Change search
ReferencesLink to record
Permanent link

Direct link
Integrated Security Platform for Mobile Applications
KTH, School of Information and Communication Technology (ICT), Communication: Services and Infrastucture, Communication Systems, CoS. (COS)
2011 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

This report describes our concept, design and current implementation of theIntegrated Security Platform for mobile applications.

The increasing use of mobile applications is the trend of mobile communicationtechnology. Under initiatives of ISO, ETSI, GSMA and other standardization bodies,mobile applications play more and more important role.

Security is one of the most important issues for mobile applications. Users,applications, their messages and their data need to be protected during storing andtransmitting.

Integrated Security Platform is a standardized solution for mobile applicationstargeting to provide reliable security. It is based on requirements of operationalenvironments, security extensions and interfaces for security-enhanced applications. Theessence of the idea is to use secure element in the form of Universal Integrated CircuitCard (UICC), which is used to store and run various mobile applications simultaneously.The core of security is a set of secure applications, designed and implemented in theform of Javacard applets, stored in the UICC module. Security process flow guidingmobile applications implementing strong security is also defined in the describedapproach. Security management and all cryptography modules and functions required byapplications in a secure environment are also provided. Integrated Security Platform usesover–the-air (OTA) protocols, like SMS, GPRS, or mobile Internet and over–the–counter(OTC) protocols as communication channels for administration, management andexchange of information with the outside world.

As a part of this research a mobile application called Secure Mobile Wallet wasdesigned as an example of a security–enhanced application stored in the UICC module. Itprovides to mobile subscribers the possibility to perform various secure mobile financialtransactions. Secure Mobile Wallet comprises several Javacard applets supportingseveral types of financial transactions – mobile banking, mobile payments, mobilecommerce, mobile micro–loans, mobile ticketing, mobile promotions, and so on. Itsupports both, OTA and OTC transactions. Secure Mobile Wallet was also developed inaccordance to requirements for a reliable client’s application as a component of thelarger, secure mobile transactions system.

Secure Mobile Wallet uses features and security functions provided by UICC moduleto guarantee its security. Implementation and testing of the Integrated Security Platformare performed through Secure Mobile Wallet.

Expected achievements and contributions of this research are:

The concept of secure mobile applications stored in the UICC module

The structure and design of such applications in the form of Javacard applets,including their internal data model and external APIs

Design and specifications of the middleware between mobile applications stored inmobile phones and supporting security applications in the UICC module

Specifications of several forms of secure elements and their applications, i.e. as UICCapplets, SIM chip modules or NFC applet

Design and prototype implementation of Secure Mobile Wallet as mobile phoneapplication using security functions and services follow the concept and principles of theIntegrated Security Platform.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology , 2011.
Trita-ICT-COS, ISSN 1653-6347 ; 1103
Keyword [en]
Integrated Security Platform, UICC, security, mobile applications, Secure Mobile Wallet
National Category
Other Computer and Information Science
Research subject
URN: urn:nbn:se:kth:diva-33071ISBN: 978‐91‐7415‐980‐6OAI: diva2:413195
2011-05-20, Sal D, Forum, Forum, Isafjordsgatan 39, Kista, 13:00 (English)
QC 20110428Available from: 2011-04-28 Created: 2011-04-28 Last updated: 2011-04-28Bibliographically approved

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Zhao, Hao
By organisation
Communication Systems, CoS
Other Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 925 hits
ReferencesLink to record
Permanent link

Direct link