White Papers

While the sources vary, the message is clear; attacks on mobile internet devices and connected smartphones are rising rapidly. McAfee Labs released a report in September 2011 highlighting a 76% jump in malware targeting Android devices in the previous quarter alone.

Similarly, IBM’s X-Force research group commented that while the number of known vulnerabilities in mobile operating systems only increased incrementally between 2010 and 2011, the number of exploits based on these flaws will likely double; leading to sensational headlines such as ‘2012: The Year of the Mobile Security Breach’ and ‘Mobile Security Breaches Inevitable’.

While calmer heads prevail, there is little doubt that the mobile threat level has been on a steady incline for a decade, and has recently exploded in line with the growing market penetration of internet connected smartphones and tablets.

And with these new enabling devices have come a myriad of applications for which security is paramount – from mobile wallet and NFC payment through to the growth in mobile healthcare applications. But it isn’t just these ‘usual suspect’ applications that are causing concern.

Security is now a major issue for consumers when selecting applications and services across the board – from video and photo sharing, to messaging and business apps. Indeed, according to a poll by ThreatMetrix and the Ponemon Institute, 85% of consumers are overwhelmingly dissatisfied with the level of protection online businesses are providing to stop fraudsters.

The question is whether current levels of protection are capable of securing today and tomorrow’s mobile devices and applications – and the message seems to be ‘no’.

In this paper we look in detail at the issue of mobile internet security, analyze existing authentication methods, and ask whether it is time for the widespread adoption of the Secure Element by the mobile community.

.

Released on 1.12.2011  Download

Projected to account for almost a third of mobile payments transactions by 2014 (source: Research and Markets, 2010), mobile Near Field Communication (NFC) promises to revolutionise both device to device communication, and the way consumers engage, interact and transact with brands. These contactless services present a host of opportunities in payment, transportation, access control and data exchange. But addressing the challenges of the NFC world is critical to enable its success from a device, network and service perspective. Once again, the role of the ‘Secure Element’ within the device is paramount in managing authentication and certification; not only to ensure the integrity of financial transactions and data exchange throughout the NFC chain, but to deliver the required levels of interoperability as well. The white paper look at the evolving NFC services market and adresses interoperability issues. It goes a liitle further on from interoperability and touches upon secure application and service lifecycle management and details the specifications and tools SIMalliance has produced over the last ten years to advance interoperability and security in application and service development and deployment. .

Released on 21.6.2011  Download

This paper highlights the need for a change in how security is approached on the connected mobile device. It focuses on the need to create security (and security policy) at the development stage, and highlights the telecoms industry’s unique position of already having a solution to the problem. It discusses why ‘buy in’ is needed from the application development and operating systems communities, and introduces the SIMalliance’s new Open Mobile API workgroup whose task it is to connect the application, operating system and the operator with the Secure Element found in billions of connected devices right across the world. .

Released on 5.4.2011  Download

The SIMalliance believes, without a doubt, that LTE heralds the next major step in the development and delivery of a host of rich new multimedia services and applications. But more than this, by delivering a true broadband experience on the mobile, and through the integration of NFC, LTE will fundamentally change the way consumers communicate and transact, offering a seamless connection between the virtual and contextual worlds for the very first time. SIMalliance believes LTE offers opportunities for mobile operators to retain control of their subscribers (and revenues) against stiff opposition from over-the-top players, and to extend their influence outside of conventional mobile boundaries and into the wider online world. But LTE is also a disruptive force; it will enable greater competition from non-mobile players and increase the commoditization of voice services. Also, by opening the core network to a potentially unsecure IP layer, security will become an increasing issue. The UICC is a mandatory element in LTE as specified by 3GPP. However SIMalliance is recommending operators to adopt a UICC integrating specific features (See SIMalliance UICC Profile for LTE) to reduce the disruptive impact of LTE and to support the creation of a secure, open and interoperable environment where mobile services, and mobile operator revenues, thrive. .

Released on 14.2.2011  Download

The SIMpml (SIM Profile Markup Language) is a standardized description simplifying operator's processes for definition of a SIM card profile, development of prototype and commercial cards. It helps reduce time and increase portability of profiles between different SIM card vendors. .

Released on 30.6.2010  Download

The SCWS constitutes the new trend in the evolution of Smart Card technology. First, the SCWS provides a next generation user interface for the end-user, moving from black and white menus to rich a web “look and feel” for its applications. Then, as it is based on Internet languages, the SCWS makes the development of SIM-based applications easier, while facilitating their distribution. Also, the SCWS enhances connectivity with remote web servers to enable client/server applications to take full advantage of the evolution in network speeds. After many years of development and standardization efforts, and with the first handsets now hitting the market, the SCWS is ready to open up a new era for SIM-based Internet applications. .

Released on 1.2.2009  Download