Information Technology Reference
In-Depth Information
specifications and there also exist the test speci-
fication of this technology. Physically, only the
contact 6 of the UICC is used to communicate
with the NFC controller chip embedded in the
mobile terminals. The logical communication
protocols for the NFC technologies can be catego-
rized as the SWP (Single Wire Protocol) and the
HCI (Host Controller Interface). The SWP can
be the physical and the data link layer protocol,
which deal with the framing, the error manage-
ment and flow control. Furthermore, the SWP
supports the SHDLC (Simplified High Level Data
Link Control), which a simplified version of ISO's
High-level Data Link Control (HDLC ISO/IEC
13239) specification responsible for the error-free
transmission of data between the UICC and the
NFC controller chip on the mobile terminal. The
HCI is a logical interface that enables contactless
applications hosted on the UICC and supports the
configuration where the one host is embedded in
the UICC which is connected to the NFC control-
ler chip. The HCI deals with the packet routing
and message communications required for the
NFC session initialization with the necessary
configurations, the NFC transaction and so forth.
client (e.g. mobile terminals). The servlet can be
implemented only in the SCWS-supported UICC,
which means the small web server is embedded
in the UICC. Therefore, UICC operates as a web
server against to the mobile terminals which imple-
ment HTTP-based client such as web browser.
Comparing between applet and servlet, cur-
rently applet can be considered to be more secure
and proper for UICC-based security services since
the data communication between applet on UICC
and mobile terminal is based on APDU format
difficult to understand compared to the HTTP
(servlet) and secured by SCP (Secure Channel
Protocol) defined in GlobalPlatform, the standard
for secure card management. However, in the case
of servlet, it's practically difficult to support the
HTTPS (HTTP over TLS/SSL) between servlet
on UICC and mobile terminal even though the
SCWS standard enforces to support it due to the
shortage of RAM of UICC (even enhanced UICC).
Moreover, the UICC-based security services
usually require the UICC to process some specific
cryptography operations and store the necessary
data securely, not to the UI. For these requirements,
servlets may not be essential for the UICC-based
security services.
Therefore, from now on, we only mentioned
about the applet for UICC-based security services.
By communicating with off-card entities such
as service servers or infra (such as ATM) via mobile
terminals, the applet installed on UICC performs
necessary operations for security services such as
calculating some cryptographic algorithm about
input parameters from outside of the UICC, stor-
ing the credential data, etc. The operation result
of applet can be inter-worked to the outside of
the UICC via mobile terminals. Figure 2 presents
the basic flow of UICC-based security services.
Basic of UICC-Based
Security Services
We explain the basic concept to provide the UICC-
based security services.
Mostly, to provide the security services based
on the UICC, implementing the software such as
applet or servlet based on the APIs provided by
UICC platform (e.g. Java Card Platform, Global-
Platform, etc.) is mandatory as explained earlier.
Applet is a small application without UI (User
Interface) that performs some specific tasks based
on the UICC or a state machine which processes
only incoming command requests and responds
by sending data or response status words back to
the off-card entities via mobile terminal. Servlet
is a small web application that performs some
tasks and also displays the HTTP-based UI to
Basic of UICC Platforms
To implement the applets for UICC-based security
services, UICC should support the platforms which
Search WWH ::
Custom Search