A novel consumer-centric card management architecture and potential security issues


Akram, R.N., Markantonakis, K., Sauveron, D.: A novel consumer-centric card management architecture and potential security issues. Information Sciences. - (2015).


Abstract Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. \{NFC\} has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the \{UCOM\} and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the \{UCOM\} and GP-CCM frameworks, along with ways of integrating the \{TSM\} model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.