A Novel Consumer-Centric Card Management Architecture and Potential Security Issues

Raja Naeem Akram, Konstantinos Markantonakis, Damien Sauveron

Research output: Contribution to journalArticlepeer-review

159 Downloads (Pure)


Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.
Original languageEnglish
Pages (from-to)150–161
Number of pages12
JournalJournal of Information Science
Early online date12 Jan 2015
Publication statusPublished - 10 Nov 2015

Cite this