Smartphones Contactless IC Cards Credit Cards Credit Services for the Osaifu-Keitai Mobile Payment System on Open OS Terminals †0 Smartphones have grown in popularity and their OSs have Credit Card Business Division Nobuyuki Miura been published as open-source. Although open-source soft - Jin Hoshino†0 †0 ware is useful, it is at risk of being attacked based on the dis - Services Platform Department Jin-ichi Hirose covery of vulnerabilities by techniques such as reverse engi - Takashi Fukuzono†† neering. To run credit services based on our Osaifu-Keitai mobile payment system on an open-source OS terminal, a different architecture from that of conventional feature phones must be used. We have therefore developed a credit service for open OS terminals that mitigates the impact asso - ciating with revisions of existing systems while maintaining the security level achieved by feature phones. secure on terminals with this sort of 2. Architecture of Feature 1. Introduction open-source OS than on conventional Phones and Open OS Smartphones have grown in popu- feature phones (conventional i-mode Terminals larity and some of them now use OSs terminals in this case). Also, when The most important function for the that have been published as open- adapting an existing system built for implementation of credit services in source*1. Although the publication of an feature phones so that it can run on this Osaifu-Keitai is the function for secure- OS as open source software helps it to sort of new architecture, it is essential to ly writing credit card information to the become more mature and more widely consider how to mitigate the impact of contactless IC chip *3 (FeliCa®*4 chip) in used and encourages the development system revisions and reduce the costs Osaifu-Keitai. When writing informa - of applications for this OS, open source and development time associated with tion, a secure communication channel may place the OS at risk of being these improvements. We have therefore between a contactless IC chip server attacked based on the discovery of vul - developed a credit service for open OS (FeliCa server) and the FeliCa chip is nerabilities by techniques such as terminals that mitigates the impact on used to minimize the risk of tampering NTT DOCOMO Technical Journal reverse engineering*2. A new system existing systems while maintaining the or eavesdropping. After the card infor - architecture is needed to ensure that security level achieved by feature mation has been written into the FeliCa credit services using our Osaifu-Keitai phones. In this article we describe how chip, the hardware security configura - mobile payment system are no less the service was implemented. tion of the FeliCa chip is designed to NTT DOCOMO Technical Journal ©2011 NTT DOCOMO, INC. † Currently Frontier Services Department author, or source code that has been published Copies of articles may be reproduced only for per- †† Currently Credit Card Business Division in this way. sonal, noncommercial use, provided that the name *2 Reverse engineering: A process of analyz- NTT DOCOMO Technical Journal, the name(s) of *1 Open source: A generic term for a software ing the configuration and operation of software the author(s), the title and date of the article appear license that allows source code to be published or hardware to clarity manufacturing methods in the copies. while protecting the copyright of the software and operating principles. NTT DOCOMO Technical Journal Vol. 13 No. 2 43 Credit Services for the Osaifu-Keitai Mobile Payment System on Open OS Terminals prevent the credit card information information is also written to the FeliCa ten to the FeliCa chip. We therefore from being tampered with. chip by issuing a write request to the adopted an architecture where an inter - Figure 1 compares the architecture FeliCa server. On the other hand, the mediary server that is less susceptible to of a feature phone with that of an open terminal application memory on an attack is placed between the terminal OS terminal. In a feature phone, the open OS terminal is liable to be exploit- application and the FeliCa server or card information written to the FeliCa ed in an attack, and if it is used for the other server used for the storage of card chip is downloaded from a server that temporary storage of credit card infor - information, so that the card informa - manages card information and the like mation on an open OS terminal then tion and other such data is temporarily (hereinafter referred to as “card infor - this information is at risk of being stored on the intermediary server. Since mation server”), and is temporarily held forged or tampered with so that unau - the existing servers for card information in memory. Furthermore, the credit card thorized credit card information is writ - and the like have been built for use with (a) Feature phone Feature phone Terminal application Request for card information, etc. Card information Response containing card server information, etc. Card information, Request for writing of card