Global Website | English change
Global Website | English
Close

CareersPress
GlossaryContactLegal

G&D | Android Security




You are here: Trends and Insights Android Android Security
Trends and Insights

Using Android
Securely

Contact

Android Team

Security comes in small packages

G&D | Android Security

As a pioneer of secure mobile services, G&D is offering a broad range of different hardware elements and software solutions that can be used for mobile payments made via NFC contactless technology. These are known as secure elements, for example, credit cards or SIM cards, and they identify users uniquely when they use their service provider. All secure elements have the same principle: they provide security through isolation. In contrast to the multifaceted networking of the Android operating system with numerous apps that have access to a wide variety of information, secure elements create small and closed systems.




NFC SIM cards

For mobile protection, G&D provides three secure elements through SIM cards, integrated chips and microSD cards. NFC SIM cards work with all NFC-enabled phones and are therefore particularly appealing to mobile network operators. They do not communicate directly with the payment terminal (this is what the NFC radio chip does); instead they create a secure environment for the security-relevant parts of the payment application on the smartphone. The payment application can be used on the SIM card any time over the air (OTA). This is supplied by Trusted Service Management (TSM) services, which is also provided by G&D. With TSM, G&D operates the backend system for the individual service providers.

Embedded NFC secure elements

For device manufacturers, G&D's range also includes embedded secure elements together with the relevant software, which are securely embedded in smartphones. These security chips offer the same security functions as SIM cards. They are securely embedded and thereby of particular interest to device manufacturers who wish to offer security functions that are independent of the network operator.

microSD cards

The G&D microSD card allows for a great amount of flexibility when it comes to introducing NFC-based services. Since nearly all of today's smartphones have a microSD slot, service providers such as banks can operate NFC on many NFC-enabled Android devices irrespective of the network operator's SIM card or smartphone manufacturer. The card itself and the operating system are certified to Common Criteria EAL 5+ and 4+ respectively and are two of the most secure microSD products on the market.

Smartcard API

As a member of SIMalliance and president of “SIMalliance Open Mobile API” work group, G&D is one of the pioneers of open and mobile API standards. Based on this "SIMalliance Open Mobile API", G&D has given the Android community an open source interface with the Smart Card API, which end customers, service providers and mobile network operators can all benefit from. App developers can use it to program applications that can access the information of a secure element – regardless of whether it is a SIM card, integrated chip or another form factor – which reduces many security risks.

This interface is ideal for every wallet concept, i.e. using a cell phone as a "purse", because it is only in this way that the user can see what amount is being paid by NFC. The G&D smartcard API is now being used by nearly all Android device manufacturers in the respective Android variants.

A secure operating system for PIN entry

Most NFC projects are designed to allow for PIN entry for higher amounts. For this, as well as for mobile banking transactions, the keypad must be secured so that the entry of the PIN cannot be manipulated.

This is why G&D has joined forces with chip specialists ARM to develop the highly secure MobiCore operating system, which processes security-critical applications in a strictly isolated and separate area of the main processor. Since the login to these services is conducted without any interaction with the conventional operating system, any malware which is already on the device therefore has no opportunity to tap into or manipulate the data. MobiCore controls the whole processing chain, from keypad functions through online connection to display on the screen. Once the security-critical logon procedure is finished, the application independently switches back to normal mode.


RSS feed Recommend
A A A
Print


© 2012 Giesecke & Devrient GmbH, Prinzregentenstr. 159, 81677 Munich, Germany. All rights reserved.
Privacy | Terms of Use | Trademarks | Sitemap

Giesecke & Devrient (G&D) is a leading international technology provider headquartered in Munich, Germany. Founded in 1852, the company primarily supplies central and commercial banks, cash-in-transit companies, and security printers with innovative technologies that render the cash cycle efficient and secure. As an end-to-end provider of smartcard and mobile security solutions, the Group develops and distributes hardware, software, and services to a client base that includes banks, mobile network operators, transportation companies, business enterprises, and original equipment manufacturers (OEMs). Governments and public authorities turn to G&D for passport, ID card, and border control systems, ensuring reliable identity verification right.