US20130337770A1 - Management of communication pipes in a telecommunication device coupled to an nfc circuit - Google Patents

Management of communication pipes in a telecommunication device coupled to an nfc circuit Download PDF

Info

Publication number
US20130337770A1
US20130337770A1 US13/996,458 US201113996458A US2013337770A1 US 20130337770 A1 US20130337770 A1 US 20130337770A1 US 201113996458 A US201113996458 A US 201113996458A US 2013337770 A1 US2013337770 A1 US 2013337770A1
Authority
US
United States
Prior art keywords
router
pipe
card
sim
telecommunication device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/996,458
Other languages
English (en)
Inventor
Thierry Huque
Olivier Van Nieuwenhuyze
Alexandre Charles
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Proton World International NV
STMicroelectronics Rousset SAS
Original Assignee
Proton World International NV
STMicroelectronics Rousset SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Proton World International NV, STMicroelectronics Rousset SAS filed Critical Proton World International NV
Assigned to STMICROELECTRONICS (ROUSSET) SAS, PROTON WORLD INTERNATIONAL N.V. reassignment STMICROELECTRONICS (ROUSSET) SAS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HUQUE, THIERRY, Van Nieuwenhuyze, Olivier, CHARLES, ALEXANDRE
Publication of US20130337770A1 publication Critical patent/US20130337770A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the present disclosure generally relates to transactions performed by means of mobile telecommunication devices of cell phone type.
  • the present disclosure more specifically applies to such devices, further equipped with a near field communication circuit (NFC).
  • NFC near field communication circuit
  • Cell phones are more and more often equipped with a near-field communication interface which enables them to combine electromagnetic transponder functions with mobile telephony functions.
  • this adds functions of emulation of an electromagnetic transponder, of contactless or contactless card reader type to the mobile telecommunication device, for example a personal digital assistant, a cell phone, a smartphone, etc.
  • This considerably enhances the features of the mobile device, which can then be used, for example, as an electronic purse, as an access or transport ticket validation device, etc.
  • the mobile telecommunication device is equipped with a contactless front-end integrated circuit (CLF), also called NFC router.
  • CLF contactless front-end integrated circuit
  • This router is equipped with a radio frequency (RF) transceiver front head associated with a low-range antenna to communicate like an electromagnetic transponder.
  • RF radio frequency
  • the router uses the capacities of the processor(s) of the mobile device for data processing and storage operations.
  • a secure element enabling to authenticate the user is used.
  • This secure element is either integrated to the mobile telecommunication device (dedicated integrated circuit, circuit welded to the printed circuit board) or contained in a microcircuit supported by a subscriber identification module (SIM), or any other removable card, for example, in the standard format of a memory card.
  • SIM subscriber identification module
  • An NFC router may also be present in a mobile device of USB key type, in a bank teller terminal, in an adhesive device (sticker), etc.
  • An emulation of a contactless card in a mobile telecommunication device is capable of generating weak points in terms of transaction security.
  • Embodiments overcome all or part of the disadvantages of mobile telecommunication devices associated with a near-field transmission module.
  • Another embodiment improves the security against a hacking attempt on a security module of subscriber identification module type, contained in a telecommunication device associated with a near-field transmission module.
  • Another embodiment provides a method for detecting an attempt at diversion of a communication pipe between a port of a security module and a port of a near-field communication router present in a telecommunication device, wherein the router filters the messages addressed to said security module.
  • the message comprises at least one pipe identifier and one instruction code, the router comparing the instruction code with authorized codes that it contains.
  • the router compares the format of the data of the message with authorized formats that it contains.
  • the router comprises a table containing, for each type of control signal that may be received, an authorization or denial code.
  • An embodiment also provides a method of secure data transmission in a telecommunication device.
  • An embodiment also provides a near-field communication router.
  • An embodiment also provides a telecommunication device equipped with a near-field communication router.
  • FIG. 1 schematically shows a mobile telecommunication device of the type to which the present disclosure applies as an example
  • FIG. 2 is a diagram illustrating a function of a near-field transmission module of the device of FIG. 1 ;
  • FIG. 3 very schematically illustrates an attack capable of exploiting a weakness of the telecommunication device of FIG. 1 ;
  • FIG. 4 illustrates an embodiment of a preparatory phase of such an attack
  • FIG. 5 illustrates an embodiment of a method of protection against such an attack
  • FIGS. 6A and 6B very schematically illustrate an embodiment of a method of protection against the attack illustrated in FIG. 3 .
  • FIG. 1 very schematically shows a mobile telecommunication device (for example, a cell phone) of the type to which the embodiments apply as an example.
  • a mobile telecommunication device for example, a cell phone
  • the different elements of interface with the user have not been shown, since these elements are not modified by the implementation of the embodiments which will be described.
  • Device 1 comprises a central processing unit 12 (CPU/TH) formed of at least one microcontroller forming the device core.
  • This microcontroller is referred to as a terminal host.
  • the microcontroller uses identification and authentication data provided by a subscriber identification module 14 (SIM) which forms a security module of the device.
