Reshared post from +EuroTech
Telcred Transforms Your Phone Into Highly Secure Key
by , ; France
In 2006, a research group at Swedish Institute of Computer Science (SICS), led by Dr. Babak Sadighi and focusing on security, policy, and trust, started investigating a system for physical access control that would utilize the upcoming Near Field Communication (NFC) capability of mobile phones. A patent application was filed and an early prototype was demonstrated at SICS Open House day in 2007. Further refinements to the technology were made, and in 2009 SICS decided to commercialize the technology in a new company: Telcred.
Telcred’s solution is based on card emulation mode or simply secure Near Field Communication (secure NFC). NFC is an innovative radio communication technology using the same frequency band as modern contactless cards, 13.56 MHz, and has a range of 3 – 6 cm. Secure NFC involves a special piece of hardware known as a secure element, a small microprocessor of the same type that is used in credit/debit cards with chip-and-pin. This secure element is used for all NFC services that require strong security, including payments, ticketing, and access control.
The included microprocessor provides secure storage and hardware support for cryptographic operations, as well as different hardware features to protect access to its internals from attacks. It runs a small program known as a Java Card applet, that wakes up when the NFC device is within range of the reader, in order to start communicating with it. It behaves just as contactless smart cards, drawing its power from the electromagnetic field of the reader. A s a consequence, it is possible to mix NFC phones and contactless cards in the same system, since they appear identical to the reading devices.
In a traditional access control system the card communicates its ID to the reader, which compares this information to a list of allowed IDs. In Telcred’s system it works the other way around – the lock controller is aware of its own ID and gets information about the device’s access rights from the device at the time of access. The lock controller then compares the information in the ticket it just received to its own known ID, which does not change over time. This innovation makes it possible for Telcred’s system to cope with frequently changing users and temporary access rights. The tickets have a set validity period, are issued for a specific device, and are cryptographically signed by Telcred’s administrative system, which guarantees that they cannot be faked, copied or changed.
How do the tickets get onto the phone or card? The mobile industry has defined the role of a Trusted Service Manager (TSM), acting as a broker between mobile operators and providers of services. A standardized API for service providers like Telcred connects to a TSM. Through the TSM, they are then able to both install their Java Card applet on the secure element, and subsequently transfer the tickets with updated access rights.
The initial inspiration for this solution was the access control for shipping containers. Telcred solves the problem of key transportation since the access rights are separated from the device used to open the container. When it arrives, the receiving party could notify the sender about this and also provide an identifier of the container, after which the sender can create the access rights and send them to the receiver’s phone or smart card in a few seconds, even if they are on the other side of the world. It also counters the theft problem, while allowing all necessary controls. Indeed, a driver can carry an NFC phone which has been provisioned with Telcred’s solution, but without access rights. When the driver arrives at the destination, or if he is stopped by police or customs, access rights can be sent to his phone in a few seconds.
This June, Ericsson announced that the European Institute of Innovation and Technology (EIT ICT) Labs will participate in a six month pilot project, where staff, researchers, and students will be able to access the Labs’ premises at Kista Science City (near Stockholm) using the control system developed by Telcred. The access control system works with both contactless smart cards and NFC phones and uses the Ericsson cloud-based TSM to send and update credentials in the secure element in the phone.
Richard Anell, Head of IPX, Ericsson says “It is convenient and flexible, as a visiting researcher from another country could potentially receive a digital ‘ticket’ straight to their phone granting access to the facilities for a limited time and to predefined areas – even before he or she arrives.”