SEEK project - Access to Secure Elements on Android. Frank Schäfer 04.12.2014



Similar documents
Open Mobile API Test Specification for Transport API

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

DEVELOPING NFC APPS for BLACKBERRY

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

Bringing Security & Interoperability to Mobile Transactions. Critical Considerations

Secure Authentication for Mobile Internet Services

How To Develop Android On Your Computer Or Tablet Or Phone

Android pay. Frequently asked questions

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Mobile Electronic Payments

Device Implementation Guidelines

An Introduction to Android

Mobile NFC 101. Presenter: Nick von Dadelszen Date: 31st August 2012 Company: Lateral Security (IT) Services Limited

Chytré karty opět o rok dál...

Common requirements and recommendations on interoperable media and multi-application management

SIMULITY PRODUCTS & SERVICES OVERVIEW

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Smart Card APDU Analysis

Smartcards with Webservice Interface

APPFORUM2014. Helping the developer community build next-generation, multi-platform apps. SCHAUMBURG, ILLINOIS SEPTEMBER 8-10

Smartcard Web Server Enabler Architecture

Issues in Smart Card Development

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013

NFC Mobile Handset High Level Requirements V2

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

Training. NFC in Android. Public. MobileKnowledge October 2015

l What is Android? l Getting Started l The Emulator l Hello World l ADB l Text to Speech l Other APIs (camera, bitmap, etc)

Significance of Tokenization in Promoting Cloud Based Secure Elements

Smart Card support Embedded Within OpenSSL to Secure Virtual Machines

An NFC Ticketing System with a new approach of an Inverse Reader Mode

An Introduction to Android. Huang Xuguang Database Lab. Inha University

Draft Middleware Specification. Version X.X MM/DD/YYYY

Frameworks & Android. Programmeertechnieken, Tim Cocx

AllJoyn Android Environment Setup Guide

Secure Over the Air (OTA) Management Of Mobile Applications

Government Smart Card Interoperability Specification

Secure Element Deployment & Host Card Emulation v1.0

Mobile Cloud Computing

Reverse engineering smart cards

Embedded Java & Secure Element for high security in IoT systems

NFC in Android. Martijn Coenen

Applying the NFC Secure Element in Mobile Identity Apps. RANDY VANDERHOOF Executive Director Smart Card Alliance

Mobile ID: Realization of Mobile Identity Solutions by GlobalPlatform Technologies. White Paper November 2015

Introducing etoken. What is etoken?

Self Testing and Product Qualification Processes

An NFC Ticketing System with a new approach of an Inverse Reader Mode

Release Notes. KNOX Premium SDK. Version 2.5

The Role of the Trusted Service Manager in Mobile Commerce

Everything is Terrible

NFC Hacking: The Easy Way

Android Environment SDK

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris

NFC Windows Phone Applications. Development Guidelines

Mobile Payment using HCE and mpoint payment gateway based on NFC enabled phones. AUTHOR : GRZEGORZ MILCARZ S111040

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications

Graduate presentation for CSCI By Janakiram Vantipalli ( Janakiram.vantipalli@colorado.edu )

ETSI TS V9.2.0 ( ) Technical Specification. Smart Cards; Remote APDU structure for UICC based applications (Release 9)

Key & Data Storage on Mobile Devices

ID TECH UniMag Android SDK User Manual

Specialized Android APP Development Program with Java (SAADPJ) Duration 2 months

Java Card. Smartcards. Demos. . p.1/30

Java Applet and Terminal Application for Financial transactions

3GPP TSG SA WG3 Security S3#30 S October 2003 Povoa de Varzim, Portugal. Abstract

EPC Version 2.0

A Survey of Electronic Signature Development in Mobile Devices

Hello World. by Elliot Khazon

Exploring ADSS Server Signing Services

Secure your Privacy. jrsys, Inc. All rights reserved.

Developing for MSI Android Devices

PKCS. PKCS: Public Key Cryptography Standards. Apple, Digital, Lotus, Microsoft, MIT, Northern Telecom, Novell, Sun

JavaCard. Java Card - old vs new

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

Programming with Android: SDK install and initial setup. Dipartimento di Informatica: Scienza e Ingegneria Università di Bologna

Introduction to Android Development. Jeff Avery CS349, Mar 2013

Mobile Application Development

The Future of IoT. Zach Shelby VP Marketing, IoT Feb 3 rd, 2015

Latest and Future development of Mobile Payment in Hong Kong

ECM (ELO-KIT-ECMG2-AND)

New Technology Introduction: Android Studio with PushBot

AT&T VERIFY CONNECT (V3.2.0) GETTING STARTED GUIDE FOR MOBILE SDK

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Developing a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.