  • SIM subscriber identification module 14
  • Microcontroller 12 is capable of using one or several internal memories, not shown, of the telephone.
  • Telephone 1 may also comprise a memory card reader 16 or other buses of communication with the outside to load data and/or applications into the telephone.
  • device 1 comprises a circuit 18 (CLF—ContactLess Front-End) forming a near-field communication module like an electromagnetic transponder.
  • Module 18 also called NFC router, is associated with an antenna 182 distinct from an antenna 20 intended for the mobile telephony network.
  • Circuit 18 may be associated with a security module (SSE) 24 distinct from SIM card 14 and directly present on the printed circuit board of the telephone, or supported by a removable microcircuit card (for example, in the format of a memory card).
  • SSE security module
  • a security module is an electronic circuit for securely executing applications and guaranteeing the security (secret/integrity) of data manipulated by such applications.
  • circuits 12 and 18 communicate over a link 1218 of I 2 C or SPI type
  • SIM card 14 communicates with microcontroller 12 over a link 1214 according to ISO standard 7816-3
  • security module 24 communicates with router 18 according to this standard over a link 2418
  • Router 18 communicates with the SIM card, for example, over a single-wire bus 1418 (SWP—Single Wire Protocol).
  • SWP Single Wire Protocol
  • the embodiments will be described in relation with a GSM telephone.
  • the embodiments more generally applies to any telecommunication device adapted to a mobile network (for example, Wifi, Bluetooth, WiMax, etc.) and associated with a contactless transmission module (NFC router), for example, a USB key, a bank terminal, a power consumption meter, or other), an access or transport ticket validation terminal, etc.
  • a mobile network for example, Wifi, Bluetooth, WiMax, etc.
  • NFC router contactless transmission module
  • USB key for example, a USB key, a bank terminal, a power consumption meter, or other
  • an access or transport ticket validation terminal etc.
  • the near-field communication module will be referred to as a router since it generally integrates all the functions useful for the emulation of a contactless card within a same circuit, the described embodiments however applying to any NFC-type module.
  • Router 18 comprises physical terminals of connection to links 1218 , 1418 , and 2418 and manages logic gates for assigning these terminals to the different functions associated with near-field communications.
  • Router 18 thus comprises a processor and volatile and non-volatile memories for storing, among others, a routing table for the different logic gates. Some gates are reserved for router administration functions while others can be freely assigned by the router.
  • router 18 makes available and manages different pipes of communication with the other circuits 12 , 14 , 24 , etc. of the mobile device to provide these circuits access to the near-field communication functions, that is, to gates connected to radio frequency transmission circuits, called RF gates.
  • FIG. 2 very schematically illustrates, in the form of blocks, the routing function of router 18 .
  • FIG. 2 is a structural representation while, in practice, the assignment of the different gates to the different circuits of the mobile device is a software operation performed by the routing table.
  • Each of the router terminals is assigned one or several gates (GATES).
  • GATES gates
  • FIG. 2 it is assumed that physical links 1418 and 1218 of SIM card 14 and of microcontroller 12 are connected to terminals of router 18 and that gates are assigned to these circuits.
  • Several gates may be assigned to a same circuit (which is symbolized in FIG. 2 by the connection of a same terminal to several gates).
  • the routing table (ROUTING TABLE) of router 18 assigns some gates to internal functions (for example, configuration and administration functions), but also creates pipes (PIPE) between some gates assigned to the SIM card or to the RF microcontroller, and gates (RFGATES) comprised in module 18 .
  • Authentication tools may be provided to make sure that the links between the router and the different external circuits are not pirated. However, this appears to be insufficient in view of a weak point that the present inventors have identified and which will be described hereafter.
  • Router or NFC module 18 generally is a single integrated circuit and its external accesses are rather well protected against possible hacking attempts.
  • router 18 also manages a pipe (ATPIPE symbolized in dotted lines in FIG. 2 ) of communication between SIM card 14 or any other security module and microcontroller 12 of the mobile telecommunication device.
  • This pipe is normally used so that SIM card 14 informs microcontroller 12 that a message reaches it over the NFC link. It is however also possible to divert this use to make security module 14 believe that it communicates with the router for a near-field transaction and thus over a pipe with the RF gates of the telephone, while it is actually communicating with microcontroller 12 .
  • FIG. 3 very schematically illustrates in the form of blocks the possible exploitation of a pipe ATPIPE between a SIM card 14 and a microcontroller 12 of a cell phone 1 .
  • One of the functions of application PA is to automatically trigger a response of phone 1 after a request originating from the telecommunication network and transmitted by another mobile device 3 owned by the attacker.
  • the pirate device for example is another GSM phone 3 which uses its own subscriber identification module to communicate over the GSM network (symbolized by a relay antenna 5 ). It may also be a microcomputer associated with a GSM module.
  • device 3 is also equipped with a contactless router, for example, to initiate near field transactions with a terminal 7 (for example, an NFC terminal or any other contactless communication terminal).
  • a terminal 7 for example, an NFC terminal or any other contactless communication terminal.
  • device 3 is used to make a purchase with a payment to be validated by its NFC router.
