Arne Munch-Ellingsen, Richard Karlsen, Anders Andersen, S. Akselsen
{"title":"android主机卡模拟非接触式卡的双因素认证","authors":"Arne Munch-Ellingsen, Richard Karlsen, Anders Andersen, S. Akselsen","doi":"10.1109/MOBISECSERV.2015.7072874","DOIUrl":null,"url":null,"abstract":"With the introduction of Host Card Emulation (HCE) in Android 4.4 KitKat the Near Field Communication (NFC) card emulation mode took a twist. On one side, HCE allows for easier development and a shorter deployment path for contactless card services on the mobile phone (e.g. payment, ticketing, loyalty cards etc.). On the other side, it introduces new security issues since it does not intrinsically involve a secure element on the mobile phone. As an example, the Cipurse open ticketing standard for public transportation, published by OSPT, implies usage of a secure element for the authentication mechanism and key storage. How can Cipurse benefit from the advantages of HCE and still provide secure authentication and encryption of transferred data? We have designed a two-factor authentication mechanism that involves usage of the Universal Integrated Circuit Card (also known as the SIM card) as the secure second-factor that allows for the implementation of the Cipurse specification as a secure HCE application. The benefit is faster execution of the Cipurse emulated card but still with feasible security for many application areas.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Two-factor authentication for android host card emulated contactless cards\",\"authors\":\"Arne Munch-Ellingsen, Richard Karlsen, Anders Andersen, S. Akselsen\",\"doi\":\"10.1109/MOBISECSERV.2015.7072874\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the introduction of Host Card Emulation (HCE) in Android 4.4 KitKat the Near Field Communication (NFC) card emulation mode took a twist. On one side, HCE allows for easier development and a shorter deployment path for contactless card services on the mobile phone (e.g. payment, ticketing, loyalty cards etc.). On the other side, it introduces new security issues since it does not intrinsically involve a secure element on the mobile phone. As an example, the Cipurse open ticketing standard for public transportation, published by OSPT, implies usage of a secure element for the authentication mechanism and key storage. How can Cipurse benefit from the advantages of HCE and still provide secure authentication and encryption of transferred data? We have designed a two-factor authentication mechanism that involves usage of the Universal Integrated Circuit Card (also known as the SIM card) as the secure second-factor that allows for the implementation of the Cipurse specification as a secure HCE application. The benefit is faster execution of the Cipurse emulated card but still with feasible security for many application areas.\",\"PeriodicalId\":164383,\"journal\":{\"name\":\"2015 First Conference on Mobile and Secure Services (MOBISECSERV)\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-04-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 First Conference on Mobile and Secure Services (MOBISECSERV)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MOBISECSERV.2015.7072874\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBISECSERV.2015.7072874","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Two-factor authentication for android host card emulated contactless cards
With the introduction of Host Card Emulation (HCE) in Android 4.4 KitKat the Near Field Communication (NFC) card emulation mode took a twist. On one side, HCE allows for easier development and a shorter deployment path for contactless card services on the mobile phone (e.g. payment, ticketing, loyalty cards etc.). On the other side, it introduces new security issues since it does not intrinsically involve a secure element on the mobile phone. As an example, the Cipurse open ticketing standard for public transportation, published by OSPT, implies usage of a secure element for the authentication mechanism and key storage. How can Cipurse benefit from the advantages of HCE and still provide secure authentication and encryption of transferred data? We have designed a two-factor authentication mechanism that involves usage of the Universal Integrated Circuit Card (also known as the SIM card) as the secure second-factor that allows for the implementation of the Cipurse specification as a secure HCE application. The benefit is faster execution of the Cipurse emulated card but still with feasible security for many application areas.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
