Internet security has become an important concern, as organizations seek to exchange highly sensitive data and make high-value transactions over the Internet. Online trading requires higher levels of security over and above simple passwords and identity checking.
SWIM, Software Wireless Identity Modules, is a Public Key Infrastructure (PKI) based on public key cryptography, which provides strong customer authentication, digital signature and confidentiality for the SWIM user. HCEWALLET is fully integrated with the SWIM PKI.
SWIM can handle the basic security requirements of ‘Privacy’, ‘Data Integrity’, ‘Access Control’, ‘Confidentiality’ and ‘Non-repudiation’. Additionally, a PKI has the ability to support and manage many-to-many electronic relationships that exist over the Internet. The use of digital certificates and public key cryptography has emerged as the preferred enablers of strong security.
SWIM security framework defines
SWIM (Software Wireless Identity Module) security framework defines three interfaces:
- The SWIM service registration interface
- The SWIM service execution interface
- User experience aspects of handling secure transactions with the Smartphone
SWIM operates in two environments:
- The remote environment, or the Mobile Internet world, by enabling secure access to and security services for Mobile Apps such as Mobile shops, Mobile banks, etc.
- The physical, or local environment by facilitating HCE (host card emulation) NFC payment services in a shop, ID services at work, etc. (possibly over NFC or Bluetooth or WiFi).
SWIM secured Smartphone
Because it is small, secure, personal, familiar and carried at all times, the Smartphone has evolved into much more than a wireless telephone with the ability to handle a wide variety of new services and applications, such as banking, payments, ticketing and secure access-based operations.
In technical terms, the Smartphone requires a mechanism for user verification, an area for secure key storage and cryptographic processing, a certificate database and a transaction database. This is what the SWIM (Software Wireless Identity Module) App provides in the Smartphone.
SWIM Service registration interface
The service registration interface defines how the Smartphone subscribes to a service. It includes steps for requesting and delivering the service certificate specific to a particular service. A service certificate of an end user is a specific certificate issued by a “Registration Authority” in a specific “Security Domain”.
SWIM Service execution interface
The service execution interface defines how the Smartphone accesses security services for mobile electronic transactions. It includes functions such as secure session, authentication and authorisation by the user.
SWIM consistent user experience
In implementing payment and security functionality into mass-market Smartphones, it is necessary to address technical realities and usability issues. The success of mobile commerce applications will likely depend on functionality that the user sees as integrated into the mobile terminal. This kind of integrated functionality will allow for a selection of alternatives for different geographical areas and applications but will still ensure a consistent user experience. HCE mobile payments functionality is a global standard issued by Visa, RuPay and MasterCard.
SWIM consistent user experience:
- Flexible service selection (multiple services in the Smartphone)
- Awareness of used service/brand
- Awareness of the security environment (the security level of the service in use)
- User verification (e.g. PIN)
- Awareness of digital signing
- Access to digitally signed contracts
- Access to delivered objects (receipts/tickets)
SWIM operates in two environments. The remote environment is defined as the Fixed/Mobile Internet world in which the end user can use the Smartphone for identification, authentication and authorisation of transaction services. The local environment is defined as the physical local world, in which the end user can use the Smartphone for identification, authentication and authorisation of payment services in a store (via NFC), ID services at work, etc., using Bluetooth, WiFi and NFC local connectivity technology.
The HCE Service SWIM Initiative targets the fundamental security services:
- Authentication of origin and recipient
- Digital signing (authorisation)
SWIM confidentiality and integrity is assured by using the security layer protocol WTLS (SSL). To enable mutual authentication, SWIM provides for the definition of a software security element, which holds securely encryption keys in the mobile device. At the application level, the keys held in a software security element such as a SWIM ID make it possible to digitally sign individual transactions. A digital signature is one method for providing non-repudiation1 for these transactions. A goal of the SWIM Initiative is to institute the same, generic digital signing capability regardless of application.
In addition to communications encryption, SWIM provides the following:
- Server authentication (WTLS Class 2)
- Client authentication (WTLS Class 3)
- Digital Signatures (Protect & Verify)
The security level can be adapted to the requirements of specific applications.
In the personal environment, the Smartphone can enhance the security of traditional Internet e-commerce transactions with its digital signature and user authentication capabilities.