  • the router of telephone 3 manages a communication pipe with the subscriber identification module (or another dedicated security module) of this telephone to authenticate the user and validate the payment.
  • telephone 3 uses the GSM network to ask telephone 1 to validate the payment by means of its subscriber identification module.
  • device 3 sends an SMS over network 5 which, when received by telephone 1 , is processed by the pirate application.
  • Said application simulates requests from the RF gates and transmits them over pipe ATPIPE, so that identification module 14 responds and validates the transaction.
  • This validation is diverted by microcontroller 12 and is sent back to device 3 which, in turn, transmits it to its NFC router to validate the payment for terminal 7 .
  • the payment is debited to the subscriber of telephone 1 and not to the attacker owning device 3 .
  • a contactless application requires no interaction with the terminal ( 7 , FIG. 3 ) except for a presentation of a contactless device.
  • no PIN keying is required for a near-field communication to avoid lengthening the transactions, so that device 3 may easily hack distant device 1 .
  • the countermeasures providing encryptions and/or signatures between terminal 7 requesting the authentication and the security module are ineffective to counter this attack. Indeed, the data between terminal 7 and module 14 need no decoding.
  • a communication pipe has actually been established between module 14 of telephone 1 and terminal 7 via telecommunication network 5 , so that module 14 behaves as if it was in near field transaction with terminal 7 .
  • piracy may occur for passage authentication or validation applications, of secure access type.
  • this attack may also be successful even without for pirate device 3 to use its own NFC router, for example, if it uses a contactless communication mode, provided for the requested authentication to originate from a security module and to respect the formats and protocols used by the NFC protocol. Further, such an attack may be used to divert any data from device 1 in favor of a pirate system (for example, data duplicating the content of the magnetic track of a card in a bank payment application).
  • the attack may involve the SIM card of cell phone 1 or of any other security module (for example, module 24 ), provided for a pipe to be managed by router 18 between this module and a circuit (generally, microcontroller 12 ) capable of managing communications over network 5 .
  • module 24 any other security module
  • a pipe to be managed by router 18 between this module and a circuit generally, microcontroller 12
  • the microcontroller is allowed to create a pipe on any free gate.
  • a pirate application loaded into the microcontroller is capable of creating a pipe through the NFC router to the SIM card. If, afterwards, the SIM card performs no other checking than to acknowledge that the format of the requests corresponds to the format of a radio frequency frame originating from an NFC circuit, the pirate application may attack the SIM card.
  • security module 14 is more advanced and checks the association between the numbers of the pipes or of its own gates and the RF gates.
  • SIM card 14 does not take into account the circuit with which the gate is created (and thus, the fact that it may be a gate intended for the microcontroller).
  • This embodiment exploits the fact that the assignment of the pipe numbers (identifiers) is often sequential. It is first started by asking the microcontroller to suppress a pipe between the SIM card and the RF gates. Then, a pipe having the same identifier is created between the microcontroller and the SIM card.
  • FIG. 4 illustrates another embodiment of a preparatory phase of the attack aiming at diverting a pipe between router 18 (CLF) and the SIM card (SIM 1 ) of a user.
  • This embodiment is more specifically intended for systems in which the SIM card makes sure, before transmitting data to the CLF router, that it has effectively controlled the creating of the communication pipe therewith.
  • the SIM card checks whether it has already been in the presence of router 18 is exploited herein. If it has not, it reconfigures the pipes between its gates and the NFC router.
  • the card causes the creating, at the level of the so-called transport layer, of at least one communication pipe, identified as SYNCID 1 , with the CLF router.
  • SYNCID 1 the level of the so-called transport layer, of at least one communication pipe, identified as SYNCID 1
  • card SIM 1 sends to the CLF router both synchronization data SYNCID 1 and a number (typically, a random number RD 1 ). Number RD 1 is stored in the CLF router and is used by card 14 to check that it has already caused the creation of pipe with this router.
  • the card verifies the existence of number RD 1 in the router.
  • the card requests from the router to create a pipe between one of its gates, identified as GATEID, and one of the RF gates, identified as RFGATEID.
  • the router then creates a pipe and assigns it an identifier PIPEID and, at the same time, stores said identifier in the routing table and communicates it to card SIM 1 .
  • card SIM 1 verifies that identifier PIPEID of the pipe is correct.
  • the hacker should have cell phone 1 and card SIM 1 in his possession for a period of time. This is relatively easy, for example, by asking the owner of the cell phone to lend it to supposedly make a call, or by fraudulently using a phone during a maintenance operation, for example, in a mobile telephony shop.
  • the pirate starts by introducing card SIM 1 into a pirate device (PIRATE READER), for example, another cell phone having a microcontroller capable of executing a piracy program complying with the described functions, or a computer provided with a card reader and simulating a router. Since card SIM 1 has never met the NFC router of the pirate device or emulated by said device, it generates a new synchronization identifier SYNCID 2 . It sends back gate identifiers RFGATEID and GATEID to create the corresponding pipes.
  • PIRATE READER for example, another cell phone having a microcontroller capable of executing a piracy program complying with the described functions, or a computer provided with a card reader and simulating a router. Since card SIM 1 has never met the NFC router of the pirate device or emulated by said device, it generates a new synchronization identifier SYNCID 2 . It sends back gate identifiers RFGATEID and GATEID to create the corresponding pipes.