PKCS. PKCS: Public Key Cryptography Standards

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

Fairsail REST API: Guide for Developers

Android Development. 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系

Calypso Technology. A leader application to build up eticketing systems for modern and smart urban transport systems of the future

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Using the VMRC Plug-In: Startup, Invoking Methods, and Shutdown on page 4

Transcription:

SEEK project - Access to Secure Elements on Android Frank Schäfer 04.12.2014

SEEK: Add Secure Element access to Android n Open Source project, maintained by G&D since 2010 n Implementation of SIMalliance Open Mobile API for Android n Integration of Global Platform Secure Element Access Control n Source code available under Apache License V2.0 n Drivers, applications, Android patches, code samples, guidelines, mailing list n Integrated by almost all Android handsets http://code.google.com/p/seek-for-android/ 2

SIMalliance Open Mobile API specification Enable access to Secure Elements in Mobile Devices Mobile Applications OS and programming language agnostic Access to all kind of Secure Elements Open Mobile API Secure Elements Easy to use API for APDU communication n Referenced in GSMA NFC handset requirements n Compliance programs in GlobalPlatform and GCF (Global Certification Forum) just started 3

Open Mobile API Architecture Application Layer Service Layer Transport Layer Access Control Mobile Applications Generic Transport Mobile Applications SIM Plug in Crypto API (PKCS / JCE) Crypto provider APIs File Management Transport ASSD Plug in Test Specifications Authentication Secure Storage Discovery Further SE Further SE PKCS#15 SE provider Secure Element Provider Interface Open Mobile API Specification V3.0: released Open Mobile API Test Specification for Transport API V1.1: released V2.0: planned for 12/2014 Test application V1.0: released V2.0 planned (01/2015) Mobile Device Storage File system Access Control Further Further Functions Further Functions Functions Secure Elements (e.g. SIM, Secure µsd, ) 4

Global Platform SE Access Control Control access to Secure Elements (SEs) based on the certificate that the mobile application is signed with n Only allowed apps on the phone can make use of specific applets on the Secure Element n Consist of n Access Control Enforcer integrated in the API n A storage in the Secure Element that provides the access rules n Rules can be managed remotely Security enabled Security enabled Security Android Apps Android enabled Apps Android Apps Open Mobile API Smart Card API Implementation Access Control Enforcer Access of Apps to Applets controlled by Access Control Rules are under control of the Secure Element Issuer Secure Element Access Control is standardized by GlobalPlatform, V1.1 is released Access Rules Applet Applet 5

Prerequisites for developing SEEK apps Make sure seek is available on you phone: n Settingsà Apps à All à SmartcardService Prepare SE Access Control n Make sure that access is allowed (SIM) n Install AllowAll ARA applet from SEEK n Write AllowAll rules in ARF (see SEEK mailing list) n Use of ARA or ARF depends on phone n Correct rules should be use when releasing Prepare development environment n SDK needs access to OMAPI add-on package n See SEEK for details: https://code.google.com/p/seek-for-android/wiki/ UsingSmartCardAPI 6

SIMalliance OMAPI Test application n Tools is available on SIMalliance web page (royalty free) n Can be used to validate correct integration of seek (as long as device compliance programs are not in place yet) n Implements test cases from OMAPI Test Specification n Test applets have to installed on the card first (see ReadMe) n Test cases are written in XML and stored on internal storage of the device (/sdcard) n Can be adopted as needed n New test cases can be added n Logs are also written to internal storage 7

SIMalliance OMAPI Test application 8

SIMalliance OMAPI Test application Long press for further details (Log) 9

OMAPI function calls org.simalliance.openmobileapi Session Reader SEService Reader getreader() byte[] getatr() void close() boolean isclosed() void closechannels() Channel openbasicchannel(byte[] aid) Channel openlogicalchannel(byte[] aid) Channel openbasicchannel(byte[] aid, Byte P2) Channel openlogicalchannel(byte[] aid, Byte P2) String getname() SEService getseservice() boolean issecureelementpresent() Session opensession() void closesessions() * * SEService(Context, Callback) Reader[] getreaders() boolean isconnected() void shutdown() String getversion() Channel void close() boolean isbasicchannel() boolean isclosed() byte[] getselectresponse() Session getsession() byte[] transmit(byte[] command) boolean selectnext() * Callback serviceconnected(seservice) 10

Hello Smartcard app - preparation n uses-library in AndroidManifest.xml n Implement the SEService.CallBack interface n Initialize the SEService 11

Hello Smartcard app sending APDUs to the card 12

Thank you for your attention! Frank Schäfer December 2014 frank.schaefer@gi-de.com 13

Open Mobile API releases V2.05 Maintenance Jan. 2014 released V3.0 add native (not object oriented) interface Nov. 2014 released API Specification V1.0 Based on API V2.05 Feb 2014 released V1.1 Maintenance July 2014 released V2.0 Update according V3.0 of API spec Plan: Dez. 2014 Test Specification Test Application V1.0 July 2014 released Android Test runner + test cases in XML quick testing, no compliance V2.0 According to test spec V2.0 without method interface Plan: Jan. 2014 14

GP SE Access Control (SEAC) - Rules definition n Access Rules n Works with any secure Element (e.g. SIM, SD card, ) n Defines which Signature the mobile application must be signed with to access a certain Applet on the SE n Defines what commands are allowed (APDU white list- ARA only) n Should be stored as objects in Access Rule Applets (ARA) or might use a PKCS#15 file system structure (ARF - Access Rule Files) on UICC as fallback n Structure of a Rule Hash Value AID APDU rule data Hash of the certificate that the mobile application is signed with or empty in case rule are valid for all mobile applications AID of the applet for witch the rules are stored or empty in case rules are valid for all SE applets General APDU rule: access is allowed / denied or APDU filter: 4 byte APDU header filter and 4 Byte APDU mask 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information