etc. information, etc. FeliCa server FeliCa chip Card information writing process Card information, etc. (b) Open OS terminal Open OS terminal Absorbs differences from Intermediary the interface with existing servers server (smartphone GW Request for card Attacks server for iD) information, etc. probing for Terminal Card information vulnerabilities application Response containing card server information, etc. Card information, Request for writing of card etc. information, etc. FeliCa server FeliCa chip Card information writing process NTT DOCOMO Technical Journal Card information, etc. Figure 1 Comparison of the architectures of feature phones and open OS terminals NTT DOCOMO Technical Journal *3 Contactless IC chip: A semiconductor inte- mark of Sony Corp. grated circuit that exchanges information by radio communication with an IC card reader/writer. *4 FeliCa®: A contactless IC card technology developed by Sony Corp. A registered trade - 44 NTT DOCOMO Technical Journal Vol. 13 No. 2 feature phones, the intermediary server server for iD. FeliCa chip is read out to the server to loads a function for ironing out the The smartphone GW server for iD prevent forgery and tampering. interfaces differences of terminal appli - chiefly provides four functions: 2) Interface Conversion Function cations running on open OS terminals 1) FeliCa Chip Update/referencing Communication to card information so as to minimize the impact on exist - Function servers (DOCOMO credit card system ing servers. A framework for securely writing to (Credit Mobile Gateway System the FeliCa chip is offered as a FeliCa (CREMO)), card information download 3. Implementing the server. In the smartphone GW server center, brand download center) that is Intermediary Server and for iD, the FeliCa server is used to write next to the smartphone GW server for Terminal Applications credit card information directly to the iD, is all collected into a single session 3.1 Smartphone GW Server for iD FeliCa chip, thereby eliminating the when card information is written to a The smartphone GW server for iD *5 deployment of credit card information FeliCa chip. And, interface messages is an intermediary server for securely into the memory of the open OS termi - between the systems are issued accord - writing credit card information to a Fel - nal and securing the information against ing to requests from the terminal appli - iCa chip mounted in an open OS termi - forgery or tampering. In the same way, cation. nal. Figure 2 shows the functional this framework is also used when credit In the smartphone GW server for configuration of the smartphone GW card information that has been set in the iD, interface messages from the termi - nal application for open OS terminals FeliCa server Card information server are converted into the same format as interface messages for the feature phone interface, thereby minimizing the scope of revisions that need to be made to the system that replaces the smart - Smartphone GW server for iD phone GW server for iD. In this way, Interface conversion we aim to reduce the costs and develop- function ment time associated with introducing FeliCa chip update/ referencing function the new system. Sequence management function 3) Sequence Management Function Requests from open OS terminals *6 Access control function are stored as session information to prevent the generation of interrupts from fraudulent terminals. When opera- sp-mode tions to write credit card information are configured by multiple interface NTT DOCOMO Technical Journal Open OS terminal messages from a terminal application, coordinating information about man - Figure 2 Configuration of smartphone GW server for iD agement information (IP addresses, passwords, etc.) is stored on the smart - NTT DOCOMO Technical Journal *5 iD: “iD” and the “iD” logo are trademarks or *6 Session: A meaningful episode of communi- registered trademarks of NTT DOCOMO. cation between a server and client. Here, the sequence of communication involved in writ - ing card information is treated as a session. NTT DOCOMO Technical Journal Vol. 13 No. 2 45 Credit Services for the Osaifu-Keitai Mobile Payment System on Open OS Terminals phone GW server for iD, and is carried 1) FeliCa Chip Update/referencing tion stored in the terminal’s memory is around until one session has ended. Function liable to be tampered with. Consequent- When interface messages from the ter - With this function, users are able to ly, instead of transmitting credit card minal application are not coordinated in settle payments with an open OS termi - information to the terminal application, the prescribed order, a sequence error is nal by allowing the FeliCa chip to per - this information is terminated at the deemed to have occurred and the fraud - form all access tasks such as issuing smartphone GW server for iD so that it ulent application is prevented from and deleting areas, adding, deleting and can be written directly to the FeliCa issuing interrupts.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages6 Page
-
File Size-