  • the pirate router then assigns, to at least one pair of gates, a pipe FPIPEID which corresponds to a gateway between the router and an external gate of the microcontroller instead of associating gate GATEID to an RF gate.
  • Identifier FPIPEID and identifiers SYNCID 2 and RD 2 are then loaded into a falsified card SIM 2 .
  • Card SIM 2 then contains a routing table associating gates RFGATEID and GATEID with pipe FPIPEID.
  • card SIM 2 is introduced into telephone 1 .
  • Identifiers SYNCID 2 and RD 2 are then transferred to CLF router 18 to create pipe FPIPEID between gates designated as GATEID and RFGATEID. This amounts to modifying the routing table of the router so that when the pipe between gates GATEID and RFGATEID is called, the assigned pipe is pipe FPIPEID instead of PIPEID.
  • the assignment of pipe FPIPEID may take various forms according to the way in which the pipes are assigned to the gates in the router. For example, a phase of observation of the gate assignment is gone through by placing card SIM 2 in the router to observe the pipe assignment method, before introducing card SIM 2 into the pirate reader.
  • the “real” card SIM 1 is then placed back into telephone 1 . Since the CLF router knows identifiers RD 2 and SYNCID 2 , the card considers that it “knows” the router and does not recreate pipes therewith. When card SIM 1 requests a communication towards gate RFGATEID, the router uses the assigned pipe FPIPEID.
  • the GSM terminal has effectively been hacked, that is, a pipe FPIPE (or ATPIPE, FIG. 2 ) has been created between a gate GATEID of the SIM card and a gate of microcontroller 12 , while card SIM 1 believes that this pipe connects its gate GATEID to gate RFGATEID.
  • This pipe can then be diverted for a distant access over the GSM network from another terminal ( FIG. 3 ).
  • the downloading of pirate application PA can be performed either subsequently or at the same time as the pirate pipe generation.
  • the routing table may be read from. If this is not possible, it is possible, when card SIM 1 is in the pirate reader, to emulate an operation of the CLF circuit, in order to obtain the full configuration stored in this card.
  • a pirate card SIM 2 or a card emulator may also be used to extract the data from the routing table in valid phone 1 .
  • the pirate application must comprise the function of redirecting pipe FPIPE towards the RF circuits of the router when a data request towards the SIM is transmitted by router 18 .
  • FIG. 5 partially shows in the form of blocks an embodiment of a mobile telecommunication device according to an embodiment.
  • TH Terminal Host
  • CCF contactless router 18
  • security module 14 for example, a SIM card
  • router 18 comprises a routing table (not shown) putting a pipe identifier PIPEID in correspondence with two gate identifiers GATEID between which the pipe is created.
  • the router further comprises an interception module 20 comprising a filtering table containing, for each pipe (PIPE), between the router and the SIM card, parameters enabling the router to determine whether a message or an instruction addressed to the SIM card is to be authorized or not (Y/N).
  • PIPE pipe
  • the router is modified to intercept all requests of pipe creation with secure module 14 .
  • the table preferably also contains data relative to the events authorized on the pipe, which enables to refine the selection of the permitted functions.
  • a filtering table is provided for each security module connected to the router, for example, the microcontroller, another security element, etc.
  • an instruction INST transiting through router CLF comprises the pipe over which the message is to be transmitted the type of message, an actual instruction code and, possibly, data. This message is intercepted by the filter comprised within the CLF router before allowing its transmission to the SIM card.
  • all messages going from the microcontroller to the SIM card are blocked by the router based on a specific instruction code (for example, the code known as HTP) or on the combination of the table and of the parameter format of this instruction. Messages are thus limited to those between the actual telephone central processing unit and the SIM card, which respect the expected instruction format.
  • a specific instruction code for example, the code known as HTP
  • messages meaning nothing for the application have to be sent. Such messages are thus blocked and do not reach the SIM card.
  • FIGS. 6A and 6B illustrate the operation of the system of FIG. 5 , respectively for an authorized control signal (Y) and for a non-authorized control signal (N).
  • a message or control signal CMD(Y) is sent by the telephone (HS), more specifically by the telephone microcontroller, to the CLF router. It is assumed that this control signal has a format and/or parameters authorized by the filtering table of the router.
  • the router after having checked (CHECK) in its tables, authorizes the transmission of this control signal to the SIM card. Once the SIM card has received it on its pipe created through the NFC router, it responds (RES) to the microcontroller through the router.
  • control signal is assumed to correspond to an unauthorized control signal.
  • the microcontroller of the telephone thus sends this control signal to the SIM card via the CLF router.
  • Said router by performing the checking steps (CHECK) intercepts this control signal and stops it (STOP). It may here be an attack such as previously described in relation with FIGS. 3 and 4 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
US13/996,458 2010-12-20 2011-12-16 Management of communication pipes in a telecommunication device coupled to an nfc circuit Abandoned US20130337770A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR1060819A FR2969341B1 (fr) 2010-12-20 2010-12-20 Gestion de canaux de communication dans un dispositif de telecommunication couple a un circuit nfc
FR1060819 2010-12-20
PCT/FR2011/053023 WO2012085409A1 (fr) 2010-12-20 2011-12-16 Gestion de canaux de communication dans un dispositif de telecommunication couple a un circuit nfc

