Secure element standards body GlobalPlatform has released Secure Element Access Control, a new specification designed to ensure that unauthorised applications residing in a mobile device are unable to communicate with an NFC secure element (SE).
“High value mobile applications, such as banking and ticketing, rely on an application residing in a mobile wallet and its counterpart application — which stores sensitive information — residing in the SE,” GlobalPlatform explains. “To successfully and efficiently deliver services to end users the wallet requires immediate connection to the SE. This link, therefore, needs to be restricted to authorised and approved parties.”
“Failure to restrict access to the SE communication channel could result in a fake wallet application popping up during a SE-based transaction that could send the wrong, or too many, commands to the SE,” says Christophe Colas, chair of the GlobalPlatform device committee and marketing director at Trusted Logic Mobility. “This would result in denial of service attacks or personal identification number (PIN) blocking, and a secure application being unable to perform as required.”