کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
457095 | 695888 | 2013 | 22 صفحه PDF | دانلود رایگان |

Over-the-air (OTA) application installation and updates have become a common experience for many end-users of mobile phones. In contrast, OTA updates for applications on the secure elements (such as smart cards) are still hindered by the challenging hardware and certification requirements.The paper describes a security framework for Java Card-based secure element applications. Each application can declare a set of services it provides, a set of services it wishes to call, and its own security policy. An on-card checker verifies compliance and enforces the policy; thus an off-card validation of the application is no longer required.The framework has been optimized in order to be integrated with the run-time environment embedded into a concrete card. This integration has been tried and tested by a smart card manufacturer. In this paper we present the architecture of the framework and provide the implementation footprint which demonstrates that our solution fits on a real secure element. We also report the intricacies of integrating a research prototype with a real Java Card platform.
Journal: Journal of Information Security and Applications - Volume 18, Issues 2–3, September 2013, Pages 108–129