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2011/053023 A-371-Of-International WO2012085409A1 (fr) 2010-12-20 2011-12-16 Gestion de canaux de communication dans un dispositif de telecommunication couple a un circuit nfc

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/585,107 Continuation US10511626B2 (en) 2010-12-20 2017-05-02 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit

Publications (1)

Publication Number Publication Date
US20130337770A1 true US20130337770A1 (en) 2013-12-19

Family

ID=43877173

Family Applications (4)

Application Number Title Priority Date Filing Date
US13/996,458 Abandoned US20130337770A1 (en) 2010-12-20 2011-12-16 Management of communication pipes in a telecommunication device coupled to an nfc circuit
US15/585,107 Active US10511626B2 (en) 2010-12-20 2017-05-02 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US16/698,519 Active US10931712B2 (en) 2010-12-20 2019-11-27 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US17/146,063 Active 2033-06-17 US11962616B2 (en) 2010-12-20 2021-01-11 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit

Family Applications After (3)

Application Number Title Priority Date Filing Date
US15/585,107 Active US10511626B2 (en) 2010-12-20 2017-05-02 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US16/698,519 Active US10931712B2 (en) 2010-12-20 2019-11-27 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US17/146,063 Active 2033-06-17 US11962616B2 (en) 2010-12-20 2021-01-11 Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit

Country Status (5)

Country Link
US (4) US20130337770A1 (de)
EP (1) EP2656578B1 (de)
CN (1) CN103404099B (de)
FR (1) FR2969341B1 (de)
WO (1) WO2012085409A1 (de)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130207777A1 (en) * 2003-06-13 2013-08-15 Varia Holdings Llc Emulated radio frequency identification
US20150033289A1 (en) * 2013-07-24 2015-01-29 Cellco Partnership D/B/A Verizon Wireless Adaptive and context based nfc access control filtering
US9179301B2 (en) 2010-08-31 2015-11-03 Proton World International N.V. Protection of a communication channel of a telecommunication device coupled to an NFC circuit against misrouting
US9185561B2 (en) 2010-03-09 2015-11-10 Proton World International N.V. Protection against rerouting in an NFC circuit communication channel
US9209866B2 (en) 2010-08-31 2015-12-08 Proton World International N.V. Securing of a telecommunication device equipped with a near-field communication module
US9219745B2 (en) 2011-04-05 2015-12-22 Proton World International N.V. Assessing the resistance of a security module against attacks by communication pipe diversion
US9225687B2 (en) 2011-04-13 2015-12-29 Proton World International N.V. Access control mechanism for a secure element coupled to an NFC circuit
US10278077B2 (en) 2010-03-09 2019-04-30 Proton World International N.V. Protection of a security module in a telecommunication device coupled to an NFC circuit
US10667133B2 (en) 2010-03-09 2020-05-26 Proton World International N.V. Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US10880739B2 (en) 2010-03-09 2020-12-29 Proton World International N.V. Protection of a communication channel between a security module and an NFC circuit
US11962616B2 (en) 2010-12-20 2024-04-16 Proton World International N.V. Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3018972B1 (fr) 2014-03-18 2016-04-15 Proton World Int Nv Secure nfc routing
FR3094514A1 (fr) 2019-03-25 2020-10-02 Proton World International N.V. Système électronique
FR3094516A1 (fr) 2019-03-25 2020-10-02 Proton World International N.V. Système électronique
FR3094517A1 (fr) 2019-03-25 2020-10-02 Proton World International N.V. Système électronique

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090206984A1 (en) * 2006-07-10 2009-08-20 Inside Contactless Application control method in an nfc chipset comprising several host processors
US20100325300A1 (en) * 2009-06-22 2010-12-23 Microsoft Corporation Using hypertext transfer protocol as a transport for bi-directional data streams

