the trend of mobile communicationtechnology. Under initiatives of ISO, ETSI, GSMA and other standardization bodies,mobile applications play more and more important role.Security is one of the most important issues for mobile applications. Users,applications, their messages and their data need to be protected during storing andtransmitting.Integrated Security Platform is a standardized solution for mobile applicationstargeting to provide reliable security. It is based on requirements of operationalenvironments, security extensions and interfaces for security-enhanced applications. Theessence of the idea is to use secure element in the form of Universal Integrated CircuitCard (UICC), which is used to store and run various mobile applications simultaneously.The core of security is a set of secure applications, designed and implemented in theform of Javacard applets, stored in the UICC module. Security process flow guidingmobile applications implementing strong security is also defined in the describedapproach. Security management and all cryptography modules and functions required byapplications in a secure environment are also provided. Integrated Security Platform usesover–the-air (OTA) protocols, like SMS, GPRS, or mobile Internet and over–the–counter(OTC) protocols as communication channels for administration, management andexchange of information with the outside world.As a part of this research a mobile application called Secure Mobile Wallet wasdesigned as an example of a security–enhanced application stored in the UICC module. Itprovides to mobile subscribers the possibility to perform various secure mobile financialtransactions. Secure Mobile Wallet comprises several Javacard applets supportingseveral types of financial transactions – mobile banking, mobile payments, mobilecommerce, mobile micro–loans, mobile ticketing, mobile promotions, and so on. Itsupports both, OTA and OTC transactions. Secure Mobile Wallet was also developed inaccordance to requirements for a reliable client’s application as a component of thelarger, secure mobile transactions system.Secure Mobile Wallet uses features and security functions provided by UICC moduleto guarantee its security. Implementation and testing of the Integrated Security Platformare performed through Secure Mobile Wallet.Expected achievements and contributions of this research are:The concept of secure mobile applications stored in the UICC moduleThe structure and design of such applications in the form of Javacard applets,including their internal data model and external APIsDesign and specifications of the middleware between mobile applications stored inmobile phones and supporting security applications in the UICC moduleSpecifications of several forms of secure elements and their applications, i.e. as UICCapplets, SIM chip modules or NFC appletDesign and prototype implementation of Secure Mobile Wallet as mobile phoneapplication using security functions and services follow the concept and principles of theIntegrated Security Platform.