The rise of mobile devices is a key driver of the connected society. Smartphones and apps have experienced great success and have become the archetype of modern software. Their numbers are steadily increasing and have far exceeded millions in various app stores. Many of these apps trigger various transactions, which may involve sensitive data. Yet most of these apps rely on vulnerable measures and ways of protecting users' identities and data. With SIMSec™, Giesecke & Devrient (G&D) is now presenting a solution that uses the devices' SIM cards to protect apps in a fast, easy, and reliable way. By using SIMSec, app developers can offer their customers unbreakable, integrated protection.
Mobile network operators (MNOs) can open up new revenue streams by providing better use of the SIM card. To demonstrate the concept, G&D is showcasing a SIMSec-based password manager using the SIM card to securely store the user's credentials such as PINs, passwords, etc., at Mobile World Congress in Hall 7 at Stand 7A41.
Using the features of modern SIM cards for protecting identities and data and providing a tamperproof security execution platform gives consumers more trust when making apps part of their "connected lives". Compared to other security measures, such as storing keys and sensitive data in the smartphone standard storage or in the cloud, SIM cards offer much higher security. SIMSec makes use of the core SIM security features, so it can be used to secure any kind of application or service utilizing authentication, encryption, secure storage, or key management. The availability of an easily accessible hardware security component in an otherwise insecure environment allows service providers and app developers alike to make their products and services stand out.
With the SIMSec framework, deployment could not be easier: Once a SIMSec-enabled app is downloaded to a device featuring a SIMsec enabled SIM card, it sends a request to the MNO's SIMsec OTA server. An applet is then deployed to the SIM card automatically, enabling the app to use core security features of the SIM card such as password storage or hardware encryption.
SIMSec consists of three key components: an application deployed on the MNO's OTA server infrastructure, an applet on the SIM card enabling access to its features for third parties, and a development kit to integrate the desired security features into the app. SIMSec is an extension G&D's proven SmartTrust ™ platform which manages more than 2 billion SIM cards worldwide. Developers can register for SIMSec via a simple web interface.
www.gi-de.com