Family Cites Families (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3688830B2 (ja) 1995-11-30 2005-08-31 株式会社東芝 パケット転送方法及びパケット処理装置
GB2322045B (en) 1997-02-11 2002-02-20 Orange Personal Comm Serv Ltd Data store
US6070243A (en) 1997-06-13 2000-05-30 Xylan Corporation Deterministic user authentication service for communication network
FR2770316B1 (fr) 1997-10-24 2000-06-09 Roland Moreno Systeme pour la communication securisee sans contact entre un terminal et un objet portatif tel qu'une carte a puce
US7587044B2 (en) 1998-01-02 2009-09-08 Cryptography Research, Inc. Differential power analysis method and apparatus
US6847614B2 (en) 1998-04-20 2005-01-25 Broadcom Corporation Apparatus and method for unilateral topology discovery in network management
US6674769B1 (en) 2000-03-07 2004-01-06 Advanced Micro Devices, Inc. Simultaneous searching of layer 3 policy filter and policy cache in a network switch port
EP1344178B1 (de) 2000-12-20 2004-06-09 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Vorrichtung und verfahren zum gleichzeitigen auslesen von passiven induktiven transpondern
US7303120B2 (en) 2001-07-10 2007-12-04 American Express Travel Related Services Company, Inc. System for biometric security using a FOB
DE10255880A1 (de) 2002-11-29 2004-06-09 Philips Intellectual Property & Standards Gmbh Elektronisches Kommunikationssystem und Verfahren zum Erkennen einer Relais-Attacke auf dasselbe
US7260599B2 (en) 2003-03-07 2007-08-21 Hyperspace Communications, Inc. Supporting the exchange of data by distributed applications
FR2866168A1 (fr) 2004-02-11 2005-08-12 France Telecom Emission de cle publique par terminal mobile
US20050251652A1 (en) * 2004-04-27 2005-11-10 Eswaramoorthi Nallusamy Methods and apparatus for processing an extensible firmware interface byte code instruction in a loop
CN1277440C (zh) 2004-06-29 2006-09-27 航天兰天达科技有限公司 防止移动通信终端被非法使用的方法和装置
US7634812B2 (en) 2004-07-21 2009-12-15 Microsoft Corporation Filter generation
US7634813B2 (en) 2004-07-21 2009-12-15 Microsoft Corporation Self-certifying alert
US8594567B2 (en) 2004-08-16 2013-11-26 Giesecke & Devrient Gmbh Controlled wireless charging of an accumulator in a chipcard
US7128274B2 (en) 2005-03-24 2006-10-31 International Business Machines Corporation Secure credit card with near field communications
KR100728637B1 (ko) 2005-09-08 2007-06-15 (주)한창시스템 플러그-인 형태로 여러 가지 보안 모듈들을 지원하는 보안nfc 통신 장치 및 방법
US8045958B2 (en) * 2005-11-21 2011-10-25 Research In Motion Limited System and method for application program operation on a wireless device
US20090075592A1 (en) 2005-12-16 2009-03-19 Sebastian Nystrom Method and device for controlling and providing indications of communication events
US20070156436A1 (en) 2005-12-31 2007-07-05 Michelle Fisher Method And Apparatus For Completing A Transaction Using A Wireless Mobile Communication Channel And Another Communication Channel
US8769127B2 (en) * 2006-02-10 2014-07-01 Northrop Grumman Systems Corporation Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT)
ITMI20060284A1 (it) 2006-02-16 2007-08-17 Mauro Brunazzo Scheda intelligente con controllo di identita'
KR101516391B1 (ko) 2006-04-19 2015-05-07 오렌지 이동 단말기에서 근접 통신 모듈에 대한 액세스를 안전하게 하는 방법 및 그 장치 그리고 그 프로그램 매체
FR2901077B1 (fr) 2006-05-10 2008-07-11 Inside Contactless Sa Procede de routage de donnees entrantes et sortantes dans un jeu de puces nfc
DE602007008313D1 (de) 2006-05-10 2010-09-23 Inside Contactless Verfahren zur Weiterleitung von aus- und eingehenden Daten in ein NFC-Chipset
JP4853126B2 (ja) 2006-06-15 2012-01-11 日本電気株式会社 携帯無線端末
FR2904741B1 (fr) 2006-08-04 2009-10-02 Inside Contactless Sa Procede de routage de donnees d'application entrantes dans un chipset nfc, par identification de l'application.
EP2064649B1 (de) 2006-09-20 2019-10-23 Nokia Technologies Oy Nahfeldverbindungsherstellung
CN1933351A (zh) * 2006-09-27 2007-03-21 上海复旦微电子股份有限公司 一种具有非接触ic卡或电子标签及非接触ic卡或电子标签读写器用途的手机装置实现方法
FR2906952B1 (fr) 2006-10-05 2009-02-27 Inside Contactless Sa Procede d'authentification mutuelle entre une interface de communication et un processeur hote d'un chipset nfc.
CN101192922B (zh) 2006-11-17 2010-05-19 中兴通讯股份有限公司 一种在通信双方间建立安全信道的方法
EP1928099A1 (de) 2006-12-01 2008-06-04 NEC Corporation Drahtloses Telekommunikationsgerät mit mindestens zwei Energiequellen
CN101202621A (zh) 2006-12-13 2008-06-18 联想(北京)有限公司 非接触设备间对数据进行安全验证的方法和系统
WO2008091065A1 (en) 2007-01-26 2008-07-31 Lg Electronics Inc. Contactless interface within a terminal to support a contactless service
FR2913550A1 (fr) 2007-03-07 2008-09-12 Inside Contactless Sa Procede de chargement securise de donnees d'acces a un service dans un chipset nfc
CN101299698B (zh) 2007-04-30 2012-05-23 华为技术有限公司 通信代理的方法及装置及系统
