Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > RF/Microwave

M-Commerce calls for secure platform

Posted: 16 Oct 2007 ?? ?Print Version ?Bookmark and Share

Keywords:M-Commerce security? mobile phone transaction authentication? RF transaction?

Mobile commerce, commonly known as M-Commerce, is a huge topic. It is often mentioned in payment transactions using a handheld device such as a PDA or a mobile phone. During the transaction, the handheld communicates with a back-end system in an identification and authentication process. The communication channel used could be the mobile telecommunications network or a short-range RF subsystem.

A common requirement is that the transaction must be secured to protect the end-users and the service providers from fraudulent usage, which could impede the service's widespread adoption.

Some projects in Asia are already using a user services identity module (USIM) card with an integrated dual-interface security chip. This technology uses RF to authenticate the transaction even though the USIM card is issued by mobile operators.

The phone is equipped with a dual-interface USIM card. The contactless interface of the USIM card is connected to an RF antenna that is embedded on the mobile phone. The RF antenna is usually found in the phone's battery or the battery cover. To process a transaction, the user brings the phone close to an RF reader. The contactless part of the USIM card enters into action, and the transaction is then authenticated. Such technology is offered by Infineon's partners using the new dual-interface chip SLE66CLX800PE.

The other possibility to perform M-Commerce using a mobile phone via RF is to use a separate RF modem combined with a secure device. We can also use Bluetooth or NFC. Such a modem is used for data communication, and it is still critical to combine this device with a security chip to secure the platform.

The USIM card has its own security chip. Thus, it is technically simple and economical to use the NFC modem combined with the existing USIM card to enable secured transactions instead of using a separate additional and similar security chip known as the secure element.

Security in M-Commerce is key to its expansion and success. Without a doubt, fraud attempts will also rise as the use of M-Commerce increases. A high security level is thus required for its hardware and software components. The main objective is to block and discourage fraudsters or hackers to attempt an attack, which often results in heavy losses to the involved stakeholders.

The security implementation must be reliable to identify customers, merchants and terminals. At the same time, it needs to secure exchanged and stored data, and protect platforms from software attacks such as incoming virus.

The security chip must offer solid protection and countermeasures. This requires dedicated secure chip architecture with advanced active protective elements to guard against attacks.

Some advanced hardware countermeasures mechanisms include:

  • Active shielding!It detects information probing on chip surface.

  • Memory protection and firewall unit with traps enabled!It provides software layer a true hardware firewall against unauthorized data access or code loading of external sources.

  • Active-sensors with self-test functionality!It performs precise monitoring of operating conditions (e.g. voltage, temperature and frequency).

  • Randomization of on-chip address or data bus!It confuses and discourages hackers.

  • Homogenized power profile!It guards against power attacks.

  • Memory encryption!It secures data's physical content.

NFC modem combined with USIM card to enable secured transactions instead of using a separate security chip.

Besides hardware countermeasures, a range of software tricks must also be deployed. For example, strong algorithm implementation and checking mechanism to support authentication and secured transactions are needed. Combined with cryptographic processes, integral security can then be achieved. In short, the combination of both hardware and software countermeasures is important to enable viable M-Commerce solutions.

Besides high-security requirements discussed, M-Commerce will need high-performance hardware because the transactions and data exchanges should be fast, yet secured. The current payment cards are using 16bit security controller chips, while the USIM and Pay-TV applications are already on 32bit platforms.

- Meng-Hui Ng and Charles Hosono
Application Engineering Manager and Regional Marketing Manager
Infineon Technologies AG

Article Comments - M-Commerce calls for secure platform
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top