US7974536B2 (en) 2007-09-06 2011-07-05 Motorola Mobility, Inc. System and method for pre-configuring and authenticating data communication links
WO2009077664A1 (fr) 2007-09-27 2009-06-25 Inside Contactless Procédé et dispositif de gestion de données d'application dans un système nfc
KR100815148B1 (ko) 2007-10-01 2008-03-19 주식회사 스마트카드연구소 근거리 무선통신을 이용한 결제보안 시스템 및 방법
KR20090052411A (ko) 2007-11-21 2009-05-26 엘지이노텍 주식회사 근거리 무선 통신을 이용한 위치 추적 시스템
EP2071497A1 (de) 2007-12-10 2009-06-17 Gemalto SA Verfahren und Vorrichtung zur kontaktlosen Batterieaufladung
CN101241541B (zh) 2008-02-27 2010-08-18 上海复旦微电子股份有限公司 一种nfc终端的存储、替换和访问应用数据的装置及方法
WO2009115997A2 (en) 2008-03-19 2009-09-24 Nxp B.V. Method and system for ensuring integrity of a contactless card emulating device
EP2131313A1 (de) 2008-06-02 2009-12-09 Gemplus Verfahren zur Anwendungsauswahl in einem drahtlosen mobilen Kommunikationsgerät in einem NFC-System und entsprechendes drahtloses mobiles Kommunikationsgerät
US8196211B2 (en) * 2008-08-14 2012-06-05 International Business Machines Corporation Authorized authorization set in RBAC model
US8363618B2 (en) 2008-08-29 2013-01-29 Ciright Systems, Inc. Content distribution platform
SK50862008A3 (sk) 2008-09-19 2010-06-07 Logomotion, S. R. O. Systém na elektronické platobné aplikácie a spôsob autorizácie platby
FR2936886B1 (fr) 2008-10-02 2013-09-27 Oberthur Technologies Dispositif electronique et gestion des communications sans contact concurrentes d'un tel dispositif et d'un equipement hote
US8724649B2 (en) 2008-12-01 2014-05-13 Texas Instruments Incorporated Distributed coexistence system for interference mitigation in a single chip radio or multi-radio communication device
WO2010068016A2 (en) 2008-12-14 2010-06-17 Lg Electronics Inc. Mobile terminal and method for providing enhanced contactless communication using contactless module
FR2942365A1 (fr) 2009-02-13 2010-08-20 St Microelectronics Rousset Dispositif de communication incluant une batterie et un module de communication a champ proche
EP2251986A1 (de) 2009-05-15 2010-11-17 Nxp B.V. Nahfeldkommunikationsvorrichtung
US8290463B2 (en) 2009-09-14 2012-10-16 ConvenientPower HK Ltd. Universal demodulation and modulation for data communication in wireless power transfer
US8342415B2 (en) 2010-03-17 2013-01-01 Inside Secure Method of conducting a transaction using an NFC device
FR2957437B1 (fr) 2010-03-09 2012-03-30 Proton World Int Nv Protection contre un deroutement d'un canal de communication d'un circuit nfc
FR2957438B1 (fr) 2010-03-09 2012-03-30 Proton World Int Nv Detection d'un deroutement d'un canal de communication d'un dispositif de telecommunication couple a un circuit nfc
FR2957440B1 (fr) 2010-03-09 2012-08-17 Proton World Int Nv Protection d'un module de securite dans un dispositif de telecommunication couple a un circuit nfc
FR2957439B1 (fr) 2010-03-09 2012-03-30 Proton World Int Nv Protection d'un canal de communication entre un module de securite et un circuit nfc
US8666368B2 (en) 2010-05-03 2014-03-04 Apple Inc. Wireless network authentication apparatus and methods
US9851969B2 (en) * 2010-06-24 2017-12-26 International Business Machines Corporation Function virtualization facility for function query of a processor
FR2964276B1 (fr) 2010-08-31 2012-09-07 Proton World Int Nv Securisation d'un dispositif de telecommunication equipe d'un module de communication en champ proche
FR2964285B1 (fr) 2010-08-31 2012-09-07 Proton World Int Nv Protection d'un canal de communication d'un dispositif de telecommunication couple a un circuit nfc contre un deroutement
FR2969341B1 (fr) * 2010-12-20 2013-01-18 Proton World Int Nv Gestion de canaux de communication dans un dispositif de telecommunication couple a un circuit nfc
FR2970617B1 (fr) 2011-01-14 2013-01-25 St Microelectronics Rousset Protection d'un element de securite couple a un circuit nfc
US8699948B2 (en) 2011-01-25 2014-04-15 Sony Corporation Connection method for near field communication
FR2973901B1 (fr) 2011-04-05 2013-04-19 Proton World Int Nv Test de la resistance d'un module de securite d'un dispositif de telecommunication couple a un circuit nfc contre des attaques par detournement de canal de communication
FR2974208B1 (fr) 2011-04-13 2013-08-16 Proton World Int Nv Mecanisme de controle d'acces pour un element securise couple a un circuit nfc.
FR2984553B1 (fr) 2011-12-15 2015-11-06 Proton World Int Nv Procede et dispositif de detection de fautes
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
FR3094512A1 (fr) 2019-03-29 2020-10-02 Stmicroelectronics (Rousset) Sas Procédé d'authentification d'un processeur
FR3094513B1 (fr) 2019-03-29 2023-07-14 Proton World Int Nv Procédé d'authentification d'un processeur

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090206984A1 (en) * 2006-07-10 2009-08-20 Inside Contactless Application control method in an nfc chipset comprising several host processors
US20100325300A1 (en) * 2009-06-22 2010-12-23 Microsoft Corporation Using hypertext transfer protocol as a transport for bi-directional data streams

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130207777A1 (en) * 2003-06-13 2013-08-15 Varia Holdings Llc Emulated radio frequency identification
US9405947B2 (en) * 2003-06-13 2016-08-02 Varia Holdings Llc Emulated radio frequency identification
US9185561B2 (en) 2010-03-09 2015-11-10 Proton World International N.V. Protection against rerouting in an NFC circuit communication channel
US10880739B2 (en) 2010-03-09 2020-12-29 Proton World International N.V. Protection of a communication channel between a security module and an NFC circuit
US11963004B2 (en) 2010-03-09 2024-04-16 Proton World International N.V. Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US11743721B2 (en) 2010-03-09 2023-08-29 Proton World International N.V. Protection of a communication channel between a security module and an NFC circuit
US10999737B2 (en) 2010-03-09 2021-05-04 Proton World International N.V. Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US10716007B2 (en) 2010-03-09 2020-07-14 Proton World International N.V. Protection of a security module in a telecommunication device coupled to an NFC circuit
US10667133B2 (en) 2010-03-09 2020-05-26 Proton World International N.V. Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US10278077B2 (en) 2010-03-09 2019-04-30 Proton World International N.V. Protection of a security module in a telecommunication device coupled to an NFC circuit
US9179301B2 (en) 2010-08-31 2015-11-03 Proton World International N.V. Protection of a communication channel of a telecommunication device coupled to an NFC circuit against misrouting
US9209866B2 (en) 2010-08-31 2015-12-08 Proton World International N.V. Securing of a telecommunication device equipped with a near-field communication module
US11962616B2 (en) 2010-12-20 2024-04-16 Proton World International N.V. Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US9219745B2 (en) 2011-04-05 2015-12-22 Proton World International N.V. Assessing the resistance of a security module against attacks by communication pipe diversion
US9225687B2 (en) 2011-04-13 2015-12-29 Proton World International N.V. Access control mechanism for a secure element coupled to an NFC circuit
US20150033289A1 (en) * 2013-07-24 2015-01-29 Cellco Partnership D/B/A Verizon Wireless Adaptive and context based nfc access control filtering
US9071971B2 (en) * 2013-07-24 2015-06-30 Cellco Partnership Adaptive and context based NFC access control filtering

Also Published As

Publication number Publication date
US20210136108A1 (en) 2021-05-06
EP2656578B1 (de) 2015-04-29
US10931712B2 (en) 2021-02-23
US20170237774A1 (en) 2017-08-17
FR2969341B1 (fr) 2013-01-18
CN103404099B (zh) 2015-12-16
WO2012085409A1 (fr) 2012-06-28
EP2656578A1 (de) 2013-10-30
FR2969341A1 (fr) 2012-06-22
US10511626B2 (en) 2019-12-17
US11962616B2 (en) 2024-04-16
CN103404099A (zh) 2013-11-20
US20200099717A1 (en) 2020-03-26

Similar Documents

Publication Publication Date Title
US11962616B2 (en) Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit
US10440575B2 (en) Protection of a security element coupled to an NFC circuit
US11743721B2 (en) Protection of a communication channel between a security module and an NFC circuit
US10716007B2 (en) Protection of a security module in a telecommunication device coupled to an NFC circuit
US10999737B2 (en) Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US9225687B2 (en) Access control mechanism for a secure element coupled to an NFC circuit
US9185561B2 (en) Protection against rerouting in an NFC circuit communication channel
US9219745B2 (en) Assessing the resistance of a security module against attacks by communication pipe diversion
US9179301B2 (en) Protection of a communication channel of a telecommunication device coupled to an NFC circuit against misrouting
Marforio et al. Smartphones as Practical and Secure Location Verification Tokens for Payments.
WO2019134494A1 (zh) 验证信息处理方法、通信设备、业务平台及存储介质
US20100161979A1 (en) Portable electronic entity for setting up secured voice over ip communication
EP3157280B1 (de) Verfahren und vorrichtung für fernzahlungen
CN105279647A (zh) 一种实现远程支付的方法、装置及智能卡
US20210176629A1 (en) Access control for near field communication functions

Legal Events

Date Code Title Description
AS Assignment

Owner name: PROTON WORLD INTERNATIONAL N.V., BELGIUM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHARLES, ALEXANDRE;VAN NIEUWENHUYZE, OLIVIER;HUQUE, THIERRY;SIGNING DATES FROM 20130730 TO 20130807;REEL/FRAME:031106/0352

Owner name: STMICROELECTRONICS (ROUSSET) SAS, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHARLES, ALEXANDRE;VAN NIEUWENHUYZE, OLIVIER;HUQUE, THIERRY;SIGNING DATES FROM 20130730 TO 20130807;REEL/FRAME:031106/0352

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION